last executing test programs:

1m48.255198858s ago: executing program 2 (id=483):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000380)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10)
socket$l2tp6(0xa, 0x2, 0x73)

1m47.719040156s ago: executing program 2 (id=487):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtaction={0xb0, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x9c, 0x1, [@m_tunnel_key={0x98, 0x1, 0x0, 0x0, {{0xf}, {0x68, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @rand_addr=0x64010101}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e23}, @TCA_TUNNEL_KEY_ENC_IPV4_DST={0x8, 0x4, @empty}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x6ff1, 0x6, 0x5, 0x6, 0x7ff}, 0x2}}, @TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0x401, 0x3d3, 0x3, 0x3ff, 0x9}, 0x1}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4}, 0x0)
stat(&(0x7f0000000140)='./file0\x00', 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, 0x0, 0x800, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x24}}, 0x4001)

1m46.495735447s ago: executing program 2 (id=493):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000003700)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x1, 0x2, 0x2, 0xf, {0x1, 0xd, "23adfc65e96281537e107c76aa"}}, 0x12)

1m22.054036771s ago: executing program 2 (id=493):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000003700)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x1, 0x2, 0x2, 0xf, {0x1, 0xd, "23adfc65e96281537e107c76aa"}}, 0x12)

53.112845683s ago: executing program 2 (id=493):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000003700)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x1, 0x2, 0x2, 0xf, {0x1, 0xd, "23adfc65e96281537e107c76aa"}}, 0x12)

28.793150408s ago: executing program 2 (id=493):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)
write$nci(r0, &(0x7f0000003700)=@NCI_OP_CORE_SET_CONFIG_RSP={0x0, 0x1, 0x2, 0x2, 0xf, {0x1, 0xd, "23adfc65e96281537e107c76aa"}}, 0x12)

21.293882976s ago: executing program 0 (id=883):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x10, 0x3}]})
fstat(0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000001c0)={0x20002000})
epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x0, 0x0, 0x0)

19.96217444s ago: executing program 0 (id=886):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2}}, 0x2e)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x81, @mcast2, 0x5}, 0x1c)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2, 0x4, 0x0, 0x1}}, 0x2e)

19.155360347s ago: executing program 0 (id=888):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10)

18.437912226s ago: executing program 0 (id=891):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3d, &(0x7f0000000000)='cgroup\x00\x8d\f\xf3\xcd\xc6X$\x01n-Hg\x144-.\xe2\x053\xe2\xf4\xbf[\xe9\xdddU\x91\x9d,\t\x8d\xc3@\x86,\x7f\xe2Z\xe8L\x80\xdbe~c\xbc\x9b\xcf\x9b\x1cH\x95\xf3'}, 0x30)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r1, r2, 0x2, 0x2, 0x0, @void, @value}, 0x10)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r3, r0, 0x2, 0x0, 0x4000, @void, @value}, 0x10)

17.977083145s ago: executing program 0 (id=894):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x1, 0x3, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000008900000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fdffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000000000000850000007500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b00)={&(0x7f0000000ac0)='mm_page_free_batched\x00', r2}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

13.768024838s ago: executing program 0 (id=918):
ioprio_set$pid(0x2, 0x0, 0x6000)
bind$rxrpc(0xffffffffffffffff, 0x0, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f0000000380)={0x8020000, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1}, 0x58)

12.609178449s ago: executing program 4 (id=923):
getpid()
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$inet(0xa, 0x801, 0x84)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000400000004000000002000000000000000000000300000000030000000300000000000000000000000000000105008900000000000000000000000003"], 0x0, 0x5a, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11)

11.498068359s ago: executing program 4 (id=930):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
lgetxattr(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB], 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x9, &(0x7f0000000000)={[{@space_cache_v1}, {@autodefrag}, {@notreelog}, {@compress_algo={'compress', 0x3d, 'no'}}, {@clear_cache}, {@noacl}, {@noenospc_debug}, {@barrier}, {@nospace_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0xd0009412, &(0x7f0000001480)={{r0}, 0x0, 0x0, @inherit={0x0, 0x0}, @subvolid})

10.520521686s ago: executing program 4 (id=935):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x34, r2, 0x1, 0x0, 0x0, {}, [@SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x1}, @SEG6_ATTR_SECRET={0x8, 0x4, [0x0]}, @SEG6_ATTR_ALGID={0x5}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x1}]}, 0x34}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)

9.915575279s ago: executing program 4 (id=937):
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f00000000c0)='./file0\x00', 0x2000400, &(0x7f0000000640)=ANY=[@ANYBLOB="636f6465706167653d63703835322c006fb691d2737b705dc556d65d9df1cb7dba7e22e9401baeb7cec264b4e5364639fd3f79a413496c6f41cd1a0d6fe36ee520f4e84b336e780abd660b52e8e0821bb6db0d3823e1a16d8daa1b5613f213c29a616e2ef7bbce58232e3aa6ed2a6744cf109759d8491ce6643490d484408e16eede91d78ef35b7e90df199605a94fe0527e93cb7b2a98be7d4ddee04c980658d34ab783479a07adc05722c7fc5058312dc1e6ed8f0685e0a3a445d76146412c95e4715118847084a5baa5a7e1eec512c152d9feee0b7cd673b5c2f965fcecbf0d62972a98e12a14a3d980d6a37926d88c7c32c4b2531e78e0c8693ded07ac17c49a8bc4cfe434b818197f66a1cc56b4f14d97aa4385b43eaed584945fba3020c8347647eda9ce76f38c28d3cd37153352d5efe5785c9f19a9527869f4642d1d29a7ea10e3da51121d309e4a7a7fdaccfa203a1fa4fd61722e3868e8cb60f335fafc358947ad06c161545e2d00c2f6e07081dd61822e8e83bd4f9cab70f728f5"], 0x1, 0x2e0, &(0x7f0000000340)="$eJzs3c9u00oUx/Hf2Emb/lGvb9urK93NRYVKsKkosEBsglC27FkhoEmliqiItkjAhoBYIh6APa/AQ7AB8QKwYsUDdGc0k0niJLZDoIkb+H6kRJPxjH0Ge+I5lmgE4I91o/b57eWv9mWkUKGka1IgqSKVJP2jfyuP9o/2jpqNet6OQtfDvozaPc1Qm539RlpX28/18CL7qaTlZB0mI47j61+KDgKFc7PfKvfXB9K8n4due6WA2CahJf1fdAzTFibK5ljHeqyVAsMBAJwC/v4f+NvEsqsyCgJp09/2Z+r+H47YfjylOKbkSnOoKs7tkLj/u9VdbOw/2V9uUy/fcymc3R50ssQfCWZgCak5ta+svnNiRmWVLpZgYXevpK2d56oHeqGql2i27t7r7Uu3Y0S0Gym5aY7svZV1c7E9GreiHNQJaXev2Zi3hcH4W9LaeEf8dea9+Whum0hvVO+u/0qxsafJnalo4EwFZRv/xew9LrletpV82l+tVoPhdqX//BG8EaOsjJjEf/ceGrS6EeTF6Y69qv7HCu3RbY/otZbWK+p+yui13tcr9FfC1s6DZu6jlMnoDNG8NrfMhr7pnWqJ9X9g49tUYmbmfdUb19JfGe3xzKW3LLmW0dCdozddznQj8ObHHhukMZ+WvdI9XdXK4ZOn98Nms3FgC3dTCg+XD4yvKb+UUttMvhAqp41avZrYehbHiTZ2tJl7jicZ/IUT3aH9/ujW2OmT1tjOsm5NMO3TdNKFnBNXaKH2QXkX5OwU4ljK2DSprymcJoemc9J9xULBAWHa7LrLtPM/t5L3qzqXItm3KGednp9kqm+P290Mrn8puOreF8fK4JayM7jEES9l5Iwu5zp7XjqXqDTKPWLk4/xNmJo+6Q7P/wEAAAAAAAAAAAAAAAAAAGbNNP6nQdFjBAAAAAAAAAAAAAAAAAAAAABg1v3U7/+m/Y149/u/Eb//C8yQ7wEAAP//zkt2vw==")
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
move_mount(0xffffffffffffff9c, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

9.542749457s ago: executing program 4 (id=940):
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000001c0), 0x12)
r2 = openat$cgroup_freezer_state(r0, &(0x7f0000000080), 0x2, 0x0)
write$cgroup_freezer_state(r2, &(0x7f0000000240)='THAWED\x00', 0x7)

8.765109277s ago: executing program 4 (id=944):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00', 0x9})
close_range(r1, 0xffffffffffffffff, 0x0)

8.071006442s ago: executing program 32 (id=944):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000004c0), 0x48100)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x1)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r2, 0xc08c5335, &(0x7f00000001c0)={0x0, 0x80, 0x0, 'queue0\x00', 0x9})
close_range(r1, 0xffffffffffffffff, 0x0)

7.100236156s ago: executing program 1 (id=949):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="120100009ac0b620110f211066865578ac0109029c000100000400090400bf900b64ea00090587033b"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_disconnect(r0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r1, &(0x7f0000000140)='(I', 0x2)
syz_usb_disconnect(r0)

6.095231213s ago: executing program 5 (id=953):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000540)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000240), &(0x7f0000000140)=@tcp6=r0}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000002440)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000600)="e2", 0x1}], 0x1}}, {{0x0, 0x1, &(0x7f0000000480), 0x14}}], 0x400, 0x10)

5.915917363s ago: executing program 5 (id=954):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000100850000000d000000b7000000000000009500000000000000c74396c8e3ebbadc20e5a7ef8c9ac1465cbf188ef10871b81ac7553358380b3a1f59916ffc9bf0bdf81524f07fb2819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6cd87cef9000000a39c15a7ef365cc27dfeac7b9b0e9048517354b0ca4f9cf8b59ee6fa003fe1f2c4c15f20a07db4583a462d8be6602186fd68ee14a19ea2eb42122b8635a66ce6b5b92356081bc0f18a0ca83dbc089a9813c1efa26001b3f486ebfaae85c4d0b96778478ae5355e6f923b11056969f486f80a35f7f2339704fa93fa915ab8e1e0d7f31ebd19455e6827cd493907bf9d0000000000000000000000004e1fa60acabcf0553910ca2e5ea499fd5889dde9261f0848a5b8af657bfc96049308e8953431b269053627a1523551c160c813969925a892d266792352ec0204596a37ce8d6d260b32239bddbce2e79f93cb5a0ad897adb53b397d07c50f84b74f2605a565ee149016aa75ea31c0087dcd821b47c8b36efc6da4fb2ea7f1f36c85856b73ac9872babc62149699b6b8c796a79d833eb4b5ca668d430db5653a2b3c5b87e17ca1"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2ca, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x2f9, 0xffffca88, &(0x7f0000000040)="b90103600040f000009e0ff008001fffffe100004000632f77fb7f0200017f020001be3e7d2a182fff", 0x0, 0x104, 0x6000000000000000, 0x0, 0xfeb9, &(0x7f0000000400)="9209558f0c5fb25cd57f98113135c3171b8b331fbc04f0e6955a796ff8e3aae3cac46cec3030dfc999058aea01f0e6dcf2f9d480d328655aca003927bd50ed49d4843c8a0a2a4b26ceb747947200bd644c85e7a8a7d7cfce840c02a7d69c9e0bca410f64d43290abbbf3131e1fa8bd8c3e5f19d5a491d3d4c1a0fe47de9eebaf073ac3da6256bdb681d18fbd607c9b0d710442bcf78bc36fd3c035812bde582a262bff0e4d6181c818fccf542868c6e602d97bea23a101955dc76bcc984142ab305387aa348566d688edd291a3e9d08952adbdf60462bb7f7faebcdfccf17115708b0d73d0f3a469ce7d8374219b3f92c92bcec4958d474bb281c26691949d054b784a5866f081e53eb9cfd7"}, 0x28)

5.576062035s ago: executing program 5 (id=955):
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x808c10, &(0x7f0000000000)=ANY=[], 0x3, 0x1cf, &(0x7f0000000280)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCmD4G7XVrmBnOnPTU1Vomy8zA2KAtX3FLe92aU35gMbnUHiM3ycXsDMwMoalHFhVXVmUn5uSknmBgZahgZGFgOH2CgeW6/TWVZglOhz/yHA5Jmg46TEd8PLKYocazsWUqnD3zQX4dm8YRhkcrmDfWeeY11hWmTs1Ly0uqyqrKmsfAtHFmY2dj48qJdVFpfqsYW1JcNjV1MjI5bFET2MxsqD7JRnvCu/ZVD5McWHs4oKYyXzJeWCR1akXVzAlflGYzGn5nuMNTtkJCQ8NJ4oqERYMJw5E62wZXhopbrAwMDGkKYYxJamxibVvOzAlh5mdzW6DQknyCKfQox9KZEhYHhKpO/pzKzsCQ6DZj21MHtjM8h4/zrCnoEzQ6LsHgtFDwvwxDxa3khIaGMo21TEttF3wp0vgr4bXa2CmDwd2eaRksQFkaQORKKE8WrCcheYWHjqamUUpyQsMmhYQktwJDZYatezhXCzQwIEWbCgMDw3ZGWNxCwDV4/IyCUTAKRsEoGAWjYBSMglEwCkbBKBgJABAAAP//B4mJ5A==")
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000"], 0x70}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0)

5.300657898s ago: executing program 5 (id=956):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x34, 0x70, 0x9d, 0x40, 0x55f, 0xc230, 0xb6ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf2, 0xa7, 0xcc}}]}}]}}, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000000), 0x12)
r2 = syz_io_uring_setup(0x44f, &(0x7f0000000140)={0x0, 0x0, 0x10100}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000100)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000080)='./cgroup/pids.max\x00', &(0x7f0000000240)='./cgroup/pids.max/../file0\x00', r1})
io_uring_enter(r2, 0x2dbe, 0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000dc0)={0x2c, &(0x7f0000000ac0)={0x0, 0x9}, 0x0, 0x0, 0x0, 0x0})

4.259349218s ago: executing program 1 (id=958):
r0 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r0, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
listen(r0, 0xb)
landlock_restrict_self(r1, 0x0)
listen(r0, 0x0)

4.027782892s ago: executing program 1 (id=960):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='mm_lru_insertion\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r2, &(0x7f0000000180), 0x40010)

3.758769919s ago: executing program 1 (id=962):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000440)={{0x12, 0x1, 0x200, 0x4e, 0xe4, 0x1, 0x20, 0x12d1, 0x142d, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x4, 0x0, 0xc0, 0x7, [{{0x9, 0x4, 0xba, 0x3, 0x1, 0x4, 0xca, 0xcd, 0x7, [], [{{0x9, 0x5, 0x3, 0x10, 0x40, 0x1, 0x1, 0x3, [@generic={0x9, 0x4, "c604f25c1c50bc"}]}}]}}]}}]}}, 0x0)
timer_create(0x5, 0x0, 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000001300)={0x14, &(0x7f0000001180)={0x0, 0xa, 0x2, {0x2, 0x3}}, 0x0}, 0x0)
setresuid(0x0, 0x0, 0x0)
fanotify_mark(0xffffffffffffffff, 0x8, 0x0, 0xffffffffffffffff, &(0x7f0000001fc0)='./file0\x00')
lseek(0xffffffffffffffff, 0x7, 0x4)
rename(&(0x7f0000002140)='./file0\x00', &(0x7f0000002180)='./file0\x00')

