last executing test programs: 3.089655546s ago: executing program 0 (id=345): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'ipvlan1\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000c80)=@bridge_delneigh={0x28, 0x1c, 0xc07, 0x0, 0xfffffffc, {0x7, 0x0, 0x0, r1, 0x141, 0x64}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3c}}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0) 2.940210891s ago: executing program 0 (id=349): pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r1 = dup(r0) close(0x3) write$FUSE_LK(r1, &(0x7f0000000340)={0x28, 0x0, 0x0, {{0x2, 0x0, 0x1}}}, 0x28) 2.817073898s ago: executing program 0 (id=352): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={0x28, r1, 0x5, 0x71bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SCAN_SUPP_RATES={0x4}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x3}]}, 0x28}, 0x1, 0x0, 0x0, 0x40}, 0x4000800) 2.69979244s ago: executing program 0 (id=357): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) fchownat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0xffffffffffffffff, 0x0) 2.238970239s ago: executing program 1 (id=363): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000040)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000005b00), r1}}, 0x18) 2.172415542s ago: executing program 1 (id=364): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000007c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2c, 0xfffffffd, {0x60, 0x0, 0x0, r2, {0x0, 0xfff2}, {0xfff1, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_RATE={0x6, 0x5, {0x3, 0x9}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x44080) 2.070213294s ago: executing program 1 (id=366): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_TDLS_MGMT(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)={0x38, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_STATUS_CODE={0x6}, @NL80211_ATTR_TDLS_ACTION={0x5}, @NL80211_ATTR_IE={0x4}, @NL80211_ATTR_TDLS_DIALOG_TOKEN={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 2.003096446s ago: executing program 1 (id=368): r0 = socket(0x10, 0x3, 0x0) setitimer(0x1, &(0x7f0000000100)={{}, {0x0, 0x2710}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001200010a001800000000000080"], 0x14}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) 1.985697111s ago: executing program 2 (id=371): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0x8000000000000c, &(0x7f0000000600)='u', 0x1) setsockopt$inet_opts(r0, 0x0, 0x8, &(0x7f0000000000)="a8", 0x1) getsockopt$inet_opts(r0, 0x0, 0x9, 0x0, &(0x7f0000000180)) 1.880311716s ago: executing program 2 (id=373): r0 = fsopen(&(0x7f0000000880)='fusectl\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0xf) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='ro\x00', 0x0, 0x0) 1.84917981s ago: executing program 2 (id=374): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x48a, &(0x7f0000000540)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnpamV9NutmkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HAS9fobfyV5uWvTk8NV0Wq97WXmcBqRfprE88n8escvXDwzVKuNni/z/RNn3+sfv3DxqdNnh06Nnho9N3j8+LGjA88+M/j0qsSZxXVt/4djB/a98tbl14ZPXH77x2+yZu09WCyfG8ctXW8SUBO92Vb7u55rXPboMtp+J9g5J510trAhLEtHRGS7qyvv/93REbM7rzte/qSljQPWVPbdtHnhxVN1YANLotUtAFqj+qLPzn+rxzoNPf4Xrr4QsalMz0xPDs/ciL8z0vL1rjWsvzciTkz9+2X2iOVehwAAWIF8bPNks/FfGnvz52KuY1c5h9ITEXdFxO6IuDsi9kTEPRF52Xsj4r5i5Xr3EuvvbcjPH/+kV5q2eZVk47/n5oz9ZubEXz71dJS5nXn8XcnJ07XRI+U2ORxdm7P8wCJ1fPfSr58vtGzu+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeqf5VxGPF/p+KhvgryeLzk/1bojZ6pL86Kub76ZdLry9U/23Fvwqy/b/t5uO/oUT3P0kxX9sVtdro+fHl13Hp988WPKdZ6fG/KXkzn7P++Z3itQ+GJibOD0RsSl7N89U5Xf764Oy6Vb4qn8V/+FDz/r+7XCeL//6IyA7igxHxQEQ8WLb9oYh4OCIOLRL/Dy8+8u4i8SeRREv3/0jTz78bx39PMne+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrnXA8dSKbKdyzyg+W14mr50fK68RcdW/N83/BYbaTFsUO7235z/4+q/2f+7Gh164A1534taF+N/T9tUTuA9beU73/nArAxNen/W1vRDmD9Of+H9tWs/3/UkDf+h41pfv//o8lP1gEbkfE/tC/9H9qX/g9t6Xbu6195orpZYOXvs2XJd/i3S6L6xYu1rGtrzL4SactDbqNE1mPWpa56PSJPzP6GCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3svwAAAP//xzTnIw==") symlinkat(&(0x7f0000001040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0xffffffffffffff9c, &(0x7f0000000000)='mnt\x00') socketpair$unix(0x1, 0x2, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0) 1.822515594s ago: executing program 4 (id=376): r0 = io_uring_setup(0x5f41, &(0x7f00000001c0)={0x0, 0x7ba6, 0x1000}) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendto$inet6(r1, 0x0, 0x0, 0x24000000, &(0x7f0000000080)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x8}, 0x1c) close_range(r0, 0xffffffffffffffff, 0x0) 1.728654884s ago: executing program 0 (id=377): syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x90, &(0x7f0000000240)=ANY=[], 0x3, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x8002, 0x80) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000980)="e0f8c1047a78634a0100847c8cd66b0df7ae4368cd7d772750b58b79f7c6db0ac59463764d305fb9f2581a868861f3c34bab8bb34833ef289739607690cc993540", 0x41}], 0x1, 0xfffd, 0x3, 0x0) sendfile(r0, r0, 0x0, 0x7a680003) 1.548809568s ago: executing program 2 (id=378): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00006c6000/0x400000)=nil, &(0x7f0000685000/0x4000)=nil, 0x400000, 0x0, 0x18100}) 1.497224781s ago: executing program 4 (id=379): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000004c0)=@raw={'raw\x00', 0x8, 0x3, 0x460, 0xf0, 0xffffffff, 0xffffffff, 0xf0, 0xffffffff, 0x390, 0xffffffff, 0xffffffff, 0x390, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00', {}, {}, 0x2f, 0x0, 0x3}, 0x0, 0xa8, 0xf0}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@local, 'nicvf0\x00', {0x3f66}}}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}, [0xffffffff], [], 'wg1\x00', 'gre0\x00', {}, {0xff}}, 0x0, 0x258, 0x2a0, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x563e4515, 0x0, 0x7, 0x3fc, 0x20}}}, @common=@inet=@hashlimit3={{0x158}, {'veth0_vlan\x00', {0x3, 0x0, 0x48, 0x0, 0x15ab, 0x1000, 0x6, 0x5}}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00', 0x2, 0x5, {0x6}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x4c0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x348, 0x18c, 0x203, 0x348, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x348, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) 1.328449105s ago: executing program 2 (id=381): openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00') r1 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 1.181782356s ago: executing program 0 (id=383): syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x800000, &(0x7f0000005a80)=ANY=[@ANYBLOB="6673636b5f6d656d6f72795f75736167655f70657263656e743d3030303033392c646174615f7265706c696361735f726571756930303030303030312c6e6f7265636f766572792c696e6f6465735f7573655f6b65795f63616368652c7375626a5f757365723d95d9619c7ee54e16d18bce76df0d55eb2c3813eac8c0ba481d2c2628352b6af86a0e0dc7eca711c48f936bec9ea6f68ecfba64ecc110c1d8cedb8c03452bfdde76377e066132c3ae0bf816d88b2b8d8100c4106093ea1010c988309c13e6c81767399e595106f876e972df580121584ce9ea1f68b7a17b007a3c42f3600000002c000000000000000000dc50fad1ab8e5308a4b7090a71d88e3c7934fcb7cec8096ce872b63c4672949490cc8cc875224494e8d0b06de4250a3c82869a0ce691d20b239abf3cb828dff4947d25bcfbe9c6d6f64cdd1c1018c8322ca53b2c29e83b89e60127a29575170843e227317e31739553dc070ad6511cff1bd797bfdae3bc73bf5edd02c8acb31af52b114ab697e6665b0c4352aff3748b692f2324867a9b3a032f45502b7d"], 0x1, 0x595f, &(0x7f0000000100)="$eJzs3X+QXFW9IPBzu3synZlMMgnwiCCTIZD3ePA0E34V6qtn3tv39BXwqFi8UsJGYSATjCYhlQSBgBJccKEACy0tRf0DLaQWjRZVsEqkRH5swipKsbrUFlIru+gfbiFLSiBLWazzaqbv6Zm503duT3dPSMLnU8ncPqdPf8+5556+fc/pnukAAADA28K+m7cfuOC4f/rZZ0dev+Gff7T5xtBbHs+vxgL96faat6qFHEzdlaXj2+y4+KvrvvO7wcv/4af393z7jb3rT9zw63886vKHP3Hunru+/thrfQ/++cWiuHE8nTqRTl5OQqj+eP+XP7f3qWPH8pIQQjnp3xXC4mTJY4uTTIihP4UQ1qeJpZk7H3j9jA1j2xtv656SvyhTznh/e6um42zngatPC7/5+7U3/WLZ97/XtfulXRNFkuqk8RTCwksnP74r/T8/TcfRFsdjHLRrQgg9kx53TkG7Tmqy/Stz0sen23nptrcgTrx/eSZdypTLpqOuzLanoL525bWj1XJFFmTS2ZNRu/LaGfMXp9sfpttTZxm/HP8noZSESr35m5KJMRImHbckJOPHslpPl+rHNqT7n0knmXQpky53ZfZrvN50oJWTZGp+LJfJj6fjSpp/4uRzdQMX5uS/I91W0yfqGzEdsjdqeqfdqO/XuNiu/TO05WAoTToHNcqvH/j0YPSmeb3JkmmPGW0g3rd37e0ryuse39ef047k/iSNn7QUf+fPFy/42HdvvSr7ul6Pf2kpjV+aVfx4WF847+lXLr71W1/LjX9njF9uqf2nP9Lz8nlP3Lw8t3/2x/6ptBR/+MUn71h29GW7c9t/d4xfbSn+6j1Pd/cdeOTR3PYPxf6Z31L859/3gd/e9+xDL+XGDzF+T0vx1+3Z+vnugQOn5MZ/NPZPb0vxX3h199nPDQz8fjAv/jMxfl9L8e/dddd771l027m5x3dN7J/+luKff/LDNy048NAJeefO5O5OvXICvD0dlV5j3ZKmW51ntmvSfOGrg5XaNd+C9H9fJyvKXHyO1bOwk/EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwzGn/9YP/+8P9L1fSdHd64/lSbRvz54WQzA8hbN8xvG3Hxi1XDH7iyqu2bRneNDi8Y3Bky45t1w6e+TeD20a2bhq+duzeoXedUXvckpDUtskJ0+ruHh0dLfVPzYv1/buTd/9mxTn/5w8hDB3zq4FKbvtX3rX5nqMb/MxIVo++f/NVF/zqrG+m+9Wftqu/QbtGR0dHQ067/u9Fb97zxf2/OyWEob+YqV1PPv93P5nSoPGMiTipUneoNag76WnYjnqr0/bE/qps2LhpZGjm/h17fDlnP/79dS/9acM1X3iz1r/V3P1osn/nrx7dVPrK2vP//1eur2UUteutOu5F/R33IrYv9l817e+F6X4tzNmvSs5+3fyLR5/98XG3vrYrDFVeXTa97qL96koHQFfyjqbqjTX0JIun5FfT8vGIx8et3LF568rt1+5818bNw1eMXDGy5T2rzlx19tBZZ5+1cnzPV9b3P3Rk/2P9f9nk/h+c8bToU7t+GH+O5czPFps2noraVdQfY+0q7o+JFuU//3ou/NyX3nPXExfUMorGeSxdP5+k256x47wqTBpv0/uq0X4V9UMIYbBRP7zy2rnh2P+x8aai89DkIzP5Z0ayevSp5X/85jnfWPq3tYyDcp6f3KAWz/P1Vk+0Z7y/qunxGD1E+7c7lNP96m3YrlVPPdF1+74/fLrevnnzwjXDO3ZsW1X7uSBt6YLk+IbtyubG/Vo2/rMc0m4J9WHaYLyO6Qq19mXPn7F4tld70/t6kyUN9ysr3rd37e0ryuse35fX08n9tRrnh77aNnlnTslNmQeW6w1uVP+h+vwrGh8DH/zGgx9+8AdnThsfp9d+Fu1XkrNf33/23i99+wv/8Qed268P/t3T/X/8nx9fUcs4XM4r9Van7Ukmn1dOD6Ho+bcsNN6P3OdfqfH+FD3/svVMlG8cbzCT7g3llp6vpz/S8/J5T9y8PPf5ur/Z5+v1U1LlgufroTJ+ss+vpDK1HXP3/JoyUJLVoz+95ahdj92w5rhaRtG4rpduNK7PaGL+kbNfP7n4uYErB//Df+/ceeM7f/PAJb8eXv2ZWkbrxz22pTPHvZr2bzWnf+utjvPOyf377suv3LS+ln/oXv+m24L5TzyVbL925yeHN20a2ba9uf1q9vU01pPt5VZfT+PZbUnBfpWm7dfc3Wimv5p9vsX2r2+5v6Y+33pD0tLrws6fL17wse/eelX/tEelFV1aSuOXWor/wnlPv3Lxrd/6Wm78O2P8Skvxh1988o5lR1+2Ozf+3Ukav9pS/NV7nu7uO/DIo7nxh2L757cU//n3feC39z370Eu58UOM39ta/7+6++znBgZ+nxv/mSStZ+waKYQHXj9jQy2dhK70+Rbb0TWlXSGbTjLpUiZdnpwu1dZa6xWUk2RqfiyX5p84qS2NfCQnP16FVZfWtm/EdMjeiMnuhvmHmtKkc3+j/KLrVACAI118/z9eg8b3/0fSC6X8lQaY0O48bGlO3DgPm1jPmTfl/qVp/Pj4uA448O4wNLa9cbB2oT/b9xHi8yG7zhnrOeWkqTFaXecsWn9fnknHdtXWyyuT5qGp6fOaSmhi/X16PTOvv2d2v3h9fPCWac0anLRulT1+XemKWaPPO2TaWxmLkDc+suti8fMcAwvDmvH6mhwf2c/RxOOQ/RxNrOe4zImz1c/RtDs+YrNnGB/jTS5+f2P68Qsz9O/E8WscLXv8ZnG8q2Pl5/r92Q6sGzY8pR28dcO5fT/MumRO/PQJdqivG8b8uB+VJtcTP5yTP/v1xMb58XQR27V/hrYcDNYTgSNVnP/H14ix+f/YBfj/y5Qrug7NXjXGeLmfEyo3bk/RvGP65/R6WnodX7dn6+e7Bw6cknud82izn/vZOiXVU/C5n6J+XJFJF/ZjzgJN0XwvW09Rv2c/l9Eb+lrq93t33fXeexbddm5uv6+pvZAW9/uXpqT6Cvr9MJgvNI5vvvC2mC/M9frZWzYfST/4NFfzkX/NyZ/tfKRn2o36fo2baT7yZuaYpObN0OyWNT0f6ZqL2gGAI0Gc/9ffP0vn//8rFkivI4rmradm0jFe7rw15/okb976L+n2mkz53vQ3KmZ73Xz+yQ/ftODAQyfkzlvubnYe+p+mpPoL56HtzZtz5xFrOvN58dx5RH2e1eo8cebL4Yl5Ynvz9Nz+qc/T25tH5/ZPfR7d3jpAbvz6OsDhPs8tWK/LVBaTza7XHbHz6PTXZ+dqHn1hTv5s59G9027U92vcYfe+nnk0AHCEifP/eBkX5/9PZMq1+z577rygQ9ft2b8HUo//zMGaV871vG+u563tvf+b2z8dev+3eF3icJ8Xz/W60Nyuk73t58VppebFAAAcyuL8P/6l6/z5f3vzk0bzt64p85Oxa8uK+Xk2vvn5ITI/P9zXv8z/vS9ezPwfAODIFuf/8dce49//+y9pOvt3672PnhPfPN08fabx0/Q8vfPrbMHnAN7adYBJXyN4iKwDFP61KusAAABHlq7xmdL037P/aLrN/p593u/lX5xTvlmV9PL4sh3bRkYuuWrr+uEdI5dsuXL9yPZLrt62cceOkS21cu3OG3PnLemlcFeopP3RuFx23rYo/XsIi3L+HkIs/9rE91OOO378xvS/h5Ctdn7B3xGYOH7NtTfv+JVmKN9ofOQd77z4H8kpH9WP/+UfP/2SDdsv2bhl446Nw5s27hyZWm5s1tozi+/NjN0yq+9LzfyYpjT77+/sTDtK09rRlfZH3vezJ5l2LE5bsjjv+w9y2v2z//bFT508+uZ9IQwdU35nW/2XrB79zxeN/MuOfb/aOtb+0oztr5dM21X0faXZ8nF/Kpuu3L7jtA1XXrUl+42SrYnrGaV6eo7WM9Knf7nJ9Yl1Ofmz/ZxCedqNQ1PT6xMAAEwR3/+P17Px/cMvpBdQMb/5eXp77x/nztOHmpunZ7+XrGieni0f97fZeXq1zXl6tv6ieXqj8o3m6Xnz7rz4/5pTfraaHyftfc4jd5xc2tw4yX6fQdE4yZaf7ThJ2hwn2fqLxkmj8o3GSd5xz4v/oZzyeZofD+19Lid3PNzZ3Hj460y6aDxky892PJTaHA/Z+ovGQ6PyjcZD3vHNi39BTvlmTR0fYwNjfFyMXHL1lds+OancXH//Rfvtm9vv/2hV8+2f2899zX375/ZzZe21v7uJ9rf3ubLc9j/T3kpY8/0/t9/v0qqDtl6bftis6PNnReu4a3PyZ7uOO2/ajUOTdVx468T5f3y7J87/b0u3nX4b6PD/njTfY9Ywfoe+x6zoOsbr+QyVHQK8ngMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0p7uydHy77+btBy447p9+9tmR12/45x9tvvGvrvvO7wYv/4ef3t/z7Tf2rj9xw6//8ajLH/7EuXvu+vpjr/U9+OcXCwP3j/+snJomqyEkLychVH+8/8uf2/vUsWN5SQihnPTvCmFxsuSxxUkmwtCfQgjr6+2ceucDr5+xYWx7423dU/IXZYJk9yv0lmN7JrczhGsK94jDUDUdZzsPXH1a+M3fr73pF8u+/72u3S/tmiiSVEMohRA21JILL538+K4Qwvz0/5g42pbGB6fbNSGEnkmPO6egXSc12f6VOenj0+28dNtbECfevzyTLmXKZdNRV2bbU1Bfu/La0Wq5Igsy6ezJqF157Yz5i9PtD9PtqbOMX47/k1BKQqXe/E3JxBgJk45bEpLxY1mtp0v1YxvS/c+kk0y6lEmXuzL7NV5vOtDKSTI1P5bL5MfTcSXNP3HyubqBC3Py35Fuq+kT9Y2YDtkbNb3TbtT3a1xs1/4Z2nIwlCadgxrl1w98ejB607zeZMm0x4w2EO/bu/b2FeV1j+/rz2lHcn+Sxk9air/z54sXfOy7t161NC/+paU0fqml+C+c9/QrF9/6ra/lxr8zxi+3FP/0R3pePu+Jm5fn9s/+2D+VluIPv/jkHcuOvmx3bvvvjvGrLcVfvefp7r4Djzya2/6h2D/zW4r//Ps+8Nv7nn3opdz4IcbvaSn+uj1bP989cOCU3PiPjvfPjb3jI7SF8fPq7rOfGxj4/WBe/Gdi//e1FP/eXXe9955Ft52be3zXxP7pbyn++Sc/fNOCAw+dkHfuTO7u1CsnwNvTUek11i1pumCeWV+3yM4z2zXpbP7VwUrtmm9B+r+vkxVljNWzcA7jAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwZPrl9Wd+9KL3f2htJQkhySkz2kC8rzxv9erBFuodfvHJO5YdfdnuyXlLW4gDAAAAFIvz8FI9pxqWhquT+eH4huXjGsHxMZVMzc+uIcQ42TWCVuOUOhSn3KE4lQ7F6epQnHkditPdoTjVgjjV0Fyc+TPEqYyNiibb0zNje5qP09uhOAs6FKevE3Gyg7mN9izqUJz+GeM0Pw4XdyjOkg7FOapDcY7uUJxjOhTnLzoU59gOxcmuKc92HPalJY/LizN+o1wYp5KU63c0Wk8/Nq3nhDbr6S2op6/o9bjJeuY3Wc9JmceVZllPtcl6/rLNepIm6/nrNuspFdQTx+012fbFemKqyfF/bYfi7OxQnOs6FOf6DsX5dIfifKZDcW5oMw5As+L8f2K+1x+6K38betIzTnYVIE4Rlo3/nP56l3dCivHemcmfVxQvO1HPxFs22/ZlFxAy8ZZn8rumxKvU5yMzxKtOjrcic2fh/jaYg02Od2omv7soXnZhAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADm0C+vP/OjF73/Q2tDEsb+NTTaQLyvPG/16sEW6t279vYV5XWP75uc111pIRAAAABQKM7Du+o51dBdWRW6k3lTylXTdYBqmi7317YDC8OasW0yWBpP9ySLZ3xcJX3cyh2bt67cfu3Od23cPHzFyBUjW96z6sxVZw+ddfZZKzds3DQyVPsZQndBvBDC+PLD9mt3fnJ406aRbdtrmdn2L00ftzRNJ+njBt4dhsa2N461v+/lsKSgvtK0+ubuRjPHDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6NXbsLkfMq4wB+3pnZmem2sSv9moZmO+SjRC2axK2kWrovCBbaJGQpyGx1LcEmWNw0oU1KrGMbsK0JitASCJFcGInF1uJNP2wR+0EgUqMBNwZpi/ZCL5RWK2nJhaSMZHfO7MzsTGYdS5Omv9/FvDPnPOc875mLhf+7AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQZqqjkxURsfGB5MQki41tQ7iXDafpuU++n71+a0/LAyfXN48Vsj1sREAAADQU8zhA42RYijksiEbrpz+tDg0TYTZ3A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHz0TFVHJiqjY+MXJiEkXWpqHcS5bD5Ny330feOdJz/36vDw35vHSn3sAwAAAPQWc3imMVIMpbAkDCRXttTFZwML29a318V9Fs2zruXZwUD3uiXz3O+aedZ9okfduvp1RwAAAIAPv5j/c42RoVDILeia/3vl+lh3dVtdtn7t57cCAAAAwP8n5v9CY6QUCrlSI6/PN+8vbquL63v93z6uX9Zlfa//56+tX/2fHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+PKaqIxOV0bHxbBJC0qWm1kGcy+bTtNxH31UvDP7zlkMPLW4eK+T62AgAAADoKebw2ehdDIXcYBgIF07n/uGb9j/95aefHQkhzMT8fD7s2LBt292rZl5j3cojhwZ+cPit78ypWznzetYOCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvG+mqiMTldGx8QuSEJIuNbUO4lw2n6blPvq+/oUv/fXx48+92TxW6mMfAAAAoLeYw2ezfzGUQj7kw+XTn5qz/mmZtvXdnhkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5497vnXfNzdMTm6825uP9Jtk5zlxG96cM2/O9l8mAADg/XZ1SELtf3TF+rN91wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLlgqjoyURkdGy8mISRdamodxLlsPk3LffRNnz9aWHDyhZeax0p97AMAAAD0FnP4bPYvhlIYCAPhsulPnZ4JTOf/oQ/wJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBzylR1ZKIyOja+IAkh6VJT6yDOZfNpWu6j72M7933+4MXfv7l5rJDrYyMAAACgp5jD842RYijkPhkK4ar658nWBUm2fu38XGB23daWZYPzXldtWZed97pdbSfL1U8zs64Y9xuauTbWleeuKzetK4VG+3LLurCnZdWCHvcZAAAA4CyK+b/QGBkKhVyhKef+rKV+SM4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALqYqo5MVEbHxpMkhKRLTa2DOJfNp2m5j773/e7jF33t57u3N4+V+tgHAAAA6C3m8NnsXwylsCh8LCyazv1hqLU+1v2rcurgo//+2/IQVlx+bDjXvu2P45vfvH7ji+0vIWRaqzMhXFzvl3Tp99s/PHrv0tqpx0NYcVn2qjn9wpn7tW6Z1p6pbFy77fCxrT2+HAAAADhPxPw/0BgZCoXcXV3zf0zePfJ/w3QAv/jenb+8tP5aT+RtKzJD9X6ZLv2+uPTJvyxb/Y+3Tuf/M/X7zL7NBy9taTgz0iZJa6Obt687dt2BTDz1TP9sW//4vXzl22/+Z9OOR07N9C+GYn18Ya5T/7mvbS5Ia5OZveNr3ttbbe2f63L+h37/0vFfL9z97un+71w92Oh/zRnOf+b+g7c+vOf6fYfWtfYPIZQ79X/73ZvDFX+688H28w+2bZxr+uabX9skae3I4hMHVu8v3dDaP2nrH7//Xxx/bM9PH/nes7F//K3I8iWtG8/tHPtn2vq/suuSnS8/sH5ha/9Ml/O/eNurw1vK3/1j+/nvaNk11/Uu5p7/iWufuv21Den97VMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADnl6nqyERldGw8k4SQdKmpdRDnsvk0LffR941bjr592+6f/Kh5rNTHPgAAAEBvMYfPZv9iKIV8yIfB6dz/TGXj2m2Hj20NQzOzSf2am9xyz7ZPbdqy/a47ztKdAwAAAPMV83+uMTIUCrmlYaCe/0c3b1937LoDmZj/MzH/b7pzcuOK0Kh7ZdclO19+YP3CxnOCEKZ/FlA8XffZ2bqbbjw6dOLP31jWsW7VbN2RxScOrN5fuiHWhea6laHxfOKJa5+6/bUN6f2N+2uu+/TXt0zWH0/EfQdvfXjP9fsOrWuco34drO8b6yYze8fXvLe3Guuy9Wuxfm4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYK6p6shEZXRsPGRDSLrU1DqIc9l8mpb76Ltm6a8evOjkc4uaxwq5PjYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4L/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYb/+QqSq4jiAnzOz2447u7qrQVvRulpR2ENSEFEvFRWhEUJPhoSl+RAFQURhD62hkVjRS5D1IlFBtYVQkJskWqzRP+mlhwoKrIdApIVykB4qduaecfY6t6G7FlSfDwxnf2fu/d7fvffMnR0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf5WBvrHmeHjHg43bzrvpk8fvOfHYLe/dv+2SR1//YWLTDR/vHXzl5MzmFVu+vnHZpv33rpne/eKhX4bf+e1oz+BHWsOqrKyFEI/HEGrvzz73xMyn58zNxRBCNY5MhjAalx4ajbmE1b+GEDa3+5z/5tsnrtwyN27bNTBvfkkuJH9eoV5N/bSMzO+X/5Zats62Nh6+LHx7/frtny9/683+qWOTpzaJtY71FMLijZ3794cQFmWvOWm1jaWds3FdCGGwY7+re/R1YWcxWrzd5QX1+dl4VjbWexwvvb8yV1dy2+XrpD83DvY43kIV9VF2u16GcnX+YbRQRX2m+bQE3s3GVX8xv5peMVRi6Gu3f188tUZCx32LITbvZa1dV9r3NmTnn6tjrq7k6mp/7ryax80WWjXG+fNpu9x8ehz3ZfMrOp/VXdxeMH9uNtayD+rJVIf8Hy310/5on1dT6mv2T3r5J1Q6nkHd5ts3PrsZ9WyuHpeets/vXaT3ZtY/dXF1wweHRwr6iHtjlh9L5W/9bHTozjd2PjRWlL+xkuVXSuV/t/bIT3fsfOmFwvxnU361VP4VBwaPr/1wx8rC6zObrk9fqfy7jn709PKz757qdq+b+XtSfq1U/nXTRwaGGwcOFva/Ol2fRaXyv7n25u9f+3LfscL8kPIHS+VvmH7gmYHxxqWF+QdbH4V6c4WWWD8/T1311fj4jxNF+V+k6z/cJT/2zH91cvc1Ly/ZtaZwfa5L12ekVP+3XrR/+1Bj3wVFz86450x9cwL8Py3L/sd6MqvL/s5cqI7fC89P9LW+gYay1/CZPFDO3HEW/435AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB/sAMHJAAAAACC/r9uR6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBUAAP//vHMtvw==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file3\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x2000) 960.030635ms ago: executing program 1 (id=385): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nfc(&(0x7f00000007c0), r1) sendmsg$NFC_CMD_LLC_GET_PARAMS(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r2, 0x1, 0x70bd2b, 0x25dfdbfb, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x44084}, 0x4) 948.170463ms ago: executing program 4 (id=386): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB="4400000011002901800000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028004000500080000003e"], 0x44}}, 0x0) 908.442925ms ago: executing program 3 (id=387): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f00000000c0)={0x0, 0x1}, 0x2a) sendto$inet6(r0, &(0x7f0000000040)="aa", 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @dev, 0x4}, 0x1c) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000000)={0x0, 0x9, 0x3}, 0x8) 868.094356ms ago: executing program 1 (id=388): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000048000/0x1000)=nil, 0x1000, 0x6, 0x31, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc)=0x1, 0xb, 0x1, 0x0, &(0x7f0000000040), 0x3) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) 812.150119ms ago: executing program 4 (id=389): ioctl$VIDIOC_ENUMAUDIO(0xffffffffffffffff, 0xc0345641, &(0x7f0000000080)={0xffffffff, "833af9e0aa27077f097f0a35b3b3651e84d64697859e3271189d57c60f0412cb", 0x1}) syz_mount_image$squashfs(&(0x7f00000006c0), &(0x7f0000000000)='./file0\x00', 0x2, &(0x7f0000000400)=ANY=[@ANYRES16=0x0, @ANYRESDEC, @ANYRES8, @ANYRESDEC, @ANYRES32, @ANYRES64, @ANYRES8=0x0, @ANYRESDEC, @ANYRES32], 0x1, 0x1ef, &(0x7f0000000b80)="$eJzslU1rE0EYx3+zO0kazaFnTwWL7UXbbEE8erMfwA9gSNda3PjSDWhCweilFw/ilyj4KTwIevcgInipBwU9VDxVJDI7z4wTEoiVRCjsH8LzPP95XrPzciu/n9eAX0d7bRYpoGjwQSk0sKIsd1y18rvIoeCztnZT+BciP4nMe/23T63av93KsnQ3701RlIJpPtkQq0h5Rp30hGLOc2rqN09GGcVE5wj4q3lmophqY0vd2I40HvVshKlN8pFY/kPz/64snWDf2Emt8qMxuiW+zLqxCvOeHTzzszH9M71/bj/nRJ9YwutjJ2XOSm/WCaMTReXI9ZVfexzxrTDeHe21jXJDbjHDbdmfOxKFjzFeBT7nNAxAxQx9Hg1XjbECrHU799byXv/iTqe1nW6nd5Jk4/L667NyRIePYCdL11XQhjnUuHsJMOe0HqxXgI9/1gcEUEFrBmdAVbG9uRB3Oa+eDwLrEAWxYQ6b96WvXxMupsN1LrAAPBioJUiw/9YyJpvmphltE0UsRlMHfcIxEQvFwqX23WxrH4VyYQdon6N5SMUbCdYwhdKNK378fZHLIjdFHog8FOneLvcm6SLDV7FWB1DlYavb3S0eL6t5LvFcsugrR1LVvYbKdVKjRIkSJUqUKFHilOB3AAAA//9pS0H2") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) open_by_handle_at(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="0c00000001000000"], 0x0) 738.295478ms ago: executing program 3 (id=390): r0 = socket$inet6(0xa, 0x80002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) 620.820458ms ago: executing program 4 (id=391): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000003180)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf84, 0x3}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) pselect6(0x40, &(0x7f0000000100)={0x3, 