last executing test programs:

46.377228403s ago: executing program 4 (id=360):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_MEDIA_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000030000005800018044000400200001000a00000000000000fe800000000000000000000000000010f8000000200002000a00000000000000ff010000000800000000000000000001000000000d0001007564703a73"], 0x6c}}, 0x0)

45.855968519s ago: executing program 4 (id=363):
r0 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f00000000c0)='fd', 0x0, r1)
close_range(r0, 0xffffffffffffffff, 0x0)

45.440202121s ago: executing program 4 (id=368):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x1c, 0x2, 0x3, 0x401, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000020301040000000000000000000040200800010001"], 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000140)={0x1c, 0x2, 0x3, 0x201, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)

45.147981229s ago: executing program 4 (id=370):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000007c0)={[{@barrier}, {@creator={'creator', 0x3d, "5a1b3b9a"}}, {@uid}, {@nobarrier}, {@gid}, {}, {@nls={'nls', 0x3d, 'cp437'}}]}, 0x44, 0x718, &(0x7f00000011c0)="$eJzs3U9sW3cdAPDvsx0n7kTqbe02EFKjVVSwQpvEjBYJiTIhlMOEKu3AOJo2WaM4WZVkKK0QzYDBEU6ohx2GUDjshHZAGuKAGGckpN17r8S92gGj9/zs2E7i2M2/rnw+0sv7vfd+f77vm/d+sZ9bOYD/W3NvxthmJDF38fWNdPvBVq3xYKu23C5HxHhEFCJKrVUkKxHJJxHXorXEF9OdeXfJXuO8+vDj9y/c/7DW2irlS1a/MKjdtuaAETbzJaYiopivR1Taq78b8dqO/u6N1HXSiTtN2Pl24uCkNZvNpLVq2xyl+RD3LfCkuxdRHNtlfzXiVERM5K8DIp8dCscc3qEbaZYDAACAJ1NxvwqnH8Wj2IjJ4wkHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAng5J6zsDk3wptMtTkbS//7+c70uVyycc72Bf3+f4ewvHFAgAAAAAAAAAHJZmsWvjo/yD+3OP4lFsxGSnUpJ95v9ytnEm+/lMvBNrMR+rcSk2oh7rsR6rMRMxNtnVYXmjvr6+OrOz5e8jbdlsNu/lLWcjorqj5ewRnjkAAAAAAAAAPP1+EXMxedJBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAtySi2Fply5l2uRqFUkRMREQ5rbcZ8bd2+fPs7ycdAAAAABy9Sr6eTP7bKjST7D3/C9n7/ol4J1ZiPRZjPRoxHzezZwGtd/2Ff2/WGg+2asvpsrPj7/1npDiyHiOiGO/uMfJ0VuNsp8Vc/CDeiIsxFddjNRbjp1GP9ZiPqaikJxH1SKJaaT29qLbj3D3eaz1b1/tjO9e3/VIWSSUWYjGL7VLcKEfrsUl2DumYL3WN9pdyRN+I76bZSb6bGzJHN7t+X7/Ln8vkmqeH7ONoVLMzH+tkZDrNfZ6NZwfnfsTrpH+kmSh0nkGd2R4l3cxH+qyZH27n/Cej5PxUvk5z/evenB+2ER+l9WdiNgr51RfxQm/Ob3/l/nO9jb/26T+u3yqsLN1aWLt4hKd0EFP7VRhrF/ozUevKxIuDr748E400E5vDZ2Ksf8fEsC2PVjnPRjYVDTlbfj8r1ePlrkvw7bgZ83ElpmMmrsZ0fDtmo9a5wtLlbE9eS7Xl3pxk91ph5/xWGRD8+a92VfrNPpWP0o927Enz8mxXXrtnump2LN9z7bcx3XX1PTf46hv5r0A6/pfycjrGLzt/cZ4EPZnI5+Z2dM8PzsQfskl6rbGytHqrfnvI8S7k6/S2fa93bv7j8FH3/3U/DOn1ks64pWwry0mlfb2kx57vRNubr3L+iUurXWHHsbOdY9WYjMX44Z53ajl/Dbezp9axF7uOfSGPOp05y/nrm/axnlc58XY0slchffadqgE4ZqdeOVWuPKz8q/JB5VeVW5XXJ14bvzr+5XKM/bP01+KfC38qfCd5JT6In8fkSUcKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPg7U7d5fqjcb8aqcQE/17Dloo7znW4EIU9q2z9cxwHUY1YvBYSV4oH+65H15hPM9ivueN7UOfHvJYlejb0/6GpYP2/FFEDKhTPnDwydDX2OnHHaLrV3CwbLS/OC3b0yyO0LzUbrV7nVKsTcRSPSntcseNb98FUV2qNz5r9jSvRNctAzzlLq8v3768dufuNxaX62/NvzW/Mnv1ytUrtW/NfPPywmJjfrr186SjBI7C2p27xSGrLvz4iGMBAAAAAAAAAAAAhpP/6//1x/7PDKV96pRX13Yf+dxxnyoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOTX3ZoxtRhIz05em0+0HW7VGurTL2zVLEVGIiORnEcknEdeitUS1q7tkr3Feffjx+xfuf1jb7qvUrl8Y1G44m/kSUxFRzNf7G9+lm5393ejqb/Oxwks6Z5gm7Hw7cXDS/hcAAP//OonviA==")
mount(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='devpts\x00', 0x0, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000040)={0x0, 0x0, <r1=>0x0}, &(0x7f00000000c0)=0xc)
mount$bpf(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0xd0060, &(0x7f0000000180)={[{@gid={'gid', 0x3d, r1}}]})

44.696021704s ago: executing program 4 (id=374):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = syz_io_uring_setup(0x8d2, &(0x7f0000000240)={0x0, 0x0, 0x1000, 0x2}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r0, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0, 0x20000044})
io_uring_enter(r1, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)

43.882196973s ago: executing program 4 (id=379):
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0x1, 0x6ad, &(0x7f0000001600)="$eJzs3c9vHGf9B/D3rDd2Ns033yRN2oAq1WokQEQkTqy0mAsBIZRDVVXlwNlKnMaKkxbHRW6FiMPPaw/9A8ohF8QJiROXSIUDF3rrDfmIhMSlHAgXFs3srL3e3WzWbeJ14PWKZp9nnueZZz7zmZn9ZUUb4H/W5TNp3k+Ry2deXS/XN+/Nr2zem7/Zqb/WTDKTZCMpq40kxT/b7fZHyaWk2Jqm6CsHfLC88MYnn27+tbPWrJdqfGPUdn3qcRt9zRvdttkkU3X5OeyY78rnnq/YivxSktN1CRN3IEl7hx/86fBWT4/WsK0P7kmMwJNVdF43BxxNDtU3evk+oPvK29jb6MY3M+a4/ncQAAAA8LSpPgM3B5p3tPz/gzzIenFkD8MCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp9rG9u//F/XS6NZnU3R//3+6bktffX94cXfD7z+pOAAAAAAAAABgD734IA+yniPd9XZR/c3/pWrlRPX4TN7J7SxlNWeznsWsZS2rOZ/kaM9E0+uLa2sz3bVRW14YtuXqhUcE2p269RgOGgAAAAAAAAD++/wkl7f//g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPtBkUx1ihR3e5qPptFMcjDJdNmwkXzcrT/N7heTjgAAAACevJnkQdZzpLveLnIiyXPVdwAH805uZS3LWctKlnI1nU/L5af+xua9+ZXNe/M3y2Vw3m/9fVdhVDOm893D8D2fqka0ci3LVcvZXMlbWcnVNKotS6fqeLqz9sV1t4yp+GbtlfEiu1qX5ZG/X5cD7uzqYB9ml1+mHK0ycqCTkalkro6tzMax7pkZfoZ2eXZ27ClLOZ/GVrAn+vY0vfNgduZ8e8rGqP0dqsvyeH7xsJxPRCcT/253LOVCz9X33OicJ1/+3W++P1fX988hjWeqLtvVY2vwmpjvycTz42Ti+sqtG9ev3T7ztGViwFyViZNb65fz3XwvZzKb17Oa5fwwi1nLUmbznaq2WJ/8oueW78lU751xaceOXn9UJNP1Fdo5WbuL6aVq2yNZzmt5K1ezlJerfxdyPq/kYi5moecMnxx9hqu7vjF411fa/zc0+NNfqSutJL+sy/2hzOuxnrxuX/VzVb6P7WjZztLxMbI05LlxlOYX60q5j58+6ol0T/Vn4nxPJp4dnYlfVU8rt1du3Vi9vvj2eLs7/n5dKe+jnyez++eJpLxejpcnq1qb2XF1lH3PbvXtzFfZd2KrrzHQdzK/T7PZ3ctyNh56p07X7+EGZ7pQ9T0/tG++6jvV0zfs/RYA+96hrx6abv2t9efWh62fta63Xj347Zmvz7wwnQN/OPCN5tzUlxovFL/Nh/nx9ud/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgs7v97ns3FldWllb7Ku12+87Hw7vGrHR/r+Yzbt5f6f4q1BiDM/uXZ8qhQ7qm0r6z3dV4RBIeR2XqC4eTJzLzfqscHjXmX+12u24pHjLm13/sT9RMJpS6+nf+2vsgqxOrTOTpCNhD59Zuvn3u9rvvfW355uKbS28u3Vq4eHFhbuHiy/Pnri2vLM11HicdJfAkbL/oTzoSAAAAAAAAAAAAYFyP+f8MbAzrmvQxAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+3y2fSvJ8i5+fOzpXrm/fmV8qlW98e2UzSSFL8KCk+Si6ls+Roz3TFw/bzwfLCG598uvmPdkc9XzW+MWq78WzUS2aTTHXKu49rvit1OVIx6hCKrSMsE3a6mziYtP8EAAD//3aTC84=")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45)
r1 = openat(0xffffffffffffff9c, &(0x7f0000002600)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r1, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140))

43.130582572s ago: executing program 32 (id=379):
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000340)='./file1\x00', 0x1804810, &(0x7f0000000140)=ANY=[], 0x1, 0x6ad, &(0x7f0000001600)="$eJzs3c9vHGf9B/D3rDd2Ns033yRN2oAq1WokQEQkTqy0mAsBIZRDVVXlwNlKnMaKkxbHRW6FiMPPaw/9A8ohF8QJiROXSIUDF3rrDfmIhMSlHAgXFs3srL3e3WzWbeJ14PWKZp9nnueZZz7zmZn9ZUUb4H/W5TNp3k+Ry2deXS/XN+/Nr2zem7/Zqb/WTDKTZCMpq40kxT/b7fZHyaWk2Jqm6CsHfLC88MYnn27+tbPWrJdqfGPUdn3qcRt9zRvdttkkU3X5OeyY78rnnq/YivxSktN1CRN3IEl7hx/86fBWT4/WsK0P7kmMwJNVdF43BxxNDtU3evk+oPvK29jb6MY3M+a4/ncQAAAA8LSpPgM3B5p3tPz/gzzIenFkD8MCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAp9rG9u//F/XS6NZnU3R//3+6bktffX94cXfD7z+pOAAAAAAAAABgD734IA+yniPd9XZR/c3/pWrlRPX4TN7J7SxlNWeznsWsZS2rOZ/kaM9E0+uLa2sz3bVRW14YtuXqhUcE2p269RgOGgAAAAAAAAD++/wkl7f//g8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPtBkUx1ihR3e5qPptFMcjDJdNmwkXzcrT/N7heTjgAAAACevJnkQdZzpLveLnIiyXPVdwAH805uZS3LWctKlnI1nU/L5af+xua9+ZXNe/M3y2Vw3m/9fVdhVDOm893D8D2fqka0ci3LVcvZXMlbWcnVNKotS6fqeLqz9sV1t4yp+GbtlfEiu1qX5ZG/X5cD7uzqYB9ml1+mHK0ycqCTkalkro6tzMax7pkZfoZ2eXZ27ClLOZ/GVrAn+vY0vfNgduZ8e8rGqP0dqsvyeH7xsJxPRCcT/253LOVCz9X33OicJ1/+3W++P1fX988hjWeqLtvVY2vwmpjvycTz42Ti+sqtG9ev3T7ztGViwFyViZNb65fz3XwvZzKb17Oa5fwwi1nLUmbznaq2WJ/8oueW78lU751xaceOXn9UJNP1Fdo5WbuL6aVq2yNZzmt5K1ezlJerfxdyPq/kYi5moecMnxx9hqu7vjF411fa/zc0+NNfqSutJL+sy/2hzOuxnrxuX/VzVb6P7WjZztLxMbI05LlxlOYX60q5j58+6ol0T/Vn4nxPJp4dnYlfVU8rt1du3Vi9vvj2eLs7/n5dKe+jnyez++eJpLxejpcnq1qb2XF1lH3PbvXtzFfZd2KrrzHQdzK/T7PZ3ctyNh56p07X7+EGZ7pQ9T0/tG++6jvV0zfs/RYA+96hrx6abv2t9efWh62fta63Xj347Zmvz7wwnQN/OPCN5tzUlxovFL/Nh/nx9ud/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgs7v97ns3FldWllb7Ku12+87Hw7vGrHR/r+Yzbt5f6f4q1BiDM/uXZ8qhQ7qm0r6z3dV4RBIeR2XqC4eTJzLzfqscHjXmX+12u24pHjLm13/sT9RMJpS6+nf+2vsgqxOrTOTpCNhD59Zuvn3u9rvvfW355uKbS28u3Vq4eHFhbuHiy/Pnri2vLM11HicdJfAkbL/oTzoSAAAAAAAAAAAAYFyP+f8MbAzrmvQxAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+3y2fSvJ8i5+fOzpXrm/fmV8qlW98e2UzSSFL8KCk+Si6ls+Roz3TFw/bzwfLCG598uvmPdkc9XzW+MWq78WzUS2aTTHXKu49rvit1OVIx6hCKrSMsE3a6mziYtP8EAAD//3aTC84=")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45)
r1 = openat(0xffffffffffffff9c, &(0x7f0000002600)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r1, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140))

23.851026406s ago: executing program 6 (id=381):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
syz_clone(0x498144eedbea24c9, 0x0, 0x1e, 0x0, 0x0, 0x0)

21.220151937s ago: executing program 6 (id=381):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
syz_clone(0x498144eedbea24c9, 0x0, 0x1e, 0x0, 0x0, 0x0)

19.387957846s ago: executing program 5 (id=503):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

19.300108114s ago: executing program 5 (id=505):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="09000000030000000400010005"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000580)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b7030000000000fd850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000680)='sys_exit\x00', r1}, 0x10)

18.838753663s ago: executing program 5 (id=508):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x88, r1, 0x205, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x4a, 0xe, {{{}, {}, @device_b, @broadcast, @from_mac=@device_b}, 0x0, @default, 0x5d7f, @void, @void, @val={0x3, 0x1, 0xb8}, @void, @void, @void, @void, @val={0x2a, 0x1, {0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x10, 0x1, 0x6, 0x0, {0x9, 0xc9, 0x0, 0x7, 0x0, 0x1, 0x0, 0x2, 0x1}, 0x8, 0xb, 0x4}}, @void, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x8, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x88}}, 0x0)

18.744416329s ago: executing program 6 (id=381):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
syz_clone(0x498144eedbea24c9, 0x0, 0x1e, 0x0, 0x0, 0x0)

17.439789457s ago: executing program 5 (id=511):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f00000001c0)={[{@nodiscard}, {@disable_ext_identify}, {@noheap}, {@alloc_mode_reuse}, {@noquota}, {@disable_roll_forward}, {@background_gc_on}, {@nogc_merge}, {@checkpoint_diasble}, {@user_xattr}, {@fsync_mode_strict}, {@adaptive_mode}, {@noinline_dentry}, {@noinline_dentry}]}, 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@nfs_export_on}]})

16.093965679s ago: executing program 1 (id=520):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = dup(r0)
bind$bt_l2cap(r1, &(0x7f0000000080), 0xe)
listen(r0, 0x94d)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, &(0x7f0000000240))

15.991248814s ago: executing program 6 (id=381):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
syz_clone(0x498144eedbea24c9, 0x0, 0x1e, 0x0, 0x0, 0x0)

14.419002864s ago: executing program 1 (id=522):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="02"], 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)

14.417442784s ago: executing program 5 (id=525):
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x2701, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000000)={0x2, "94c492eb0165203d36bec70800890100000000000000e1100a0000005900", <r1=>0xffffffffffffffff})
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESOCT=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

13.844561389s ago: executing program 1 (id=527):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x8031, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x7, 0x2)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mbind(&(0x7f00005f7000/0x2000)=nil, 0x2000, 0x0, 0x0, 0x6, 0x1)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0)

12.89380432s ago: executing program 1 (id=530):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r0, 0x1)
ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x401)
listen(r0, 0x0)
shutdown(r0, 0x0)