3.560185068s ago: executing program 5 (id=964):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b000000000000000000180100002020702500000000fe1f20207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b7030000fdffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x18)
sync()
socket$nl_route(0x10, 0x3, 0x0)
syz_emit_vhci(&(0x7f0000000080)=ANY=[@ANYBLOB="040e0500580c"], 0x8)

1.958056979s ago: executing program 1 (id=968):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x707b, 0x0, 0x4, 0x288}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECVMSG={0xa, 0x40, 0x0, r0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0, 0x40000120, 0x4aa52520f215cfe4, {0x2}})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)

1.907250108s ago: executing program 3 (id=969):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca0000c441f96ec80fc4c60066400fe2def3ad46c7045300101000f00fc01ec422e10399c5c1202066410f6f15040000000000e1f563df", 0xdc000006, 0x0}, 0x0, 0x8, &(0x7f0000000300))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220f"], 0x0}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

1.705091123s ago: executing program 5 (id=970):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000590000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x10)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x1f6, 0x4)
sendmmsg$inet(r2, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, &(0x7f00000016c0)=[{&(0x7f0000001540)="94", 0xffe3}], 0x1}}], 0x1, 0x4000800)

1.12246451s ago: executing program 3 (id=971):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb3c5ca683a4b6fc89398f2b9000f224891060017c4700de60beac671e8e8fdecb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c5553d2ccb5fc5b51fe6b174ebd9907dcff414ed55b0d18a93ee341ab59016f81860324b800300000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4a801efdf008499d7aca1afac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x12, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r2, &(0x7f0000000940), &(0x7f0000000340)=@tcp6=r0}, 0x20)
recvfrom$inet6(r0, &(0x7f0000004000)=""/4108, 0x100c, 0xc00100e6, 0x0, 0x0)

1.087032651s ago: executing program 1 (id=972):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0x8c0, &(0x7f0000000580)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c0088ce5fbb23a78290fd1a7a5c7acc40174210098c30c6ef8ec8a9c59ea3f3f3cf285fa69e2ec4fbf8770e08c6cca9b8895dfe87e20e80310098a305a6aca69a6a5bf060418adcb86db81ff5867538f004b320fd79d2d2757a87c6655d453b45b3a3c9245d386b575594e9d4e55b8b9a0fe9f2f59b2fd6f16b911c6147dfd8bb64e43e5d68045db013b60d457071934dba721dfc890ef59a330a782b"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
socket$kcm(0x10, 0x2, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0)
mknod$loop(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000940)='./file2\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8000c61)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)

867.710416ms ago: executing program 3 (id=973):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x199)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000740)={0x100000000, 0x7ff, 0x0, 0x1})

475.727104ms ago: executing program 3 (id=974):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
fremovexattr(r0, &(0x7f00000000c0)=@known='trusted.overlay.redirect\x00')

191.366675ms ago: executing program 3 (id=975):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='rxrpc_local\x00', r0}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='rxrpc_local\x00', r0}, 0x10)
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[], 0x18}, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

0s ago: executing program 3 (id=976):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x88882, 0x0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./bus\x00', 0x1c5902, 0x2d)
write(r2, &(0x7f0000004200)='t', 0x1)
sendfile(r2, r1, 0x0, 0x7ffff000)
fallocate(r0, 0x0, 0x0, 0x1001f0)

kernel console output (not intermixed with test programs):