0x80000000, 0x5, 0xfff, 0x6, 0x1ff, 0x0, 0xa}, &(0x7f0000000140)={0x9, 0x6, 0x0, 0x100, 0xcf9, 0x0, 0x4, 0x7}, 0x0, 0x0, 0x0) 421.420563ms ago: executing program 3 (id=392): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='debugfs\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x0, 0x0) 341.5204ms ago: executing program 2 (id=393): bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/vmallocinfo\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) 283.597253ms ago: executing program 3 (id=394): r0 = socket$l2tp(0x2, 0x2, 0x73) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4000, @local}, 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x4e24, @empty}, 0x10) sendmmsg$inet(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000440)=[{0x0}, {&(0x7f0000000180)="87", 0x1}], 0x2}}], 0x1, 0x0) 239.999175ms ago: executing program 4 (id=395): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) listen(r0, 0xaab) 127.14148ms ago: executing program 3 (id=396): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) renameat2(r0, &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000200)='./file0\x00', 0x4) renameat2(r0, &(0x7f0000000780)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000700)='./file0\x00', 0x2) 0s ago: executing program 3 (id=397): syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='pagemap\x00') seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}) socket$rxrpc(0x21, 0x2, 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fd/3\x00') kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.15.206' (ED25519) to the list of known hosts. [ 40.071533][ T6508] cgroup: Unknown subsys name 'net' [ 40.179259][ T6508] cgroup: Unknown subsys name 'cpuset' [ 40.182930][ T6508] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 40.371302][ T6508] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k SS [ 42.789967][ T6520] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 42.809948][ T6531] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 42.810276][ T6531] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 42.811142][ T6531] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 42.811466][ T6531] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 42.812258][ T6531] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 42.812826][ T6531] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 42.813335][ T6531] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 42.813874][ T6531] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 42.814373][ T6531] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 42.814862][ T6531] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 42.815647][ T6086] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 42.815949][ T6086] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 42.817840][ T6531] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 42.818235][ T6531] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 42.818870][ T6531] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 42.825435][ T6533] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 42.825811][ T6531] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 42.826031][ T6531] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 42.826674][ T6531] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 42.829351][ T6531] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 42.829565][ T6531] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 42.832409][ T6531] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 42.838000][ T6531] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 42.866667][ T6520] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 43.169986][ T6526] chnl_net:caif_netlink_parms(): no params data found [ 43.253023][ T6522] chnl_net:caif_netlink_parms(): no params data found [ 43.283789][ T6519] chnl_net:caif_netlink_parms(): no params data found [ 43.324185][ T6527] chnl_net:caif_netlink_parms(): no params data found [ 43.342316][ T6518] chnl_net:caif_netlink_parms(): no params data found [ 43.376674][ T6526] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.376826][ T6526] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.376960][ T6526] bridge_slave_0: entered allmulticast mode [ 43.377895][ T6526] bridge_slave_0: entered promiscuous mode [ 43.414599][ T6526] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.414675][ T6526] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.414825][ T6526] bridge_slave_1: entered allmulticast mode [ 43.415890][ T6526] bridge_slave_1: entered promiscuous mode [ 43.428423][ T6522] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.428496][ T6522] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.428598][ T6522] bridge_slave_0: entered allmulticast mode [ 43.429465][ T6522] bridge_slave_0: entered promiscuous mode [ 43.430934][ T6522] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.430981][ T6522] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.431119][ T6522] bridge_slave_1: entered allmulticast mode [ 43.431940][ T6522] bridge_slave_1: entered promiscuous mode [ 43.477390][ T6526] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.480171][ T6519] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.480273][ T6519] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.480399][ T6519] bridge_slave_0: entered allmulticast mode [ 43.481226][ T6519] bridge_slave_0: entered promiscuous mode [ 43.482614][ T6519] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.482660][ T6519] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.482760][ T6519] bridge_slave_1: entered allmulticast mode [ 43.483609][ T6519] bridge_slave_1: entered promiscuous mode [ 43.515544][ T6522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.518753][ T6522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.540730][ T6526] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.567727][ T6519] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.572243][ T6519] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.607908][ T6527] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.610190][ T6527] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.611302][ T6527] bridge_slave_0: entered allmulticast mode [ 43.612210][ T6527] bridge_slave_0: entered promiscuous mode [ 43.615177][ T6522] team0: Port device team_slave_0 added [ 43.623951][ T6526] team0: Port device team_slave_0 added [ 43.625898][ T6518] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.625970][ T6518] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.626077][ T6518] bridge_slave_0: entered allmulticast mode [ 43.627421][ T6518] bridge_slave_0: entered promiscuous mode [ 43.633151][ T6518] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.633199][ T6518] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.633330][ T6518] bridge_slave_1: entered allmulticast mode [ 43.634482][ T6518] bridge_slave_1: entered promiscuous mode [ 43.642759][ T6527] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.642857][ T6527] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.643012][ T6527] bridge_slave_1: entered allmulticast mode [ 43.643935][ T6527] bridge_slave_1: entered promiscuous mode [ 43.651131][ T6522] team0: Port device team_slave_1 added [ 43.671765][ T6519] team0: Port device team_slave_0 added [ 43.682493][ T6526] team0: Port device team_slave_1 added [ 43.706390][ T6519] team0: Port device team_slave_1 added [ 43.708791][ T6522] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.710897][ T6522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.711615][ T6522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.730460][ T6526] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.731270][ T6526] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.731311][ T6526] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.760426][ T6522] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.760487][ T6522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.760526][ T6522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.765776][ T6518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.767998][ T6518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.779983][ T6526] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.780029][ T6526] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.780289][ T6526] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.785575][ T6527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 43.791832][ T6527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 43.801904][ T6519] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.801960][ T6519] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.802019][ T6519] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.839463][ T6519] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.839525][ T6519] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.839565][ T6519] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.846059][ T6522] hsr_slave_0: entered promiscuous mode [ 43.847754][ T6522] hsr_slave_1: entered promiscuous mode [ 43.851091][ T6518] team0: Port device team_slave_0 added [ 43.862254][ T6518] team0: Port device team_slave_1 added [ 43.878490][ T6526] hsr_slave_0: entered promiscuous mode [ 43.879049][ T6526] hsr_slave_1: entered promiscuous mode [ 43.879578][ T6526] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.879656][ T6526] Cannot create hsr debugfs directory [ 43.911697][ T6527] team0: Port device team_slave_0 added [ 43.914149][ T6527] team0: Port device team_slave_1 added [ 43.917543][ T6519] hsr_slave_0: entered promiscuous mode [ 43.918134][ T6519] hsr_slave_1: entered promiscuous mode [ 43.918564][ T6519] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 43.918596][ T6519] Cannot create hsr debugfs directory [ 43.935760][ T6518] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.935826][ T6518] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.935865][ T6518] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 43.937142][ T6518] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 43.937169][ T6518] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.937213][ T6518] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 