11.927997683s ago: executing program 5 (id=533):
r0 = shmget$private(0x0, 0x4000, 0x40, &(0x7f0000ff9000/0x4000)=nil)
shmctl$SHM_STAT(r0, 0xd, &(0x7f0000000140)=""/149)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000240)=""/149)
shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x3000)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000001a80)=""/174)

11.876459913s ago: executing program 6 (id=381):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
syz_clone(0x498144eedbea24c9, 0x0, 0x1e, 0x0, 0x0, 0x0)

10.961617479s ago: executing program 33 (id=533):
r0 = shmget$private(0x0, 0x4000, 0x40, &(0x7f0000ff9000/0x4000)=nil)
shmctl$SHM_STAT(r0, 0xd, &(0x7f0000000140)=""/149)
shmctl$SHM_INFO(r0, 0xe, &(0x7f0000000240)=""/149)
shmat(r0, &(0x7f0000ffc000/0x3000)=nil, 0x3000)
shmctl$SHM_STAT_ANY(r0, 0xf, &(0x7f0000001a80)=""/174)

8.948495291s ago: executing program 1 (id=530):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r0, 0x1)
ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x401)
listen(r0, 0x0)
shutdown(r0, 0x0)

8.116601634s ago: executing program 7 (id=534):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

4.346720732s ago: executing program 6 (id=381):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
syz_clone(0x498144eedbea24c9, 0x0, 0x1e, 0x0, 0x0, 0x0)

3.370318187s ago: executing program 1 (id=530):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
shutdown(r0, 0x1)
ioctl$int_in(r0, 0x5452, &(0x7f0000000180)=0x401)
listen(r0, 0x0)
shutdown(r0, 0x0)

3.363544312s ago: executing program 7 (id=534):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0})

3.083374771s ago: executing program 3 (id=558):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
fcntl$setstatus(r0, 0x4, 0x0)
unshare(0x400)
r1 = dup(r0)
copy_file_range(r0, 0x0, r1, 0x0, 0xd000, 0x0)

2.891579545s ago: executing program 2 (id=561):
syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x100, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0x75fa, 0xe475, 0x0, 0x0, 0x0)

2.831917259s ago: executing program 3 (id=562):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.procs\x00', 0x2, 0x0)
pread64(r1, &(0x7f0000001840)=""/4096, 0x1000, 0x1)

2.484764113s ago: executing program 3 (id=564):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = msgget(0x0, 0x2c4)
msgsnd(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="02"], 0x2000, 0x0)

2.228080222s ago: executing program 0 (id=565):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10)

2.167016157s ago: executing program 3 (id=566):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a80)={0x11, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$SEG6(&(0x7f00000007c0), 0xffffffffffffffff)
sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000800)={0x2c, r2, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x7}, @SEG6_ATTR_SECRETLEN={0x5, 0x5, 0x3}, @SEG6_ATTR_ALGID={0x5, 0x6, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000800}, 0x8000)

2.128886696s ago: executing program 2 (id=567):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000280)={'team0\x00', <r3=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000002c0)={0x20, r2, 0x1, 0x70bd2b, 0x25dfdbfd, {}, [{{0x8, 0x1, r3}, {0x4}}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000)

1.778329371s ago: executing program 2 (id=568):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f00000002c0)='batadv_slave_1\x00', 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', <r2=>0x0})
bind$xdp(r1, &(0x7f00000001c0)={0x2c, 0x0, r2, 0x3f, r1}, 0x10)

1.777891541s ago: executing program 0 (id=569):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000100)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0xfffffb07, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000140), 0x4)
getsockopt$bt_hci(r0, 0x11a, 0x2, 0x0, 0x0)

1.762875555s ago: executing program 3 (id=570):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'macvlan0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)

1.649128246s ago: executing program 0 (id=571):
socket$packet(0x11, 0x3, 0x300)
syz_emit_ethernet(0x2a, &(0x7f0000000180)=ANY=[], 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6}]})
mq_open(0x0, 0x40, 0x76, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

827.72146ms ago: executing program 2 (id=572):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="b7f2288a910400f0dd8b550000e948285fafc63b714dde3406e11535be3249f8", 0x20)
r1 = accept$alg(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000001a80)=[{{&(0x7f0000000300)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @broadcast}}}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000380)=""/152, 0x98}], 0x1}, 0x885}], 0x1, 0x0, 0x0)

672.859039ms ago: executing program 0 (id=573):
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x40, 0x1ff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x12, 0x4, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
mount$nfs(&(0x7f0000000040)='@\a', &(0x7f0000000340)='./file1\x00', 0x0, 0x20887b, 0x0)
mount$nfs(&(0x7f0000000080)='@\a', &(0x7f00000000c0)='./file1\x00', &(0x7f0000000500), 0x20040c1, 0x0)

559.95042ms ago: executing program 3 (id=574):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x1fe)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
writev(r1, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x69000}], 0x1)
fallocate(r0, 0x10, 0x3, 0x7ffd)

559.596873ms ago: executing program 2 (id=575):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = syz_io_uring_setup(0x10d, &(0x7f00000006c0)={0x0, 0x5885, 0x0, 0x2}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x5, r0, 0x0, 0x0, 0x0, 0x80800, 0x1})
io_uring_enter(r1, 0x3516, 0xc2de, 0x8, 0x0, 0x0)

369.010749ms ago: executing program 0 (id=576):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
shutdown(r0, 0x2)

166.809174ms ago: executing program 2 (id=577):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x1000}})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x181942, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000040)=0x8000)

0s ago: executing program 0 (id=578):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000900)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0xfffffffb, 0x0, 0x0, 0x40f00, 0x42, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='virtio_transport_alloc_pkt\x00', r0}, 0x18)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)

kernel console output (not intermixed with test programs):