_block_bitmap:440: comm syz.5.587: bg 0: block 234: padding at end of block bitmap is not set
[  216.704982][ T7887] SQUASHFS error: Failed to read block 0x9b: -5
[  216.726590][ T7887] SQUASHFS error: Unable to read metadata cache entry [99]
[  216.755610][ T7887] SQUASHFS error: Unable to read inode 0x127
[  216.868853][ T7873] EXT4-fs (loop5): Remounting filesystem read-only
[  216.921505][ T7528] veth0_vlan: entered promiscuous mode
[  216.933531][ T7890] EXT4-fs (loop5): ext4_do_writepages: jbd2_start: 9223372036854775807 pages, ino 18; err -30
[  217.034400][ T7528] veth1_vlan: entered promiscuous mode
[  217.110994][ T5822] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  217.156003][ T7528] veth0_macvtap: entered promiscuous mode
[  217.195163][ T7894] loop3: detected capacity change from 0 to 4096
[  217.199129][ T7528] veth1_macvtap: entered promiscuous mode
[  217.270331][ T5837] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.308418][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  217.322001][ T5822] usb 5-1: Using ep0 maxpacket: 16
[  217.345920][ T7894] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  217.383111][ T5822] usb 5-1: config 0 interface 0 has no altsetting 0
[  217.394303][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  217.415369][ T5822] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  217.442449][ T7894] ntfs3(loop3): ino=b, mi_enum_attr
[  217.447792][ T7894] ntfs3(loop3): Failed to load $Extend (-22).
[  217.450966][ T5822] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.470817][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  217.498536][ T7902] loop1: detected capacity change from 0 to 512
[  217.511718][ T5822] usb 5-1: config 0 descriptor??
[  217.532387][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  217.550358][ T7904] loop0: detected capacity change from 0 to 256
[  217.555055][ T7894] ntfs3(loop3): Failed to initialize $Extend.
[  217.570716][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  217.582752][ T7902] EXT4-fs: Ignoring removed nobh option
[  217.598059][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  217.656938][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  217.669386][   T30] audit: type=1800 audit(1745416680.418:45): pid=7894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.595" name="file0" dev="loop3" ino=0 res=0 errno=0
[  217.670309][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  217.707339][ T7528] batman_adv: batadv0: Interface activated: batadv_slave_0
[  217.734564][ T7904] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  217.759164][ T7894] ntfs3(loop3): ino=0, "file0" encrypted i/o not supported
[  217.775965][ T7907] bond0: entered promiscuous mode
[  217.784283][ T7902] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  217.818906][ T7902] ext4 filesystem being mounted at /100/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  217.823265][ T7907] bond_slave_0: entered promiscuous mode
[  217.837962][ T7907] bond_slave_1: entered promiscuous mode
[  217.879594][   T30] audit: type=1800 audit(1745416680.618:46): pid=7904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.598" name="file1" dev="loop0" ino=27 res=0 errno=0
[  217.957750][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  217.972763][ T5822] hid (null): unknown global tag 0xd
[  217.979430][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  217.996045][ T7913] exFAT-fs (loop0): error, failed to bmap (inode : ffff8880781ca188 iblock : 8, err : -5)
[  218.011227][ T5822] hid (null): unknown global tag 0xe
[  218.021930][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.028441][   T30] audit: type=1800 audit(1745416680.758:47): pid=7902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.596" name="file1" dev="loop1" ino=15 res=0 errno=0
[  218.038236][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.052277][ T5822] hid (null): report_id 236778047 is invalid
[  218.052328][ T5822] hid (null): unknown global tag 0xc
[  218.086639][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.095769][ T7913] exFAT-fs (loop0): error, failed to bmap (inode : ffff8880781ca188 iblock : 8, err : -5)
[  218.108072][   T30] audit: type=1800 audit(1745416680.778:48): pid=7902 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.596" name="file2" dev="loop1" ino=16 res=0 errno=0
[  218.128553][ T5822] hid (null): global environment stack underflow
[  218.135179][ T5822] hid (null): report_id 0 is invalid
[  218.140739][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.147353][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.150924][ T5822] hid (null): unknown global tag 0xc
[  218.174387][ T7913] exFAT-fs (loop0): error, failed to bmap (inode : ffff8880781ca188 iblock : 9, err : -5)
[  218.179669][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.191078][ T5822] hid (null): report_id 699200399 is invalid
[  218.214799][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.224727][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.224786][ T7913] exFAT-fs (loop0): error, failed to bmap (inode : ffff8880781ca188 iblock : 10, err : -5)
[  218.224832][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.224854][ T7913] exFAT-fs (loop0): error, failed to bmap (inode : ffff8880781ca188 iblock : 11, err : -5)
[  218.224895][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.224917][ T7913] exFAT-fs (loop0): error, failed to bmap (inode : ffff8880781ca188 iblock : 12, err : -5)
[  218.237884][ T7528] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  218.270563][ T5822] usb 5-1: USB disconnect, device number 9
[  218.298496][ T7528] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  218.336502][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.400543][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.432946][ T7913] exFAT-fs (loop0): error, failed to bmap (inode : ffff8880781ca188 iblock : 13, err : -5)
[  218.449661][ T7528] batman_adv: batadv0: Interface activated: batadv_slave_1
[  218.463004][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.469026][ T7913] exFAT-fs (loop0): error, failed to bmap (inode : ffff8880781ca188 iblock : 14, err : -5)
[  218.556008][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.564538][ T7528] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  218.581011][ T7913] exFAT-fs (loop0): error, failed to bmap (inode : ffff8880781ca188 iblock : 15, err : -5)
[  218.582101][ T7528] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  218.620662][ T7528] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  218.630711][ T7528] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  218.711365][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.717533][ T7913] exFAT-fs (loop0): error, failed to bmap (inode : ffff8880781ca188 iblock : 16, err : -5)
[  218.781709][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.808087][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.861346][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.877213][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.907364][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.951614][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  218.957756][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.008122][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.024678][ T7924] loop5: detected capacity change from 0 to 2048
[  219.051839][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.058152][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.093133][ T7924] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=787, location=787
[  219.121149][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.127185][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.153635][ T7539] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.167293][ T7924] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  219.201748][ T7539] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.214895][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.222166][ T7924] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=1043, location=1043
[  219.260398][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.272747][ T7924] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=787, location=787
[  219.289431][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.306260][ T7930] loop4: detected capacity change from 0 to 512
[  219.311281][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  219.323889][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.330406][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  219.331653][ T7924] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  219.340191][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.394497][ T7930] EXT4-fs error (device loop4): ext4_orphan_get:1390: inode #15: comm syz.4.604: casefold flag without casefold feature
[  219.428974][ T7924] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=1043, location=1043
[  219.462984][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.469920][ T7930] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.604: couldn't read orphan inode 15 (err -117)
[  219.504419][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.513491][ T7930] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  219.527223][ T7924] UDF-fs: warning (device loop5): udf_fill_super: No partition found (1)
[  219.533947][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.610162][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.657339][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.669470][ T7930] EXT4-fs error (device loop4): htree_dirblock_to_tree:1053: inode #2: comm syz.4.604: Directory hole found for htree leaf block 0
[  219.697720][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.750500][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.775171][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.812204][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.841848][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.866953][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.892714][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.934295][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  219.940366][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.000227][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.069714][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.083285][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.089322][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.161104][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.167178][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.201741][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.207809][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.274005][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.280084][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.304930][ T7941] loop5: detected capacity change from 0 to 2048
[  220.349668][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.381101][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.411359][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.431757][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.448359][ T7941] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  220.461179][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.492397][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.498470][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.542666][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.596069][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.612127][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.648797][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.680738][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.724905][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.770928][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.777254][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.850814][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.881572][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.885962][ T7949] loop4: detected capacity change from 0 to 1024
[  220.887642][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.894853][ T5854] Bluetooth: hci6: command 0x1003 tx timeout
[  220.921286][ T5847] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  220.981000][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  220.987068][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.065781][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.080946][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.121130][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.127202][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.141031][ T1102] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.208424][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.226524][ T7949] hfsplus: bad catalog folder entry
[  221.228798][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.295888][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.331222][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.368554][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.378375][ T7913] exFAT-fs (loop0): error, broken FAT chain.
[  221.451553][   T30] audit: type=1800 audit(1745416684.198:49): pid=7913 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.598" name="file1" dev="loop0" ino=27 res=0 errno=0
[  221.518385][ T1102] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  221.544901][   T13] hfsplus: bad catalog file entry
[  221.954163][ T7931] syz.1.603 (7931): drop_caches: 2
[  221.992860][ T1102] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.443436][ T1102] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.896502][ T5854] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  222.905889][ T5854] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  222.914514][ T5854] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  222.930677][ T5854] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  222.945345][ T5854] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  223.473681][ T7975] uprobe: syz.0.616:7975 failed to unregister, leaking uprobe
[  223.548199][ T7973] macsec1: entered allmulticast mode
[  223.718425][ T7974] loop5: detected capacity change from 0 to 131072
[  223.763052][ T7974] F2FS-fs (loop5): Wrong CP boundary, start(512) end(1536) blocks(0)
[  223.771334][ T7974] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  223.786518][ T7974] F2FS-fs (loop5): invalid crc value
[  223.898557][ T7991] loop4: detected capacity change from 0 to 128
[  223.951661][ T7974] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  223.958818][ T7974] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  224.085502][ T7997] loop0: detected capacity change from 0 to 512
[  224.116934][   T30] audit: type=1800 audit(1745416686.858:50): pid=7991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.617" name="file1" dev="loop4" ino=28 res=0 errno=0
[  224.125442][ T7997] EXT4-fs (loop0): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  224.288762][   T30] audit: type=1800 audit(1745416686.898:51): pid=7991 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.617" name="file1" dev="loop4" ino=28 res=0 errno=0
[  224.539539][ T7997] Quota error (device loop0): v2_read_file_info: Free block number 58381 out of range (1, 6).
[  224.571703][ T8000] syz.4.617: attempt to access beyond end of device
[  224.571703][ T8000] loop4: rw=0, sector=121, nr_sectors = 8 limit=128
[  224.571924][ T7997] EXT4-fs warning (device loop0): ext4_enable_quotas:7166: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  224.625454][ T8004] syz.4.617: attempt to access beyond end of device
[  224.625454][ T8004] loop4: rw=0, sector=121, nr_sectors = 8 limit=128
[  224.807472][ T7539] kworker/u8:8: attempt to access beyond end of device
[  224.807472][ T7539] loop4: rw=1, sector=145, nr_sectors = 896 limit=128
[  224.913796][ T5835] EXT4-fs (loop0): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[  225.059105][ T5145] Bluetooth: hci0: command tx timeout
[  225.270753][ T8015] loop1: detected capacity change from 0 to 128
[  225.382007][ T8015] EXT4-fs: Ignoring removed bh option
[  225.403956][ T8015] EXT4-fs: Ignoring removed nobh option
[  225.490124][ T8015] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  225.587129][ T8015] ext4 filesystem being mounted at /104/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  225.721336][ T1102] bridge_slave_1: left allmulticast mode
[  225.727139][ T1102] bridge_slave_1: left promiscuous mode
[  225.774154][ T1102] bridge0: port 2(bridge_slave_1) entered disabled state
[  225.853790][ T5145] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  225.862580][ T5145] Bluetooth: hci3: Injecting HCI hardware error event
[  225.952229][ T1102] bridge_slave_0: left allmulticast mode
[  225.957946][ T1102] bridge_slave_0: left promiscuous mode
[  225.987356][ T1102] bridge0: port 1(bridge_slave_0) entered disabled state
[  226.154644][ T5834] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  226.457617][ T8036] loop1: detected capacity change from 0 to 256
[  226.494982][ T5145] Bluetooth: hci2: command 0x0406 tx timeout
[  226.501071][   T56] Bluetooth: hci1: command 0x0406 tx timeout
[  226.508638][   T56] Bluetooth: hci4: command 0x0406 tx timeout
[  226.514748][ T5856] Bluetooth: hci5: command 0x0406 tx timeout
[  226.514772][ T5855] Bluetooth: hci3: command 0x0405 tx timeout
[  226.607709][ T8036] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  226.689027][ T5847] Bluetooth: hci3: hardware error 0x00
[  226.729060][   T30] audit: type=1800 audit(1745416689.458:52): pid=8036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.624" name="file1" dev="loop1" ino=30 res=0 errno=0
[  226.764795][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  226.791413][ T8036] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880781cbb48 iblock : 8, err : -5)
[  226.821597][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  226.861079][ T8036] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880781cbb48 iblock : 8, err : -5)
[  226.922877][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  226.966717][ T8036] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880781cbb48 iblock : 9, err : -5)
[  227.018023][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.052513][ T8036] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880781cbb48 iblock : 10, err : -5)
[  227.091623][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.097692][ T8036] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880781cbb48 iblock : 11, err : -5)
[  227.147122][ T5849] Bluetooth: hci0: command tx timeout
[  227.230973][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.237027][ T8036] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880781cbb48 iblock : 12, err : -5)
[  227.312528][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.318589][ T8036] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880781cbb48 iblock : 13, err : -5)
[  227.441262][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.447471][ T8036] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880781cbb48 iblock : 14, err : -5)
[  227.465847][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.518302][ T8036] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880781cbb48 iblock : 15, err : -5)
[  227.557755][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.579096][ T8036] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880781cbb48 iblock : 16, err : -5)
[  227.653753][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.659827][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.691457][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.697528][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.711539][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.781631][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.787723][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.838324][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.876670][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.901284][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.920547][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.966370][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  227.991114][ T8056] Bluetooth: MGMT ver 1.23
[  228.011313][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.017391][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.066056][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.105805][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.147264][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.201335][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.207713][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.229529][ T8060] loop4: detected capacity change from 0 to 1024
[  228.248241][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.260827][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.274428][ T8060] ext4: Unknown parameter 'jqf'
[  228.298417][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.311572][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.320556][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.326640][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.333031][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.339074][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.393392][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.400027][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.425087][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.455723][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.469873][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.485000][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.523388][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.541410][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.581078][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.595457][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.603867][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.605780][ T8060] loop4: detected capacity change from 0 to 4096