43.983999][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 43.984059][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 43.984116][ T6527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 44.021033][ T6527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 44.021096][ T6527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 44.021159][ T6527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 44.078946][ T6518] hsr_slave_0: entered promiscuous mode [ 44.079490][ T6518] hsr_slave_1: entered promiscuous mode [ 44.079843][ T6518] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 44.079876][ T6518] Cannot create hsr debugfs directory [ 44.158532][ T6527] hsr_slave_0: entered promiscuous mode [ 44.159063][ T6527] hsr_slave_1: entered promiscuous mode [ 44.159487][ T6527] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 44.159518][ T6527] Cannot create hsr debugfs directory [ 44.341429][ T6519] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 44.348882][ T6519] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 44.357590][ T6519] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 44.359814][ T6519] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 44.390638][ T6526] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 44.404888][ T6526] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 44.408906][ T6526] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 44.413468][ T6526] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 44.460948][ T6522] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 44.464738][ T6522] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 44.469441][ T6522] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 44.473267][ T6522] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 44.539988][ T6518] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 44.545819][ T6518] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 44.559565][ T6518] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 44.563575][ T6518] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 44.575984][ T6519] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.618655][ T6527] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 44.627010][ T6527] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 44.630822][ T6527] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 44.642760][ T6526] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.645550][ T6527] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 44.662319][ T6519] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.683814][ T6526] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.689281][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.689426][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.700753][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.700836][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.718025][ T6522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.730262][ T681] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.730354][ T681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.761305][ T6518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.770332][ T6518] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.782865][ T6522] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.789008][ T293] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.789298][ T293] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.795716][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.795788][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.820705][ T681] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.820775][ T681] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.826035][ T681] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.826105][ T681] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.848449][ T6524] Bluetooth: hci4: command tx timeout [ 44.859531][ T2164] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.859612][ T2164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.893924][ T6518] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 44.897988][ T6518] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 44.918494][ T6524] Bluetooth: hci2: command tx timeout [ 44.918675][ T6524] Bluetooth: hci1: command tx timeout [ 44.918772][ T6524] Bluetooth: hci3: command tx timeout [ 44.923026][ T6531] Bluetooth: hci0: command tx timeout [ 44.981772][ T6527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 44.990528][ T6527] 8021q: adding VLAN 0 to HW filter on device team0 [ 44.995825][ T6519] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.032499][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.032598][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.056096][ T6519] veth0_vlan: entered promiscuous mode [ 45.065514][ T293] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.065604][ T293] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.095809][ T6519] veth1_vlan: entered promiscuous mode [ 45.113326][ T6518] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.139867][ T6518] veth0_vlan: entered promiscuous mode [ 45.144247][ T6526] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.151062][ T6518] veth1_vlan: entered promiscuous mode [ 45.165838][ T6527] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 45.171535][ T6527] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 45.194142][ T6522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.245748][ T6522] veth0_vlan: entered promiscuous mode [ 45.261235][ T6519] veth0_macvtap: entered promiscuous mode [ 45.266000][ T6519] veth1_macvtap: entered promiscuous mode [ 45.283677][ T6526] veth0_vlan: entered promiscuous mode [ 45.294193][ T6519] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.295564][ T6522] veth1_vlan: entered promiscuous mode [ 45.298763][ T6526] veth1_vlan: entered promiscuous mode [ 45.324680][ T6527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 45.335827][ T6519] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.343231][ T6518] veth0_macvtap: entered promiscuous mode [ 45.355470][ T6519] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.359868][ T6519] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.362542][ T6519] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.365032][ T6519] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.380369][ T6518] veth1_macvtap: entered promiscuous mode [ 45.407114][ T6518] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.411331][ T6522] veth0_macvtap: entered promiscuous mode [ 45.447761][ T6518] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.451723][ T6522] veth1_macvtap: entered promiscuous mode [ 45.474650][ T6518] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.479727][ T6518] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.482384][ T6518] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.484711][ T6518] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.503755][ T6522] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.505639][ T6522] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.508477][ T293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.508568][ T293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.518766][ T6522] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.521260][ T6522] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.523697][ T6522] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.526141][ T6522] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.531497][ T6526] veth0_macvtap: entered promiscuous mode [ 45.545016][ T6526] veth1_macvtap: entered promiscuous mode [ 45.591714][ T6526] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.593620][ T6526] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.595144][ T6526] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.595185][ T6526] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.595227][ T6526] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.595257][ T6526] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.609131][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.611447][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.634704][ T6527] veth0_vlan: entered promiscuous mode [ 45.671526][ T6527] veth1_vlan: entered promiscuous mode [ 45.683780][ T242] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.686140][ T242] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.710194][ T6519] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 45.753515][ T41] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.753583][ T41] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.775875][ T6527] veth0_macvtap: entered promiscuous mode [ 45.789151][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.789230][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.805460][ T6527] veth1_macvtap: entered promiscuous mode [ 45.810621][ T2164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.812924][ T2164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.859358][ T242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.859418][ T242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.899182][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 45.910365][ T293] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 45.913296][ T293] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 45.921181][ T6527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 45.929593][ T6527] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.932448][ T6527] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.936995][ T6527] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 45.937060][ T6527] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 46.112694][ T293] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.112763][ T293] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.193110][ T6647] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8'. [ 46.204546][ T41] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 46.204614][ T41] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 46.261392][ T6653] warning: `syz.2.11' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 46.409654][ T6662] netlink: 'syz.2.15': attribute type 4 has an invalid length. [ 46.770616][ T6643] loop1: detected capacity change from 0 to 32768 [ 46.927820][ T6531] Bluetooth: hci4: command tx timeout [ 46.944962][ T6643] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded=yes,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 46.944962][ T6643] allowing incompatible features above 0.0: (unknown version) [ 46.944962][ T6643] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 46.945043][ T6643] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0 [ 46.945305][ T6643] bcachefs (loop1): recovering from clean shutdown, journal seq 10 [ 46.945472][ T6643] bcachefs (loop1): Version upgrade required: [ 46.945472][ T6643] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 46.945472][ T6643] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 46.945472][ T6643] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 46.945814][ T6643] bcachefs (loop1): dropping and reconstructing all alloc info [ 46.998110][ T6531] Bluetooth: hci3: command tx timeout [ 46.998187][ T6531] Bluetooth: hci1: command tx timeout [ 46.998232][ T6531] Bluetooth: hci2: command tx timeout [ 46.998274][ T6531] Bluetooth: hci0: command tx timeout [ 47.057572][ T6671] loop0: detected capacity change from 0 to 32768 [ 47.066804][ T6643] bcachefs (loop1): accounting_read... [ 47.075370][ T6664] loop4: detected capacity change from 0 to 40427 [ 47.082527][ T6664] F2FS-fs (loop4): build fault injection rate: 771 [ 47.087885][ T6664] F2FS-fs (loop4): invalid crc value [ 47.097422][ T6643] done [ 47.097484][ T6643] bcachefs (loop1): alloc_read... done [ 47.097667][ T6643] bcachefs (loop1): snapshots_read... done [ 47.098377][ T6643] bcachefs (loop1): done starting filesystem [ 47.202820][ T6664] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 47.331335][ T6522] bcachefs (loop1): shutting down [ 47.410253][ T6522] bcachefs (loop1): shutdown complete [ 47.570337][ T6527] syz-executor: attempt to access beyond end of device [ 47.570337][ T6527] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 47.575384][ T6527] CPU: 1 UID: 0 PID: 6527 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT [ 47.575412][ T6527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.575421][ T6527] Call trace: [ 47.575425][ T6527] show_stack+0x2c/0x3c (C) [ 47.575445][ T6527] __dump_stack+0x30/0x40 [ 47.575460][ T6527] dump_stack_lvl+0xd8/0x12c [ 47.575473][ T6527] dump_stack+0x1c/0x28 [ 47.575486][ T6527] f2fs_handle_critical_error+0x34c/0x4b8 [ 47.575499][ T6527] f2fs_stop_checkpoint+0x5c/0x70 [ 47.575512][ T6527] f2fs_write_end_io+0x58c/0x818 [ 47.575524][ T6527] bio_endio+0x804/0x840 [ 47.575536][ T6527] submit_bio_noacct+0x158/0x176c [ 47.575550][ T6527] submit_bio+0x354/0x4d4 [ 47.575563][ T6527] f2fs_submit_write_bio+0x13c/0x324 [ 47.575574][ T6527] __submit_merged_bio+0x254/0x704 [ 47.575585][ T6527] __submit_merged_write_cond+0x23c/0x4ac [ 47.575596][ T6527] f2fs_write_data_pages+0x1d28/0x2634 [ 47.575608][ T6527] do_writepages+0x270/0x468 [ 47.575623][ T6527] filemap_fdatawrite+0x144/0x1e8 [ 47.575637][ T6527] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 47.575651][ T6527] f2fs_write_checkpoint+0x684/0x1694 [ 47.575665][ T6527] kill_f2fs_super+0x21c/0x584 [ 47.575677][ T6527] deactivate_locked_super+0xc4/0x12c [ 47.575689][ T6527] deactivate_super+0xe0/0x100 [ 47.575699][ T6527] cleanup_mnt+0x31c/0x3ac [ 47.575711][ T6527] __cleanup_mnt+0x20/0x30 [ 47.575722][ T6527] task_work_run+0x1dc/0x260 [ 47.575733][ T6527] do_notify_resume+0x16c/0x1ec [ 47.575745][ T6527] el0_svc+0xb4/0x17c [ 47.575758][ T6527] el0t_64_sync_handler+0x78/0x108 [ 47.575770][ T6527] el0t_64_sync+0x198/0x19c [ 47.624333][ T6527] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 47.669708][ T6683] loop2: detected capacity change from 0 to 40427 [ 47.687873][ T6683] F2FS-fs (loop2): build fault injection rate: 690 [ 47.687937][ T6683] F2FS-fs (loop2): Image doesn't support compression [ 47.687981][ T6683] F2FS-fs (loop2): heap/no_heap options were deprecated [ 47.688011][ T6683] F2FS-fs (loop2): Image doesn't support compression [ 47.698122][ T6683] F2FS-fs (loop2): invalid crc value [ 47.761367][ T6675] loop3: detected capacity change from 0 to 32768 [ 47.775754][ T6683] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 47.778904][ T6675] ======================================================= [ 47.778904][ T6675] WARNING: The mand mount option has been deprecated and [ 47.778904][ T6675] and is ignored by this kernel. Remove the mand [ 47.778904][ T6675] option from the mount to silence this warning. [ 47.778904][ T6675] ======================================================= [ 47.897509][ T6526] syz-executor: attempt to access beyond end of device [ 47.897509][ T6526] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 47.901751][ T6526] CPU: 1 UID: 0 PID: 6526 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT [ 47.901774][ T6526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.901782][ T6526] Call trace: [ 47.901786][ T6526] show_stack+0x2c/0x3c (C) [ 47.901807][ T6526] __dump_stack+0x30/0x40 [ 47.901822][ T6526] dump_stack_lvl+0xd8/0x12c [ 47.901835][ T6526] dump_stack+0x1c/0x28 [ 47.901848][ T6526] f2fs_handle_critical_error+0x34c/0x4b8 [ 47.901861][ T6526] f2fs_stop_checkpoint+0x5c/0x70 [ 47.901874][ T6526] f2fs_write_end_io+0x58c/0x818 [ 47.901886][ T6526] bio_endio+0x804/0x840 [ 47.901898][ T6526] submit_bio_noacct+0x158/0x176c [ 47.901911][ T6526] submit_bio+0x354/0x4d4 [ 47.901924][ T6526] f2fs_submit_write_bio+0x13c/0x324 [ 47.901935][ T6526] __submit_merged_bio+0x254/0x704 [ 47.901946][ T6526] __submit_merged_write_cond+0x23c/0x4ac [ 47.901957][ T6526] f2fs_write_data_pages+0x1d28/0x2634 [ 47.901969][ T6526] do_writepages+0x270/0x468 [ 47.901983][ T6526] filemap_fdatawrite+0x144/0x1e8 [ 47.901998][ T6526] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 47.902012][ T6526] f2fs_write_checkpoint+0x684/0x1694 [ 47.902025][ T6526] kill_f2fs_super+0x21c/0x584 [ 47.902037][ T6526] deactivate_locked_super+0xc4/0x12c [ 47.902049][ T6526] deactivate_super+0xe0/0x100 [ 47.902059][ T6526] cleanup_mnt+0x31c/0x3ac [ 47.902071][ T6526] __cleanup_mnt+0x20/0x30 [ 47.902082][ T6526] task_work_run+0x1dc/0x260 [ 47.902093][ T6526] do_notify_resume+0x16c/0x1ec [ 47.902105][ T6526] el0_svc+0xb4/0x17c [ 47.902118][ T6526] el0t_64_sync_handler+0x78/0x108 [ 47.902130][ T6526] el0t_64_sync+0x198/0x19c [ 47.902341][ T6526] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 47.902395][ T6526] CPU: 1 UID: 0 PID: 6526 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT [ 47.902411][ T6526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 47.902418][ T6526] Call trace: [ 47.902422][ T6526] show_stack+0x2c/0x3c (C) [ 47.902436][ T6526] __dump_stack+0x30/0x40 [ 47.902449][ T6526] dump_stack_lvl+0xd8/0x12c [ 47.902463][ T6526] dump_stack+0x1c/0x28 [ 47.902475][ T6526] f2fs_handle_critical_error+0x34c/0x4b8 [ 47.902487][ T6526] f2fs_stop_checkpoint+0x5c/0x70 [ 47.902499][ T6526] f2fs_write_end_io+0x58c/0x818 [ 47.902511][ T6526] bio_endio+0x804/0x840 [ 47.902522][ T6526] submit_bio_noacct+0x158/0x176c [ 47.902535][ T6526] submit_bio+0x354/0x4d4 [ 47.902547][ T6526] f2fs_submit_write_bio+0x13c/0x324 [ 47.902558][ T6526] __submit_merged_bio+0x254/0x704 [ 47.902569][ T6526] __submit_merged_write_cond+0x23c/0x4ac [ 47.902580][ T6526] f2fs_write_data_pages+0x1d28/0x2634 [ 47.902592][ T6526] do_writepages+0x270/0x468 [ 47.902606][ T6526] filemap_fdatawrite+0x144/0x1e8 [ 47.902619][ T6526] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 47.902633][ T6526] f2fs_write_checkpoint+0x684/0x1694 [ 47.902647][ T6526] kill_f2fs_super+0x21c/0x584 [ 47.902658][ T6526] deactivate_locked_super+0xc4/0x12c [ 47.902669][ T6526] deactivate_super+0xe0/0x100 [ 47.902679][ T6526] cleanup_mnt+0x31c/0x3ac [ 47.902690][ T6526] __cleanup_mnt+0x20/0x30 [ 47.902701][ T6526] task_work_run+0x1dc/0x260 [ 47.902712][ T6526] do_notify_resume+0x16c/0x1ec [ 47.902724][ T6526] el0_svc+0xb4/0x17c [ 47.902735][ T6526] el0t_64_sync_handler+0x78/0x108 [ 47.902747][ T6526] el0t_64_sync+0x198/0x19c [ 47.902914][ T6526] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 48.261880][ T6675] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 48.261880][ T6675] [ 48.268726][ T6675] xtLookup: xtSearch returned -5 [ 48.270240][ T6675] ERROR: (device loop3): xtTruncate: XT_GETPAGE: xtree page corrupt [ 48.270240][ T6675] [ 48.280385][ T6697] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 48.394190][ T6701] Bluetooth: MGMT ver 1.23 [ 48.617162][ T6712] loop2: detected capacity change from 0 to 2048 [ 48.681966][ T6712] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 48.742763][ T6707] loop4: detected capacity change from 0 to 32768 [ 48.768141][ T6712] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 48.783973][ T6712] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 13 with max blocks 1 with error 28 [ 48.784072][ T6712] EXT4-fs (loop2): This should not happen!! Data will be lost [ 48.784072][ T6712] [ 48.784115][ T6712] EXT4-fs (loop2): Total free blocks count 0 [ 48.784145][ T6712] EXT4-fs (loop2): Free/Dirty block details [ 48.784179][ T6712] EXT4-fs (loop2): free_blocks=2415919104 [ 48.784223][ T6712] EXT4-fs (loop2): dirty_blocks=16 [ 48.784252][ T6712] EXT4-fs (loop2): Block reservation details [ 48.784279][ T6712] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 48.815370][ T6712] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 48.871030][ T6720] mkiss: ax0: crc mode is auto. [ 48.953926][ T6707] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded=yes,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow [ 48.953926][ T6707] allowing incompatible features above 0.0: (unknown version) [ 48.953926][ T6707] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 48.998030][ T6707] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0 [ 48.998789][ T6707] bcachefs (loop4): recovering from clean shutdown, journal seq 10 [ 48.998930][ T6707] bcachefs (loop4): Version upgrade required: [ 48.998930][ T6707] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 48.998930][ T6707] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 48.998930][ T6707] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 