42.274633][ T6284] XFS (loop3): Ending clean mount
[  142.288718][ T6316] exfat: Deprecated parameter 'namecase'
[  142.366564][ T6284] XFS (loop3): Quotacheck needed: Please wait.
[  142.452547][ T6316] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  142.501445][ T6326] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  142.534478][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  142.546227][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  142.579681][ T6284] XFS (loop3): Quotacheck: Done.
[  142.834628][ T6316] syz.0.130 (6316) used greatest stack depth: 21240 bytes left
[  143.111661][ T6300] loop4: detected capacity change from 0 to 32768
[  143.197759][ T6300] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  143.222470][ T5832] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  143.256588][ T6300] (syz.4.126,6300,1):ocfs2_rename:1283 ERROR: status = -2
[  143.333646][ T6300] (syz.4.126,6300,0):ocfs2_rename:1699 ERROR: status = -2
[  143.872487][ T5834] ocfs2: Unmounting device (7,4) on (node local)
[  144.335010][ T6352] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  145.289023][ T6369] loop2: detected capacity change from 0 to 512
[  145.414759][ T6369] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  145.603201][ T6377] loop5: detected capacity change from 0 to 16
[  145.615312][   T30] audit: type=1800 audit(1746781063.914:74): pid=6369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.149" name="file1" dev="loop2" ino=15 res=0 errno=0
[  145.642335][ T6369] EXT4-fs error (device loop2): ext4_validate_block_bitmap:440: comm syz.2.149: bg 0: block 264: padding at end of block bitmap is not set
[  145.709219][ T6377] erofs (device loop5): mounted with root inode @ nid 36.
[  145.723617][ T6357] loop4: detected capacity change from 0 to 32768
[  145.876058][ T6357] JBD2: Ignoring recovery information on journal
[  145.983011][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.093816][ T6357] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  146.311191][ T6364] loop3: detected capacity change from 0 to 32768
[  146.319005][ T6385] syz.2.153 uses obsolete (PF_INET,SOCK_PACKET)
[  146.388163][ T6364] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.146 (6364)
[  146.492700][ T6387] loop1: detected capacity change from 0 to 256
[  146.523569][ T6364] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  146.593094][ T6364] BTRFS info (device loop3): using crc32c (crc32c-x86_64) checksum algorithm
[  146.661799][ T6364] BTRFS info (device loop3): using free-space-tree
[  146.782172][ T5834] ocfs2: Unmounting device (7,4) on (node local)
[  146.848473][ T6399] Bluetooth: MGMT ver 1.23
[  147.075345][    T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  147.109656][   T30] audit: type=1800 audit(1746781065.414:75): pid=6364 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.146" name="bus" dev="loop3" ino=263 res=0 errno=0
[  147.255380][    T9] usb 6-1: Using ep0 maxpacket: 32
[  147.308192][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  147.381512][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  147.455441][    T9] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  147.493271][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.682038][    T9] usb 6-1: config 0 descriptor??
[  147.767822][ T5832] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  147.778830][ T6419] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  147.936170][ T1200] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  148.166024][ T1200] usb 2-1: Using ep0 maxpacket: 32
[  148.205398][ T1200] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  148.247927][ T1200] usb 2-1: config 0 has no interface number 0
[  148.269325][    T9] savu 0003:1E7D:2D5A.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.5-1/input0
[  148.296926][ T1200] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  148.323100][ T1200] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.367657][ T1200] usb 2-1: Product: syz
[  148.371901][ T1200] usb 2-1: Manufacturer: syz
[  148.397439][ T1200] usb 2-1: SerialNumber: syz
[  148.446082][ T1200] usb 2-1: config 0 descriptor??
[  148.486261][    T9] usb 6-1: USB disconnect, device number 3
[  148.516230][ T1200] smsc95xx v2.0.0
[  148.664372][ T6426] fido_id[6426]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  149.106111][ T6414] loop2: detected capacity change from 0 to 32768
[  149.303497][ T6432] netlink: 'syz.4.165': attribute type 29 has an invalid length.
[  149.366786][ T6432] netlink: 'syz.4.165': attribute type 29 has an invalid length.
[  149.440532][ T6436] netlink: 500 bytes leftover after parsing attributes in process `syz.4.165'.
[  149.487452][ T6436] unsupported nla_type 58
[  149.541386][ T1200] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000034: -71
[  149.641312][ T1200] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[  149.702438][ T1200] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  149.737180][ T1200] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[  149.830905][ T1200] usb 2-1: USB disconnect, device number 3
[  150.504198][   T30] audit: type=1326 audit(1746781068.804:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bfd58e969 code=0x7ffc0000
[  150.566783][ T5810] kernel write not supported for file bpf-prog (pid: 5810 comm: kworker/1:3)
[  150.631762][   T30] audit: type=1326 audit(1746781068.834:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1bfd52ab39 code=0x7ffc0000
[  150.714029][ T6420] loop0: detected capacity change from 0 to 32768
[  150.723740][   T30] audit: type=1326 audit(1746781068.834:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bfd58e969 code=0x7ffc0000
[  150.849593][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  150.878573][   T30] audit: type=1326 audit(1746781068.834:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bfd58e969 code=0x7ffc0000
[  151.005211][   T30] audit: type=1326 audit(1746781068.834:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1bfd52ab39 code=0x7ffc0000
[  151.138857][   T30] audit: type=1326 audit(1746781068.834:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bfd58e969 code=0x7ffc0000
[  151.285365][   T30] audit: type=1326 audit(1746781068.844:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1bfd52ab39 code=0x7ffc0000
[  151.461075][ T6471] loop4: detected capacity change from 0 to 256
[  151.496256][   T30] audit: type=1326 audit(1746781068.844:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1bfd52ab39 code=0x7ffc0000
[  151.565009][ T6465] loop5: detected capacity change from 0 to 32768
[  151.573532][ T6465] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.179 (6465)
[  151.637258][ T6465] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  151.647646][ T6465] BTRFS info (device loop5): using sha256 (sha256-ni) checksum algorithm
[  151.656239][ T6465] BTRFS info (device loop5): disk space caching is enabled
[  151.663758][ T6465] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  151.687098][   T30] audit: type=1326 audit(1746781068.844:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1bfd52ab39 code=0x7ffc0000
[  151.731655][ T6463] loop1: detected capacity change from 0 to 4096
[  151.768307][   T30] audit: type=1326 audit(1746781068.844:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1bfd52ab39 code=0x7ffc0000
[  151.790372][    C1] vkms_vblank_simulate: vblank timer overrun
[  151.817216][   T30] audit: type=1326 audit(1746781068.864:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.3.173" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1bfd52ab39 code=0x7ffc0000
[  151.839247][    C1] vkms_vblank_simulate: vblank timer overrun
[  152.090352][ T6465] BTRFS info (device loop5): rebuilding free space tree
[  152.133098][ T6465] BTRFS info (device loop5): disabling free space tree
[  152.140180][ T6465] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  152.155618][ T6465] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  152.686942][ T5831] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  152.738792][ T6496] loop4: detected capacity change from 0 to 4096
[  152.986844][ T6496] ntfs3(loop4): ino=1a, mi_enum_attr
[  153.016826][ T6496] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  153.230673][ T6501] loop5: detected capacity change from 0 to 1024
[  153.355685][ T6501] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  153.522475][ T6501] EXT4-fs error (device loop5): ext4_map_blocks:709: inode #3: block 1: comm syz.5.187: lblock 1 mapped to illegal pblock 1 (length 1)
[  153.683254][ T6501] EXT4-fs error (device loop5): ext4_acquire_dquot:6933: comm syz.5.187: Failed to acquire dquot type 0
[  153.768484][ T6468] loop3: detected capacity change from 0 to 32768
[  153.795986][ T6507] loop1: detected capacity change from 0 to 16
[  153.805617][ T6501] EXT4-fs error (device loop5): ext4_free_blocks:6586: comm syz.5.187: Freeing blocks not in datazone - block = 0, count = 4096
[  153.833225][ T6507] erofs (device loop1): mounted with root inode @ nid 36.
[  153.899754][ T6501] EXT4-fs error (device loop5): ext4_read_inode_bitmap:138: comm syz.5.187: Invalid inode bitmap blk 0 in block_group 0
[  153.917750][ T6468] 
[  153.917750][ T6468]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  153.917750][ T6468] 
[  153.925608][ T4166] EXT4-fs error (device loop5): ext4_map_blocks:675: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  154.032575][ T6501] EXT4-fs error (device loop5) in ext4_free_inode:361: Corrupt filesystem
[  154.043300][ T6468] read_mapping_page failed!
[  154.084874][ T6507] syz.1.189: attempt to access beyond end of device
[  154.084874][ T6507] loop1: rw=524288, sector=524984, nr_sectors = 8 limit=16
[  154.096138][ T4166] EXT4-fs error (device loop5): ext4_release_dquot:6969: comm kworker/u8:8: Failed to release dquot type 0
[  154.110590][ T6468] ERROR: (device loop3): txAbort: 
[  154.110590][ T6468] 
[  154.118110][ T6501] EXT4-fs (loop5): 1 orphan inode deleted
[  154.131787][ T6508] read_mapping_page failed!
[  154.153750][ T6501] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.172084][ T6508] ERROR: (device loop3): txAbort: 
[  154.172084][ T6508] 
[  154.185199][ T6507] syz.1.189: attempt to access beyond end of device
[  154.185199][ T6507] loop1: rw=524288, sector=368, nr_sectors = 8 limit=16
[  154.266233][ T6468] read_mapping_page failed!
[  154.285610][ T6507] syz.1.189: attempt to access beyond end of device
[  154.285610][ T6507] loop1: rw=524288, sector=33822867456, nr_sectors = 8 limit=16
[  154.305504][ T6468] ERROR: (device loop3): txAbort: 
[  154.305504][ T6468] 
[  154.383826][ T6507] syz.1.189: attempt to access beyond end of device
[  154.383826][ T6507] loop1: rw=524288, sector=524280, nr_sectors = 8 limit=16
[  154.404713][ T6501] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000.
[  154.451333][ T6507] syz.1.189: attempt to access beyond end of device
[  154.451333][ T6507] loop1: rw=524288, sector=525096, nr_sectors = 8 limit=16
[  154.456134][ T6512] netlink: 8 bytes leftover after parsing attributes in process `syz.4.190'.
[  154.545390][ T6507] syz.1.189: attempt to access beyond end of device
[  154.545390][ T6507] loop1: rw=524288, sector=712, nr_sectors = 8 limit=16
[  154.630987][ T6510] loop2: detected capacity change from 0 to 4096
[  154.693163][ T5832] 
[  154.693163][ T5832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.693163][ T5832] 
[  154.705696][ T6507] syz.1.189: attempt to access beyond end of device
[  154.705696][ T6507] loop1: rw=524288, sector=525136, nr_sectors = 8 limit=16
[  154.738370][ T5832] 
[  154.738370][ T5832]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  154.738370][ T5832] 
[  154.763427][ T6507] syz.1.189: attempt to access beyond end of device
[  154.763427][ T6507] loop1: rw=524288, sector=712, nr_sectors = 8 limit=16
[  154.802187][ T5831] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.878239][ T6510] ntfs3(loop2): ino=1a, mi_enum_attr
[  154.883629][ T6510] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  154.895648][ T6507] syz.1.189: attempt to access beyond end of device
[  154.895648][ T6507] loop1: rw=524288, sector=4737912, nr_sectors = 8 limit=16
[  154.985611][ T6507] syz.1.189: attempt to access beyond end of device
[  154.985611][ T6507] loop1: rw=524288, sector=6226968576, nr_sectors = 8 limit=16
[  155.451354][ T6526] loop4: detected capacity change from 0 to 16
[  155.544432][ T6526] erofs (device loop4): mounted with root inode @ nid 36.
[  155.650514][   T12] ntfs3(loop2): ino=5, mi_enum_attr
[  156.351285][   T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  156.500875][ T2107] Bluetooth: hci6: Frame reassembly failed (-84)
[  156.525883][   T10] usb 3-1: Using ep0 maxpacket: 16
[  156.566964][   T10] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  156.611153][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.650914][   T10] usb 3-1: config 0 descriptor??
[  156.672621][   T10] gspca_main: sonixj-2.14.0 probing 0471:0327
[  156.852141][ T6544] loop4: detected capacity change from 0 to 4096
[  156.865171][ T6544] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  157.051510][ T6544] ntfs3(loop4): ino=0, attr_set_size
[  157.091223][ T6544] ntfs3(loop4): ino=0, attr_set_size
[  157.122194][ T6544] ntfs3(loop4): ino=0, attr_set_size
[  157.156475][ T6544] ntfs3(loop4): no free space to extend mft
[  157.750182][ T5895] usb 3-1: USB disconnect, device number 3
[  158.195992][ T6572] process 'syz.4.218' launched './file2' with NULL argv: empty string added
[  158.505704][ T5853] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  159.164051][ T6593] block nbd2: shutting down sockets
[  159.465931][ T6580] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  159.472341][ T6580] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  159.499098][ T6601] loop2: detected capacity change from 0 to 128
[  159.542159][ T6602] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  159.591960][   T30] kauditd_printk_skb: 42 callbacks suppressed
[  159.591986][   T30] audit: type=1800 audit(1746781077.884:126): pid=6601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.229" name="file1" dev="loop2" ino=1048631 res=0 errno=0
[  159.644899][ T6580] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  159.688884][ T6580] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  159.792654][ T6580] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  159.831918][ T6580] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  159.904308][ T6580] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  159.963281][ T6580] Bluetooth: hci1: Error when powering off device on rfkill (-4)
[  159.978262][ T6608] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x2
[  160.113740][ T6580] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  160.149599][ T6580] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  160.326163][ T6580] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  160.343803][ T6580] Bluetooth: hci5: Error when powering off device on rfkill (-4)
[  161.051966][ T6629] loop0: detected capacity change from 0 to 128
[  161.149625][ T6629] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  161.293311][ T6629] ext4 filesystem being mounted at /46/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  161.486604][ T6629] syz.0.240 (pid 6629) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  161.730672][ T5846] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  162.134339][ T6677] hsr0: entered promiscuous mode
[  162.177929][ T6677] netlink: 4 bytes leftover after parsing attributes in process `syz.0.243'.
[  162.484856][ T6657] loop3: detected capacity change from 0 to 32768
[  162.528937][ T6657] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.242 (6657)
[  162.602253][ T6657] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  162.632397][ T6657] BTRFS info (device loop3): using sha256 (sha256-ni) checksum algorithm
[  162.659829][ T6657] BTRFS info (device loop3): using free-space-tree
[  162.761117][ T6694] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  163.355002][ T5832] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  163.435607][ T5895] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  163.497473][ T6707] loop5: detected capacity change from 0 to 40427
[  163.514003][ T6707] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  163.521846][ T6707] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  163.554727][ T6707] F2FS-fs (loop5): invalid crc value
[  163.593672][ T6707] F2FS-fs (loop5): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  163.617436][ T5895] usb 3-1: Using ep0 maxpacket: 16
[  163.680760][ T6715] netlink: 4 bytes leftover after parsing attributes in process `syz.0.253'.
[  163.703135][ T5895] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00
[  163.740843][ T6707] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  163.748922][ T6707] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  163.749637][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.829289][ T5895] usb 3-1: Product: syz
[  163.844403][ T5895] usb 3-1: Manufacturer: syz
[  163.865858][ T5895] usb 3-1: SerialNumber: syz
[  163.897194][ T5895] usb 3-1: config 0 descriptor??
[  163.947836][ T5895] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  164.069385][ T5895] usb 3-1: Detected FT-X
[  164.105487][ T5133] Bluetooth: hci6: command 0x1003 tx timeout
[  164.105562][ T5853] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  164.159720][ T5895] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  164.676776][ T5895] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  164.943319][    T9] usb 3-1: USB disconnect, device number 4
[  165.028192][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  165.080886][    T9] ftdi_sio 3-1:0.0: device disconnected
[  165.130031][ T6732] loop1: detected capacity change from 0 to 4096
[  165.854408][    T9] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  165.952513][    T9] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  166.143497][ T1200] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  166.276356][ T6731] loop3: detected capacity change from 0 to 32768
[  166.293594][ T6748] loop5: detected capacity change from 0 to 512
[  166.335458][ T6748] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  166.355790][ T6731] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  166.374958][ T1200] usb 2-1: config 0 has no interfaces?
[  166.407370][ T6736] loop0: detected capacity change from 0 to 32768
[  166.415632][ T1200] usb 2-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=87.c0
[  166.438251][ T1200] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.462282][ T6748] EXT4-fs (loop5): 1 truncate cleaned up
[  166.467769][ T1200] usb 2-1: Product: syz
[  166.472433][ T1200] usb 2-1: Manufacturer: syz
[  166.478773][ T1200] usb 2-1: SerialNumber: syz
[  166.501921][ T6748] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.516086][ T1200] usb 2-1: config 0 descriptor??
[  166.526133][ T6755] block nbd0: server does not support multiple connections per device.
[  166.538940][ T6755] block nbd0: shutting down sockets
[  166.575736][ T6736] JBD2: Ignoring recovery information on journal
[  166.726080][ T6748] EXT4-fs error (device loop5): ext4_find_dest_de:2053: inode #2: block 13: comm syz.5.267: bad entry in directory: inode out of bounds - offset=24, inode=589835, rec_len=20, size=1024 fake=0
[  166.745360][    C0] vkms_vblank_simulate: vblank timer overrun
[  166.845042][    T9] usb 2-1: USB disconnect, device number 4
[  166.868776][ T6736] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  166.882721][ T5193] udevd[5193]: worker [5854] terminated by signal 33 (Unknown signal 33)
[  166.913584][ T6731] XFS (loop3): Ending clean mount
[  166.928921][ T5193] udevd[5193]: worker [5854] failed while handling '/devices/virtual/block/loop0'
[  166.967150][ T5193] udevd[5193]: worker [5856] terminated by signal 33 (Unknown signal 33)
[  166.978555][ T5193] udevd[5193]: worker [5856] failed while handling '/devices/virtual/block/loop5'
[  166.995929][ T5193] udevd[5193]: worker [6071] terminated by signal 33 (Unknown signal 33)
[  167.004503][ T5193] udevd[5193]: worker [6071] failed while handling '/devices/virtual/block/loop3'
[  167.010733][ T6768] loop2: detected capacity change from 0 to 128
[  167.057743][   T30] audit: type=1800 audit(1746781085.344:127): pid=6736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.263" name="file1" dev="loop0" ino=17058 res=0 errno=0
[  167.078483][    C0] vkms_vblank_simulate: vblank timer overrun
[  167.118621][ T5831] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.140692][   T30] audit: type=1800 audit(1746781085.424:128): pid=6736 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.263" name="file1" dev="loop0" ino=17058 res=0 errno=0
[  167.181177][ T6768] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  167.278059][ T6768] ext4 filesystem being mounted at /49/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  167.331997][ T6773] loop4: detected capacity change from 0 to 1024
[  167.383065][ T5832] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  167.441696][ T6773] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only.
[  167.585102][ T5846] ocfs2: Unmounting device (7,0) on (node local)
[  167.653596][ T5830] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  167.887247][ T6779] loop1: detected capacity change from 0 to 512