[  228.626113][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.634289][ T1102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  228.644487][ T8060] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  228.649745][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.676323][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.682505][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.689390][ T1102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  228.707960][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.718288][ T1102] bond0 (unregistering): Released all slaves
[  228.748751][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.774514][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.786765][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.795391][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.806704][ T8032] netlink: 830 bytes leftover after parsing attributes in process `syz.0.636'.
[  228.862219][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.885639][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.915697][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  228.970930][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.019718][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.055508][ T5847] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  229.058395][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.185998][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.230355][ T5847] Bluetooth: hci0: command tx timeout
[  229.236357][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.293875][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.299941][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.352671][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.358752][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.430712][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.481053][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.509080][ T8083] loop0: detected capacity change from 0 to 1024
[  229.562692][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.578878][ T8083] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  229.614128][ T8066] loop3: detected capacity change from 0 to 32768
[  229.624376][ T8066] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.629 (8066)
[  229.651238][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.706482][ T8066] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  229.721410][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.747715][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.761083][ T8066] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm
[  229.784343][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.790102][ T8066] BTRFS info (device loop3): using free-space-tree
[  229.832458][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.858557][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.931586][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  229.963313][   T30] audit: type=1326 audit(1745416692.698:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8104 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25fb98e969 code=0x7ffc0000
[  230.016865][   T30] audit: type=1326 audit(1745416692.698:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8104 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25fb98e969 code=0x7ffc0000
[  230.039472][ T8036] exFAT-fs (loop1): error, broken FAT chain.
[  230.044907][   T30] audit: type=1326 audit(1745416692.698:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8104 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=133 compat=0 ip=0x7f25fb98e969 code=0x7ffc0000
[  230.068145][   T30] audit: type=1326 audit(1745416692.698:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8104 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25fb98e969 code=0x7ffc0000
[  230.093600][   T30] audit: type=1326 audit(1745416692.698:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8104 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25fb98e969 code=0x7ffc0000
[  230.116118][   T30] audit: type=1326 audit(1745416692.698:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8104 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f25fb98e969 code=0x7ffc0000
[  230.146383][   T30] audit: type=1326 audit(1745416692.698:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8104 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25fb98e969 code=0x7ffc0000
[  230.176815][   T30] audit: type=1326 audit(1745416692.698:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8104 comm="syz.4.635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f25fb98e969 code=0x7ffc0000
[  230.269738][   T30] audit: type=1800 audit(1745416692.838:61): pid=8036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.624" name="file1" dev="loop1" ino=30 res=0 errno=0
[  230.398477][ T5835] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.952535][ T5838] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  231.001432][ T1102] hsr_slave_0: left promiscuous mode
[  231.108631][ T1102] hsr_slave_1: left promiscuous mode
[  231.159923][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  231.199660][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_0
[  231.291460][ T5847] Bluetooth: hci0: command tx timeout
[  231.297554][ T1102] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  231.311083][ T1102] batman_adv: batadv0: Removing interface: batadv_slave_1
[  231.473164][ T1102] veth1_macvtap: left promiscuous mode
[  231.489681][ T1102] veth0_macvtap: left promiscuous mode
[  231.498992][ T1102] veth1_vlan: left promiscuous mode
[  231.551238][ T1102] veth0_vlan: left promiscuous mode
[  231.801833][ T8143] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  232.048169][ T8145] loop0: detected capacity change from 0 to 2048
[  232.103963][ T8145] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=18576, location=18576
[  232.204484][ T8145] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  232.224644][ T8117] loop5: detected capacity change from 0 to 32768
[  232.427079][ T8117] ea_get: invalid extended attribute
[  232.638127][ T5835] UDF-fs: warning (device loop0): udf_evict_inode: Inode 1367 (mode 100000) has inode size 65276 different from extent length 65536. Filesystem need not be standards compliant.
[  233.236297][ T8167] loop3: detected capacity change from 0 to 1024
[  233.279814][ T8167] EXT4-fs: Ignoring removed nobh option
[  233.331040][ T8167] EXT4-fs: Ignoring removed bh option
[  233.402381][ T8167] EXT4-fs error (device loop3): ext4_orphan_get:1416: comm syz.3.657: bad orphan inode 32767
[  233.485251][ T8167] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  233.494712][ T8176] loop5: detected capacity change from 0 to 64
[  233.569806][   T30] audit: type=1800 audit(1745416696.308:62): pid=8167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.657" name="file1" dev="loop3" ino=15 res=0 errno=0
[  233.644188][   T30] audit: type=1800 audit(1745416696.338:63): pid=8167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.657" name="file1" dev="loop3" ino=15 res=0 errno=0
[  233.914179][ T8181] loop0: detected capacity change from 0 to 2048
[  233.973090][ T8181] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  234.064664][ T8185] netlink: 12 bytes leftover after parsing attributes in process `syz.5.662'.
[  234.114357][   T30] audit: type=1800 audit(1745416696.858:64): pid=8181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.661" name="file1" dev="loop0" ino=15 res=0 errno=0
[  234.243988][ T5835] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.287932][ T1102] team0 (unregistering): Port device team_slave_1 removed
[  234.409692][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.422706][ T8187] loop0: detected capacity change from 0 to 64
[  234.447349][ T1102] team0 (unregistering): Port device team_slave_0 removed
[  234.705524][ T8187] Trying to free block not in datazone
[  235.265356][ T7981] chnl_net:caif_netlink_parms(): no params data found
[  235.368654][ T8185] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  235.378123][ T8185] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  235.387053][ T8185] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  235.396078][ T8185] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  235.503501][ T8185] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  235.514562][ T8185] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  235.523939][ T8185] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  235.532919][ T8185] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  235.722843][ T8202] raw_sendmsg: syz.3.669 forgot to set AF_INET. Fix it!
[  235.886223][ T8204] loop1: detected capacity change from 0 to 128
[  235.944261][ T8204] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  236.030159][ T8204] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  236.432618][ T7981] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.452268][ T7981] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.461933][ T7981] bridge_slave_0: entered allmulticast mode
[  236.503985][ T7981] bridge_slave_0: entered promiscuous mode
[  236.533341][ T7981] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.581071][ T7981] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.613616][ T7981] bridge_slave_1: entered allmulticast mode
[  236.660505][ T7981] bridge_slave_1: entered promiscuous mode
[  236.755178][ T8226] loop3: detected capacity change from 0 to 1024
[  236.855960][ T8226] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.071388][ T7981] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  237.088275][ T8226] EXT4-fs error (device loop3): __ext4_remount:6738: comm syz.3.679: Abort forced by user
[  237.136081][ T7981] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  237.149034][ T8226] EXT4-fs (loop3): Remounting filesystem read-only
[  237.175707][ T8226] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000.
[  237.371200][ T8241] netlink: 16 bytes leftover after parsing attributes in process `syz.0.683'.
[  237.421489][ T5901] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  237.431556][ T7981] team0: Port device team_slave_0 added
[  237.446557][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  237.533938][ T7981] team0: Port device team_slave_1 added
[  237.659240][ T5901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  237.698050][ T5901] usb 5-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  237.747254][ T5901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.814215][ T5901] usb 5-1: config 0 descriptor??
[  237.820138][ T8235] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  237.904161][ T7981] batman_adv: batadv0: Adding interface: batadv_slave_0
[  237.941017][ T7981] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.034837][ T7981] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  238.097762][ T7981] batman_adv: batadv0: Adding interface: batadv_slave_1
[  238.124536][ T7981] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  238.220996][ T7981] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  238.344469][ T5901] elan 0003:04F3:0755.000E: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.4-1/input0
[  238.358202][ T8266] loop1: detected capacity change from 0 to 1024
[  238.411162][   T48] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  238.426357][ T8266] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  238.527522][ T8266] ext4 filesystem being mounted at /113/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  238.556220][ T5901] usb 5-1: USB disconnect, device number 10
[  238.581977][   T48] usb 6-1: Using ep0 maxpacket: 16
[  238.604226][   T48] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  238.632644][ T7981] hsr_slave_0: entered promiscuous mode
[  238.651090][   T48] usb 6-1: config 0 has no interface number 0
[  238.663913][ T8266] EXT4-fs (loop1): shut down requested (2)
[  238.672528][ T7981] hsr_slave_1: entered promiscuous mode
[  238.692903][ T7981] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  238.700749][   T48] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  238.720172][   T48] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.750553][   T48] usb 6-1: Product: syz
[  238.751078][ T7981] Cannot create hsr debugfs directory
[  238.759018][   T48] usb 6-1: Manufacturer: syz
[  238.785565][   T48] usb 6-1: SerialNumber: syz
[  238.819135][   T48] usb 6-1: config 0 descriptor??
[  238.880628][   T48] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  238.934250][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  239.583901][ T8294] loop3: detected capacity change from 0 to 512
[  239.713690][ T8294] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  239.791146][ T8294] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  239.926540][ T8294] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.701: corrupted inode contents
[  239.958079][ T8294] EXT4-fs error (device loop3): ext4_dirty_inode:6103: inode #2: comm syz.3.701: mark_inode_dirty error
[  240.003651][ T8294] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.701: corrupted inode contents
[  240.090099][   T48] gspca_spca1528: reg_w err -71
[  240.102256][   T48] spca1528 6-1:0.1: probe with driver spca1528 failed with error -71
[  240.132232][ T8294] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.701: corrupted inode contents
[  240.172512][   T48] usb 6-1: USB disconnect, device number 5
[  240.254291][ T8294] EXT4-fs error (device loop3): ext4_dirty_inode:6103: inode #2: comm syz.3.701: mark_inode_dirty error
[  240.355128][ T8294] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.701: corrupted inode contents
[  240.411488][ T8294] EXT4-fs error (device loop3): __ext4_ext_dirty:207: inode #2: comm syz.3.701: mark_inode_dirty error
[  240.463758][ T8294] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.701: corrupted inode contents
[  240.523822][ T8294] EXT4-fs error (device loop3): ext4_dirty_inode:6103: inode #2: comm syz.3.701: mark_inode_dirty error
[  240.608839][ T8304] EXT4-fs error (device loop3): ext4_do_update_inode:5211: inode #2: comm syz.3.701: corrupted inode contents
[  240.731976][   T48] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  240.946089][ T8325] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  240.966223][   T48] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  240.979562][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.011076][   T48] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.097345][   T48] usb 1-1: config 0 descriptor??
[  241.337860][ T7981] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  241.368906][ T8335] loop4: detected capacity change from 0 to 512
[  241.392278][ T8335] EXT4-fs: Ignoring removed i_version option
[  241.392874][ T5902] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  241.455374][ T7981] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  241.481578][ T8335] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  241.524903][ T7981] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  241.581495][ T7981] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  241.611080][ T5902] usb 2-1: Using ep0 maxpacket: 16
[  241.619070][ T5902] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.650674][ T5902] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  241.685965][ T5902] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  241.705133][ T5902] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.776664][ T5902] usb 2-1: config 0 descriptor??
[  242.156536][   T48] usb 1-1: Cannot set autoneg
[  242.193925][   T48] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61
[  242.355638][ T7981] 8021q: adding VLAN 0 to HW filter on device bond0
[  242.467843][ T5904] usb 1-1: USB disconnect, device number 10
[  242.474714][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.705210][ T7981] 8021q: adding VLAN 0 to HW filter on device team0
[  242.834735][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  242.842006][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  243.020086][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  243.027372][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  243.262149][ T8347] sch_fq: defrate 0 ignored.
[  243.342947][ T8328] loop5: detected capacity change from 0 to 32768
[  243.554359][ T8328] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  244.381023][ T5902] usbhid 2-1:0.0: can't add hid device: -71
[  244.397611][ T5902] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  244.431718][ T8363] netlink: 28 bytes leftover after parsing attributes in process `syz.4.718'.
[  244.455667][ T5837] ocfs2: Unmounting device (7,5) on (node local)
[  244.532340][ T5902] usb 2-1: USB disconnect, device number 5
[  245.010698][ T8377] loop4: detected capacity change from 0 to 2048
[  245.147900][ T8377] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  245.345819][ T7981] 8021q: adding VLAN 0 to HW filter on device batadv0
[  245.587122][ T7981] veth0_vlan: entered promiscuous mode
[  245.621875][ T7981] veth1_vlan: entered promiscuous mode
[  245.645990][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.803003][ T8399] loop3: detected capacity change from 0 to 1024
[  245.813020][ T8399] EXT4-fs: Ignoring removed nobh option
[  245.818660][ T8399] EXT4-fs: Ignoring removed bh option
[  245.909779][ T8399] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.930460][ T7981] veth0_macvtap: entered promiscuous mode
[  246.097148][ T7981] veth1_macvtap: entered promiscuous mode
[  246.156028][ T8409] netlink: 'syz.4.729': attribute type 1 has an invalid length.
[  246.196910][ T7981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  246.213498][ T7981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.227498][ T7981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  246.234294][ T8409] netlink: 20 bytes leftover after parsing attributes in process `syz.4.729'.
[  246.274141][ T7981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.295159][ T7981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  246.318077][ T7981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.358798][ T7981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  246.400031][ T7981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.447136][ T7981] batman_adv: batadv0: Interface activated: batadv_slave_0
[  246.503643][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.526506][ T7981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  246.534987][ T8420] loop1: detected capacity change from 0 to 512
[  246.562728][ T7981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.616877][ T7981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  246.648265][ T8420] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  246.701139][ T7981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.726574][ T7981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  246.789597][ T7981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.807536][ T8420] Quota error (device loop1): do_check_range: Getting dqdh_entries 1536 out of range 0-14
[  246.851087][ T7981] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  246.853830][ T8420] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  246.897651][ T7981] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  246.915073][ T8420] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.735: Failed to acquire dquot type 1
[  246.970273][ T7981] batman_adv: batadv0: Interface activated: batadv_slave_1
[  247.046239][ T7981] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  247.122016][ T8420] EXT4-fs (loop1): 1 truncate cleaned up
[  247.129989][ T7981] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  247.172158][ T8420] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.184831][ T7981] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  247.231407][ T7981] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  247.264225][ T8420] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  247.748126][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.881801][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.889663][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  248.180126][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  248.200991][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  248.240020][ T8452] netlink: 96 bytes leftover after parsing attributes in process `syz.4.743'.
[  248.562112][ T8460] kernel read not supported for file /eth0 (pid: 8460 comm: syz.3.746)
[  248.655516][   T30] audit: type=1800 audit(1745416711.388:65): pid=8460 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.746" name="eth0" dev="mqueue" ino=15985 res=0 errno=0
[  248.983720][ T8468] loop1: detected capacity change from 0 to 256
[  249.089255][ T8468] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  249.451185][  T971] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  249.612325][  T971] usb 6-1: Using ep0 maxpacket: 16
[  249.653208][  T971] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[  249.671542][  T971] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  249.717640][   T81] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  249.741170][  T971] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  249.765201][  T971] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  249.767108][ T1102] nci: nci_rx_work: unknown MT 0x1
[  249.799675][  T971] usb 6-1: config 0 descriptor??
[  249.937409][   T81] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.161372][   T81] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.280807][  T971] kovaplus 0003:1E7D:2D50.000F: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.5-1/input0
[  250.442053][   T81] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  250.849741][ T8497] loop0: detected capacity change from 0 to 128
[  250.973916][ T8497] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  251.091398][ T8497] ext4 filesystem being mounted at /141/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  251.102933][  T971] kovaplus 0003:1E7D:2D50.000F: couldn't init struct kovaplus_device
[  251.123728][   T81] bridge_slave_1: left allmulticast mode
[  251.129446][   T81] bridge_slave_1: left promiscuous mode
[  251.155969][  T971] kovaplus 0003:1E7D:2D50.000F: couldn't install mouse
[  251.194218][   T81] bridge0: port 2(bridge_slave_1) entered disabled state
[  251.203810][  T971] kovaplus 0003:1E7D:2D50.000F: probe with driver kovaplus failed with error -71
[  251.238952][   T81] bridge_slave_0: left allmulticast mode
[  251.262397][   T81] bridge_slave_0: left promiscuous mode
[  251.286981][  T971] usb 6-1: USB disconnect, device number 6
[  251.308347][   T81] bridge0: port 1(bridge_slave_0) entered disabled state
[  251.434584][ T5835] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  251.513242][ T5849] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  251.523181][ T5849] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  251.532486][ T5849] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  251.541640][ T5849] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  251.550633][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  252.198575][ T8532] netlink: 4 bytes leftover after parsing attributes in process `syz.0.766'.
[  252.657454][ T8521] loop4: detected capacity change from 0 to 32768
[  252.798700][ T8521] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  252.857049][   T30] audit: type=1800 audit(1745416715.598:66): pid=8521 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.764" name="file1" dev="loop4" ino=17058 res=0 errno=0
[  252.880281][   T81] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  252.893767][   T81] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  252.909287][   T81] bond0 (unregistering): Released all slaves
[  252.932137][ T8503] Zero length message leads to an empty skb
[  253.011873][   T30] audit: type=1800 audit(1745416715.758:67): pid=8541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.764" name="file1" dev="loop4" ino=17058 res=0 errno=0
[  253.288116][ T5836] ocfs2: Unmounting device (7,4) on (node local)
[  253.408788][ T8532] hsr_slave_1 (unregistering): left promiscuous mode
[  253.691050][ T5849] Bluetooth: hci0: command tx timeout
[  254.232190][ T8569] loop3: detected capacity change from 0 to 128
[  254.698338][ T8583] loop1: detected capacity change from 0 to 1024
[  254.707394][ T8583] EXT4-fs: Ignoring removed nobh option
[  254.713034][ T8583] EXT4-fs: Ignoring removed bh option
[  254.777978][ T8583] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.827440][   T81] hsr_slave_0: left promiscuous mode
[  254.984900][   T81] hsr_slave_1: left promiscuous mode
[  255.017513][   T81] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  255.053065][   T81] batman_adv: batadv0: Removing interface: batadv_slave_0
[  255.127931][   T81] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  255.171921][   T81] batman_adv: batadv0: Removing interface: batadv_slave_1
[  255.334198][   T81] veth1_macvtap: left promiscuous mode
[  255.360253][   T81] veth0_macvtap: left promiscuous mode
[  255.370319][   T81] veth1_vlan: left promiscuous mode
[  255.379298][   T81] veth0_vlan: left promiscuous mode
[  255.493964][ T5904] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  255.571126][ T5902] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  255.696443][ T5904] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  255.715657][ T5904] usb 1-1: config 0 has no interface number 0
[  255.735827][ T5904] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  255.773363][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.774099][ T5849] Bluetooth: hci0: command tx timeout
[  255.792609][ T5902] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=e1.a4
[  255.807536][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.832876][ T5902] usb 4-1: config 0 descriptor??
[  255.835372][ T5904] usb 1-1: config 0 descriptor??
[  255.844012][ T5902] gspca_main: sonixj-2.14.0 probing 0471:0327
[  255.886768][ T5904] cp210x 1-1:0.1: cp210x converter detected
[  255.940398][ T8619] loop4: detected capacity change from 0 to 2048
[  255.996939][ T8619] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  256.185795][ T5836] UDF-fs: warning (device loop4): udf_evict_inode: Inode 1436 (mode 120777) has inode size 14 different from extent length 512. Filesystem need not be standards compliant.
[  256.293668][ T5904] cp210x 1-1:0.1: failed to get vendor val 0x000e size 3: -32
[  256.552528][ T5904] usb 1-1: cp210x converter now attached to ttyUSB0
[  256.786035][ T5904] usb 1-1: USB disconnect, device number 11
[  256.837826][ T5904] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  256.931641][ T5904] cp210x 1-1:0.1: device disconnected
[  257.088700][ T5902] gspca_sonixj: reg_w1 err -71
[  257.118187][ T5902] sonixj 4-1:0.0: probe with driver sonixj failed with error -71
[  257.152047][ T5902] usb 4-1: USB disconnect, device number 5
[  257.176499][   T81] team0 (unregistering): Port device team_slave_1 removed
[  257.244191][   T81] team0 (unregistering): Port device team_slave_0 removed
[  257.295733][   T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  257.469963][   T10] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  257.502793][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.511176][   T10] usb 5-1: Product: syz
[  257.515421][   T10] usb 5-1: Manufacturer: syz
[  257.520081][   T10] usb 5-1: SerialNumber: syz
[  257.544562][   T10] usb 5-1: config 0 descriptor??
[  257.861169][ T5849] Bluetooth: hci0: command tx timeout
[  257.986846][   T10] usb 5-1: Firmware: major: 108, minor: 98, hardware type: RZUSB (3)
[  258.159623][ T8646] loop3: detected capacity change from 0 to 128
[  258.185230][   T10] usb 5-1: Read permanent extended address 50:6c:c6:83:10:82:2a:1e from device
[  258.242839][   T30] audit: type=1800 audit(1745416720.978:68): pid=8646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.802" name="bus" dev="loop3" ino=44 res=0 errno=0
[  258.330233][ T8646] syz.3.802: attempt to access beyond end of device
[  258.330233][ T8646] loop3: rw=0, sector=121, nr_sectors = 920 limit=128
[  258.623142][   T10] usb 5-1: USB disconnect, device number 11
[  258.694967][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.063316][ T8665] loop1: detected capacity change from 0 to 8
[  259.100292][ T8665] squashfs: Unknown parameter '01777777777777777777777ÿÿÿÿÿÿÿÿ'
[  259.350790][ T8507] chnl_net:caif_netlink_parms(): no params data found
[  259.931197][ T5849] Bluetooth: hci0: command tx timeout
[  259.991278][ T8680] loop4: detected capacity change from 0 to 2048
[  260.113345][ T8680] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  260.188652][ T8507] bridge0: port 1(bridge_slave_0) entered blocking state
[  260.242671][ T8507] bridge0: port 1(bridge_slave_0) entered disabled state
[  260.250000][ T8507] bridge_slave_0: entered allmulticast mode
[  260.316269][ T8507] bridge_slave_0: entered promiscuous mode
[  260.346172][ T8507] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.399594][ T8507] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.441345][ T8507] bridge_slave_1: entered allmulticast mode
[  260.463258][ T8507] bridge_slave_1: entered promiscuous mode
[  260.794365][ T8507] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  260.837683][ T8697] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  260.867602][ T8665] loop1: detected capacity change from 0 to 32768
[  260.887441][ T8507] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  261.097670][ T8676] loop3: detected capacity change from 0 to 32768
[  261.138309][ T8676] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.810 (8676)
[  261.184298][ T8676] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  261.247373][ T8676] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm
[  261.300195][ T8676] BTRFS info (device loop3): using free-space-tree
[  261.355022][ T8507] team0: Port device team_slave_0 added
[  261.393619][ T8507] team0: Port device team_slave_1 added
[  261.462547][ T8686] loop0: detected capacity change from 0 to 40427
[  261.483778][ T8686] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x3fffff
[  261.526267][ T8686] F2FS-fs (loop0): Image doesn't support compression
[  261.570293][ T8686] F2FS-fs (loop0): heap/no_heap options were deprecated
[  261.616277][ T8686] F2FS-fs (loop0): Image doesn't support compression
[  261.646835][ T8676] BTRFS error (device loop3): balance: invalid convert data profile raid1c4
[  261.668215][ T8686] F2FS-fs (loop0): invalid crc value
[  261.758386][ T8507] batman_adv: batadv0: Adding interface: batadv_slave_0
[  261.784720][ T8507] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.854310][ T8507] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  261.921790][ T8507] batman_adv: batadv0: Adding interface: batadv_slave_1
[  261.928801][ T8507] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  261.964045][ T5838] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  261.994234][ T8686] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  262.003115][ T8507] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  262.273136][   T30] audit: type=1800 audit(1745416725.008:69): pid=8686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.812" name="file1" dev="loop0" ino=10 res=0 errno=0
[  262.284262][ T8686] F2FS-fs (loop0): inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x426/0x21d0
[  262.434343][ T8507] hsr_slave_0: entered promiscuous mode
[  262.469080][ T8507] hsr_slave_1: entered promiscuous mode
[  262.496541][ T8507] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  262.543152][ T8507] Cannot create hsr debugfs directory
[  262.670273][ T5835] syz-executor: attempt to access beyond end of device
[  262.670273][ T5835] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  262.747119][ T5835] CPU: 0 UID: 0 PID: 5835 Comm: syz-executor Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  262.747174][ T5835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  262.747197][ T5835] Call Trace:
[  262.747208][ T5835]  <TASK>
[  262.747222][ T5835]  dump_stack_lvl+0x16c/0x1f0
[  262.747284][ T5835]  f2fs_handle_critical_error+0x621/0x9f0
[  262.747337][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.747383][ T5835]  ? __asan_memset+0x23/0x50
[  262.747434][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.747492][ T5835]  f2fs_write_end_io+0x73d/0xac0
[  262.747556][ T5835]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  262.747621][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.747679][ T5835]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  262.747744][ T5835]  bio_endio+0x6d2/0x810
[  262.747805][ T5835]  submit_bio_noacct+0x56d/0x1ec0
[  262.747859][ T5835]  __submit_merged_bio+0x33c/0x770
[  262.747923][ T5835]  __submit_merged_write_cond+0x319/0x3f0
[  262.747995][ T5835]  f2fs_write_cache_pages+0x2139/0x2680
[  262.748092][ T5835]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  262.748162][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.748207][ T5835]  ? __lock_acquire+0x5ca/0x1ba0
[  262.748251][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.748296][ T5835]  ? __lock_acquire+0x5ca/0x1ba0
[  262.748433][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.748476][ T5835]  ? lock_acquire+0x179/0x350
[  262.748517][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.748572][ T5835]  f2fs_write_data_pages+0x4ad/0xd90
[  262.748621][ T5835]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  262.748700][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.748757][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.748804][ T5835]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  262.748872][ T5835]  do_writepages+0x1b5/0x820
[  262.748935][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.748984][ T5835]  ? __pfx_do_writepages+0x10/0x10
[  262.749042][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.749090][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.749136][ T5835]  ? do_raw_spin_lock+0x12c/0x2b0
[  262.749178][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.749223][ T5835]  ? find_held_lock+0x2b/0x80
[  262.749275][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.749326][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.749372][ T5835]  ? do_raw_spin_unlock+0x172/0x230
[  262.749417][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.749472][ T5835]  filemap_fdatawrite_wbc+0x104/0x160
[  262.749534][ T5835]  __filemap_fdatawrite_range+0xb2/0xf0
[  262.749576][ T5835]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  262.749680][ T5835]  ? find_held_lock+0x2b/0x80
[  262.749738][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.749785][ T5835]  ? do_raw_spin_unlock+0x172/0x230
[  262.749830][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.749883][ T5835]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  262.749946][ T5835]  block_operations+0x2a3/0xfd0
[  262.749999][ T5835]  ? __pfx_block_operations+0x10/0x10
[  262.750101][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.750146][ T5835]  ? down_write+0x14d/0x200
[  262.750181][ T5835]  ? __pfx_down_write+0x10/0x10
[  262.750217][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.750263][ T5835]  ? rcu_is_watching+0x12/0xc0
[  262.750319][ T5835]  f2fs_write_checkpoint+0x2b8/0x45b0
[  262.750366][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.750411][ T5835]  ? kfree+0x2b6/0x4d0
[  262.750458][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.750508][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.750553][ T5835]  ? rcu_is_watching+0x12/0xc0
[  262.750601][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.750647][ T5835]  ? kthread_stop+0x273/0x650
[  262.750694][ T5835]  kill_f2fs_super+0x3c2/0x470
[  262.750742][ T5835]  ? __pfx_kill_f2fs_super+0x10/0x10
[  262.750781][ T5835]  ? lockdep_hardirqs_on+0x7c/0x110
[  262.750857][ T5835]  deactivate_locked_super+0xc1/0x1a0
[  262.750913][ T5835]  deactivate_super+0xde/0x100
[  262.750967][ T5835]  cleanup_mnt+0x225/0x450
[  262.751026][ T5835]  task_work_run+0x150/0x240
[  262.751073][ T5835]  ? __pfx_task_work_run+0x10/0x10
[  262.751115][ T5835]  ? srso_alias_return_thunk+0x5/0xfbef5
[  262.751165][ T5835]  ? __pfx___x64_sys_umount+0x10/0x10
[  262.751236][ T5835]  syscall_exit_to_user_mode+0x27b/0x2a0
[  262.751297][ T5835]  do_syscall_64+0xda/0x260
[  262.751360][ T5835]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  262.751399][ T5835] RIP: 0033:0x7f5859b8fc97
[  262.751429][ T5835] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  262.751465][ T5835] RSP: 002b:00007fff4f3968b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  262.751500][ T5835] RAX: 0000000000000000 RBX: 00007f5859c1089d RCX: 00007f5859b8fc97
[  262.751524][ T5835] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff4f396970
[  262.751548][ T5835] RBP: 00007fff4f396970 R08: 0000000000000000 R09: 0000000000000000
[  262.751571][ T5835] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff4f397a00
[  262.751595][ T5835] R13: 00007f5859c1089d R14: 00000000000400ee R15: 00007fff4f397a40
[  262.751647][ T5835]  </TASK>
[  262.792097][ T8731] loop3: detected capacity change from 0 to 1024
[  262.848887][ T5835] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  262.867572][ T8729] loop6: detected capacity change from 0 to 524287999
[  262.997938][ T8736] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  263.292035][ T8731] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  263.371196][ T8736] I/O error, dev loop6, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  263.380615][ T8736] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  263.392051][ T8731] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  263.415555][ T8736] Buffer I/O error on dev loop6, logical block 0, lost async page write
[  263.424857][ T8731] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (29254!=20869)
[  263.455162][ T8731] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  263.529072][ T8731] EXT4-fs (loop3): journal inode is deleted
[  264.024686][ T8752] loop4: detected capacity change from 0 to 1024
[  264.105487][ T8752] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  264.274758][   T30] audit: type=1800 audit(1745416727.018:70): pid=8752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.824" name="file1" dev="loop4" ino=15 res=0 errno=0
[  264.607378][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.197832][ T8780] loop4: detected capacity change from 0 to 1024
[  265.342957][ T8780] EXT4-fs error (device loop4): ext4_orphan_get:1416: comm syz.4.831: bad orphan inode 1
[  265.381702][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  265.388271][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  265.445988][ T8780] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  265.744542][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.129396][ T8770] loop5: detected capacity change from 0 to 32768
[  266.195413][ T8770] 
[  266.195413][ T8770]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  266.195413][ T8770] 
[  266.212531][ T8507] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  266.282269][ T8507] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  266.329062][ T8778] loop1: detected capacity change from 0 to 40427
[  266.337246][ T8507] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  266.351302][ T8770] 
[  266.351302][ T8770]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  266.351302][ T8770] 
[  266.387494][ T8778] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x3fffff
[  266.399716][ T8507] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  266.466492][ T8770] 
[  266.466492][ T8770]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  266.466492][ T8770] 
[  266.495932][ T8778] F2FS-fs (loop1): invalid crc value
[  266.506921][ T8803] 
[  266.506921][ T8803]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  266.506921][ T8803] 
[  266.553205][ T8803] 
[  266.553205][ T8803]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  266.553205][ T8803] 
[  266.805813][ T5837] 
[  266.805813][ T5837]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  266.805813][ T5837] 
[  266.845624][ T5837] 
[  266.845624][ T5837]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  266.845624][ T5837] 
[  266.868226][ T8778] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  266.985106][ T8507] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.993972][ T8813] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  267.026959][ T8778] F2FS-fs (loop1): inject inconsistent footer in sanity_check_node_footer of __get_node_folio+0x12d/0x1b0
[  267.121980][ T8778] F2FS-fs (loop1): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  267.125758][ T8507] 8021q: adding VLAN 0 to HW filter on device team0
[  267.296526][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  267.303792][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  267.365081][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  267.372312][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  267.396977][ T8792] loop0: detected capacity change from 0 to 32768
[  267.415391][ T5834] syz-executor: attempt to access beyond end of device
[  267.415391][ T5834] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  267.423987][ T8792] XFS: attr2 mount option is deprecated.
[  267.525349][ T5834] CPU: 0 UID: 0 PID: 5834 Comm: syz-executor Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  267.525402][ T5834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  267.525424][ T5834] Call Trace:
[  267.525435][ T5834]  <TASK>
[  267.525449][ T5834]  dump_stack_lvl+0x16c/0x1f0
[  267.525517][ T5834]  f2fs_handle_critical_error+0x621/0x9f0
[  267.525569][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.525614][ T5834]  ? __asan_memset+0x23/0x50
[  267.525663][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.525721][ T5834]  f2fs_write_end_io+0x73d/0xac0
[  267.525780][ T5834]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  267.525844][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.525899][ T5834]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  267.525953][ T5834]  bio_endio+0x6d2/0x810
[  267.526013][ T5834]  submit_bio_noacct+0x56d/0x1ec0
[  267.526065][ T5834]  __submit_merged_bio+0x33c/0x770
[  267.526127][ T5834]  __submit_merged_write_cond+0x319/0x3f0
[  267.526197][ T5834]  f2fs_write_cache_pages+0x2139/0x2680
[  267.526291][ T5834]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  267.526357][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.526400][ T5834]  ? __lock_acquire+0x5ca/0x1ba0
[  267.526443][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.526487][ T5834]  ? __lock_acquire+0x5ca/0x1ba0