[  168.023316][ T6777] loop5: detected capacity change from 0 to 32768
[  168.097244][ T6779] EXT4-fs (loop1): 1 orphan inode deleted
[  168.105186][ T6779] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.136431][ T6635] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  168.208523][ T6635] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:9: Failed to release dquot type 1
[  168.243757][ T6779] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.264542][ T6791] loop4: detected capacity change from 0 to 1024
[  168.345870][ T6777] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  168.386537][ T6777] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  168.386537][ T6777]   allowing incompatible features above 0.0: (unknown version)
[  168.417041][ T6777] bcachefs (loop5): initializing new filesystem
[  168.422921][ T6791] EXT4-fs: Ignoring removed nobh option
[  168.426937][ T6777] bcachefs (loop5): going read-write
[  168.484746][ T6791] EXT4-fs: Ignoring removed orlov option
[  168.522505][ T6777] bcachefs (loop5): marking superblocks
[  168.549862][ T6777] bcachefs (loop5): initializing freespace
[  168.558689][ T6777] bcachefs (loop5): done initializing freespace
[  168.571882][ T6777] bcachefs (loop5): reading snapshots table
[  168.577995][ T6777] bcachefs (loop5): reading snapshots done
[  168.647879][ T6777] bcachefs (loop5): done starting filesystem
[  168.741407][ T6791] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.763218][   T10] IPVS: starting estimator thread 0...
[  168.804554][ T6797] IPVS: lc: UDP 224.0.0.2:0 - no destination available
[  168.829623][ T6791] EXT4-fs error (device loop4): ext4_validate_block_bitmap:440: comm syz.4.279: bg 0: block 385: padding at end of block bitmap is not set
[  168.865408][ T6804] IPVS: using max 24 ests per chain, 57600 per kthread
[  168.896937][ T6791] EXT4-fs (loop4): Remounting filesystem read-only
[  168.939162][ T6777] syz.5.277 (6777) used greatest stack depth: 18448 bytes left
[  169.092542][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.141801][ T5831] bcachefs (loop5): shutting down
[  169.154917][ T6809] loop3: detected capacity change from 0 to 2048
[  169.161786][ T5831] bcachefs (loop5): going read-only
[  169.167354][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.229537][ T6809] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  169.235593][ T5831] bcachefs (loop5): finished waiting for writes to stop
[  169.273268][ T6809] UDF-fs: Scanning with blocksize 512 failed
[  169.291153][ T5831] bcachefs (loop5): flushing journal and stopping allocators, journal seq 3
[  169.367936][ T6809] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  169.389520][ T5831] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 3
[  169.462170][ T5831] bcachefs (loop5): clean shutdown complete, journal seq 4
[  169.535633][ T5831] bcachefs (loop5): marking filesystem clean
[  169.737476][ T5831] bcachefs (loop5): shutdown complete
[  169.992679][ T6828] loop3: detected capacity change from 0 to 128
[  170.648762][ T6841] loop0: detected capacity change from 0 to 2048
[  170.780930][ T6841] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.055461][ T6839] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  171.143408][ T6822] loop4: detected capacity change from 0 to 40427
[  171.201398][ T6839] EXT4-fs (loop0): Remounting filesystem read-only
[  171.218303][ T6822] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x3fffff
[  171.229901][ T6822] F2FS-fs (loop4): Image doesn't support compression
[  171.307645][ T6853] Bluetooth: MGMT ver 1.23
[  171.541774][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  171.556334][ T6856] input: syz1 as /devices/virtual/input/input11
[  172.014990][ T6861] loop1: detected capacity change from 0 to 4096
[  172.070454][ T6865] loop2: detected capacity change from 0 to 256
[  172.165213][ T6822] F2FS-fs (loop4): invalid crc value
[  172.600087][ T6872] loop0: detected capacity change from 0 to 1024
[  172.821689][ T6872] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  172.873322][ T6872] ext4 filesystem being mounted at /60/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  172.903717][ T6869] loop3: detected capacity change from 0 to 4096
[  173.015447][ T6872] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  173.063639][ T6872] EXT4-fs (loop0): Remounting filesystem read-only
[  173.099959][ T6660] EXT4-fs warning (device loop0): ext4_convert_unwritten_extents:4825: inode #15: block 1: len 15: ext4_ext_map_blocks returned -30
[  173.190673][   T30] audit: type=1800 audit(1746781091.494:129): pid=6869 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.304" name="file1" dev="loop3" ino=33 res=0 errno=0
[  173.433068][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  173.605491][ T6886] capability: warning: `syz.3.309' uses deprecated v2 capabilities in a way that may be insecure
[  173.788051][ T6891] loop0: detected capacity change from 0 to 1024
[  173.916670][ T6891] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  174.196830][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.502348][ T6917] loop1: detected capacity change from 0 to 256
[  174.544663][ T6917] exfat: Deprecated parameter 'utf8'
[  174.564084][ T6917] exfat: Deprecated parameter 'utf8'
[  174.613914][ T6917] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6d3f72e, utbl_chksum : 0xe619d30d)
[  174.626703][ T6918] loop0: detected capacity change from 0 to 4096
[  174.652821][ T6918] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  174.734515][ T6918] ntfs3(loop0): ino=1a, mi_enum_attr
[  174.742568][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  174.760432][ T6918] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  174.785217][ T6918] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[  174.854577][ T6918] ntfs3(loop0): ino=5, "/" ntfs_readdir
[  174.895680][   T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  174.947190][    T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  174.986086][    T9] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  175.043869][    T9] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  175.085654][   T10] usb 6-1: Using ep0 maxpacket: 8
[  175.126902][   T10] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  175.155440][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  175.206938][   T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  175.220596][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.246813][    T9] usb 5-1: Product: syz
[  175.255792][   T10] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  175.285620][    T9] usb 5-1: Manufacturer: syz
[  175.313379][    T9] usb 5-1: SerialNumber: syz
[  175.325151][   T10] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  175.371503][ T6926] loop2: detected capacity change from 0 to 32768
[  175.399823][   T10] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  175.406323][ T6926] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  175.417881][ T6926] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  175.438163][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.502156][ T6926] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 1ms
[  175.515407][ T5898] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  175.537451][ T5898] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  175.635165][ T6935] loop1: detected capacity change from 0 to 16
[  175.642451][    T9] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  175.708212][ T6935] erofs (device loop1): mounted with root inode @ nid 36.
[  175.838014][   T10] usb 6-1: GET_CAPABILITIES returned 0
[  175.843646][   T10] usbtmc 6-1:16.0: can't read capabilities
[  175.851002][ T6933] loop0: detected capacity change from 0 to 40427
[  175.864547][ T6935] overlayfs: failed to resolve './file1': -2
[  175.873008][ T6933] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x7
[  175.884141][ T6933] F2FS-fs (loop0): invalid crc value
[  175.954164][ T5898] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 416ms
[  175.977742][   T10] usb 5-1: USB disconnect, device number 2
[  175.984016][ T6933] F2FS-fs (loop0): Start checkpoint disabled!
[  176.000527][   T10] usblp0: removed
[  176.021445][ T5898] gfs2: fsid=syz:syz.0: jid=0: Done
[  176.024559][ T6933] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  176.059588][ T6926] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  176.107944][ T5893] usb 6-1: USB disconnect, device number 4
[  176.355224][ T6660] bio_check_eod: 277 callbacks suppressed
[  176.362175][ T6660] kworker/u8:27: attempt to access beyond end of device
[  176.362175][ T6660] loop0: rw=1, sector=45096, nr_sectors = 16 limit=40427
[  176.380812][ T6637] kworker/u8:11: attempt to access beyond end of device
[  176.380812][ T6637] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  176.443617][ T6637] CPU: 1 UID: 0 PID: 6637 Comm: kworker/u8:11 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  176.443674][ T6637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  176.443698][ T6637] Workqueue: writeback wb_workfn (flush-7:0)
[  176.443751][ T6637] Call Trace:
[  176.443763][ T6637]  <TASK>
[  176.443776][ T6637]  dump_stack_lvl+0x16c/0x1f0
[  176.443834][ T6637]  f2fs_handle_critical_error+0x621/0x9f0
[  176.443880][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.443925][ T6637]  ? __asan_memset+0x23/0x50
[  176.443968][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.444024][ T6637]  f2fs_write_end_io+0x73d/0xac0
[  176.444086][ T6637]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  176.444143][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.444196][ T6637]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  176.444248][ T6637]  bio_endio+0x6d2/0x810
[  176.444296][ T6637]  submit_bio_noacct+0x56d/0x1ec0
[  176.444357][ T6637]  __submit_merged_bio+0x33c/0x770
[  176.444418][ T6637]  __submit_merged_write_cond+0x319/0x3f0
[  176.444484][ T6637]  f2fs_write_cache_pages+0x2139/0x2680
[  176.444575][ T6637]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  176.444640][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.444695][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.444740][ T6637]  ? unwind_next_frame+0x3fe/0x20a0
[  176.444786][ T6637]  ? ret_from_fork+0x48/0x80
[  176.444823][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.444867][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.444933][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.445045][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.445088][ T6637]  ? __lock_acquire+0x5ca/0x1ba0
[  176.445149][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.445201][ T6637]  f2fs_write_data_pages+0x4ad/0xd90
[  176.445272][ T6637]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  176.445354][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.445402][ T6637]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  176.445470][ T6637]  do_writepages+0x1b5/0x820
[  176.445531][ T6637]  ? __pfx_do_writepages+0x10/0x10
[  176.445578][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.445626][ T6637]  ? __lock_acquire+0xaa4/0x1ba0
[  176.445704][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.445748][ T6637]  ? reacquire_held_locks+0xcd/0x1f0
[  176.445815][ T6637]  __writeback_single_inode+0x160/0xfb0
[  176.445860][ T6637]  ? __pfx___writeback_single_inode+0x10/0x10
[  176.445899][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.445948][ T6637]  ? do_raw_spin_unlock+0x172/0x230
[  176.445988][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.446039][ T6637]  writeback_sb_inodes+0x601/0xf90
[  176.446103][ T6637]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  176.446215][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.446260][ T6637]  ? rcu_is_watching+0x12/0xc0
[  176.446308][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.446357][ T6637]  ? queue_io+0x3f6/0x520
[  176.446430][ T6637]  wb_writeback+0x419/0xb70
[  176.446480][ T6637]  ? __pfx_wb_writeback+0x10/0x10
[  176.446534][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.446579][ T6637]  ? mark_held_locks+0x49/0x80
[  176.446639][ T6637]  ? _raw_spin_unlock_irq+0x23/0x50
[  176.446696][ T6637]  wb_workfn+0x14d/0xbe0
[  176.446743][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.446787][ T6637]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  176.446839][ T6637]  ? __pfx_wb_workfn+0x10/0x10
[  176.446884][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.446934][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.446985][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.447030][ T6637]  ? rcu_is_watching+0x12/0xc0
[  176.447081][ T6637]  process_one_work+0x9cf/0x1b70
[  176.447140][ T6637]  ? __pfx_process_one_work+0x10/0x10
[  176.447180][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.447238][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.447281][ T6637]  ? assign_work+0x1a0/0x250
[  176.447327][ T6637]  worker_thread+0x6c8/0xf10
[  176.447390][ T6637]  ? __pfx_worker_thread+0x10/0x10
[  176.447428][ T6637]  kthread+0x3c5/0x780
[  176.447465][ T6637]  ? __pfx_kthread+0x10/0x10
[  176.447496][ T6637]  ? __pfx_kthread+0x10/0x10
[  176.447529][ T6637]  ? __pfx_kthread+0x10/0x10
[  176.447561][ T6637]  ? __pfx_kthread+0x10/0x10
[  176.447593][ T6637]  ? srso_alias_return_thunk+0x5/0xfbef5
[  176.447637][ T6637]  ? rcu_is_watching+0x12/0xc0
[  176.447681][ T6637]  ? __pfx_kthread+0x10/0x10
[  176.447716][ T6637]  ret_from_fork+0x48/0x80
[  176.447749][ T6637]  ? __pfx_kthread+0x10/0x10
[  176.447783][ T6637]  ret_from_fork_asm+0x1a/0x30
[  176.447865][ T6637]  </TASK>
[  176.935193][ T6637] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  177.583533][ T6948] loop3: detected capacity change from 0 to 32768
[  177.827192][ T6948] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  177.859282][ T6948] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  177.859282][ T6948]   allowing incompatible features above 0.0: (unknown version)
[  177.881762][ T6948] bcachefs (loop3): initializing new filesystem
[  177.890135][ T6948] bcachefs (loop3): going read-write
[  177.935743][ T6948] bcachefs (loop3): marking superblocks
[  177.951320][ T6948] bcachefs (loop3): initializing freespace
[  177.958968][ T6948] bcachefs (loop3): done initializing freespace
[  177.971561][ T6948] bcachefs (loop3): reading snapshots table
[  177.977628][ T6948] bcachefs (loop3): reading snapshots done
[  178.048468][ T6948] bcachefs (loop3): done starting filesystem
[  178.163801][ T6976] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  178.322946][ T5832] bcachefs (loop3): shutting down
[  178.332617][ T5893] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  178.373539][ T5832] bcachefs (loop3): going read-only
[  178.404199][ T5832] bcachefs (loop3): finished waiting for writes to stop
[  178.436785][ T5832] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[  178.505851][ T5893] usb 1-1: Using ep0 maxpacket: 8
[  178.522862][ T5893] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d
[  178.538984][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  178.552178][ T5832] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  178.572228][ T5832] bcachefs (loop3): clean shutdown complete, journal seq 4
[  178.585135][ T5893] usb 1-1: Product: syz
[  178.597058][ T5893] usb 1-1: Manufacturer: syz
[  178.601715][ T5893] usb 1-1: SerialNumber: syz
[  178.627329][ T5832] bcachefs (loop3): marking filesystem clean
[  178.670059][ T5893] usb 1-1: config 0 descriptor??
[  178.702892][ T5893] gspca_main: sonixj-2.14.0 probing 0c45:613e
[  178.747854][ T5832] bcachefs (loop3): shutdown complete
[  178.973795][ T6996] loop4: detected capacity change from 0 to 1024
[  179.003348][ T6996] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  179.281064][ T5834] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.751589][ T5893] gspca_sonixj: reg_w1 err -71
[  179.795435][ T5893] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[  179.810739][ T5893] usb 1-1: USB disconnect, device number 4
[  180.576353][ T7024] loop0: detected capacity change from 0 to 512
[  180.645973][ T7024] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.357: iget: bad extended attribute block 1
[  180.797671][ T7024] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.357: couldn't read orphan inode 15 (err -117)
[  180.828885][ T7023] loop1: detected capacity change from 0 to 4096
[  180.839511][ T7024] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  180.902136][ T7031] tipc: Started in network mode
[  180.980735][ T7031] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711
[  181.071114][ T7031] tipc: Enabled bearer <udp:s>, priority 10
[  181.298090][ T5846] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.128366][ T7060] loop4: detected capacity change from 0 to 1024
[  182.188152][ T5810] tipc: Node number set to 4269801488
[  182.205881][ T7060] devpts: Invalid gid '0x00000000ffffffff'
[  182.350970][ T5834] hfsplus: bad catalog entry type
[  182.936559][ T7063] loop1: detected capacity change from 0 to 65536
[  183.036560][ T7063] XFS (loop1): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  183.122807][ T6664] hfsplus: b-tree write err: -5, ino 4
[  183.180905][ T7063] XFS (loop1): Ending clean mount
[  183.188401][ T7063] XFS (loop1): Quotacheck needed: Please wait.
[  183.296603][ T7063] XFS (loop1): Quotacheck: Done.
[  183.694677][ T5833] XFS (loop1): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  183.781144][ T6635] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.316280][ T6635] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.465494][ T5898] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  184.617560][ T6635] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.668566][ T5898] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  184.695303][ T5898] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  184.705035][ T5898] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  184.794596][ T5898] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  184.815597][ T5810] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  184.837353][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.848663][ T6635] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.865838][ T5898] usb 4-1: Product: syz
[  184.870072][ T5898] usb 4-1: Manufacturer: syz
[  184.874690][ T5898] usb 4-1: SerialNumber: syz
[  184.981023][ T5810] usb 6-1: Using ep0 maxpacket: 8
[  185.007733][ T5810] usb 6-1: config index 0 descriptor too short (expected 6427, got 27)
[  185.022130][ T5810] usb 6-1: config 0 has an invalid interface number: 21 but max is 0
[  185.055357][ T5810] usb 6-1: config 0 has no interface number 0
[  185.081830][ T5810] usb 6-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  185.083195][ T7095] loop1: detected capacity change from 0 to 1024
[  185.125910][ T5810] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  185.160755][ T5810] usb 6-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  185.188374][ T7095] EXT4-fs: Ignoring removed orlov option
[  185.194288][ T5810] usb 6-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  185.194411][ T5898] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 4 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  185.210894][ T5810] usb 6-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  185.214459][ T7095] EXT4-fs: Ignoring removed nomblk_io_submit option
[  185.263443][ T5810] usb 6-1: Product: syz
[  185.282171][ T5810] usb 6-1: config 0 descriptor??
[  185.288880][ T6635] bridge_slave_1: left allmulticast mode
[  185.295009][ T6635] bridge_slave_1: left promiscuous mode
[  185.317724][ T6635] bridge0: port 2(bridge_slave_1) entered disabled state
[  185.323119][ T7092] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  185.334878][ T7095] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  185.354759][ T5133] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  185.376784][ T5133] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  185.385139][ T5133] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  185.405725][ T5133] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  185.415911][ T5133] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  185.435531][ T5853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  185.443212][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  185.452397][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  185.461113][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  185.469237][ T5853] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  185.481230][ T5893] usb 4-1: USB disconnect, device number 4
[  185.507187][ T6635] bridge_slave_0: left allmulticast mode
[  185.533894][ T5893] usblp0: removed
[  185.561265][ T6635] bridge_slave_0: left promiscuous mode
[  185.589939][ T6635] bridge0: port 1(bridge_slave_0) entered disabled state
[  185.757214][ T5833] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  185.995107][ T5810] input: syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.21/input/input12
[  186.313006][ T1200] usb 6-1: USB disconnect, device number 5
[  186.313145][    C1] keyspan_remote 6-1:0.21: keyspan_irq_recv - usb_submit_urb failed with result: -19
[  186.881448][ T7128] netlink: 'syz.3.398': attribute type 4 has an invalid length.
[  187.548353][ T5133] Bluetooth: hci4: command tx timeout