[  267.526623][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.526667][ T5834]  ? lock_acquire+0x179/0x350
[  267.526707][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.526760][ T5834]  f2fs_write_data_pages+0x4ad/0xd90
[  267.526805][ T5834]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  267.526878][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.526922][ T5834]  ? lru_gen_add_folio+0x1a4/0xef0
[  267.526968][ T5834]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  267.527033][ T5834]  do_writepages+0x1b5/0x820
[  267.527092][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.527140][ T5834]  ? __pfx_do_writepages+0x10/0x10
[  267.527194][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.527241][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.527285][ T5834]  ? do_raw_spin_lock+0x12c/0x2b0
[  267.527325][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.527369][ T5834]  ? find_held_lock+0x2b/0x80
[  267.527419][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.527467][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.527515][ T5834]  ? do_raw_spin_unlock+0x172/0x230
[  267.527558][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.527611][ T5834]  filemap_fdatawrite_wbc+0x104/0x160
[  267.527670][ T5834]  __filemap_fdatawrite_range+0xb2/0xf0
[  267.527711][ T5834]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  267.527814][ T5834]  ? find_held_lock+0x2b/0x80
[  267.527864][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.527909][ T5834]  ? do_raw_spin_unlock+0x172/0x230
[  267.527952][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.528005][ T5834]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  267.528066][ T5834]  block_operations+0x2a3/0xfd0
[  267.528101][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.528145][ T5834]  ? stack_depot_save_flags+0x28/0xa50
[  267.528202][ T5834]  ? __pfx_block_operations+0x10/0x10
[  267.528237][ T5834]  ? kasan_save_stack+0x42/0x60
[  267.528352][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.528396][ T5834]  ? down_write+0x14d/0x200
[  267.528429][ T5834]  ? __pfx_down_write+0x10/0x10
[  267.528465][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.528516][ T5834]  ? rcu_is_watching+0x12/0xc0
[  267.528571][ T5834]  f2fs_write_checkpoint+0x2b8/0x45b0
[  267.528616][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.528660][ T5834]  ? kfree+0x2b6/0x4d0
[  267.528703][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.528747][ T5834]  ? lockdep_hardirqs_on+0x7c/0x110
[  267.528799][ T5834]  ? f2fs_stop_gc_thread+0x79/0xd0
[  267.528845][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.528901][ T5834]  kill_f2fs_super+0x3c2/0x470
[  267.528942][ T5834]  ? __pfx_kill_f2fs_super+0x10/0x10
[  267.528981][ T5834]  ? lockdep_hardirqs_on+0x7c/0x110
[  267.529055][ T5834]  deactivate_locked_super+0xc1/0x1a0
[  267.529108][ T5834]  deactivate_super+0xde/0x100
[  267.529161][ T5834]  cleanup_mnt+0x225/0x450
[  267.529217][ T5834]  task_work_run+0x150/0x240
[  267.529264][ T5834]  ? __pfx_task_work_run+0x10/0x10
[  267.529305][ T5834]  ? srso_alias_return_thunk+0x5/0xfbef5
[  267.529353][ T5834]  ? __pfx___x64_sys_umount+0x10/0x10
[  267.529421][ T5834]  syscall_exit_to_user_mode+0x27b/0x2a0
[  267.529480][ T5834]  do_syscall_64+0xda/0x260
[  267.529546][ T5834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  267.529583][ T5834] RIP: 0033:0x7fbb9958fc97
[  267.529612][ T5834] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  267.529648][ T5834] RSP: 002b:00007ffcc16b1518 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  267.529683][ T5834] RAX: 0000000000000000 RBX: 00007fbb9961089d RCX: 00007fbb9958fc97
[  267.529707][ T5834] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcc16b15d0
[  267.529729][ T5834] RBP: 00007ffcc16b15d0 R08: 0000000000000000 R09: 0000000000000000
[  267.529752][ T5834] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcc16b2660
[  267.529776][ T5834] R13: 00007fbb9961089d R14: 00000000000413cd R15: 00007ffcc16b26a0
[  267.529827][ T5834]  </TASK>
[  267.788864][ T8823] loop3: detected capacity change from 0 to 32768
[  268.067867][ T5834] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  268.120536][ T8792] XFS: ikeep mount option is deprecated.
[  268.160069][ T8829] loop4: detected capacity change from 0 to 1024
[  268.192726][ T8823] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  268.250669][ T8823] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  268.270539][ T8792] XFS: noikeep mount option is deprecated.
[  268.340393][ T8823] XFS (loop3): Starting recovery (logdev: internal)
[  268.378062][ T8823] XFS (loop3): Ending recovery (logdev: internal)
[  268.388368][ T8829] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  268.459124][ T8792] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  268.595884][ T5838] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  268.682084][ T8792] XFS (loop0): Ending clean mount
[  268.707810][ T5836] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.762616][ T8792] XFS (loop0): Quotacheck needed: Please wait.
[  268.973152][ T8792] XFS (loop0): Quotacheck: Done.
[  269.204849][ T8826] loop5: detected capacity change from 0 to 32768
[  269.232227][ T5835] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  269.392744][ T8826] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode.
[  269.594389][ T8507] 8021q: adding VLAN 0 to HW filter on device batadv0
[  269.705954][   T30] audit: type=1800 audit(1745416732.448:71): pid=8826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.838" name="file1" dev="loop5" ino=17058 res=0 errno=0
[  269.914234][ T8875] netlink: 68 bytes leftover after parsing attributes in process `syz.3.843'.
[  269.956585][   T30] audit: type=1800 audit(1745416732.698:72): pid=8876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.838" name="file1" dev="loop5" ino=17058 res=0 errno=0
[  270.120069][ T8507] veth0_vlan: entered promiscuous mode
[  270.131001][ T5911] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  270.219416][ T8507] veth1_vlan: entered promiscuous mode
[  270.320148][ T8884] loop1: detected capacity change from 0 to 1024
[  270.327592][ T5911] usb 5-1: Using ep0 maxpacket: 16
[  270.335589][ T8507] veth0_macvtap: entered promiscuous mode
[  270.357234][ T8886] netlink: 68 bytes leftover after parsing attributes in process `syz.3.848'.
[  270.362783][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.395049][ T8507] veth1_macvtap: entered promiscuous mode
[  270.402819][ T5911] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.425198][ T5911] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  270.473431][ T8884] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  270.478736][ T5837] ocfs2: Unmounting device (7,5) on (node local)
[  270.487566][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.519817][   T30] audit: type=1800 audit(1745416733.258:73): pid=8884 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.841" name="file1" dev="loop1" ino=15 res=0 errno=0
[  270.542461][ T5911] usb 5-1: config 0 descriptor??
[  270.562866][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.646743][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.716096][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.765772][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.797189][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.861387][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.926426][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.957241][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.995240][ T8507] batman_adv: batadv0: Interface activated: batadv_slave_0
[  271.007584][ T5834] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.076498][ T5911] input: HID 05ac:8241 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:05AC:8241.0010/input/input15
[  271.125684][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.179197][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.231085][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.234327][ T5911] appleir 0003:05AC:8241.0010: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.4-1/input0
[  271.278134][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.315767][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.371087][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.435909][ T8507] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  271.500929][ T8507] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  271.543187][ T8507] batman_adv: batadv0: Interface activated: batadv_slave_1
[  271.635864][ T8507] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  271.672609][ T5904] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  271.697746][ T8507] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  271.743170][ T8507] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  271.794135][ T8507] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  271.845871][ T5904] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  271.889229][ T5904] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  271.922273][ T5904] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.979063][ T5911] usb 5-1: USB disconnect, device number 12
[  272.002206][ T5904] usb 2-1: config 0 descriptor??
[  272.460328][ T5904] keytouch 0003:0926:3333.0011: fixing up Keytouch IEC report descriptor
[  272.526973][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.537115][ T5904] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0011/input/input16
[  272.582507][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  272.724015][ T1323] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  272.777557][ T1323] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  272.868843][ T5904] keytouch 0003:0926:3333.0011: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  273.030170][ T8941] loop1: detected capacity change from 0 to 8
[  273.102257][ T8941] SQUASHFS error: zlib decompression failed, data probably corrupt
[  273.162227][ T8941] SQUASHFS error: Failed to read block 0x9b: -5
[  273.168546][ T8941] SQUASHFS error: Unable to read metadata cache entry [99]
[  273.175971][  T971] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  273.210246][ T8941] SQUASHFS error: Unable to read inode 0x127
[  273.255406][ T8943] loop0: detected capacity change from 0 to 1024
[  273.391620][  T971] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  273.429660][  T971] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  273.517144][  T971] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  273.583089][  T971] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  273.611355][  T971] usb 5-1: SerialNumber: syz
[  273.806796][ T8537] hfsplus: b-tree write err: -5, ino 8
[  273.888956][  T971] usb 5-1: 0:2 : does not exist
[  274.013242][  T971] usb 5-1: USB disconnect, device number 13
[  274.019406][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888025151000: rx timeout, send abort
[  274.019998][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff888025151000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  274.205202][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.232664][ T8953] input: syz1 as /devices/virtual/input/input17
[  274.642666][ T5898] udevd[5898]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  275.154921][  T971] usb 2-1: USB disconnect, device number 6
[  275.175791][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  275.950715][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.105045][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  276.757626][   T30] audit: type=1326 audit(1745416739.498:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8982 comm="syz.0.868" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5859b8e969 code=0x0
[  276.788171][   T12] bridge_slave_1: left allmulticast mode
[  276.816118][   T12] bridge_slave_1: left promiscuous mode
[  276.862545][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.918789][   T12] bridge_slave_0: left allmulticast mode
[  276.932846][   T12] bridge_slave_0: left promiscuous mode
[  276.948868][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.975673][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888033d2e000: rx timeout, send abort
[  277.484068][    C1] vxcan0: j1939_tp_rxtimer: 0xffff888033d2e000: abort rx timeout. Force session deactivation
[  277.557789][ T5847] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  277.570283][ T5847] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  277.579007][ T5847] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  277.588389][ T5847] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  277.596639][ T5847] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  278.204912][ T8969] loop5: detected capacity change from 0 to 40427
[  278.251462][ T8969] F2FS-fs (loop5): Fix alignment : done, start(4096) end(16896) block(12288)
[  278.275118][ T8969] F2FS-fs (loop5): invalid crc value
[  278.503187][ T8969] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  278.579861][   T30] audit: type=1800 audit(1745416741.318:75): pid=8969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.867" name="bus" dev="loop5" ino=10 res=0 errno=0
[  278.641959][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  278.672048][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  278.687025][   T12] bond0 (unregistering): Released all slaves
[  278.709930][ T5837] syz-executor: attempt to access beyond end of device
[  278.709930][ T5837] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  278.724554][ T5837] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  278.724605][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  278.724628][ T5837] Call Trace:
[  278.724640][ T5837]  <TASK>
[  278.724653][ T5837]  dump_stack_lvl+0x16c/0x1f0
[  278.724718][ T5837]  f2fs_handle_critical_error+0x621/0x9f0
[  278.724782][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.724828][ T5837]  ? __asan_memset+0x23/0x50
[  278.724877][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.724933][ T5837]  f2fs_write_end_io+0x73d/0xac0
[  278.724999][ T5837]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  278.725055][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.725112][ T5837]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  278.725168][ T5837]  bio_endio+0x6d2/0x810
[  278.725231][ T5837]  submit_bio_noacct+0x56d/0x1ec0
[  278.725286][ T5837]  __submit_merged_bio+0x33c/0x770
[  278.725352][ T5837]  __submit_merged_write_cond+0x319/0x3f0
[  278.725426][ T5837]  f2fs_write_cache_pages+0x2139/0x2680
[  278.725531][ T5837]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  278.725591][ T5837]  ? lock_acquire+0x179/0x350
[  278.725636][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.725680][ T5837]  ? lock_acquire+0x179/0x350
[  278.725716][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.725768][ T5837]  ? find_held_lock+0x2b/0x80
[  278.725821][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.725893][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.725938][ T5837]  ? __lock_acquire+0xaa4/0x1ba0
[  278.725998][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.726043][ T5837]  ? do_raw_spin_lock+0x12c/0x2b0
[  278.726141][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.726187][ T5837]  ? lock_acquire+0x179/0x350
[  278.726222][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.726277][ T5837]  f2fs_write_data_pages+0x4ad/0xd90
[  278.726329][ T5837]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  278.726383][ T5837]  ? free_unref_folios+0x1097/0x1630
[  278.726438][ T5837]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  278.726488][ T5837]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  278.726538][ T5837]  do_writepages+0x1b5/0x820
[  278.726586][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.726623][ T5837]  ? __pfx_do_writepages+0x10/0x10
[  278.726665][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.726700][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.726744][ T5837]  ? do_raw_spin_lock+0x12c/0x2b0
[  278.726775][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.726808][ T5837]  ? find_held_lock+0x2b/0x80
[  278.726847][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.726884][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.726918][ T5837]  ? do_raw_spin_unlock+0x172/0x230
[  278.726952][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.726993][ T5837]  filemap_fdatawrite_wbc+0x104/0x160
[  278.727039][ T5837]  __filemap_fdatawrite_range+0xb2/0xf0
[  278.727070][ T5837]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  278.727158][ T5837]  ? find_held_lock+0x2b/0x80
[  278.727195][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.727230][ T5837]  ? do_raw_spin_unlock+0x172/0x230
[  278.727263][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.727303][ T5837]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  278.727361][ T5837]  block_operations+0x2a3/0xfd0
[  278.727418][ T5837]  ? __pfx_block_operations+0x10/0x10
[  278.727509][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.727542][ T5837]  ? down_write+0x14d/0x200
[  278.727568][ T5837]  ? __pfx_down_write+0x10/0x10
[  278.727596][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.727629][ T5837]  ? rcu_is_watching+0x12/0xc0
[  278.727672][ T5837]  f2fs_write_checkpoint+0x2b8/0x45b0
[  278.727707][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.727745][ T5837]  ? kfree+0x2b6/0x4d0
[  278.727779][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.727817][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.727850][ T5837]  ? rcu_is_watching+0x12/0xc0
[  278.727884][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.727918][ T5837]  ? kthread_stop+0x273/0x650
[  278.727952][ T5837]  kill_f2fs_super+0x3c2/0x470
[  278.727983][ T5837]  ? __pfx_kill_f2fs_super+0x10/0x10
[  278.728012][ T5837]  ? lockdep_hardirqs_on+0x7c/0x110
[  278.728073][ T5837]  deactivate_locked_super+0xc1/0x1a0
[  278.728115][ T5837]  deactivate_super+0xde/0x100
[  278.728156][ T5837]  cleanup_mnt+0x225/0x450
[  278.728200][ T5837]  task_work_run+0x150/0x240
[  278.728236][ T5837]  ? __pfx_task_work_run+0x10/0x10
[  278.728267][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.728303][ T5837]  ? __pfx___x64_sys_umount+0x10/0x10
[  278.728357][ T5837]  syscall_exit_to_user_mode+0x27b/0x2a0
[  278.728402][ T5837]  do_syscall_64+0xda/0x260
[  278.728450][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.728489][ T5837] RIP: 0033:0x7f98bdd8fc97
[  278.728521][ T5837] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  278.728556][ T5837] RSP: 002b:00007ffcff8dd278 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  278.728582][ T5837] RAX: 0000000000000000 RBX: 00007f98bde1089d RCX: 00007f98bdd8fc97
[  278.728600][ T5837] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcff8dd330
[  278.728618][ T5837] RBP: 00007ffcff8dd330 R08: 0000000000000000 R09: 0000000000000000
[  278.728636][ T5837] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcff8de3c0
[  278.728655][ T5837] R13: 00007f98bde1089d R14: 000000000004405e R15: 00007ffcff8de400
[  278.728697][ T5837]  </TASK>
[  278.729941][ T8990] syz_tun: entered allmulticast mode
[  278.761195][ T5837] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  278.765306][ T8990] syz_tun: left allmulticast mode
[  278.780786][ T5837] CPU: 0 UID: 0 PID: 5837 Comm: syz-executor Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  278.780838][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  278.780860][ T5837] Call Trace:
[  278.780871][ T5837]  <TASK>
[  278.780888][ T5837]  dump_stack_lvl+0x16c/0x1f0
[  278.780949][ T5837]  f2fs_handle_critical_error+0x621/0x9f0
[  278.781001][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.781046][ T5837]  ? __asan_memset+0x23/0x50
[  278.781094][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.781150][ T5837]  f2fs_write_end_io+0x73d/0xac0
[  278.781209][ T5837]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  278.781270][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.781325][ T5837]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  278.781379][ T5837]  bio_endio+0x6d2/0x810
[  278.781438][ T5837]  submit_bio_noacct+0x56d/0x1ec0
[  278.781489][ T5837]  __submit_merged_bio+0x33c/0x770
[  278.781550][ T5837]  __submit_merged_write_cond+0x319/0x3f0
[  278.781618][ T5837]  f2fs_write_cache_pages+0x2139/0x2680
[  278.781711][ T5837]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  278.781779][ T5837]  ? lock_acquire+0x179/0x350
[  278.781821][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.781864][ T5837]  ? lock_acquire+0x179/0x350
[  278.781898][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.781941][ T5837]  ? find_held_lock+0x2b/0x80
[  278.781990][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.782055][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.782098][ T5837]  ? __lock_acquire+0xaa4/0x1ba0
[  278.782153][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.782195][ T5837]  ? do_raw_spin_lock+0x12c/0x2b0
[  278.782285][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.782328][ T5837]  ? lock_acquire+0x179/0x350
[  278.782361][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.782413][ T5837]  f2fs_write_data_pages+0x4ad/0xd90
[  278.782459][ T5837]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  278.782518][ T5837]  ? free_unref_folios+0x1097/0x1630
[  278.782583][ T5837]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  278.782641][ T5837]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  278.782705][ T5837]  do_writepages+0x1b5/0x820