[  187.594221][ T7135] Driver unsupported XDP return value 0 on prog  (id 71) dev N/A, expect packet loss!
[  187.684597][ T7130] loop2: detected capacity change from 0 to 40427
[  187.745404][ T7130] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[  187.752438][ T7130] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  187.806801][ T7130] F2FS-fs (loop2): invalid crc value
[  187.939525][ T6635] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  187.977870][ T6635] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  187.999332][ T6635] bond0 (unregistering): Released all slaves
[  188.115418][ T7130] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  188.153521][ T7130] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  188.242576][ T7140] loop0: detected capacity change from 0 to 32768
[  188.281825][ T7147] loop5: detected capacity change from 0 to 512
[  188.295863][ T6635] tipc: Disabling bearer <udp:s>
[  188.312849][ T6635] tipc: Left network mode
[  188.392827][ T7147] EXT4-fs error (device loop5): ext4_orphan_get:1391: inode #15: comm syz.5.404: casefold flag without casefold feature
[  188.418709][ T7140] bcachefs (da441363-bb6a-4ab9-999b-c1f40db4fee2): Using encoding defined by superblock: utf8-12.1.0
[  188.451597][ T7140] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,norecovery,nojournal_transaction_names,nocow
[  188.451597][ T7140]   allowing incompatible features above 0.0: (unknown version)
[  188.478562][ T7140] bcachefs (loop0): invalid bkey in superblock btree=extents level=0: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0
[  188.478619][ T7140]   invalid key type for btree extents (btree_ptr_v2), deleting
[  188.506711][ T7140] bcachefs (loop0): invalid bkey in superblock btree=dirents level=1: u64s 11 type extent SPOS_MAX len 0 ver 281474976710656: durability: 0 (invalid extent entry 0000000000000000)
[  188.506754][ T7140]   invalid key type for btree internal btree node (extent), deleting
[  188.534082][ T7140] bcachefs (loop0): invalid bkey in superblock btree=snapshots level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 255 ver 18446462598732840960: seq ebb8d5a9e3463bdb written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0
[  188.534131][ T7140]   size != 0, deleting
[  188.542804][ T7147] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.404: couldn't read orphan inode 15 (err -117)
[  188.555730][ T7140] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[  188.556222][ T7140] bcachefs (loop0): Version upgrade required:
[  188.556222][ T7140] Version upgrade from 0.12: snapshot to 1.7: mi_btree_bitmap incomplete
[  188.556222][ T7140] Doing incompatible version upgrade from 0.12: snapshot to 1.25: extent_flags
[  188.556222][ T7140]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  188.668480][ T7140] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree inodes level 0/0
[  188.668525][ T7140]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  188.668557][ T7140]   node offset 16/24 bset u64s 110 bset byte offset 792: keys out of order: u64s 18 type inode_v3 7696581394432:536870913:U32_MAX len 0 ver 0 > u64s 18 type inode_v3 0:536870914:U32_MAX len 0 ver 0, fixing
[  188.679498][ T7147] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  188.725881][ T7140] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 7696581394432:536870913:U32_MAX len 0 ver 0: (unpack error)
[  188.725916][ T7140]   nonzero k.p.inode, deleting
[  188.747277][ T7140] bcachefs (loop0): btree_node_read_work: rewriting btree node at due to error
[  188.747277][ T7140]   btree=inodes level=0 u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7589ab5e0c11cc7a written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0
[  188.784089][ T7140] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree alloc level 0/0
[  188.784120][ T7140]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  188.784150][ T7140]   node offset 8/24 bset u64s 375 bset byte offset 184: keys out of order: u64s 11 type alloc_v4 0:32:0 len 0 ver 0 > u64s 11 type alloc_v4 0:2:0 len 0 ver 0, fixing
[  188.826623][ T7140] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree alloc level 0/0
[  188.826666][ T7140]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0
[  188.826697][ T7140]   node offset 16/24 bset u64s 0: unsupported bset version 3.519
[  188.859615][ T7140] bcachefs (loop0): flagging btree alloc lost data
[  188.866734][ T7140] bcachefs (loop0): running explicit recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  188.880909][ T7140] bcachefs (loop0): error reading btree root btree=alloc level=0: btree_node_read_error, fixing
[  188.903733][ T7140] bcachefs (loop0): bcachefs (loop0): error validating btree node on loop0 at btree freespace level 0/0
[  188.903766][ T7140]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq e81e1ed936acf3df written 32 min_key 0:3703155162349568:0 durability: 1 ptr: 0:29:0 gen 0
[  188.903797][ T7140]   node offset 0/32 bset u64s 0: checksum error, type none: got  should be , shutting down
[  188.903821][ T7140]   error not marked as autofix and not in fsck
[  188.903840][ T7140]   run fsck, and forward to devs so error can be marked for self-healing
[  188.903862][ T7140]   inconsistency detected - emergency read only at journal seq 10
[  188.967963][ T7140] bcachefs (loop0): flagging btree freespace lost data
[  188.977701][ T7140] bcachefs (loop0): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[  188.992734][ T7140] bcachefs (loop0): bcachefs (loop0): error validating btree node at btree backpointers level 0/0
[  188.992766][ T7140]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0
[  188.992797][ T7140]   node offset 8/24 bset u64s 42 bset byte offset 264: key extends past end of bset, shutting down
[  188.992824][ T7140]   error not marked as autofix and not in fsck
[  188.992844][ T7140]   run fsck, and forward to devs so error can be marked for self-healing
[  189.043226][ T7140] bcachefs (loop0): flagging btree backpointers lost data
[  189.050986][ T7140] bcachefs (loop0): error reading btree root btree=backpointers level=0: btree_node_read_error, fixing
[  189.065932][ T7140] bcachefs (loop0): check_topology... done
[  189.072700][ T7140] bcachefs (loop0): accounting_read... done
[  189.122645][ T7140] bcachefs (loop0): alloc_read... done
[  189.128374][ T7140] bcachefs (loop0): snapshots_read... done
[  189.135532][ T7140] bcachefs (loop0): done starting filesystem
[  189.242273][ T5831] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.271806][ T7140] bcachefs (loop0): shutdown by ioctl type 2
[  189.440537][ T5846] bcachefs (loop0): shutting down
[  189.697556][ T6635] hsr_slave_0: left promiscuous mode
[  189.705198][ T6635] hsr_slave_1: left promiscuous mode
[  189.751760][ T6635] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  189.762122][ T5846] bcachefs (loop0): shutdown complete
[  189.796985][ T6635] batman_adv: batadv0: Removing interface: batadv_slave_0
[  189.860434][ T6635] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  189.894765][ T6635] batman_adv: batadv0: Removing interface: batadv_slave_1
[  190.044353][ T6635] veth1_macvtap: left promiscuous mode
[  190.075657][ T6635] veth0_macvtap: left promiscuous mode
[  190.081424][ T6635] veth1_vlan: left promiscuous mode
[  190.115807][ T6635] veth0_vlan: left promiscuous mode
[  190.282549][ T7169] loop2: detected capacity change from 0 to 256
[  190.315518][ T7169] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  190.376384][ T7169] exFAT-fs (loop2): start_clu is invalid cluster(0xffffffff)
[  191.199173][ T7178] binder: 7177:7178 ioctl c0306201 200000000040 returned -14
[  191.369248][ T5853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  191.379565][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  191.388230][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  191.397347][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  191.413967][ T5853] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  192.059131][ T6635] team0 (unregistering): Port device team_slave_1 removed
[  192.185358][ T6635] team0 (unregistering): Port device team_slave_0 removed
[  192.763159][ T7195] loop1: detected capacity change from 0 to 40427
[  192.773030][ T7195] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[  192.789467][ T7195] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  192.817210][ T7195] F2FS-fs (loop1): invalid crc value
[  193.046813][ T7195] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  193.070385][ T7195] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  193.466004][ T5853] Bluetooth: hci4: command tx timeout
[  193.511180][ T7175] vlan2: entered allmulticast mode
[  193.568972][ T7175] vlan1: entered allmulticast mode
[  193.580101][ T7175] veth0_vlan: entered allmulticast mode
[  194.867149][ T7245] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  194.906216][ T7238] loop5: detected capacity change from 0 to 4096
[  195.175544][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  195.210820][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  195.316208][ T7238] ntfs3(loop5): failed to convert "0080" to macinuit
[  195.380513][ T7238] ntfs3(loop5): failed to convert name for inode 1e.
[  195.412799][ T7238] ntfs3(loop5): ino=1f, mi_enum_attr
[  195.435453][ T7238] ntfs3(loop5): Mark volume as dirty due to NTFS errors
[  195.596905][ T7254] input: syz0 as /devices/virtual/input/input13
[  195.994967][ T7260] loop5: detected capacity change from 0 to 1024
[  196.049180][ T7260] EXT4-fs: Ignoring removed orlov option
[  196.068263][ T7260] EXT4-fs: Ignoring removed nomblk_io_submit option
[  196.116491][ T7260] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  196.359390][ T5133] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  196.368911][ T5133] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  196.372875][ T5831] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.377091][ T5133] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  196.394942][ T5133] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  196.402996][ T5133] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  196.679513][ T7250] loop1: detected capacity change from 0 to 32768
[  196.823151][ T7250] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  196.922592][ T6637] OCFS2: ERROR (device loop1): __ocfs2_find_path: Owner 72 has invalid tree depth 312 in extent list
[  196.945463][ T1200] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  196.993380][ T6637] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  197.031188][ T6637] OCFS2: File system is now read-only.
[  197.037999][ T6637] (kworker/u8:11,6637,1):ocfs2_find_leaf:1948 ERROR: status = -30
[  197.044798][ T7250] OCFS2: ERROR (device loop1): ocfs2_validate_gd_self: Group descriptor #32 has an invalid fs_generation of #47604929
[  197.046057][ T6637] (kworker/u8:11,6637,1):ocfs2_get_clusters_nocache:421 ERROR: status = -30
[  197.046129][ T6637] (kworker/u8:11,6637,1):ocfs2_get_clusters:634 ERROR: status = -30
[  197.114267][ T6637] (kworker/u8:11,6637,1):ocfs2_extent_map_get_blocks:681 ERROR: status = -30
[  197.125611][ T6637] (kworker/u8:11,6637,1):ocfs2_read_virt_blocks:997 ERROR: status = -30
[  197.134176][ T6637] (kworker/u8:11,6637,1):ocfs2_read_dir_block:511 ERROR: status = -30
[  197.146970][ T1200] usb 1-1: Using ep0 maxpacket: 16
[  197.152401][ T7250] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  197.211061][ T1200] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  197.225643][ T7250] (syz.1.438,7250,1):ocfs2_search_chain:1814 ERROR: status = -30
[  197.235955][ T7250] (syz.1.438,7250,1):ocfs2_search_chain:1926 ERROR: status = -30
[  197.240913][ T7256] loop3: detected capacity change from 0 to 40427
[  197.244249][ T7250] (syz.1.438,7250,1):ocfs2_claim_suballoc_bits:1995 ERROR: status = -30
[  197.258733][ T1200] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  197.258777][ T1200] usb 1-1: Product: syz
[  197.302029][ T1200] usb 1-1: Manufacturer: syz
[  197.319709][ T7256] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  197.326847][ T1200] usb 1-1: SerialNumber: syz
[  197.350350][ T1200] usb 1-1: config 0 descriptor??
[  197.360130][ T7250] (syz.1.438,7250,1):ocfs2_claim_suballoc_bits:2038 ERROR: status = -30
[  197.369963][ T7256] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  197.390155][ T1200] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  197.391735][ T7250] (syz.1.438,7250,1):__ocfs2_claim_clusters:2412 ERROR: status = -30
[  197.420612][ T7250] (syz.1.438,7250,1):__ocfs2_claim_clusters:2420 ERROR: status = -30
[  197.444430][ T7250] (syz.1.438,7250,1):ocfs2_local_alloc_new_window:1199 ERROR: status = -30
[  197.466844][ T7250] (syz.1.438,7250,1):ocfs2_local_alloc_new_window:1224 ERROR: status = -30
[  197.480759][ T7250] (syz.1.438,7250,1):ocfs2_local_alloc_slide_window:1298 ERROR: status = -30
[  197.492053][ T7256] F2FS-fs (loop3): invalid crc value
[  197.516487][ T7250] (syz.1.438,7250,1):ocfs2_local_alloc_slide_window:1317 ERROR: status = -30
[  197.554929][ T7250] (syz.1.438,7250,1):ocfs2_reserve_local_alloc_bits:672 ERROR: status = -30
[  197.591210][ T7250] (syz.1.438,7250,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30
[  197.617984][ T7250] (syz.1.438,7250,1):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -30
[  197.643980][ T7250] (syz.1.438,7250,1):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -30
[  197.684087][ T7250] (syz.1.438,7250,1):ocfs2_lock_allocators:2749 ERROR: status = -30
[  197.709403][ T7250] (syz.1.438,7250,1):ocfs2_write_begin_nolock:1722 ERROR: status = -30
[  197.745551][ T7250] (syz.1.438,7250,1):ocfs2_write_begin:1885 ERROR: status = -30
[  197.940367][ T7256] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  197.968228][ T7256] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  198.059905][ T5833] ocfs2: Unmounting device (7,1) on (node local)
[  198.404874][ T1200] ssu100 1-1:0.0: probe with driver ssu100 failed with error -71
[  198.427035][ T7295] loop5: detected capacity change from 0 to 512
[  198.445492][ T1200] usb 1-1: USB disconnect, device number 5
[  198.500118][ T7295] EXT4-fs error (device loop5): ext4_ext_check_inode:524: inode #13: comm syz.5.453: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 15(4), depth 0(0)
[  198.597035][ T7295] EXT4-fs error (device loop5): ext4_orphan_get:1394: comm syz.5.453: couldn't read orphan inode 13 (err -117)
[  198.662631][ T7295] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  198.716737][ T7295] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  199.049795][ T5831] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.258989][ T7303] loop1: detected capacity change from 0 to 32768
[  199.271883][ T7305] loop0: detected capacity change from 0 to 128
[  199.315228][ T7305] EXT4-fs (loop0): Test dummy encryption mode enabled
[  199.357009][ T7303] XFS (loop1): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  199.414839][ T7314] loop3: detected capacity change from 0 to 1024
[  199.416759][ T7305] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  199.460252][ T7305] ext4 filesystem being mounted at /85/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  199.505974][ T5853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  199.517405][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  199.532525][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  199.546524][ T5853] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  199.562714][ T5853] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  199.576095][ T7303] XFS (loop1): Ending clean mount
[  199.584009][ T7303] XFS (loop1): Metadata CRC error detected at xfs_inobt_read_verify+0x26/0xe0, xfs_finobt block 0x20 
[  199.596039][ T7303] XFS (loop1): Unmount and run xfs_repair
[  199.601817][ T7303] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  199.609468][ T7303] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  FIB3............
[  199.618463][ T7303] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40  ....... .......@
[  199.627747][ T7303] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a  ...B..N....xv...
[  199.636727][ T7303] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37  .......F......@7
[  199.645759][ T7303] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  199.654742][ T7303] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00  ................
[  199.665400][ T7303] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  199.674480][ T7303] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  199.683901][ T7303] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x20 len 8 error 74
[  199.695737][ T7303] XFS (loop1): Failed to initialize disk quotas, err -117.
[  199.737049][ T7314] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  199.743843][ T7314] hfsplus: xattr searching failed
[  199.849135][ T7328] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  199.858592][ T7303] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0x26/0xe0, xfs_bnobt block 0x8 
[  199.870397][ T7303] XFS (loop1): Unmount and run xfs_repair
[  199.876264][ T7303] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  199.883689][ T7303] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff  AB3B............
[  199.893195][ T7303] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 40  ...............@
[  199.902204][ T7303] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a  ...B..N....xv...
[  199.911201][ T7303] 00000030: 00 00 00 00 72 89 6f 7a 00 00 00 06 00 00 00 02  ....r.oz........
[  199.920521][ T7303] 00000040: 00 00 05 9a 00 00 00 06 00 00 05 b0 00 00 0a 50  ...............P
[  199.929572][ T7303] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  199.938730][ T7303] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  199.947893][ T7303] 00000070: 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00  ................
[  199.955834][ T7328] hfsplus: xattr searching failed
[  199.956832][ T7303] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x8 len 8 error 74
[  199.997752][ T7314] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  200.005481][ T7314] hfsplus: xattr search failed
[  200.040464][ T7303] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x400/0x970 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  200.055891][ T7303] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  200.122340][ T6660] hfsplus: b-tree write err: -5, ino 4
[  200.267115][ T5833] XFS (loop1): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  200.492716][ T7305] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  200.625531][   T10] usb 6-1: new low-speed USB device number 6 using dummy_hcd
[  200.725105][ T5846] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  200.857605][   T10] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  200.883928][   T10] usb 6-1: config 0 has no interface number 0
[  200.900857][   T10] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  200.966245][   T10] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  200.986739][   T10] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  201.035484][   T10] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  201.064681][   T10] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  201.095341][   T10] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  201.125345][   T10] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  201.134644][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.151706][   T10] usb 6-1: config 0 descriptor??
[  201.158964][ T7339] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  201.166759][ T7339] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  201.181020][   T10] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  201.215497][ T5893] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  201.388929][   T10] usb 6-1: USB disconnect, device number 6
[  201.395650][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  201.404790][   T10] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  201.407556][ T5893] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.424542][ T5893] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  201.441632][ T5893] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  201.450909][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.471263][ T5893] usb 2-1: config 0 descriptor??
[  201.736760][   T30] audit: type=1326 audit(1746781120.044:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bfd58e969 code=0x7ffc0000
[  201.761708][   T30] audit: type=1326 audit(1746781120.044:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bfd58e969 code=0x7ffc0000
[  201.792543][   T30] audit: type=1326 audit(1746781120.064:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f1bfd58e969 code=0x7ffc0000
[  201.792645][   T30] audit: type=1326 audit(1746781120.064:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bfd58e969 code=0x7ffc0000
[  201.792717][   T30] audit: type=1326 audit(1746781120.064:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7351 comm="syz.3.468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1bfd58e969 code=0x7ffc0000
[  201.919111][ T5893] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0
[  201.922133][ T5893] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[  201.956872][ T5893] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  202.279909][ T5893] usb 2-1: USB disconnect, device number 5
[  202.626846][ T7365] netlink: 8 bytes leftover after parsing attributes in process `syz.5.472'.
[  202.676234][ T5851] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  202.689009][ T5851] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  202.699291][ T5851] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  202.737962][ T5851] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  202.756927][ T5851] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  203.045910][   T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  203.225722][   T10] usb 3-1: Using ep0 maxpacket: 16
[  203.238753][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  203.265371][   T10] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  203.324228][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.356808][   T10] usb 3-1: config 0 descriptor??
[  203.776472][   T10] hid (null): bogus close delimiter
[  203.781792][   T10] hid (null): invalid report_count 496060018
[  203.803254][   T10] hid (null): global environment stack underflow
[  203.881865][ T7379] loop1: detected capacity change from 0 to 32768
[  203.907549][ T7379] JBD2: Ignoring recovery information on journal
[  203.951905][ T7379] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  203.963863][ T1291] ieee802154 phy0 wpan0: encryption failed: -22
[  203.972311][ T1291] ieee802154 phy1 wpan1: encryption failed: -22
[  203.985700][ T5893] usb 3-1: USB disconnect, device number 5
[  204.056025][ T5833] ocfs2: Unmounting device (7,1) on (node local)
[  204.425676][ T5853] Bluetooth: hci4: command 0xfc11 tx timeout
[  204.433913][ T5133] Bluetooth: hci4: Entering manufacturer mode failed (-110)
[  204.503179][   T30] audit: type=1326 audit(1746781122.804:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7393 comm="syz.0.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a1f18e969 code=0x7ffc0000
[  204.525432][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.563340][   T30] audit: type=1326 audit(1746781122.804:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7393 comm="syz.0.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a1f18e969 code=0x7ffc0000
[  204.674142][   T30] audit: type=1326 audit(1746781122.814:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7393 comm="syz.0.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7f5a1f18e969 code=0x7ffc0000
[  204.696366][    C1] vkms_vblank_simulate: vblank timer overrun
[  204.753452][ T7399] loop5: detected capacity change from 0 to 512
[  204.760063][   T30] audit: type=1326 audit(1746781122.814:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7393 comm="syz.0.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5a1f18e969 code=0x7ffc0000
[  204.857219][ T7399] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  204.942395][ T7408] loop2: detected capacity change from 0 to 512
[  204.976222][ T7399] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  204.996486][ T7408] EXT4-fs: Ignoring removed orlov option
[  204.997023][ T7407] loop0: detected capacity change from 0 to 1024
[  205.015326][ T7408] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  205.126312][ T7408] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.486: casefold flag without casefold feature
[  205.156806][ T5853] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  205.170716][ T5853] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  205.180817][ T5853] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  205.189570][ T7408] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.486: couldn't read orphan inode 15 (err -117)
[  205.204008][ T7408] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  205.250952][ T5851] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  205.264753][ T5851] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  205.338756][ T5831] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.582739][ T5830] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  205.795621][ T1200] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  205.975370][ T1200] usb 4-1: Using ep0 maxpacket: 16
[  205.992419][ T1200] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  206.015323][ T1200] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  206.055159][ T1200] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  206.119743][ T1200] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  206.135377][ T1200] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.174864][ T1200] usb 4-1: Product: syz
[  206.185806][ T1200] usb 4-1: Manufacturer: syz
[  206.190450][ T1200] usb 4-1: SerialNumber: syz
[  206.601408][ T7424] loop2: detected capacity change from 0 to 32768
[  206.601583][ T7419] loop5: detected capacity change from 0 to 40427
[  206.618897][ T7419] F2FS-fs (loop5): build fault injection attr: rate: 771, type: 0x3fffff
[  206.632183][ T7419] F2FS-fs (loop5): invalid crc value
[  206.634160][ T7424] JBD2: Ignoring recovery information on journal
[  206.685515][ T1200] usb 4-1: 0:2 : does not exist
[  206.689282][ T7424] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  206.763411][   T30] audit: type=1800 audit(1746781125.064:139): pid=7424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.492" name="file1" dev="loop2" ino=17058 res=0 errno=0
[  206.789234][   T30] audit: type=1800 audit(1746781125.084:140): pid=7424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.492" name="file1" dev="loop2" ino=17058 res=0 errno=0
[  206.806042][ T7419] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  206.809843][    C1] vkms_vblank_simulate: vblank timer overrun
[  206.943759][ T5830] ocfs2: Unmounting device (7,2) on (node local)
[  207.346573][ T1200] usb 4-1: USB disconnect, device number 5
[  207.421180][ T5977] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  207.615319][ T5977] usb 1-1: Using ep0 maxpacket: 16
[  207.640912][ T5977] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  207.665486][ T5977] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  207.691465][ T5977] usb 1-1: config 0 interface 0 has no altsetting 0
[  207.706115][ T5977] usb 1-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  207.715509][ T5977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.736948][ T5977] usb 1-1: config 0 descriptor??
[  207.929241][ T5133] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  207.938768][ T5133] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  207.945997][ T1200] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  207.955184][ T5133] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  207.965554][ T5133] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  207.975770][ T5133] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  208.145642][ T1200] usb 3-1: Using ep0 maxpacket: 16
[  208.163186][ T1200] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  208.178746][ T5977] apple 0003:05AC:0247.0007: fixing up Magic Keyboard JIS report descriptor
[  208.191438][ T1200] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  208.203605][ T5977] apple 0003:05AC:0247.0007: unexpected long global item
[  208.229441][ T1200] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  208.230047][ T5977] apple 0003:05AC:0247.0007: parse failed
[  208.257430][ T1200] usb 3-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  208.262958][ T5977] apple 0003:05AC:0247.0007: probe with driver apple failed with error -22
[  208.309238][ T1200] usb 3-1: config 7 interface 0 has no altsetting 0
[  208.355432][ T1200] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  208.396978][ T1200] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.435945][ T5977] usb 1-1: USB disconnect, device number 6
[  208.447073][ T7463] netlink: 8 bytes leftover after parsing attributes in process `syz.1.507'.
[  208.779828][ T7459] loop3: detected capacity change from 0 to 32768
[  208.846715][ T7459] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  208.909815][ T1200] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:7.0/0003:0458:5010.0008/input/input14
[  208.971856][ T5832] ocfs2: Unmounting device (7,3) on (node local)
[  209.005678][ T1200] kye 0003:0458:5010.0008: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0
[  209.191401][ T1200] usb 3-1: USB disconnect, device number 6
[  210.055356][ T5977] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  210.246159][ T5977] usb 1-1: Using ep0 maxpacket: 8
[  210.269167][ T5977] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  210.299722][ T5977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.322359][ T5977] usb 1-1: Product: syz
[  210.335513][ T5977] usb 1-1: Manufacturer: syz
[  210.350865][ T5977] usb 1-1: SerialNumber: syz
[  210.374698][ T5977] usb 1-1: config 0 descriptor??
[  210.404121][ T5977] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  210.440650][ T5133] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  210.450978][ T5133] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  210.463469][ T5133] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  210.476242][ T5133] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  210.504001][ T5133] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  211.023282][ T7478] loop2: detected capacity change from 0 to 40427
[  211.053461][ T7476] loop5: detected capacity change from 0 to 40427
[  211.063464][ T7478] F2FS-fs (loop2): Fix alignment : done, start(4096) end(16896) block(12288)
[  211.076885][ T7478] F2FS-fs (loop2): invalid crc value
[  211.097055][ T7476] F2FS-fs (loop5): heap/no_heap options were deprecated
[  211.120691][ T7476] F2FS-fs (loop5): invalid crc value
[  211.411634][ T7478] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  211.434534][ T5977] gspca_sonixj: reg_w1 err -71
[  211.473165][ T7476] F2FS-fs (loop5): Start checkpoint disabled!
[  211.506009][ T7476] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  211.524355][ T5830] syz-executor: attempt to access beyond end of device
[  211.524355][ T5830] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  211.565517][ T5977] sonixj 1-1:0.0: probe with driver sonixj failed with error -71
[  211.581257][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  211.581310][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  211.581333][ T5830] Call Trace:
[  211.581345][ T5830]  <TASK>
[  211.581359][ T5830]  dump_stack_lvl+0x16c/0x1f0
[  211.581421][ T5830]  f2fs_handle_critical_error+0x621/0x9f0
[  211.581471][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.581517][ T5830]  ? __asan_memset+0x23/0x50
[  211.581564][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.581623][ T5830]  f2fs_write_end_io+0x73d/0xac0
[  211.581682][ T5830]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  211.581744][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.581802][ T5830]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  211.581854][ T5830]  bio_endio+0x6d2/0x810
[  211.581898][ T5830]  submit_bio_noacct+0x56d/0x1ec0
[  211.581962][ T5830]  __submit_merged_bio+0x33c/0x770
[  211.582024][ T5830]  __submit_merged_write_cond+0x319/0x3f0
[  211.582096][ T5830]  f2fs_write_cache_pages+0x2139/0x2680
[  211.582193][ T5830]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  211.582251][ T5830]  ? lock_acquire+0x179/0x350
[  211.582318][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.582362][ T5830]  ? lock_acquire+0x179/0x350
[  211.582421][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.582466][ T5830]  ? find_held_lock+0x2b/0x80
[  211.582513][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.582584][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.582628][ T5830]  ? __lock_acquire+0xaa4/0x1ba0
[  211.582711][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.582756][ T5830]  ? do_raw_spin_lock+0x12c/0x2b0
[  211.582855][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.582910][ T5830]  f2fs_write_data_pages+0x4ad/0xd90
[  211.582984][ T5830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  211.583048][ T5830]  ? check_path.constprop.0+0x24/0x50
[  211.583121][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.583167][ T5830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  211.583231][ T5830]  do_writepages+0x1b5/0x820
[  211.583294][ T5830]  ? __pfx_do_writepages+0x10/0x10
[  211.583347][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.583394][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.583438][ T5830]  ? do_raw_spin_lock+0x12c/0x2b0
[  211.583473][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.583517][ T5830]  ? find_held_lock+0x2b/0x80
[  211.583562][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.583612][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.583656][ T5830]  ? do_raw_spin_unlock+0x172/0x230
[  211.583697][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.583753][ T5830]  filemap_fdatawrite_wbc+0x104/0x160
[  211.583812][ T5830]  __filemap_fdatawrite_range+0xb2/0xf0
[  211.583877][ T5830]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  211.583941][ T5830]  ? check_path.constprop.0+0x24/0x50
[  211.583957][ T5977] usb 1-1: USB disconnect, device number 7
[  211.584066][ T5830]  ? find_held_lock+0x2b/0x80
[  211.584112][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.584157][ T5830]  ? do_raw_spin_unlock+0x172/0x230
[  211.584197][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.584250][ T5830]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  211.584339][ T5830]  block_operations+0x2a3/0xfd0
[  211.584391][ T5830]  ? __pfx_block_operations+0x10/0x10
[  211.584523][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.584566][ T5830]  ? down_write+0x14d/0x200
[  211.584625][ T5830]  ? __pfx_down_write+0x10/0x10
[  211.584686][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.584728][ T5830]  ? rcu_is_watching+0x12/0xc0
[  211.584780][ T5830]  f2fs_write_checkpoint+0x2b8/0x45b0
[  211.584824][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.584867][ T5830]  ? kfree+0x2b6/0x4d0
[  211.584906][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.584956][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.584999][ T5830]  ? rcu_is_watching+0x12/0xc0
[  211.585046][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.585089][ T5830]  ? kthread_stop+0x273/0x650
[  211.585156][ T5830]  kill_f2fs_super+0x3c2/0x470
[  211.585194][ T5830]  ? __pfx_kill_f2fs_super+0x10/0x10
[  211.585229][ T5830]  ? lockdep_hardirqs_on+0x7c/0x110
[  211.585309][ T5830]  deactivate_locked_super+0xc1/0x1a0
[  211.585358][ T5830]  deactivate_super+0xde/0x100
[  211.585407][ T5830]  cleanup_mnt+0x225/0x450
[  211.585460][ T5830]  task_work_run+0x150/0x240
[  211.585503][ T5830]  ? __pfx_task_work_run+0x10/0x10
[  211.585539][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  211.585590][ T5830]  ? __pfx___x64_sys_umount+0x10/0x10
[  211.585655][ T5830]  syscall_exit_to_user_mode+0x27b/0x2a0
[  211.585712][ T5830]  do_syscall_64+0xda/0x260
[  211.585773][ T5830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.585810][ T5830] RIP: 0033:0x7f436c78fc97
[  211.585839][ T5830] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  211.585876][ T5830] RSP: 002b:00007fff6239dd98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  211.585910][ T5830] RAX: 0000000000000000 RBX: 00007f436c81089d RCX: 00007f436c78fc97
[  211.585934][ T5830] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff6239de50
[  211.585958][ T5830] RBP: 00007fff6239de50 R08: 0000000000000000 R09: 0000000000000000
[  211.585981][ T5830] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff6239eee0
[  211.586004][ T5830] R13: 00007f436c81089d R14: 00000000000339df R15: 00007fff6239ef20
[  211.586064][ T5830]  </TASK>
[  211.598535][ T5830] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  211.758876][ T5831] syz-executor: attempt to access beyond end of device
[  211.758876][ T5831] loop5: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  212.142607][ T5831] syz-executor: attempt to access beyond end of device
[  212.142607][ T5831] loop5: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  212.249907][ T6642] kworker/u8:15: attempt to access beyond end of device
[  212.249907][ T6642] loop5: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  212.287657][ T6642] CPU: 0 UID: 0 PID: 6642 Comm: kworker/u8:15 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  212.287713][ T6642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  212.287745][ T6642] Workqueue: writeback wb_workfn (flush-7:5)
[  212.287799][ T6642] Call Trace:
[  212.287811][ T6642]  <TASK>
[  212.287825][ T6642]  dump_stack_lvl+0x16c/0x1f0
[  212.287885][ T6642]  f2fs_handle_critical_error+0x621/0x9f0
[  212.287936][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.287987][ T6642]  ? __asan_memset+0x23/0x50
[  212.288033][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.288095][ T6642]  f2fs_write_end_io+0x73d/0xac0
[  212.288155][ T6642]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  212.288217][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.288276][ T6642]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  212.288332][ T6642]  bio_endio+0x6d2/0x810
[  212.288376][ T6642]  submit_bio_noacct+0x56d/0x1ec0
[  212.288441][ T6642]  __submit_merged_bio+0x33c/0x770
[  212.288503][ T6642]  __submit_merged_write_cond+0x319/0x3f0
[  212.288574][ T6642]  f2fs_write_cache_pages+0x2139/0x2680
[  212.288671][ T6642]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  212.288737][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.288795][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.288863][ T6642]  ? unwind_next_frame+0x3fe/0x20a0
[  212.288910][ T6642]  ? ret_from_fork+0x48/0x80
[  212.288951][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.288996][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.289068][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.289140][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.289185][ T6642]  ? __lock_acquire+0x5ca/0x1ba0
[  212.289306][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.289355][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.289410][ T6642]  f2fs_write_data_pages+0x4ad/0xd90
[  212.289485][ T6642]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  212.289544][ T6642]  ? prep_compound_page+0x265/0x4e0
[  212.289607][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.289663][ T6642]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  212.289729][ T6642]  do_writepages+0x1b5/0x820
[  212.289783][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.289837][ T6642]  ? __pfx_do_writepages+0x10/0x10
[  212.289885][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.289931][ T6642]  ? __lock_acquire+0xaa4/0x1ba0
[  212.290015][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.290061][ T6642]  ? reacquire_held_locks+0xcd/0x1f0
[  212.290132][ T6642]  __writeback_single_inode+0x160/0xfb0
[  212.290179][ T6642]  ? __pfx___writeback_single_inode+0x10/0x10
[  212.290219][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.290264][ T6642]  ? do_raw_spin_unlock+0x172/0x230
[  212.290318][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.290372][ T6642]  writeback_sb_inodes+0x601/0xf90
[  212.290442][ T6642]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  212.290572][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.290617][ T6642]  ? rcu_is_watching+0x12/0xc0
[  212.290661][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.290706][ T6642]  ? queue_io+0x3f6/0x520
[  212.290775][ T6642]  wb_writeback+0x419/0xb70
[  212.290829][ T6642]  ? __pfx_wb_writeback+0x10/0x10
[  212.290886][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.290932][ T6642]  ? mark_held_locks+0x49/0x80
[  212.290990][ T6642]  ? _raw_spin_unlock_irq+0x23/0x50
[  212.291047][ T6642]  wb_workfn+0x14d/0xbe0
[  212.291096][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.291141][ T6642]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  212.291195][ T6642]  ? __pfx_wb_workfn+0x10/0x10
[  212.291242][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.291302][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.291355][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.291400][ T6642]  ? rcu_is_watching+0x12/0xc0
[  212.291453][ T6642]  process_one_work+0x9cf/0x1b70
[  212.291519][ T6642]  ? __pfx_process_one_work+0x10/0x10
[  212.291561][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.291621][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.291666][ T6642]  ? assign_work+0x1a0/0x250
[  212.291709][ T6642]  worker_thread+0x6c8/0xf10
[  212.291779][ T6642]  ? __pfx_worker_thread+0x10/0x10
[  212.291820][ T6642]  kthread+0x3c5/0x780
[  212.291858][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.291890][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.291924][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.291957][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.291990][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.292035][ T6642]  ? rcu_is_watching+0x12/0xc0
[  212.292082][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.292119][ T6642]  ret_from_fork+0x48/0x80
[  212.292154][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.292190][ T6642]  ret_from_fork_asm+0x1a/0x30
[  212.292277][ T6642]  </TASK>
[  212.292296][ T6642] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  212.804056][ T6642] CPU: 0 UID: 0 PID: 6642 Comm: kworker/u8:15 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  212.804112][ T6642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  212.804138][ T6642] Workqueue: writeback wb_workfn (flush-7:5)