[  278.782770][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.782817][ T5837]  ? __pfx_do_writepages+0x10/0x10
[  278.782871][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.782918][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.782960][ T5837]  ? do_raw_spin_lock+0x12c/0x2b0
[  278.782999][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.783042][ T5837]  ? find_held_lock+0x2b/0x80
[  278.783091][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.783139][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.783182][ T5837]  ? do_raw_spin_unlock+0x172/0x230
[  278.783225][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.783277][ T5837]  filemap_fdatawrite_wbc+0x104/0x160
[  278.783337][ T5837]  __filemap_fdatawrite_range+0xb2/0xf0
[  278.783377][ T5837]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  278.783479][ T5837]  ? find_held_lock+0x2b/0x80
[  278.783527][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.783572][ T5837]  ? do_raw_spin_unlock+0x172/0x230
[  278.783615][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.783666][ T5837]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  278.783727][ T5837]  block_operations+0x2a3/0xfd0
[  278.783783][ T5837]  ? __pfx_block_operations+0x10/0x10
[  278.783882][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.783925][ T5837]  ? down_write+0x14d/0x200
[  278.783958][ T5837]  ? __pfx_down_write+0x10/0x10
[  278.783993][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.784036][ T5837]  ? rcu_is_watching+0x12/0xc0
[  278.784089][ T5837]  f2fs_write_checkpoint+0x2b8/0x45b0
[  278.784134][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.784177][ T5837]  ? kfree+0x2b6/0x4d0
[  278.784220][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.784268][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.784311][ T5837]  ? rcu_is_watching+0x12/0xc0
[  278.784356][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.784399][ T5837]  ? kthread_stop+0x273/0x650
[  278.784441][ T5837]  kill_f2fs_super+0x3c2/0x470
[  278.784482][ T5837]  ? __pfx_kill_f2fs_super+0x10/0x10
[  278.784519][ T5837]  ? lockdep_hardirqs_on+0x7c/0x110
[  278.784593][ T5837]  deactivate_locked_super+0xc1/0x1a0
[  278.784646][ T5837]  deactivate_super+0xde/0x100
[  278.784698][ T5837]  cleanup_mnt+0x225/0x450
[  278.784754][ T5837]  task_work_run+0x150/0x240
[  278.784804][ T5837]  ? __pfx_task_work_run+0x10/0x10
[  278.784844][ T5837]  ? srso_alias_return_thunk+0x5/0xfbef5
[  278.784891][ T5837]  ? __pfx___x64_sys_umount+0x10/0x10
[  278.784960][ T5837]  syscall_exit_to_user_mode+0x27b/0x2a0
[  278.785029][ T5837]  do_syscall_64+0xda/0x260
[  278.785090][ T5837]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  278.785127][ T5837] RIP: 0033:0x7f98bdd8fc97
[  278.785156][ T5837] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  278.785191][ T5837] RSP: 002b:00007ffcff8dd278 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  278.785226][ T5837] RAX: 0000000000000000 RBX: 00007f98bde1089d RCX: 00007f98bdd8fc97
[  278.785249][ T5837] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcff8dd330
[  278.785272][ T5837] RBP: 00007ffcff8dd330 R08: 0000000000000000 R09: 0000000000000000
[  278.785294][ T5837] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcff8de3c0
[  278.785317][ T5837] R13: 00007f98bde1089d R14: 000000000004405e R15: 00007ffcff8de400
[  278.785368][ T5837]  </TASK>
[  278.797061][ T5837] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  279.701242][ T5849] Bluetooth: hci0: command tx timeout
[  279.867846][ T8989] geneve0: entered allmulticast mode
[  280.291012][  T971] kernel read not supported for file /366/oom_adj (pid: 971 comm: kworker/0:2)
[  280.645233][ T9031] fuse: Bad value for 'fd'
[  281.472916][   T30] audit: type=1326 audit(1745417000.207:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.0.883" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5859b8e969 code=0x0
[  281.539176][   T12] hsr_slave_0: left promiscuous mode
[  281.582529][   T12] hsr_slave_1: left promiscuous mode
[  281.601011][  T971] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  281.602741][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  281.639001][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  281.687107][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  281.726089][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  281.793399][  T971] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  281.829942][  T971] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  281.870496][  T971] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  281.878793][   T12] veth1_macvtap: left promiscuous mode
[  281.930213][   T12] veth0_macvtap: left promiscuous mode
[  281.940951][ T5849] Bluetooth: hci0: command tx timeout
[  281.962485][   T12] veth1_vlan: left promiscuous mode
[  281.996741][   T12] veth0_vlan: left promiscuous mode
[  282.214653][ T9058] loop3: detected capacity change from 0 to 32768
[  282.222541][ T9058] bcachefs: bch2_fs_parse_param() Error parsing option gc_reserve_bytes: option_value
[  282.368173][  T971] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.381724][ T9045] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  282.395547][  T971] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  282.457501][ T9029] loop1: detected capacity change from 0 to 32768
[  282.760083][ T9029] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  282.932024][ T9058] loop3: detected capacity change from 0 to 40427
[  282.951928][ T9058] F2FS-fs (loop3): heap/no_heap options were deprecated
[  282.977956][  T971] usb 6-1: USB disconnect, device number 7
[  282.984071][ T9058] F2FS-fs (loop3): invalid crc value
[  283.008413][   T30] audit: type=1800 audit(1745417001.747:77): pid=9029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.877" name="file1" dev="loop1" ino=17058 res=0 errno=0
[  283.165616][ T9058] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  283.289762][ T9043] loop4: detected capacity change from 0 to 32768
[  283.354770][ T6201] udevd[6201]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  283.384753][ T9043] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present!
[  283.405723][ T5838] syz-executor: attempt to access beyond end of device
[  283.405723][ T5838] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  283.431207][ T5838] CPU: 1 UID: 0 PID: 5838 Comm: syz-executor Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  283.431261][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  283.431284][ T5838] Call Trace:
[  283.431295][ T5838]  <TASK>
[  283.431309][ T5838]  dump_stack_lvl+0x16c/0x1f0
[  283.431372][ T5838]  f2fs_handle_critical_error+0x621/0x9f0
[  283.431424][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.431469][ T5838]  ? __asan_memset+0x23/0x50
[  283.431528][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.431584][ T5838]  f2fs_write_end_io+0x73d/0xac0
[  283.431644][ T5838]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  283.431704][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.431759][ T5838]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  283.431812][ T5838]  bio_endio+0x6d2/0x810
[  283.431872][ T5838]  submit_bio_noacct+0x56d/0x1ec0
[  283.431922][ T5838]  __submit_merged_bio+0x33c/0x770
[  283.431986][ T5838]  __submit_merged_write_cond+0x319/0x3f0
[  283.432057][ T5838]  f2fs_write_cache_pages+0x2139/0x2680
[  283.432151][ T5838]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  283.432218][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.432262][ T5838]  ? __lock_acquire+0x5ca/0x1ba0
[  283.432304][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.432349][ T5838]  ? __lock_acquire+0x5ca/0x1ba0
[  283.432487][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.432541][ T5838]  ? arch_stack_walk+0xa6/0x100
[  283.432601][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.432655][ T5838]  f2fs_write_data_pages+0x4ad/0xd90
[  283.432701][ T5838]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  283.432779][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.432829][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.432875][ T5838]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  283.432941][ T5838]  do_writepages+0x1b5/0x820
[  283.433003][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.433051][ T5838]  ? __pfx_do_writepages+0x10/0x10
[  283.433107][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.433154][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.433198][ T5838]  ? do_raw_spin_lock+0x12c/0x2b0
[  283.433240][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.433284][ T5838]  ? find_held_lock+0x2b/0x80
[  283.433334][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.433384][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.433428][ T5838]  ? do_raw_spin_unlock+0x172/0x230
[  283.433472][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.433532][ T5838]  filemap_fdatawrite_wbc+0x104/0x160
[  283.433594][ T5838]  __filemap_fdatawrite_range+0xb2/0xf0
[  283.433634][ T5838]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  283.433738][ T5838]  ? find_held_lock+0x2b/0x80
[  283.433788][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.433834][ T5838]  ? do_raw_spin_unlock+0x172/0x230
[  283.433877][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.433929][ T5838]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  283.433993][ T5838]  block_operations+0x2a3/0xfd0
[  283.434028][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.434072][ T5838]  ? stack_depot_save_flags+0x28/0xa50
[  283.434131][ T5838]  ? __pfx_block_operations+0x10/0x10
[  283.434165][ T5838]  ? kasan_save_stack+0x42/0x60
[  283.434274][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.434316][ T5838]  ? down_write+0x14d/0x200
[  283.434348][ T5838]  ? __pfx_down_write+0x10/0x10
[  283.434381][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.434422][ T5838]  ? rcu_is_watching+0x12/0xc0
[  283.434474][ T5838]  f2fs_write_checkpoint+0x2b8/0x45b0
[  283.434517][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.434566][ T5838]  ? kfree+0x2b6/0x4d0
[  283.434607][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.434651][ T5838]  ? lockdep_hardirqs_on+0x7c/0x110
[  283.434703][ T5838]  ? f2fs_stop_gc_thread+0x79/0xd0
[  283.434748][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.434806][ T5838]  kill_f2fs_super+0x3c2/0x470
[  283.434847][ T5838]  ? __pfx_kill_f2fs_super+0x10/0x10
[  283.434885][ T5838]  ? lockdep_hardirqs_on+0x7c/0x110
[  283.434960][ T5838]  deactivate_locked_super+0xc1/0x1a0
[  283.435014][ T5838]  deactivate_super+0xde/0x100
[  283.435067][ T5838]  cleanup_mnt+0x225/0x450
[  283.435123][ T5838]  task_work_run+0x150/0x240
[  283.435171][ T5838]  ? __pfx_task_work_run+0x10/0x10
[  283.435212][ T5838]  ? srso_alias_return_thunk+0x5/0xfbef5
[  283.435261][ T5838]  ? __pfx___x64_sys_umount+0x10/0x10
[  283.435331][ T5838]  syscall_exit_to_user_mode+0x27b/0x2a0
[  283.435391][ T5838]  do_syscall_64+0xda/0x260
[  283.435453][ T5838]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.435496][ T5838] RIP: 0033:0x7ff40d78fc97
[  283.435531][ T5838] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  283.435567][ T5838] RSP: 002b:00007fff19b087a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  283.435601][ T5838] RAX: 0000000000000000 RBX: 00007ff40d81089d RCX: 00007ff40d78fc97
[  283.435625][ T5838] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff19b08860
[  283.435648][ T5838] RBP: 00007fff19b08860 R08: 0000000000000000 R09: 0000000000000000
[  283.435671][ T5838] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff19b098f0
[  283.435695][ T5838] R13: 00007ff40d81089d R14: 000000000004528c R15: 00007fff19b09930
[  283.435746][ T5838]  </TASK>
[  283.440119][ T5838] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  283.550829][ T9043] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  284.011145][ T5849] Bluetooth: hci0: command tx timeout
[  284.044556][ T5834] ocfs2: Unmounting device (7,1) on (node local)
[  284.327279][ T5836] ocfs2: Unmounting device (7,4) on (node local)
[  284.422762][ T9078] loop5: detected capacity change from 0 to 2048
[  284.550867][ T9079] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  284.723587][ T9079] NILFS (loop5): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  284.781236][ T9079] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=4)
[  284.819656][ T9079] Remounting filesystem read-only
[  284.925546][ T9082] loop1: detected capacity change from 0 to 256
[  284.979547][ T5837] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  285.037943][ T5837] NILFS (loop5): disposed unprocessed dirty file(s) when detaching log writer
[  285.041630][ T9082] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  285.202342][ T9082] netlink: 44 bytes leftover after parsing attributes in process `syz.1.889'.
[  285.237032][ T9082] netlink: 'syz.1.889': attribute type 6 has an invalid length.
[  285.277390][ T9082] netlink: 'syz.1.889': attribute type 5 has an invalid length.
[  285.301317][ T9082] netlink: 'syz.1.889': attribute type 4 has an invalid length.
[  286.091017][ T5849] Bluetooth: hci0: command tx timeout
[  286.575476][ T9104] netlink: 24 bytes leftover after parsing attributes in process `syz.5.901'.
[  286.719530][ T9104] nbd: socks must be embedded in a SOCK_ITEM attr
[  286.745373][ T6215] block nbd64: NBD_DISCONNECT
[  286.755715][ T9109] netlink: 24 bytes leftover after parsing attributes in process `syz.5.901'.
[  286.830378][ T9109] nbd: device at index 64 is going down
[  287.208598][ T9124] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  287.353082][   T12] team0 (unregistering): Port device team_slave_1 removed
[  287.550179][   T12] team0 (unregistering): Port device team_slave_0 removed
[  287.577727][ T9134] loop1: detected capacity change from 0 to 164
[  287.687983][ T9134] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[  287.745477][ T9134] rock: corrupted directory entry. extent=28, offset=0, size=16777216
[  287.757912][ T9134] iso9660: Corrupted directory entry in block 4 of inode 1792
[  289.551287][ T8996] chnl_net:caif_netlink_parms(): no params data found
[  290.180707][ T5849] Bluetooth: hci4: unexpected event for opcode 0x1004
[  290.201799][ T5854] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  290.212765][ T5854] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  290.225358][ T5854] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  290.236650][ T5854] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  290.245472][ T5854] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  290.299643][ T8996] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.318973][ T8996] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.331791][ T8996] bridge_slave_0: entered allmulticast mode
[  290.340523][ T8996] bridge_slave_0: entered promiscuous mode
[  290.364337][ T8996] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.373909][ T8996] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.384108][ T8996] bridge_slave_1: entered allmulticast mode
[  290.403676][ T8996] bridge_slave_1: entered promiscuous mode
[  290.591958][ T9189] usb usb2: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  290.629876][ T8996] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  290.641001][ T9189] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  290.703983][ T8996] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  291.023057][ T9192] block nbd5: shutting down sockets
[  291.327216][ T8996] team0: Port device team_slave_0 added
[  291.433930][ T8996] team0: Port device team_slave_1 added
[  291.493058][ T9202] loop4: detected capacity change from 0 to 32768
[  291.501692][ T9202] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.930 (9202)
[  291.533659][ T9202] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  291.544496][ T9202] BTRFS info (device loop4): using sha256 (sha256-ni) checksum algorithm
[  291.755834][ T8996] batman_adv: batadv0: Adding interface: batadv_slave_0
[  291.768010][ T8996] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  291.798688][ T8996] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  291.994546][ T5836] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  292.020595][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.159127][ T8996] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.192517][ T8996] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.261572][ T8996] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  292.331058][ T5854] Bluetooth: hci2: command tx timeout
[  292.414132][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.757051][ T9239] loop4: detected capacity change from 0 to 64
[  292.810278][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.024345][ T9242] program syz.1.938 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  293.074934][ T9242] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0
[  293.298654][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  293.596801][ T8996] hsr_slave_0: entered promiscuous mode
[  293.629174][ T8996] hsr_slave_1: entered promiscuous mode
[  293.651944][ T8996] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  293.659602][ T8996] Cannot create hsr debugfs directory
[  294.415057][ T5854] Bluetooth: hci2: command tx timeout
[  294.498302][ T9252] loop1: detected capacity change from 0 to 32768
[  294.541292][ T9252] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.942 (9252)
[  294.622667][ T9252] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  294.669118][ T9252] BTRFS info (device loop1): using sha256 (sha256-ni) checksum algorithm
[  294.689081][ T9252] BTRFS info (device loop1): disk space caching is enabled
[  294.709290][ T9252] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  294.777159][ T9182] chnl_net:caif_netlink_parms(): no params data found
[  294.922329][ T9252] BTRFS info (device loop1): rebuilding free space tree
[  295.021516][ T9252] BTRFS info (device loop1): disabling free space tree
[  295.028556][ T9252] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  295.071313][ T9252] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  295.562321][ T5834] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  295.773856][   T12] bridge_slave_1: left allmulticast mode
[  295.779571][   T12] bridge_slave_1: left promiscuous mode
[  295.814771][ T5847] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  295.814903][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.854767][ T5847] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  295.864962][ T5847] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  295.874745][   T12] bridge_slave_0: left allmulticast mode
[  295.880437][   T12] bridge_slave_0: left promiscuous mode
[  295.912384][ T5847] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  295.925225][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.935064][ T5847] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  295.964866][ T9301] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  295.974396][ T9301] overlayfs: failed to set xattr on upper
[  295.980139][ T9301] overlayfs: ...falling back to redirect_dir=nofollow.
[  295.987106][ T9301] overlayfs: ...falling back to index=off.
[  295.992992][ T9301] overlayfs: ...falling back to uuid=null.
[  295.998888][ T9301] overlayfs: maximum fs stacking depth exceeded
[  296.102765][ T5822] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  296.262592][ T5822] usb 2-1: Using ep0 maxpacket: 32
[  296.290664][ T5822] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  296.299684][ T5822] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  296.342625][ T5822] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  296.364825][ T5822] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  296.408136][ T5822] usb 2-1: config 0 interface 0 has no altsetting 0
[  296.418914][ T5822] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  296.438950][ T5822] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  296.481216][ T5822] usb 2-1: Product: syz
[  296.485448][ T5822] usb 2-1: Manufacturer: syz
[  296.490069][ T5822] usb 2-1: SerialNumber: syz
[  296.494881][ T5854] Bluetooth: hci2: command tx timeout
[  296.538161][ T5822] usb 2-1: config 0 descriptor??
[  296.558405][ T5822] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  296.631966][ T5822] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  297.006924][ T9309] loop5: detected capacity change from 0 to 8
[  297.025849][ T9309] SQUASHFS error: zlib decompression failed, data probably corrupt
[  297.050283][ T9309] SQUASHFS error: Failed to read block 0x9b: -5
[  297.069028][ T9309] SQUASHFS error: Unable to read metadata cache entry [99]
[  297.076506][ T9309] SQUASHFS error: Unable to read inode 0x127
[  297.165173][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  297.195194][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  297.215773][   T12] bond0 (unregistering): Released all slaves
[  297.392040][ T9310] ldusb 2-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  297.392470][    C1] ldusb 2-1:0.0: usb_submit_urb failed (-19)
[  297.405773][ T5822] usb 2-1: USB disconnect, device number 7
[  297.432390][ T5822] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  297.446525][ T9182] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.455800][ T9182] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.467982][ T9182] bridge_slave_0: entered allmulticast mode
[  297.477958][ T9182] bridge_slave_0: entered promiscuous mode
[  297.492529][ T9182] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.499755][ T9182] bridge0: port 2(bridge_slave_1) entered disabled state
[  297.508459][ T9182] bridge_slave_1: entered allmulticast mode
[  297.516483][ T9182] bridge_slave_1: entered promiscuous mode
[  297.551094][ T5989] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  297.723234][ T9182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  297.740126][ T5989] usb 6-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac
[  297.759093][ T5989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.769784][ T5989] usb 6-1: Product: syz
[  297.776987][ T5989] usb 6-1: Manufacturer: syz
[  297.788239][ T5989] usb 6-1: SerialNumber: syz
[  297.812267][ T5989] usb 6-1: config 0 descriptor??
[  297.833654][ T5989] gspca_main: sunplus-2.14.0 probing 055f:c230
[  297.852619][ T9182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  298.012127][ T5854] Bluetooth: hci4: command tx timeout
[  298.085831][ T9312] cgroup: fork rejected by pids controller in /syz5
[  298.380361][ T5989] usb 6-1: USB disconnect, device number 8
[  298.454181][ T9182] team0: Port device team_slave_0 added
[  298.527997][   T12] hsr_slave_0: left promiscuous mode
[  298.552287][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  298.559790][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  298.571554][ T5854] Bluetooth: hci2: command tx timeout
[  298.590260][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  298.610591][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  298.690702][   T12] veth1_macvtap: left promiscuous mode
[  298.707278][   T12] veth0_macvtap: left promiscuous mode
[  298.713160][   T12] veth1_vlan: left promiscuous mode
[  298.728707][   T12] veth0_vlan: left promiscuous mode
[  299.043373][ T9332] MTD: Attempt to mount non-MTD device "/dev/nbd3"
[  299.063164][ T9332] /dev/nbd3: Can't open blockdev
[  299.131393][ T5989] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  299.295304][ T5989] usb 2-1: Using ep0 maxpacket: 32
[  299.313743][ T5989] usb 2-1: config 4 has an invalid interface number: 186 but max is 0
[  299.322428][ T5989] usb 2-1: config 4 has an invalid interface number: 198 but max is 0
[  299.330717][ T5989] usb 2-1: config 4 has 2 interfaces, different from the descriptor's value: 1
[  299.339761][ T5989] usb 2-1: config 4 has no interface number 0
[  299.346162][ T5989] usb 2-1: config 4 has no interface number 1
[  299.353569][ T5989] usb 2-1: too many endpoints for config 4 interface 198 altsetting 4: 242, using maximum allowed: 30
[  299.364731][ T5989] usb 2-1: config 4 interface 198 altsetting 4 has 0 endpoint descriptors, different from the interface descriptor's value: 242
[  299.378166][ T5989] usb 2-1: config 4 interface 186 has no altsetting 0
[  299.388452][ T5989] usb 2-1: config 4 interface 198 has no altsetting 0
[  299.398900][ T5989] usb 2-1: New USB device found, idVendor=12d1, idProduct=142d, bcdDevice= 0.00
[  299.408347][ T5989] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.417823][ T5989] usb 2-1: Product: syz
[  299.427277][ T5989] usb 2-1: Manufacturer: syz
[  299.432092][ T5989] usb 2-1: SerialNumber: syz
[  299.668209][ T5989] usb-storage 2-1:4.186: USB Mass Storage device detected
[  299.796485][   T12] team0 (unregistering): Port device team_slave_1 removed
[  299.867374][   T12] team0 (unregistering): Port device team_slave_0 removed
[  299.878130][ T5989] usb-storage 2-1:4.198: USB Mass Storage device detected
[  299.960114][ T5989] usb 2-1: USB disconnect, device number 8
[  300.091089][ T5854] Bluetooth: hci4: command tx timeout
[  300.484503][ T9182] team0: Port device team_slave_1 added
[  300.806149][ T9182] batman_adv: batadv0: Adding interface: batadv_slave_0
[  300.828428][ T9182] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  300.880135][ T9182] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  300.933168][ T9182] batman_adv: batadv0: Adding interface: batadv_slave_1
[  300.940171][ T9182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.010955][ T9182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  301.426887][ T9182] hsr_slave_0: entered promiscuous mode
[  301.442827][ T9182] hsr_slave_1: entered promiscuous mode
[  301.921845][ T5847] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  301.933810][ T5847] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  301.951655][ T5847] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  301.961303][ T5847] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  301.971040][ T5847] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  302.024682][ T8996] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  302.055333][ T8996] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  302.175916][ T8996] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  302.182930][ T5847] Bluetooth: hci4: command tx timeout
[  302.258581][ T9296] chnl_net:caif_netlink_parms(): no params data found
[  302.287081][ T8996] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  302.549430][ T9358] loop1: detected capacity change from 0 to 32768
[  302.595321][ T9373] loop3: detected capacity change from 0 to 2048
[  302.641588][ T9373] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  302.678702][ T9358] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  302.724427][ T9358] 
[  302.726819][ T9358] ======================================================
[  302.733852][ T9358] WARNING: possible circular locking dependency detected
[  302.740889][ T9358] 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 Not tainted
[  302.748103][ T9358] ------------------------------------------------------
[  302.755135][ T9358] syz.1.972/9358 is trying to acquire lock:
[  302.761042][ T9358] ffff8880783cce38 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_calc_xattr_init+0x5e5/0xc90
[  302.771078][ T9358] 
[  302.771078][ T9358] but task is already holding lock:
[  302.778455][ T9358] ffff8880783d5f40 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x11c/0x48d0
[  302.791885][ T9358] 
[  302.791885][ T9358] which lock already depends on the new lock.
[  302.791885][ T9358] 
[  302.802310][ T9358] 
[  302.802310][ T9358] the existing dependency chain (in reverse order) is:
[  302.811339][ T9358] 
[  302.811339][ T9358] -> #3 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{4:4}:
[  302.821933][ T9358]        down_write+0x92/0x200
[  302.826739][ T9358]        ocfs2_remove_inode+0x15b/0x8a0
[  302.832342][ T9358]        ocfs2_wipe_inode+0x446/0x1210
[  302.837836][ T9358]        ocfs2_evict_inode+0x6e0/0x1680
[  302.843414][ T9358]        evict+0x3e6/0x920
[  302.847864][ T9358]        iput+0x521/0x880
[  302.852227][ T9358]        vfs_rmdir+0x487/0x690
[  302.857034][ T9358]        do_rmdir+0x2e8/0x3c0
[  302.861767][ T9358]        __x64_sys_rmdir+0xc5/0x110
[  302.867022][ T9358]        do_syscall_64+0xcd/0x260
[  302.872131][ T9358]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.878585][ T9358] 
[  302.878585][ T9358] -> #2 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{4:4}:
[  302.889006][ T9358]        down_write+0x92/0x200
[  302.893799][ T9358]        ocfs2_del_inode_from_orphan+0x112/0x700
[  302.900189][ T9358]        ocfs2_dio_end_io_write+0x2cb/0xf30
[  302.906153][ T9358]        ocfs2_dio_end_io+0x136/0x2c0
[  302.911586][ T9358]        dio_complete+0x224/0x970
[  302.916673][ T9358]        __blockdev_direct_IO+0x33eb/0x4080
[  302.922637][ T9358]        ocfs2_direct_IO+0x263/0x360
[  302.927983][ T9358]        generic_file_direct_write+0x19a/0x410
[  302.934218][ T9358]        __generic_file_write_iter+0x11b/0x240
[  302.940415][ T9358]        ocfs2_file_write_iter+0xbc4/0x21b0
[  302.946365][ T9358]        iter_file_splice_write+0x91f/0x1150
[  302.952398][ T9358]        direct_splice_actor+0x192/0x6c0
[  302.958089][ T9358]        splice_direct_to_actor+0x345/0xa30
[  302.964035][ T9358]        do_splice_direct+0x174/0x240
[  302.969457][ T9358]        do_sendfile+0xafd/0xe50
[  302.974448][ T9358]        __x64_sys_sendfile64+0x1d8/0x220
[  302.980210][ T9358]        do_syscall_64+0xcd/0x260
[  302.985734][ T9358]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  302.992187][ T9358] 
[  302.992187][ T9358] -> #1 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[  303.001025][ T9358]        down_write+0x92/0x200
[  303.005823][ T9358]        ocfs2_try_remove_refcount_tree+0xa7/0x320
[  303.012370][ T9358]        ocfs2_truncate_file+0xbba/0x17c0
[  303.018147][ T9358]        ocfs2_setattr+0x1594/0x2560
[  303.023485][ T9358]        notify_change+0x6a9/0x1230
[  303.028738][ T9358]        do_truncate+0x15b/0x220
[  303.033729][ T9358]        path_openat+0x2761/0x2d40
[  303.038891][ T9358]        do_filp_open+0x20b/0x470
[  303.043969][ T9358]        do_sys_openat2+0x11b/0x1d0
[  303.049204][ T9358]        __x64_sys_openat+0x174/0x210
[  303.054614][ T9358]        do_syscall_64+0xcd/0x260
[  303.059694][ T9358]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.066405][ T9358] 
[  303.066405][ T9358] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}:
[  303.074291][ T9358]        __lock_acquire+0x1173/0x1ba0
[  303.079700][ T9358]        lock_acquire+0x179/0x350
[  303.084756][ T9358]        down_read+0x9b/0x480
[  303.089463][ T9358]        ocfs2_calc_xattr_init+0x5e5/0xc90
[  303.095335][ T9358]        ocfs2_mknod+0xa2b/0x2540
[  303.100416][ T9358]        ocfs2_create+0x17c/0x460
[  303.105497][ T9358]        lookup_open.isra.0+0x11d3/0x1580
[  303.111267][ T9358]        path_openat+0x905/0x2d40
[  303.116342][ T9358]        do_filp_open+0x20b/0x470
[  303.121418][ T9358]        do_sys_openat2+0x11b/0x1d0
[  303.126651][ T9358]        __x64_sys_openat+0x174/0x210
[  303.132062][ T9358]        do_syscall_64+0xcd/0x260
[  303.137143][ T9358]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.143595][ T9358] 
[  303.143595][ T9358] other info that might help us debug this:
[  303.143595][ T9358] 
[  303.153840][ T9358] Chain exists of:
[  303.153840][ T9358]   &oi->ip_xattr_sem --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type] --> &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2
[  303.153840][ T9358] 
[  303.172715][ T9358]  Possible unsafe locking scenario:
[  303.172715][ T9358] 
[  303.180186][ T9358]        CPU0                    CPU1
[  303.185586][ T9358]        ----                    ----
[  303.190973][ T9358]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2);
[  303.198310][ T9358]                                lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]);
[  303.207984][ T9358]                                lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2);
[  303.217849][ T9358]   rlock(&oi->ip_xattr_sem);
[  303.222565][ T9358] 
[  303.222565][ T9358]  *** DEADLOCK ***
[  303.222565][ T9358] 
[  303.230728][ T9358] 3 locks held by syz.1.972/9358:
[  303.235791][ T9358]  #0: ffff888054ce2420 (sb_writers#21){.+.+}-{0:0}, at: path_openat+0x1f85/0x2d40
[  303.245230][ T9358]  #1: ffff8880783cd100 (&type->i_mutex_dir_key#14){++++}-{4:4}, at: path_openat+0x15a5/0x2d40
[  303.255742][ T9358]  #2: ffff8880783d5f40 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x11c/0x48d0
[  303.269512][ T9358] 
[  303.269512][ T9358] stack backtrace:
[  303.275428][ T9358] CPU: 1 UID: 0 PID: 9358 Comm: syz.1.972 Not tainted 6.15.0-rc3-syzkaller-00019-gbc3372351d0c #0 PREEMPT(full) 
[  303.275479][ T9358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[  303.275504][ T9358] Call Trace:
[  303.275515][ T9358]  <TASK>
[  303.275537][ T9358]  dump_stack_lvl+0x116/0x1f0
[  303.275600][ T9358]  print_circular_bug+0x275/0x350
[  303.275666][ T9358]  check_noncircular+0x14c/0x170
[  303.275725][ T9358]  ? __x64_sys_openat+0x174/0x210
[  303.275776][ T9358]  __lock_acquire+0x1173/0x1ba0
[  303.275821][ T9358]  lock_acquire+0x179/0x350
[  303.275854][ T9358]  ? ocfs2_calc_xattr_init+0x5e5/0xc90
[  303.275920][ T9358]  ? __pfx___might_resched+0x10/0x10
[  303.275975][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.276028][ T9358]  down_read+0x9b/0x480
[  303.276061][ T9358]  ? ocfs2_calc_xattr_init+0x5e5/0xc90
[  303.276123][ T9358]  ? __pfx_down_read+0x10/0x10
[  303.276156][ T9358]  ? __pfx___dquot_initialize+0x10/0x10
[  303.276217][ T9358]  ? security_inode_init_security+0x2eb/0x390
[  303.276288][ T9358]  ocfs2_calc_xattr_init+0x5e5/0xc90
[  303.276355][ T9358]  ? __pfx_ocfs2_calc_xattr_init+0x10/0x10
[  303.276415][ T9358]  ? __pfx_ocfs2_get_init_inode+0x10/0x10
[  303.276483][ T9358]  ocfs2_mknod+0xa2b/0x2540
[  303.276556][ T9358]  ? __brelse+0x7f/0xa0
[  303.276606][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.276654][ T9358]  ? __pfx_ocfs2_mknod+0x10/0x10
[  303.276720][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.276766][ T9358]  ? __lock_acquire+0xaa4/0x1ba0
[  303.276810][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.276859][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.276905][ T9358]  ? find_held_lock+0x2b/0x80
[  303.276958][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.277004][ T9358]  ? do_raw_spin_unlock+0x172/0x230
[  303.277048][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.277093][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.277140][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.277186][ T9358]  ? rcu_is_watching+0x12/0xc0
[  303.277239][ T9358]  ocfs2_create+0x17c/0x460
[  303.277301][ T9358]  ? __pfx_ocfs2_create+0x10/0x10
[  303.277360][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.277406][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.277452][ T9358]  ? security_inode_permission+0xbf/0x260
[  303.277527][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.277574][ T9358]  ? inode_permission+0xdd/0x5f0
[  303.277616][ T9358]  ? __pfx_ocfs2_create+0x10/0x10
[  303.277678][ T9358]  lookup_open.isra.0+0x11d3/0x1580
[  303.277734][ T9358]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  303.277799][ T9358]  ? __pfx_down_write+0x10/0x10
[  303.277832][ T9358]  ? mnt_get_write_access+0x20c/0x300
[  303.277880][ T9358]  path_openat+0x905/0x2d40
[  303.277947][ T9358]  ? __pfx_path_openat+0x10/0x10
[  303.278005][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.278058][ T9358]  do_filp_open+0x20b/0x470
[  303.278115][ T9358]  ? __pfx_do_filp_open+0x10/0x10
[  303.278191][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.278238][ T9358]  ? alloc_fd+0x471/0x7d0
[  303.278300][ T9358]  do_sys_openat2+0x11b/0x1d0
[  303.278341][ T9358]  ? __pfx_do_sys_openat2+0x10/0x10
[  303.278392][ T9358]  __x64_sys_openat+0x174/0x210
[  303.278435][ T9358]  ? __pfx___x64_sys_openat+0x10/0x10
[  303.278479][ T9358]  ? rcu_is_watching+0x12/0xc0
[  303.278533][ T9358]  ? srso_alias_return_thunk+0x5/0xfbef5
[  303.278587][ T9358]  do_syscall_64+0xcd/0x260
[  303.278647][ T9358]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  303.278685][ T9358] RIP: 0033:0x7fbb9958e969
[  303.278716][ T9358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  303.278754][ T9358] RSP: 002b:00007fbb9a404038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  303.278788][ T9358] RAX: ffffffffffffffda RBX: 00007fbb997b5fa0 RCX: 00007fbb9958e969
[  303.278814][ T9358] RDX: 000000000000275a RSI: 00002000000001c0 RDI: ffffffffffffff9c
[  303.278838][ T9358] RBP: 00007fbb99610ab1 R08: 0000000000000000 R09: 0000000000000000
[  303.278862][ T9358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  303.278886][ T9358] R13: 0000000000000000 R14: 00007fbb997b5fa0 R15: 00007ffcc16b2288
[  303.278924][ T9358]  </TASK>
[  303.701396][ T9296] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.709046][ T9296] bridge0: port 1(bridge_slave_0) entered disabled state
[  303.731732][ T9296] bridge_slave_0: entered allmulticast mode
[  303.733292][ T5838] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.738877][ T9296] bridge_slave_0: entered promiscuous mode
[  303.990091][   T13] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.014348][ T5847] Bluetooth: hci3: command tx timeout
[  304.256063][ T5847] Bluetooth: hci4: command tx timeout
[  304.306139][   T13] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.510726][   T13] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.620720][   T13] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.777093][ T9381] ocfs2: Unmounting device (7,1) on (node local)
[  304.842484][   T13] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.888245][   T13] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.003127][   T13] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.105765][   T13] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  305.246504][   T13] bridge_slave_1: left allmulticast mode
[  305.255671][   T13] bridge_slave_1: left promiscuous mode
[  305.262242][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  305.271482][   T13] bridge_slave_0: left allmulticast mode
[  305.277328][   T13] bridge_slave_0: left promiscuous mode
[  305.283312][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  305.294813][   T13] bridge_slave_1: left allmulticast mode
[  305.300480][   T13] bridge_slave_1: left promiscuous mode
[  305.307796][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  305.319108][   T13] bridge_slave_0: left allmulticast mode
[  305.325102][   T13] bridge_slave_0: left promiscuous mode
[  305.335052][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  305.728497][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  305.737495][   T13] bond_slave_0: left promiscuous mode
[  305.745226][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  305.754823][   T13] bond_slave_1: left promiscuous mode
[  305.762171][   T13] bond0 (unregistering): Released all slaves
[  305.779034][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  305.792407][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  305.804984][   T13] bond0 (unregistering): Released all slaves
[  306.195470][   T13] hsr_slave_0: left promiscuous mode
[  306.202517][   T13] hsr_slave_1: left promiscuous mode
[  306.208341][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  306.216248][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  306.225814][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  306.234878][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  306.245089][   T13] hsr_slave_0: left promiscuous mode
[  306.250816][   T13] hsr_slave_1: left promiscuous mode
[  306.256582][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  306.264009][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  306.273574][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  306.281016][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  306.295701][   T13] veth1_macvtap: left promiscuous mode
[  306.301297][   T13] veth0_macvtap: left promiscuous mode
[  306.307681][   T13] veth1_macvtap: left promiscuous mode
[  306.313362][   T13] veth0_macvtap: left promiscuous mode
[  306.318925][   T13] veth1_vlan: left promiscuous mode
[  306.324249][   T13] veth0_vlan: left promiscuous mode
[  306.506142][   T13] team0 (unregistering): Port device team_slave_1 removed
[  306.521450][   T13] team0 (unregistering): Port device team_slave_0 removed
[  306.698208][   T13] team0 (unregistering): Port device team_slave_1 removed
[  306.716899][   T13] team0 (unregistering): Port device team_slave_0 removed
[  307.337003][   T13] IPVS: stop unused estimator thread 0...
[  307.671351][   T13] bridge_slave_1: left allmulticast mode
[  307.677115][   T13] bridge_slave_1: left promiscuous mode
[  307.687743][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.697226][   T13] bridge_slave_0: left allmulticast mode
[  307.705159][   T13] bridge_slave_0: left promiscuous mode
[  307.712552][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.722843][   T13] bridge_slave_1: left allmulticast mode
[  307.728556][   T13] bridge_slave_1: left promiscuous mode
[  307.734338][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  307.742817][   T13] bridge_slave_0: left allmulticast mode
[  307.748479][   T13] bridge_slave_0: left promiscuous mode
[  307.754319][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  307.763875][   T13] bridge_slave_0: left allmulticast mode
[  307.769544][   T13] bridge_slave_0: left promiscuous mode
[  307.776503][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  308.038158][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  308.049131][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  308.062835][   T13] bond0 (unregistering): Released all slaves
[  308.077523][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  308.090097][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  308.102033][   T13] bond0 (unregistering): Released all slaves
[  308.117526][   T13] bond0 (unregistering): Released all slaves
[  308.217301][   T13] hsr_slave_0: left promiscuous mode
[  308.224380][   T13] hsr_slave_1: left promiscuous mode
[  308.230204][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  308.240730][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  308.259401][   T13] hsr_slave_0: left promiscuous mode
[  308.265559][   T13] hsr_slave_1: left promiscuous mode
[  308.275840][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  308.284260][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  308.417211][   T13] team0 (unregistering): Port device team_slave_1 removed
[  308.430714][   T13] team0 (unregistering): Port device team_slave_0 removed
[  308.658487][   T13] team0 (unregistering): Port device team_slave_1 removed
[  308.686275][   T13] team0 (unregistering): Port device team_slave_0 removed