[  212.804193][ T6642] Call Trace:
[  212.804205][ T6642]  <TASK>
[  212.804219][ T6642]  dump_stack_lvl+0x16c/0x1f0
[  212.804290][ T6642]  f2fs_handle_critical_error+0x621/0x9f0
[  212.804341][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.804387][ T6642]  ? __asan_memset+0x23/0x50
[  212.804436][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.804496][ T6642]  f2fs_write_end_io+0x73d/0xac0
[  212.804556][ T6642]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  212.804617][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.804686][ T6642]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  212.804739][ T6642]  bio_endio+0x6d2/0x810
[  212.804783][ T6642]  submit_bio_noacct+0x56d/0x1ec0
[  212.804848][ T6642]  __submit_merged_bio+0x33c/0x770
[  212.804912][ T6642]  __submit_merged_write_cond+0x319/0x3f0
[  212.804982][ T6642]  f2fs_write_cache_pages+0x2139/0x2680
[  212.805090][ T6642]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  212.805156][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.805213][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.805262][ T6642]  ? unwind_next_frame+0x3fe/0x20a0
[  212.805309][ T6642]  ? ret_from_fork+0x48/0x80
[  212.805349][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.805396][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.805465][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.805539][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.805583][ T6642]  ? __lock_acquire+0x5ca/0x1ba0
[  212.805699][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.805746][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.805801][ T6642]  f2fs_write_data_pages+0x4ad/0xd90
[  212.805873][ T6642]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  212.805931][ T6642]  ? prep_compound_page+0x265/0x4e0
[  212.805993][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.806048][ T6642]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  212.806117][ T6642]  do_writepages+0x1b5/0x820
[  212.806175][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.806227][ T6642]  ? __pfx_do_writepages+0x10/0x10
[  212.806274][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.806319][ T6642]  ? __lock_acquire+0xaa4/0x1ba0
[  212.806402][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.806446][ T6642]  ? reacquire_held_locks+0xcd/0x1f0
[  212.806515][ T6642]  __writeback_single_inode+0x160/0xfb0
[  212.806565][ T6642]  ? __pfx___writeback_single_inode+0x10/0x10
[  212.806606][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.806652][ T6642]  ? do_raw_spin_unlock+0x172/0x230
[  212.806694][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.806747][ T6642]  writeback_sb_inodes+0x601/0xf90
[  212.806816][ T6642]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  212.806942][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.806988][ T6642]  ? rcu_is_watching+0x12/0xc0
[  212.807031][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.807083][ T6642]  ? queue_io+0x3f6/0x520
[  212.807152][ T6642]  wb_writeback+0x419/0xb70
[  212.807206][ T6642]  ? __pfx_wb_writeback+0x10/0x10
[  212.807262][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.807308][ T6642]  ? mark_held_locks+0x49/0x80
[  212.807366][ T6642]  ? _raw_spin_unlock_irq+0x23/0x50
[  212.807423][ T6642]  wb_workfn+0x14d/0xbe0
[  212.807472][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.807517][ T6642]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  212.807570][ T6642]  ? __pfx_wb_workfn+0x10/0x10
[  212.807617][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.807668][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.807720][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.807765][ T6642]  ? rcu_is_watching+0x12/0xc0
[  212.807818][ T6642]  process_one_work+0x9cf/0x1b70
[  212.807884][ T6642]  ? __pfx_process_one_work+0x10/0x10
[  212.807926][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.807986][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.808030][ T6642]  ? assign_work+0x1a0/0x250
[  212.808080][ T6642]  worker_thread+0x6c8/0xf10
[  212.808148][ T6642]  ? __pfx_worker_thread+0x10/0x10
[  212.808189][ T6642]  kthread+0x3c5/0x780
[  212.808227][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.808259][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.808292][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.808325][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.808357][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  212.808401][ T6642]  ? rcu_is_watching+0x12/0xc0
[  212.808447][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.808485][ T6642]  ret_from_fork+0x48/0x80
[  212.808521][ T6642]  ? __pfx_kthread+0x10/0x10
[  212.808556][ T6642]  ret_from_fork_asm+0x1a/0x30
[  212.808643][ T6642]  </TASK>
[  212.861805][ T7507] netlink: 8 bytes leftover after parsing attributes in process `syz.2.523'.
[  212.866460][ T6642] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  213.355591][ T7512] block nbd3: Device being setup by another task
[  213.373361][ T7513] block nbd3: NBD_DISCONNECT
[  213.395746][ T7513] block nbd3: Send disconnect failed -107
[  213.405484][ T6642] CPU: 1 UID: 0 PID: 6642 Comm: kworker/u8:15 Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  213.405541][ T6642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  213.405568][ T6642] Workqueue: writeback wb_workfn (flush-7:5)
[  213.405626][ T6642] Call Trace:
[  213.405638][ T6642]  <TASK>
[  213.405651][ T6642]  dump_stack_lvl+0x16c/0x1f0
[  213.405710][ T6642]  f2fs_handle_critical_error+0x621/0x9f0
[  213.405761][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.405806][ T6642]  ? __asan_memset+0x23/0x50
[  213.405851][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.405909][ T6642]  f2fs_write_end_io+0x73d/0xac0
[  213.405968][ T6642]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  213.406033][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.406089][ T6642]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  213.406145][ T6642]  bio_endio+0x6d2/0x810
[  213.406188][ T6642]  submit_bio_noacct+0x56d/0x1ec0
[  213.406251][ T6642]  __submit_merged_bio+0x33c/0x770
[  213.406317][ T6642]  __submit_merged_write_cond+0x319/0x3f0
[  213.406387][ T6642]  f2fs_write_cache_pages+0x2139/0x2680
[  213.406480][ T6642]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  213.406548][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.406604][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.406649][ T6642]  ? unwind_next_frame+0x3fe/0x20a0
[  213.406696][ T6642]  ? ret_from_fork+0x48/0x80
[  213.406736][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.406781][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.406849][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.406918][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.406964][ T6642]  ? __lock_acquire+0x5ca/0x1ba0
[  213.407071][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.407120][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.407175][ T6642]  f2fs_write_data_pages+0x4ad/0xd90
[  213.407247][ T6642]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  213.407313][ T6642]  ? prep_compound_page+0x265/0x4e0
[  213.407375][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.407430][ T6642]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  213.407495][ T6642]  do_writepages+0x1b5/0x820
[  213.407549][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.407602][ T6642]  ? __pfx_do_writepages+0x10/0x10
[  213.407650][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.407695][ T6642]  ? __lock_acquire+0xaa4/0x1ba0
[  213.407776][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.407820][ T6642]  ? reacquire_held_locks+0xcd/0x1f0
[  213.407889][ T6642]  __writeback_single_inode+0x160/0xfb0
[  213.407935][ T6642]  ? __pfx___writeback_single_inode+0x10/0x10
[  213.407974][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.408020][ T6642]  ? do_raw_spin_unlock+0x172/0x230
[  213.408061][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.408114][ T6642]  writeback_sb_inodes+0x601/0xf90
[  213.408179][ T6642]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  213.408294][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.408343][ T6642]  ? rcu_is_watching+0x12/0xc0
[  213.408387][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.408432][ T6642]  ? queue_io+0x3f6/0x520
[  213.408499][ T6642]  wb_writeback+0x419/0xb70
[  213.408551][ T6642]  ? __pfx_wb_writeback+0x10/0x10
[  213.408605][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.408650][ T6642]  ? mark_held_locks+0x49/0x80
[  213.408708][ T6642]  ? _raw_spin_unlock_irq+0x23/0x50
[  213.408764][ T6642]  wb_workfn+0x14d/0xbe0
[  213.408810][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.408871][ T6642]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  213.408924][ T6642]  ? __pfx_wb_workfn+0x10/0x10
[  213.408971][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.409021][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.409073][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.409119][ T6642]  ? rcu_is_watching+0x12/0xc0
[  213.409170][ T6642]  process_one_work+0x9cf/0x1b70
[  213.409233][ T6642]  ? __pfx_process_one_work+0x10/0x10
[  213.409275][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.409339][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.409384][ T6642]  ? assign_work+0x1a0/0x250
[  213.409426][ T6642]  worker_thread+0x6c8/0xf10
[  213.409492][ T6642]  ? __pfx_worker_thread+0x10/0x10
[  213.409533][ T6642]  kthread+0x3c5/0x780
[  213.409569][ T6642]  ? __pfx_kthread+0x10/0x10
[  213.409601][ T6642]  ? __pfx_kthread+0x10/0x10
[  213.409634][ T6642]  ? __pfx_kthread+0x10/0x10
[  213.409667][ T6642]  ? __pfx_kthread+0x10/0x10
[  213.409699][ T6642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  213.409744][ T6642]  ? rcu_is_watching+0x12/0xc0
[  213.409789][ T6642]  ? __pfx_kthread+0x10/0x10
[  213.409826][ T6642]  ret_from_fork+0x48/0x80
[  213.409860][ T6642]  ? __pfx_kthread+0x10/0x10
[  213.409894][ T6642]  ret_from_fork_asm+0x1a/0x30
[  213.409977][ T6642]  </TASK>
[  213.875742][ T7513] block nbd3: Disconnected due to user request.
[  213.882484][ T7513] block nbd3: shutting down sockets
[  213.945557][ T6642] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  214.121663][ T5133] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  214.132234][ T5133] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  214.141878][ T5133] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  214.157220][ T5133] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  214.165228][ T5133] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  214.274706][ T7509] loop0: detected capacity change from 0 to 32768
[  214.291670][ T7509] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.521 (7509)
[  214.335345][ T7509] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  214.365452][ T7509] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  214.405683][ T7509] BTRFS info (device loop0): using free-space-tree
[  214.533228][ T6642] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  214.798587][ T7520] loop2: detected capacity change from 0 to 40427
[  214.814418][ T7520] F2FS-fs (loop2): Wrong segment_count / block_count (31 > 0)
[  214.822139][ T7520] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  214.840753][ T7520] F2FS-fs (loop2): invalid crc value
[  214.842364][ T6642] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.148475][ T6642] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.173923][ T7520] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  215.190803][ T7520] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  215.236423][ T5846] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  215.441737][ T7520] syz.2.528: attempt to access beyond end of device
[  215.441737][ T7520] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  215.473509][ T6642] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  215.723987][ T5830] syz-executor: attempt to access beyond end of device
[  215.723987][ T5830] loop2: rw=2049, sector=45120, nr_sectors = 8 limit=40427
[  215.770726][ T5830] CPU: 0 UID: 0 PID: 5830 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  215.770781][ T5830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  215.770804][ T5830] Call Trace:
[  215.770815][ T5830]  <TASK>
[  215.770830][ T5830]  dump_stack_lvl+0x16c/0x1f0
[  215.770890][ T5830]  f2fs_handle_critical_error+0x621/0x9f0
[  215.770940][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.770985][ T5830]  ? __asan_memset+0x23/0x50
[  215.771031][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.771097][ T5830]  f2fs_write_end_io+0x73d/0xac0
[  215.771154][ T5830]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  215.771214][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.771270][ T5830]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  215.771322][ T5830]  bio_endio+0x6d2/0x810
[  215.771364][ T5830]  submit_bio_noacct+0x56d/0x1ec0
[  215.771426][ T5830]  __submit_merged_bio+0x33c/0x770
[  215.771485][ T5830]  __submit_merged_write_cond+0x319/0x3f0
[  215.771553][ T5830]  f2fs_write_cache_pages+0x2139/0x2680
[  215.771644][ T5830]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  215.771709][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.771753][ T5830]  ? __lock_acquire+0x5ca/0x1ba0
[  215.771820][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.771865][ T5830]  ? __lock_acquire+0x5ca/0x1ba0
[  215.772022][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.772075][ T5830]  ? lock_acquire+0x179/0x350
[  215.772139][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.772193][ T5830]  f2fs_write_data_pages+0x4ad/0xd90
[  215.772264][ T5830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  215.772346][ T5830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  215.772410][ T5830]  do_writepages+0x1b5/0x820
[  215.772472][ T5830]  ? __pfx_do_writepages+0x10/0x10
[  215.772523][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.772570][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.772614][ T5830]  ? do_raw_spin_lock+0x12c/0x2b0
[  215.772651][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.772696][ T5830]  ? find_held_lock+0x2b/0x80
[  215.772742][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.772793][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.772838][ T5830]  ? do_raw_spin_unlock+0x172/0x230
[  215.772878][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.772932][ T5830]  filemap_fdatawrite_wbc+0x104/0x160
[  215.772989][ T5830]  __filemap_fdatawrite_range+0xb2/0xf0
[  215.773059][ T5830]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  215.773185][ T5830]  ? find_held_lock+0x2b/0x80
[  215.773232][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.773278][ T5830]  ? do_raw_spin_unlock+0x172/0x230
[  215.773317][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.773370][ T5830]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  215.773457][ T5830]  block_operations+0x2a3/0xfd0
[  215.773506][ T5830]  ? __pfx_block_operations+0x10/0x10
[  215.773630][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.773675][ T5830]  ? down_write+0x14d/0x200
[  215.773735][ T5830]  ? __pfx_down_write+0x10/0x10
[  215.773798][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.773843][ T5830]  ? rcu_is_watching+0x12/0xc0
[  215.773894][ T5830]  f2fs_write_checkpoint+0x2b8/0x45b0
[  215.773936][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.773981][ T5830]  ? kfree+0x2b6/0x4d0
[  215.774021][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.774076][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.774121][ T5830]  ? rcu_is_watching+0x12/0xc0
[  215.774163][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.774207][ T5830]  ? kthread_stop+0x273/0x650
[  215.774274][ T5830]  kill_f2fs_super+0x3c2/0x470
[  215.774312][ T5830]  ? __pfx_kill_f2fs_super+0x10/0x10
[  215.774347][ T5830]  ? lockdep_hardirqs_on+0x7c/0x110
[  215.774421][ T5830]  deactivate_locked_super+0xc1/0x1a0
[  215.774470][ T5830]  deactivate_super+0xde/0x100
[  215.774518][ T5830]  cleanup_mnt+0x225/0x450
[  215.774571][ T5830]  task_work_run+0x150/0x240
[  215.774613][ T5830]  ? __pfx_task_work_run+0x10/0x10
[  215.774649][ T5830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  215.774698][ T5830]  ? __pfx___x64_sys_umount+0x10/0x10
[  215.774764][ T5830]  syscall_exit_to_user_mode+0x27b/0x2a0
[  215.774823][ T5830]  do_syscall_64+0xda/0x260
[  215.774884][ T5830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  215.774922][ T5830] RIP: 0033:0x7f436c78fc97
[  215.774952][ T5830] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  215.774988][ T5830] RSP: 002b:00007fff6239dd98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  215.775023][ T5830] RAX: 0000000000000000 RBX: 00007f436c81089d RCX: 00007f436c78fc97
[  215.775047][ T5830] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff6239de50
[  215.775075][ T5830] RBP: 00007fff6239de50 R08: 0000000000000000 R09: 0000000000000000
[  215.775099][ T5830] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff6239eee0
[  215.775122][ T5830] R13: 00007f436c81089d R14: 00000000000349e0 R15: 00007fff6239ef20
[  215.775174][ T5830]  </TASK>
[  215.775188][ T5830] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  216.415364][ T7549] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  216.451925][ T6642] bridge_slave_1: left allmulticast mode
[  216.457076][ T5133] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  216.465345][ T6642] bridge_slave_1: left promiscuous mode
[  216.472034][ T5133] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  216.491782][ T5133] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  216.499685][ T6642] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.508306][ T5133] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  216.522538][ T5133] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  216.586770][ T6642] bridge_slave_0: left allmulticast mode
[  216.592540][ T6642] bridge_slave_0: left promiscuous mode
[  216.614894][ T6642] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.899290][ T5133] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  216.911909][ T5133] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  216.927973][ T5133] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  216.953275][ T5133] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  216.961119][ T5133] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  217.324681][ T7562] loop3: detected capacity change from 0 to 1024
[  217.341916][ T7562] EXT4-fs: Ignoring removed orlov option
[  217.348715][ T7562] EXT4-fs: Ignoring removed nomblk_io_submit option
[  217.404315][ T7562] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  217.422356][ T6642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  217.441216][ T6642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  217.479876][ T6642] bond0 (unregistering): Released all slaves
[  217.515357][ T5898] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  217.662635][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.669834][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  217.725558][ T5898] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  217.755428][ T5898] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  217.764549][ T5898] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  217.776540][ T5898] usb 1-1: config 0 descriptor??
[  217.937789][ T5133] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  217.947984][ T5133] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  217.956472][ T5133] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  217.968464][ T5133] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  217.976591][ T5133] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  218.226553][ T7570] loop3: detected capacity change from 0 to 32768
[  218.345693][ T7570] XFS (loop3): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  218.418917][ T7570] XFS (loop3): Ending clean mount
[  218.435695][ T5898] usb 1-1: string descriptor 0 read error: -22
[  218.442571][ T7570] XFS (loop3): Metadata CRC error detected at xfs_inobt_read_verify+0x26/0xe0, xfs_finobt block 0x20 
[  218.453783][ T7570] XFS (loop3): Unmount and run xfs_repair
[  218.459664][ T7570] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  218.467151][ T7570] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  FIB3............
[  218.476112][ T7570] 00000010: 00 00 00 00 00 00 00 20 00 00 00 01 00 00 00 40  ....... .......@
[  218.485047][ T7570] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a  ...B..N....xv...
[  218.494017][ T7570] 00000030: 00 00 00 00 8a d2 18 46 00 00 16 80 00 00 40 37  .......F......@7
[  218.502976][ T7570] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  218.512623][ T7570] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00  ................
[  218.521672][ T7570] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  218.530627][ T7570] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  218.539566][ T7570] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x20 len 8 error 74
[  218.551137][ T7570] XFS (loop3): Failed to initialize disk quotas, err -117.
[  218.602564][ T6642] hsr_slave_0: left promiscuous mode
[  218.677189][ T7570] XFS (loop3): Metadata CRC error detected at xfs_allocbt_read_verify+0x26/0xe0, xfs_bnobt block 0x8 
[  218.688304][ T7570] XFS (loop3): Unmount and run xfs_repair
[  218.694057][ T7570] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  218.701557][ T7570] 00000000: 41 42 33 42 00 00 00 03 ff ff ff ff ff ff ff ff  AB3B............
[  218.710472][ T7570] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 40  ...............@
[  218.719405][ T7570] 00000020: 9f 1c ad 42 11 bd 4e 12 8f 0b f0 78 76 b8 1d 9a  ...B..N....xv...
[  218.728345][ T7570] 00000030: 00 00 00 00 72 89 6f 7a 00 00 00 06 00 00 00 02  ....r.oz........
[  218.737280][ T7570] 00000040: 00 00 05 9a 00 00 00 06 00 00 05 b0 00 00 0a 50  ...............P
[  218.746227][ T7570] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  218.755107][ T7570] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  218.764038][ T7570] 00000070: 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00  ................
[  218.773069][ T7570] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x8 len 8 error 74
[  218.784885][ T6642] hsr_slave_1: left promiscuous mode
[  218.795117][ T7570] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x400/0x970 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  218.809905][ T7570] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  218.826269][ T6642] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  218.835910][ T5898] uclogic 0003:256C:006D.0009: failed retrieving string descriptor #100: -71
[  218.865420][ T6642] batman_adv: batadv0: Removing interface: batadv_slave_0
[  218.872846][ T5898] uclogic 0003:256C:006D.0009: failed retrieving pen parameters: -71
[  218.906541][ T6642] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  218.914023][ T6642] batman_adv: batadv0: Removing interface: batadv_slave_1
[  218.930978][ T5898] uclogic 0003:256C:006D.0009: failed probing pen v1 parameters: -71
[  218.949613][ T5898] uclogic 0003:256C:006D.0009: failed probing parameters: -71
[  218.976047][ T5898] uclogic 0003:256C:006D.0009: probe with driver uclogic failed with error -71
[  219.006115][ T5832] XFS (loop3): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  219.016435][ T5898] usb 1-1: USB disconnect, device number 8
[  219.032312][ T6642] veth1_macvtap: left promiscuous mode
[  219.078040][ T6642] veth0_macvtap: left promiscuous mode
[  219.114111][ T6642] veth1_vlan: left promiscuous mode
[  219.120021][ T6642] veth0_vlan: left promiscuous mode
[  219.410434][ T7568] loop2: detected capacity change from 0 to 32768
[  219.438019][ T7568] btrfs: Deprecated parameter 'usebackuproot'
[  219.469478][ T7568] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  219.496169][ T7568] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.541 (7568)
[  219.595377][ T7568] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  219.610320][ T7568] BTRFS info (device loop2): using crc32c (crc32c-x86_64) checksum algorithm
[  219.661543][ T7568] BTRFS info (device loop2): using free-space-tree
[  219.930346][ T7568] BTRFS info (device loop2): rebuilding free space tree
[  220.036596][ T5133] Bluetooth: hci4: command tx timeout
[  220.165582][   T30] audit: type=1800 audit(1746781138.444:141): pid=7568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.541" name="file1" dev="loop2" ino=260 res=0 errno=0
[  220.224701][   T30] audit: type=1800 audit(1746781138.454:142): pid=7568 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.541" name="file1" dev="loop2" ino=260 res=0 errno=0
[  220.331011][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  220.343126][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  220.352685][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  220.361108][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  220.371484][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  220.437397][ T5851] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  220.452168][ T5851] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  220.461162][ T5851] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  220.486726][ T5851] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  220.494622][ T5851] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  220.530888][ T5830] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  221.106867][ T6642] team0 (unregistering): Port device team_slave_1 removed
[  221.305896][ T6642] team0 (unregistering): Port device team_slave_0 removed
[  221.340595][ T7626] vcan0: tx address claim with different name
[  221.582356][ T7630] input: syz0 as /devices/virtual/input/input15
[  221.632402][ T7621] loop3: detected capacity change from 0 to 32768
[  221.670315][ T7621] JBD2: Ignoring recovery information on journal
[  221.755503][ T5893] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  221.772354][ T7621] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  221.881885][   T30] audit: type=1800 audit(1746781140.184:143): pid=7621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.547" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  221.920658][   T30] audit: type=1800 audit(1746781140.214:144): pid=7621 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.547" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  221.947767][ T5893] usb 3-1: Using ep0 maxpacket: 8
[  221.995900][ T5893] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  222.012162][ T5893] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  222.037761][ T5893] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  222.060233][ T5893] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  222.076422][ T5832] ocfs2: Unmounting device (7,3) on (node local)
[  222.082320][ T5893] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  222.092611][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.110638][ T5133] Bluetooth: hci4: command tx timeout
[  222.323123][ T5893] usb 3-1: GET_CAPABILITIES returned 0
[  222.329417][ T5893] usbtmc 3-1:16.0: can't read capabilities
[  222.425532][ T5133] Bluetooth: hci1: command tx timeout
[  222.529305][   T48] usb 3-1: USB disconnect, device number 7
[  222.586714][ T5133] Bluetooth: hci3: command tx timeout
[  223.492581][ T6642] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.606926][ T6642] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.722895][ T6642] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.882350][ T6642] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.455955][ T6642] bridge_slave_1: left allmulticast mode
[  224.465324][ T6642] bridge_slave_1: left promiscuous mode
[  224.471159][ T6642] bridge0: port 2(bridge_slave_1) entered disabled state
[  224.561961][ T6642] bridge_slave_0: left allmulticast mode
[  224.590354][ T6642] bridge_slave_0: left promiscuous mode
[  224.615795][ T6642] bridge0: port 1(bridge_slave_0) entered disabled state
[  224.924553][ T5851] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  224.938501][ T5851] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  224.955705][ T5851] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  225.007074][ T5851] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  225.025812][ T5851] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  225.035736][ T5851] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  225.043551][ T5843] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  225.052320][ T5843] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  225.061024][ T5843] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  225.072653][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  225.080806][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  225.088233][ T5843] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  225.090134][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  225.097015][ T5843] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  225.119894][ T5843] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  225.592029][   T30] audit: type=1326 audit(1746781143.894:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7689 comm="syz.0.571" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5a1f18e969 code=0x0
[  226.176876][ T6642] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  226.193222][ T6642] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  226.205212][ T6642] bond0 (unregistering): Released all slaves
[  226.261583][ T7688] vlan2: entered allmulticast mode
[  226.275797][ T7688] macvlan0: entered allmulticast mode
[  226.281210][ T7688] veth1_vlan: entered allmulticast mode
[  227.146989][ T5853] Bluetooth: hci4: command tx timeout
[  227.147042][ T5843] Bluetooth: hci1: command tx timeout
[  227.227611][    C0] ------------[ cut here ]------------
[  227.233892][    C0] workqueue: cannot queue hci_cmd_timeout on wq hci3
[  227.240731][    C0] WARNING: CPU: 0 PID: 7673 at kernel/workqueue.c:2257 __queue_work+0xc9c/0x10f0
[  227.249899][    C0] Modules linked in:
[  227.254321][    C0] CPU: 0 UID: 0 PID: 7673 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  227.266510][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  227.276591][    C0] RIP: 0010:__queue_work+0xc9c/0x10f0
[  227.282118][    C0] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 04 00 00 48 8b 75 18 4c 89 f2 48 c7 c7 e0 e2 8b 8b e8 05 22 f7 ff 90 <0f> 0b 90 90 e9 96 f7 ff ff e8 b6 95 37 00 90 0f 0b 90 e9 1b f6 ff
[  227.301774][    C0] RSP: 0018:ffffc90000007be8 EFLAGS: 00010082
[  227.307909][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ab018
[  227.315992][    C0] RDX: ffff88805984bc00 RSI: ffffffff817ab025 RDI: 0000000000000001
[  227.323994][    C0] RBP: ffff888054198930 R08: 0000000000000001 R09: 0000000000000000
[  227.332083][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff92000000f8f
[  227.340164][    C0] R13: 0000000080000100 R14: ffff88802878b978 R15: 0000000000000001
[  227.348245][    C0] FS:  0000000000000000(0000) GS:ffff8881249e8000(0000) knlGS:0000000000000000
[  227.357208][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  227.363811][    C0] CR2: 000000110c2f0925 CR3: 00000000338e0000 CR4: 0000000000350ef0
[  227.371811][    C0] Call Trace:
[  227.375101][    C0]  <IRQ>
[  227.377961][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.383637][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  227.389473][    C0]  call_timer_fn+0x19a/0x620
[  227.394108][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  227.399265][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.404937][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  227.410785][    C0]  __run_timers+0x569/0x960
[  227.415356][    C0]  ? __pfx___run_timers+0x10/0x10
[  227.420429][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.426115][    C0]  run_timer_base+0x114/0x190
[  227.430827][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  227.436060][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.441819][    C0]  run_timer_softirq+0x1a/0x40
[  227.446617][    C0]  handle_softirqs+0x219/0x8e0
[  227.451424][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  227.456740][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.462404][    C0]  __irq_exit_rcu+0x109/0x170
[  227.467137][    C0]  irq_exit_rcu+0x9/0x30
[  227.471404][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  227.477073][    C0]  </IRQ>
[  227.480009][    C0]  <TASK>
[  227.482948][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  227.488957][    C0] RIP: 0010:lock_acquire+0x62/0x350
[  227.494285][    C0] Code: 7e 0b 12 83 f8 07 0f 87 bc 02 00 00 89 c0 48 0f a3 05 42 0f ed 0e 0f 82 74 02 00 00 8b 35 ba 3e ed 0e 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 19 7e 0b 12 0f 85 c7 02 00 00 48 83 c4
[  227.513936][    C0] RSP: 0018:ffffc90003847908 EFLAGS: 00000206
[  227.520044][    C0] RAX: 0000000000000046 RBX: ffff88802878b948 RCX: 0000000000000001
[  227.528035][    C0] RDX: 0000000000000000 RSI: ffffffff8dbb8227 RDI: ffffffff8bf46f20
[  227.536025][    C0] RBP: 0000000000000000 R08: 6e700f1ee4e76d66 R09: ffffffff969dca50
[  227.544014][    C0] R10: 0000000000000008 R11: 0000000000000001 R12: 0000000000000001
[  227.552000][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  227.560018][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.565693][    C0]  ? lockdep_init_map_type+0x5c/0x280
[  227.571121][    C0]  ? touch_wq_lockdep_map+0x9c/0x1c0
[  227.576460][    C0]  touch_wq_lockdep_map+0xad/0x1c0
[  227.581611][    C0]  ? touch_wq_lockdep_map+0x9c/0x1c0
[  227.586940][    C0]  __flush_workqueue+0x128/0x1230
[  227.591986][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.597647][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.603402][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.609076][    C0]  ? __pfx___flush_workqueue+0x10/0x10
[  227.614570][    C0]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  227.620547][    C0]  drain_workqueue+0x199/0x3d0
[  227.625354][    C0]  hci_dev_close_sync+0x39b/0x11d0
[  227.630504][    C0]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  227.636114][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.641779][    C0]  ? up_write+0x1b2/0x520
[  227.646144][    C0]  hci_dev_do_close+0x2e/0x90
[  227.650858][    C0]  hci_unregister_dev+0x213/0x620
[  227.655929][    C0]  ? __pfx_vhci_release+0x10/0x10
[  227.660985][    C0]  vhci_release+0x79/0xf0
[  227.665348][    C0]  __fput+0x402/0xb70
[  227.669360][    C0]  task_work_run+0x150/0x240
[  227.673984][    C0]  ? __pfx_task_work_run+0x10/0x10
[  227.679144][    C0]  ? switch_task_namespaces+0xeb/0x100
[  227.684656][    C0]  do_exit+0xafb/0x2c30
[  227.688875][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.694541][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  227.699596][    C0]  ? __pfx_do_exit+0x10/0x10
[  227.704232][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.709984][    C0]  ? rcu_is_watching+0x12/0xc0
[  227.714798][    C0]  do_group_exit+0xd3/0x2a0
[  227.719439][    C0]  __x64_sys_exit_group+0x3e/0x50
[  227.724532][    C0]  x64_sys_call+0x1530/0x1730
[  227.729275][    C0]  do_syscall_64+0xcd/0x260
[  227.733840][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  227.739759][    C0] RIP: 0033:0x7f29ecf8e969
[  227.744193][    C0] Code: Unable to access opcode bytes at 0x7f29ecf8e93f.
[  227.751221][    C0] RSP: 002b:00007ffd3b353108 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  227.759661][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f29ecf8e969
[  227.767657][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[  227.775646][    C0] RBP: 00007f29ed011959 R08: 00007ffd3b350ea6 R09: 0000000000000003
[  227.783629][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000019
[  227.791702][    C0] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  227.799713][    C0]  </TASK>
[  227.802834][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  227.810137][    C0] CPU: 0 UID: 0 PID: 7673 Comm: syz-executor Not tainted 6.15.0-rc5-syzkaller-00136-g9c69f8884904 #0 PREEMPT(full) 
[  227.822324][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/29/2025
[  227.832404][    C0] Call Trace:
[  227.835707][    C0]  <IRQ>
[  227.838562][    C0]  dump_stack_lvl+0x3d/0x1f0
[  227.843197][    C0]  panic+0x71c/0x800
[  227.847139][    C0]  ? __pfx_panic+0x10/0x10
[  227.851603][    C0]  ? show_trace_log_lvl+0x29b/0x3e0
[  227.856843][    C0]  ? check_panic_on_warn+0x1f/0xb0
[  227.862005][    C0]  ? __queue_work+0xc9c/0x10f0
[  227.866802][    C0]  check_panic_on_warn+0xab/0xb0
[  227.871797][    C0]  __warn+0xf6/0x3c0
[  227.875737][    C0]  ? __queue_work+0xc9c/0x10f0
[  227.880529][    C0]  report_bug+0x3c3/0x580
[  227.884892][    C0]  ? __queue_work+0xc9c/0x10f0
[  227.889688][    C0]  handle_bug+0x184/0x210
[  227.894109][    C0]  exc_invalid_op+0x17/0x50
[  227.898746][    C0]  asm_exc_invalid_op+0x1a/0x20
[  227.903628][    C0] RIP: 0010:__queue_work+0xc9c/0x10f0
[  227.909048][    C0] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 28 04 00 00 48 8b 75 18 4c 89 f2 48 c7 c7 e0 e2 8b 8b e8 05 22 f7 ff 90 <0f> 0b 90 90 e9 96 f7 ff ff e8 b6 95 37 00 90 0f 0b 90 e9 1b f6 ff
[  227.928707][    C0] RSP: 0018:ffffc90000007be8 EFLAGS: 00010082
[  227.934813][    C0] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817ab018
[  227.942821][    C0] RDX: ffff88805984bc00 RSI: ffffffff817ab025 RDI: 0000000000000001
[  227.950823][    C0] RBP: ffff888054198930 R08: 0000000000000001 R09: 0000000000000000
[  227.958828][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 1ffff92000000f8f
[  227.966821][    C0] R13: 0000000080000100 R14: ffff88802878b978 R15: 0000000000000001
[  227.974831][    C0]  ? __warn_printk+0x198/0x350
[  227.979647][    C0]  ? __warn_printk+0x1a5/0x350
[  227.984465][    C0]  ? __queue_work+0xc9b/0x10f0
[  227.989266][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  227.994943][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  228.000782][    C0]  call_timer_fn+0x19a/0x620
[  228.005416][    C0]  ? __pfx_call_timer_fn+0x10/0x10
[  228.010582][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.016259][    C0]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  228.022105][    C0]  __run_timers+0x569/0x960
[  228.026658][    C0]  ? __pfx___run_timers+0x10/0x10
[  228.031727][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.037416][    C0]  run_timer_base+0x114/0x190
[  228.042131][    C0]  ? __pfx_run_timer_base+0x10/0x10
[  228.047369][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.053058][    C0]  run_timer_softirq+0x1a/0x40
[  228.057872][    C0]  handle_softirqs+0x219/0x8e0
[  228.062678][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  228.067998][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.073676][    C0]  __irq_exit_rcu+0x109/0x170
[  228.078394][    C0]  irq_exit_rcu+0x9/0x30
[  228.082670][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  228.088349][    C0]  </IRQ>
[  228.091386][    C0]  <TASK>
[  228.094328][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  228.100350][    C0] RIP: 0010:lock_acquire+0x62/0x350
[  228.105595][    C0] Code: 7e 0b 12 83 f8 07 0f 87 bc 02 00 00 89 c0 48 0f a3 05 42 0f ed 0e 0f 82 74 02 00 00 8b 35 ba 3e ed 0e 85 f6 0f 85 8d 00 00 00 <48> 8b 44 24 30 65 48 2b 05 19 7e 0b 12 0f 85 c7 02 00 00 48 83 c4
[  228.125276][    C0] RSP: 0018:ffffc90003847908 EFLAGS: 00000206
[  228.131382][    C0] RAX: 0000000000000046 RBX: ffff88802878b948 RCX: 0000000000000001
[  228.139376][    C0] RDX: 0000000000000000 RSI: ffffffff8dbb8227 RDI: ffffffff8bf46f20
[  228.147370][    C0] RBP: 0000000000000000 R08: 6e700f1ee4e76d66 R09: ffffffff969dca50
[  228.155367][    C0] R10: 0000000000000008 R11: 0000000000000001 R12: 0000000000000001
[  228.163362][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  228.171402][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.177082][    C0]  ? lockdep_init_map_type+0x5c/0x280
[  228.182620][    C0]  ? touch_wq_lockdep_map+0x9c/0x1c0
[  228.188052][    C0]  touch_wq_lockdep_map+0xad/0x1c0
[  228.193214][    C0]  ? touch_wq_lockdep_map+0x9c/0x1c0
[  228.198591][    C0]  __flush_workqueue+0x128/0x1230
[  228.203655][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.209349][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.215028][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.220716][    C0]  ? __pfx___flush_workqueue+0x10/0x10
[  228.226206][    C0]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  228.231930][    C0]  drain_workqueue+0x199/0x3d0
[  228.236739][    C0]  hci_dev_close_sync+0x39b/0x11d0
[  228.241889][    C0]  ? __pfx_hci_dev_close_sync+0x10/0x10
[  228.247508][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.253270][    C0]  ? up_write+0x1b2/0x520
[  228.257729][    C0]  hci_dev_do_close+0x2e/0x90
[  228.262442][    C0]  hci_unregister_dev+0x213/0x620
[  228.267623][    C0]  ? __pfx_vhci_release+0x10/0x10
[  228.272684][    C0]  vhci_release+0x79/0xf0
[  228.277057][    C0]  __fput+0x402/0xb70
[  228.281080][    C0]  task_work_run+0x150/0x240
[  228.285721][    C0]  ? __pfx_task_work_run+0x10/0x10
[  228.290868][    C0]  ? switch_task_namespaces+0xeb/0x100
[  228.296386][    C0]  do_exit+0xafb/0x2c30
[  228.300585][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.306245][    C0]  ? do_raw_spin_lock+0x12c/0x2b0
[  228.311304][    C0]  ? __pfx_do_exit+0x10/0x10
[  228.315965][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  228.321651][    C0]  ? rcu_is_watching+0x12/0xc0
[  228.326459][    C0]  do_group_exit+0xd3/0x2a0
[  228.331188][    C0]  __x64_sys_exit_group+0x3e/0x50
[  228.336324][    C0]  x64_sys_call+0x1530/0x1730
[  228.341039][    C0]  do_syscall_64+0xcd/0x260
[  228.345596][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  228.351512][    C0] RIP: 0033:0x7f29ecf8e969
[  228.355946][    C0] Code: Unable to access opcode bytes at 0x7f29ecf8e93f.
[  228.362970][    C0] RSP: 002b:00007ffd3b353108 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7
[  228.371590][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f29ecf8e969
[  228.379668][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000043
[  228.387652][    C0] RBP: 00007f29ed011959 R08: 00007ffd3b350ea6 R09: 0000000000000003
[  228.395638][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000019
[  228.403627][    C0] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000
[  228.411646][    C0]  </TASK>
[  228.414944][    C0] Kernel Offset: disabled
[  228.419364][    C0] Rebooting in 86400 seconds..