48.999145][ T6707] bcachefs (loop4): dropping and reconstructing all alloc info [ 49.006518][ T6520] Bluetooth: hci4: command tx timeout [ 49.043932][ T6707] bcachefs (loop4): accounting_read... [ 49.063976][ T6722] loop0: detected capacity change from 0 to 32768 [ 49.077479][ T6520] Bluetooth: hci0: command tx timeout [ 49.077555][ T6520] Bluetooth: hci2: command tx timeout [ 49.077597][ T6520] Bluetooth: hci1: command tx timeout [ 49.077636][ T6520] Bluetooth: hci3: command tx timeout [ 49.096781][ T6707] done [ 49.096842][ T6707] bcachefs (loop4): alloc_read... [ 49.096977][ T6722] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 49.097015][ T6707] done [ 49.097082][ T6707] bcachefs (loop4): snapshots_read... done [ 49.097564][ T6707] bcachefs (loop4): done starting filesystem [ 49.140732][ T6722] XFS (loop0): Ending clean mount [ 49.217117][ T6739] netem: unknown loss type 0 [ 49.218781][ T6739] netem: change failed [ 49.244155][ T6527] bcachefs (loop4): shutting down [ 49.370593][ T6527] bcachefs (loop4): shutdown complete [ 49.382289][ T6518] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 49.541956][ T6749] loop2: detected capacity change from 0 to 1024 [ 49.648574][ T2142] hfsplus: b-tree write err: -5, ino 4 [ 49.773193][ T6757] netlink: 28 bytes leftover after parsing attributes in process `syz.2.48'. [ 49.779722][ T6757] netlink: 28 bytes leftover after parsing attributes in process `syz.2.48'. [ 50.312123][ T6745] loop3: detected capacity change from 0 to 131072 [ 50.315275][ T6745] F2FS-fs (loop3): Wrong NAT boundary, start(2560) end(9728) blocks(1024) [ 50.317808][ T6745] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 50.327520][ T6745] F2FS-fs (loop3): invalid crc value [ 50.377758][ T6745] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 50.377838][ T6745] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 50.421290][ T6759] loop1: detected capacity change from 0 to 32768 [ 51.077613][ T6531] Bluetooth: hci4: command tx timeout [ 51.120504][ T6784] loop0: detected capacity change from 0 to 4096 [ 51.132911][ T6784] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512). [ 51.167516][ T6531] Bluetooth: hci3: command tx timeout [ 51.167595][ T6531] Bluetooth: hci1: command tx timeout [ 51.167629][ T6531] Bluetooth: hci2: command tx timeout [ 51.167663][ T6531] Bluetooth: hci0: command tx timeout [ 51.532371][ T6797] netlink: 'syz.1.63': attribute type 4 has an invalid length. [ 51.545759][ T6780] loop4: detected capacity change from 0 to 32768 [ 51.587880][ T6780] (syz.4.57,6780,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 51.594213][ T6780] (syz.4.57,6780,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 51.639893][ T6780] JBD2: Ignoring recovery information on journal [ 51.730327][ T6780] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 51.776018][ T6783] loop2: detected capacity change from 0 to 32768 [ 51.808354][ T6783] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 51.881570][ T6822] netlink: 136 bytes leftover after parsing attributes in process `syz.3.70'. [ 51.931133][ T6783] XFS (loop2): Ending clean mount [ 52.075492][ T6526] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 52.094081][ T6836] netlink: 8 bytes leftover after parsing attributes in process `syz.1.77'. [ 52.097175][ T6836] netlink: 16 bytes leftover after parsing attributes in process `syz.1.77'. [ 52.171322][ T6527] ocfs2: Unmounting device (7,4) on (node local) [ 52.230553][ T6842] netlink: 'syz.2.78': attribute type 4 has an invalid length. [ 52.985630][ T6887] Zero length message leads to an empty skb [ 53.197325][ T6877] loop0: detected capacity change from 0 to 32768 [ 53.199931][ T6896] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 53.298247][ T6877] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io [ 53.298247][ T6877] allowing incompatible features above 0.0: (unknown version) [ 53.298247][ T6877] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 53.298333][ T6877] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 53.298755][ T6877] bcachefs (loop0): invalid bkey in superblock btree=alloc level=1: u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq ac62141f8dc7e261 written 24 min_key 72057594037927936:0:0 durability: 0 (invalid extent entry 0000000000000000) [ 53.298783][ T6877] invalid extent entry type (got 7, max 7), deleting [ 53.298902][ T6877] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 53.299025][ T6877] bcachefs (loop0): Version upgrade required: [ 53.299025][ T6877] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 53.299025][ T6877] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 53.299025][ T6877] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 53.299222][ T6877] bcachefs (loop0): dropping and reconstructing all alloc info [ 53.355308][ T6877] bcachefs (loop0): accounting_read... [ 53.391271][ T6900] loop2: detected capacity change from 0 to 4096 [ 53.406763][ T6877] done [ 53.406832][ T6877] bcachefs (loop0): alloc_read... done [ 53.407051][ T6877] bcachefs (loop0): snapshots_read... done [ 53.407278][ T6877] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 53.407447][ T6877] bcachefs (loop0): done starting filesystem [ 53.459828][ T6877] bcachefs (loop0): hash table key at wrong offset: should be at 331005371 [ 53.459890][ T6877] u64s 7 type dirent 4096:189491840996961599:U32_MAX len 0 ver 0: file0 -> 4098 type dir, shutting down [ 53.464931][ T6877] error not marked as autofix and not in fsck [ 53.464947][ T6877] run fsck, and forward to devs so error can be marked for self-healing [ 53.464958][ T6877] emergency read only at seq 10 [ 53.465092][ T6877] bcachefs (loop0): bch2_vfs_readdir(): error fsck_errors_not_fixed [ 53.476132][ T6893] loop3: detected capacity change from 0 to 32768 [ 53.510104][ T6893] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.103 (6893) [ 53.545008][ T6893] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 53.545180][ T6893] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 53.545240][ T6893] BTRFS info (device loop3): using free-space-tree [ 53.571306][ T6518] bcachefs (loop0): shutting down [ 53.628608][ T6518] bcachefs (loop0): shutdown complete [ 53.747311][ T6519] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 53.788527][ T6923] loop1: detected capacity change from 0 to 4096 [ 53.813254][ T6923] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 53.928648][ T6902] loop4: detected capacity change from 0 to 32768 [ 53.962437][ T6522] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 54.018829][ T6902] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 54.287405][ T6946] loop3: detected capacity change from 0 to 16 [ 54.300503][ T6527] ocfs2: Unmounting device (7,4) on (node local) [ 54.308910][ T6946] erofs (device loop3): mounted with root inode @ nid 36. [ 54.358533][ T6946] erofs (device loop3): corrupted dir block 8200 @ nid 36 [ 54.367000][ T6946] erofs (device loop3): invalid de[0].nameoff 0 @ nid 36 [ 54.550116][ T6936] loop1: detected capacity change from 0 to 32768 [ 54.556975][ T6953] overlayfs: "xino=on" is useless with all layers on same fs, ignore. [ 54.585021][ T6936] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 54.676797][ T6961] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 54.789052][ T6522] ocfs2: Unmounting device (7,1) on (node local) [ 54.826979][ T6969] Illegal XDP return value 4294967294 on prog (id 2) dev N/A, expect packet loss! [ 54.881736][ T6974] loop4: detected capacity change from 0 to 512 [ 54.900304][ T6974] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 54.933492][ T6974] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.133: casefold flag without casefold feature [ 54.940556][ T6974] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.133: couldn't read orphan inode 15 (err -117) [ 54.941851][ T6974] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.054288][ T6527] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.201242][ T6990] netem: incorrect ge model size [ 55.201327][ T6990] netem: change failed [ 55.298902][ T6994] loop2: detected capacity change from 0 to 512 [ 55.335174][ T6994] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 55.344290][ T7001] loop0: detected capacity change from 0 to 16 [ 55.353401][ T7001] erofs (device loop0): mounted with root inode @ nid 36. [ 55.393488][ T7001] erofs (device loop0): corrupted dir block 8200 @ nid 36 [ 55.397816][ T7001] erofs (device loop0): readahead error at folio 26 @ nid 36 [ 55.397930][ T7001] erofs (device loop0): readahead error at folio 25 @ nid 36 [ 55.398392][ T7001] erofs (device loop0): readahead error at folio 24 @ nid 36 [ 55.398425][ T7001] erofs (device loop0): readahead error at folio 23 @ nid 36 [ 55.398449][ T7001] erofs (device loop0): readahead error at folio 22 @ nid 36 [ 55.398473][ T7001] erofs (device loop0): readahead error at folio 21 @ nid 36 [ 55.398497][ T7001] erofs (device loop0): readahead error at folio 20 @ nid 36 [ 55.398557][ T7001] erofs (device loop0): readahead error at folio 18 @ nid 36 [ 55.398599][ T7001] erofs (device loop0): readahead error at folio 16 @ nid 36 [ 55.398696][ T7001] erofs (device loop0): readahead error at folio 12 @ nid 36 [ 55.398824][ T7001] syz.0.144: attempt to access beyond end of device [ 55.398824][ T7001] loop0: rw=524288, sector=720, nr_sectors = 16 limit=16 [ 55.399174][ T7001] syz.0.144: attempt to access beyond end of device [ 55.399174][ T7001] loop0: rw=524288, sector=525144, nr_sectors = 16 limit=16 [ 55.399266][ T7001] syz.0.144: attempt to access beyond end of device [ 55.399266][ T7001] loop0: rw=524288, sector=16, nr_sectors = 8 limit=16 [ 55.399437][ T7001] syz.0.144: attempt to access beyond end of device [ 55.399437][ T7001] loop0: rw=524288, sector=13716630376, nr_sectors = 8 limit=16 [ 55.403262][ T6994] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.141: corrupted inode contents [ 55.416263][ T6994] EXT4-fs error (device loop2): ext4_dirty_inode:6459: inode #2: comm syz.2.141: mark_inode_dirty error [ 55.420088][ T6994] EXT4-fs error (device loop2): ext4_do_update_inode:5568: inode #2: comm syz.2.141: corrupted inode contents [ 55.515252][ T6526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 55.622254][ T6984] loop4: detected capacity change from 0 to 32768 [ 55.658386][ T6984] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 55.668547][ T7016] pimreg: tun_chr_ioctl cmd 2147767507 [ 55.694253][ T6984] (syz.4.136,6984,0):ocfs2_dio_end_io:2398 ERROR: Direct IO failed, bytes = -14 [ 55.732620][ T6527] ocfs2: Unmounting device (7,4) on (node local) [ 55.814366][ T7024] capability: warning: `syz.3.154' uses deprecated v2 capabilities in a way that may be insecure [ 56.373559][ T7038] loop4: detected capacity change from 0 to 32768 [ 56.377659][ T7033] loop3: detected capacity change from 0 to 32768 [ 56.404598][ T7038] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 56.414737][ T7033] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 56.474494][ T7033] XFS (loop3): Ending clean mount [ 56.484653][ T7033] XFS (loop3): Quotacheck needed: Please wait. [ 56.514559][ T6527] ocfs2: Unmounting device (7,4) on (node local) [ 56.531468][ T7033] XFS (loop3): Quotacheck: Done. [ 56.567066][ T7043] netlink: 'syz.1.162': attribute type 5 has an invalid length. [ 56.567128][ T7043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.162'. [ 56.658987][ T6519] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 56.813583][ T7063] loop1: detected capacity change from 0 to 1024 [ 56.942757][ T681] hfsplus: b-tree write err: -5, ino 8 [ 57.200105][ T7061] loop2: detected capacity change from 0 to 32768 [ 57.218553][ T7061] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 57.256069][ T7067] loop4: detected capacity change from 0 to 40427 [ 57.265870][ T7067] F2FS-fs (loop4): build fault injection rate: 771 [ 57.317974][ T7067] F2FS-fs (loop4): invalid crc value [ 57.339674][ T7061] XFS (loop2): Ending clean mount [ 57.342028][ T7061] XFS (loop2): Quotacheck needed: Please wait. [ 57.368540][ T7067] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 57.413662][ T7061] XFS (loop2): Quotacheck: Done. [ 57.460314][ T6520] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 57.463156][ T6520] CPU: 0 UID: 0 PID: 6520 Comm: kworker/u9:2 Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT [ 57.463182][ T6520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 57.463191][ T6520] Workqueue: hci1 hci_rx_work [ 57.463218][ T6520] Call trace: [ 57.463223][ T6520] show_stack+0x2c/0x3c (C) [ 57.463242][ T6520] __dump_stack+0x30/0x40 [ 57.463257][ T6520] dump_stack_lvl+0xd8/0x12c [ 57.463281][ T6520] dump_stack+0x1c/0x28 [ 57.463295][ T6520] sysfs_create_dir_ns+0x22c/0x24c [ 57.463311][ T6520] kobject_add_internal+0x5a8/0xb20 [ 57.463326][ T6520] kobject_add+0x134/0x200 [ 57.463339][ T6520] device_add+0x394/0xa60 [ 57.463353][ T6520] hci_conn_add_sysfs+0xc0/0x1d0 [ 57.463366][ T6520] le_conn_complete_evt+0x98c/0xe84 [ 57.463379][ T6520] hci_le_enh_conn_complete_evt+0x114/0x3f8 [ 57.463391][ T6520] hci_le_meta_evt+0x2cc/0x4b0 [ 57.463405][ T6520] hci_event_packet+0x60c/0xe9c [ 57.463418][ T6520] hci_rx_work+0x320/0xb18 [ 57.463428][ T6520] process_one_work+0x7e8/0x155c [ 57.463444][ T6520] worker_thread+0x958/0xed8 [ 57.463458][ T6520] kthread+0x5fc/0x75c [ 57.463471][ T6520] ret_from_fork+0x10/0x20 [ 57.463642][ T6520] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 57.463692][ T6520] Bluetooth: hci1: failed to register connection device [ 57.516538][ T7067] F2FS-fs (loop4): Stopped filesystem due to reason: 0 [ 57.552529][ T7069] loop1: detected capacity change from 0 to 32768 [ 57.583753][ T7069] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 57.632297][ T6526] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 57.769829][ T6522] ocfs2: Unmounting device (7,1) on (node local) [ 58.223727][ T7090] Bluetooth: hci0: Opcode 0x0401 failed: -4 [ 58.323670][ T7122] loop3: detected capacity change from 0 to 1024 [ 58.429814][ T7131] loop2: detected capacity change from 0 to 256 [ 58.462024][ T7121] hfsplus: invalid extended attribute record [ 58.505182][ T7131] FAT-fs (loop2): Directory bread(block 64) failed [ 58.505451][ T7131] FAT-fs (loop2): Directory bread(block 65) failed [ 58.505533][ T7131] FAT-fs (loop2): Directory bread(block 66) failed [ 58.505573][ T7131] FAT-fs (loop2): Directory bread(block 67) failed [ 58.505631][ T7131] FAT-fs (loop2): Directory bread(block 68) failed [ 58.505670][ T7131] FAT-fs (loop2): Directory bread(block 69) failed [ 58.505730][ T7131] FAT-fs (loop2): Directory bread(block 70) failed [ 58.505769][ T7131] FAT-fs (loop2): Directory bread(block 71) failed [ 58.505848][ T7131] FAT-fs (loop2): Directory bread(block 72) failed [ 58.505887][ T7131] FAT-fs (loop2): Directory bread(block 73) failed [ 58.575512][ T7137] netlink: 48 bytes leftover after parsing attributes in process `syz.1.197'. [ 58.577625][ T2142] hfsplus: b-tree write err: -5, ino 8 [ 58.740526][ T7131] syz.2.193: attempt to access beyond end of device [ 58.740526][ T7131] loop2: rw=2051, sector=1256, nr_sectors = 32 limit=256 [ 58.746870][ T7131] syz.2.193: attempt to access beyond end of device [ 58.746870][ T7131] loop2: rw=2051, sector=1320, nr_sectors = 32 limit=256 [ 58.750013][ T7131] syz.2.193: attempt to access beyond end of device [ 58.750013][ T7131] loop2: rw=2049, sector=1224, nr_sectors = 32 limit=256 [ 58.750743][ T7131] syz.2.193: attempt to access beyond end of device [ 58.750743][ T7131] loop2: rw=2049, sector=1288, nr_sectors = 32 limit=256 [ 58.750844][ T7131] syz.2.193: attempt to access beyond end of device [ 58.750844][ T7131] loop2: rw=2049, sector=1352, nr_sectors = 4 limit=256 [ 58.855913][ T7141] loop4: detected capacity change from 0 to 32768 [ 58.864779][ T7141] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.198 (7141) [ 58.895396][ T7141] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 58.895493][ T7141] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 58.895538][ T7141] BTRFS info (device loop4): using free-space-tree [ 59.056103][ T7166] capability: warning: `syz.2.202' uses 32-bit capabilities (legacy support in use) [ 59.320989][ T6630] IPVS: starting estimator thread 0... [ 59.323296][ T6527] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 59.410692][ T7175] IPVS: using max 33 ests per chain, 79200 per kthread [ 59.422260][ T7144] loop1: detected capacity change from 0 to 65536 [ 59.476419][ T6520] Bluetooth: hci0: command 0x0401 tx timeout [ 59.481697][ T7144] XFS (loop1): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 59.555000][ T7144] XFS (loop1): Ending clean mount [ 59.568016][ T7144] XFS (loop1): Quotacheck needed: Please wait. [ 59.633941][ T7144] XFS (loop1): Quotacheck: Done. [ 59.692788][ T7144] XFS (loop1): User initiated shutdown received. [ 59.693021][ T7144] XFS (loop1): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x80/0x15c (fs/xfs/xfs_fsops.c:476). Shutting down filesystem. [ 59.693068][ T7144] XFS (loop1): Please unmount the filesystem and rectify the problem(s) [ 59.772503][ T7177] loop2: detected capacity change from 0 to 40427 [ 59.780059][ T6522] XFS (loop1): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2 [ 59.780844][ T7177] F2FS-fs (loop2): build fault injection rate: 690 [ 59.810654][ T7177] F2FS-fs (loop2): invalid crc value [ 59.939123][ T7177] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 60.232201][ T7196] loop0: detected capacity change from 0 to 32768 [ 60.291964][ T7196] XFS (loop0): Mounting V5 Filesystem ca7e2101-b8f1-4838-8e2d-7637b90620e6 [ 60.302726][ T7196] XFS (loop0): Log size 624 blocks too small, minimum size is 816 blocks [ 60.302780][ T7196] XFS (loop0): AAIEEE! Log failed size checks. Abort! [ 60.320493][ T7196] XFS (loop0): log mount failed [ 60.512364][ T7246] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 60.662312][ T7251] loop2: detected capacity change from 0 to 256 [ 60.674543][ T7251] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 60.674667][ T7251] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 60.708893][ T7251] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x43c9847d, utbl_chksum : 0xe619d30d) [ 60.891986][ T7235] loop4: detected capacity change from 0 to 32768 [ 60.951685][ T7235] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 61.166978][ T6527] ocfs2: Unmounting device (7,4) on (node local) [ 61.342770][ T7256] loop3: detected capacity change from 0 to 32768 [ 61.345816][ T7256] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.229 (7256) [ 61.362800][ T7256] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 61.362891][ T7256] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 61.362936][ T7256] BTRFS info (device loop3): using free-space-tree [ 61.477380][ T1781] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 61.629629][ T1781] usb 1-1: config 0 has an invalid interface number: 127 but max is 1 [ 61.629693][ T1781] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 61.629709][ T1781] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 61.629726][ T1781] usb 1-1: config 0 has no interface number 0 [ 61.629750][ T1781] usb 1-1: config 0 interface 127 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 61.632825][ T1781] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 61.632853][ T1781] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 61.632869][ T1781] usb 1-1: Product: syz [ 61.632881][ T1781] usb 1-1: Manufacturer: syz [ 61.632894][ T1781] usb 1-1: SerialNumber: syz [ 61.659296][ T1781] usb 1-1: config 0 descriptor?? [ 61.670075][ T1781] usb-storage 1-1:0.127: USB Mass Storage device detected [ 61.671846][ T6519] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 61.687811][ T1781] usb-storage 1-1:0.127: Quirks match for vid 1908 pid 1315: 20000 [ 61.726866][ T7281] loop1: detected capacity change from 0 to 32768 [ 61.755550][ T7281] (syz.1.239,7281,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 61.756063][ T7281] (syz.1.239,7281,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 61.781696][ T7281] JBD2: Ignoring recovery information on journal [ 61.833196][ T7281] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 61.954310][ T6580] usb 1-1: USB disconnect, device number 2 [ 62.001921][ T7309] loop4: detected capacity change from 0 to 40427 [ 62.092651][ T7309] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 62.155460][ T6522] ocfs2: Unmounting device (7,1) on (node local) [ 62.182395][ T7333] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 62.248238][ T6527] syz-executor: attempt to access beyond end of device [ 62.248238][ T6527] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 62.249530][ T6527] CPU: 0 UID: 0 PID: 6527 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT [ 62.249549][ T6527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 62.249557][ T6527] Call trace: [ 62.249561][ T6527] show_stack+0x2c/0x3c (C) [ 62.249582][ T6527] __dump_stack+0x30/0x40 [ 62.249597][ T6527] dump_stack_lvl+0xd8/0x12c [ 62.249610][ T6527] dump_stack+0x1c/0x28 [ 62.249623][ T6527] f2fs_handle_critical_error+0x34c/0x4b8 [ 62.249635][ T6527] f2fs_stop_checkpoint+0x5c/0x70 [ 62.249649][ T6527] f2fs_write_end_io+0x58c/0x818 [ 62.249661][ T6527] bio_endio+0x804/0x840 [ 62.249672][ T6527] submit_bio_noacct+0x158/0x176c [ 62.249686][ T6527] submit_bio+0x354/0x4d4 [ 62.249698][ T6527] f2fs_submit_write_bio+0x13c/0x324 [ 62.249710][ T6527] __submit_merged_bio+0x254/0x704 [ 62.249721][ T6527] __submit_merged_write_cond+0x23c/0x4ac [ 62.249732][ T6527] f2fs_write_data_pages+0x1d28/0x2634 [ 62.249744][ T6527] do_writepages+0x270/0x468 [ 62.249758][ T6527] filemap_fdatawrite+0x144/0x1e8 [ 62.249773][ T6527] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 62.249787][ T6527] f2fs_write_checkpoint+0x684/0x1694 [ 62.249800][ T6527] kill_f2fs_super+0x21c/0x584 [ 62.249812][ T6527] deactivate_locked_super+0xc4/0x12c [ 62.249824][ T6527] deactivate_super+0xe0/0x100 [ 62.249834][ T6527] cleanup_mnt+0x31c/0x3ac [ 62.249845][ T6527] __cleanup_mnt+0x20/0x30 [ 62.249856][ T6527] task_work_run+0x1dc/0x260 [ 62.249868][ T6527] do_notify_resume+0x16c/0x1ec [ 62.249880][ T6527] el0_svc+0xb4/0x17c [ 62.249893][ T6527] el0t_64_sync_handler+0x78/0x108 [ 62.249905][ T6527] el0t_64_sync+0x198/0x19c [ 62.249920][ T6527] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 63.103136][ T7365] loop0: detected capacity change from 0 to 2048 [ 63.123978][ T7365] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 63.183593][ T6725] udevd[6725]: incorrect nilfs2 checksum on /dev/loop0 [ 63.206421][ T7366] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 63.224383][ T7363] loop4: detected capacity change from 0 to 32768 [ 63.254117][ T7356] loop1: detected capacity change from 0 to 32768 [ 63.264887][ T7356] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.258 (7356) [ 63.274590][ T7356] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 63.276925][ T7356] BTRFS info (device loop1): using sha256 (sha256-arm64) checksum algorithm [ 63.276978][ T7356] BTRFS info (device loop1): disk space caching is enabled [ 63.277109][ T7356] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 63.362229][ T7356] BTRFS info (device loop1): rebuilding free space tree [ 63.367569][ T6518] Buffer I/O error on dev loop0, logical block 1020, lost sync page write [ 63.372467][ T6518] NILFS (loop0): unable to write superblock: err=-5 [ 63.374597][ T6518] Buffer I/O error on dev loop0, logical block 1, lost sync page write [ 63.377297][ T6518] NILFS (loop0): unable to write superblock: err=-5 [ 63.448980][ T7356] BTRFS info (device loop1): disabling free space tree [ 63.449082][ T7356] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 63.449177][ T7356] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 63.570429][ T7360] loop2: detected capacity change from 0 to 32768 [ 63.586081][ T7360] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 63.597219][ T7360] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 63.682869][ T13] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 63.724200][ T6526] ocfs2: Unmounting device (7,2) on (node local) [ 63.763252][ T6522] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 63.840830][ T7389] loop0: detected capacity change from 0 to 32768 [ 63.861009][ T7389] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 63.987301][ T7389] XFS (loop0): Ending clean mount [ 64.089607][ T6518] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 64.273665][ T7393] loop3: detected capacity change from 0 to 32768 [ 64.277551][ T7387] loop4: detected capacity change from 0 to 40427 [ 64.285305][ T7387] F2FS-fs (loop4): invalid crc value [ 64.412710][ T7387] F2FS-fs (loop4): Start checkpoint disabled! [ 64.453408][ T7387] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 64.710529][ T7413] loop2: detected capacity change from 0 to 32768 [ 64.749966][ T7413] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 64.797033][ T7413] XFS (loop2): Ending clean mount [ 64.801247][ T7413] XFS (loop2): Quotacheck needed: Please wait. [ 64.838677][ T2411] ieee802154 phy0 wpan0: encryption failed: -22 [ 64.838832][ T2411] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.842269][ T7440] loop0: detected capacity change from 0 to 1024 [ 64.842798][ T7440] EXT4-fs: Ignoring removed bh option [ 64.842842][ T7440] EXT4-fs: inline encryption not supported [ 64.850155][ T7440] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 64.874662][ T7440] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000] [ 64.875969][ T7413] XFS (loop2): Quotacheck: Done. [ 64.899058][ T7440] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 2: comm syz.0.280: lblock 2 mapped to illegal pblock 2 (length 1) [ 64.903184][ T7440] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 64.903272][ T7440] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 48: comm syz.0.280: lblock 0 mapped to illegal pblock 48 (length 1) [ 64.903792][ T7440] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 64.903888][ T7440] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.280: Failed to acquire dquot type 0 [ 64.904227][ T7440] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 64.905436][ T7440] EXT4-fs error (device loop0): ext4_evict_inode:254: inode #11: comm syz.0.280: mark_inode_dirty error [ 64.905606][ T7440] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -117) [ 64.905811][ T7440] EXT4-fs (loop0): 1 orphan inode deleted [ 64.906823][ T7440] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 64.941700][ T13] EXT4-fs error (device loop0): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 64.960742][ T13] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 64.961313][ T13] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u8:1: Failed to release dquot type 0 [ 65.030310][ T6518] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 65.032202][ T6518] EXT4-fs error (device loop0): __ext4_get_inode_loc:4792: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 65.036629][ T6518] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6255: Corrupt filesystem [ 65.036825][ T6518] EXT4-fs error (device loop0): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error [ 65.114170][ T6526] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 65.222835][ T31] audit: type=1326 audit(64.840:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7453 comm="syz.2.282" exe="/root/syz-executor" sig=9 arch=c00000b7 syscall=98 compat=0 ip=0xffffa155a8a8 code=0x0 [ 65.223985][ T7456] loop1: detected capacity change from 0 to 1024 [ 65.441221][ T7464] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only [ 65.583041][ T7471] loop0: detected capacity change from 0 to 1024 [ 65.776738][ T13] hfsplus: b-tree write err: -5, ino 4 [ 66.129841][ T7497] loop2: detected capacity change from 0 to 64 [ 66.198633][ T7497] Trying to free block not in datazone [ 66.243736][ T7497] Trying to free block not in datazone [ 66.243869][ T7497] minix_free_inode: bit 3 already cleared [ 66.258623][ T7504] loop1: detected capacity change from 0 to 164 [ 66.489777][ T7491] loop0: detected capacity change from 0 to 32768 [ 66.507844][ T7491] (syz.0.301,7491,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 66.511978][ T7491] (syz.0.301,7491,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 66.560122][ T7491] JBD2: Ignoring recovery information on journal [ 66.571772][ T7501] loop3: detected capacity change from 0 to 32768 [ 66.614418][ T7491] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 66.633641][ T7505] loop4: detected capacity change from 0 to 32768 [ 66.657974][ T7501] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 66.684821][ T7501] XFS (loop3): Ending clean mount [ 66.693111][ T7505] JBD2: Ignoring recovery information on journal [ 66.721045][ T7505] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 66.756730][ T7505] (syz.4.307,7505,1):ocfs2_read_blocks_sync:112 ERROR: status = -12 [ 66.756848][ T7505] (syz.4.307,7505,1):ocfs2_group_add:503 ERROR: Can't read the group descriptor # 4294967297 from the device. [ 66.830520][ T6519] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 66.847637][ T6527] ocfs2: Unmounting device (7,4) on (node local) [ 66.892387][ T6518] ocfs2: Unmounting device (7,0) on (node local) [ 67.411123][ T7565] netlink: 'syz.4.330': attribute type 1 has an invalid length. [ 67.413573][ T7565] netlink: 'syz.4.330': attribute type 2 has an invalid length. [ 67.471384][ T7566] netlink: 'syz.4.330': attribute type 1 has an invalid length. [ 67.473732][ T7566] netlink: 'syz.4.330': attribute type 2 has an invalid length. [ 67.620311][ T7551] loop3: detected capacity change from 0 to 32768 [ 67.635365][ T7551] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 67.660410][ T7555] loop1: detected capacity change from 0 to 40427 [ 67.663904][ T7555] F2FS-fs (loop1): build fault injection rate: 690 [ 67.663987][ T7555] F2FS-fs (loop1): Image doesn't support compression [ 67.664021][ T7555] F2FS-fs (loop1): Image doesn't support compression [ 67.680008][ T7555] F2FS-fs (loop1): invalid crc value [ 67.687581][ T6519] ocfs2: Unmounting device (7,3) on (node local) [ 67.753626][ T7555] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 67.830827][ T6522] syz-executor: attempt to access beyond end of device [ 67.830827][ T6522] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 67.830925][ T6522] CPU: 1 UID: 0 PID: 6522 Comm: syz-executor Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT [ 67.830940][ T6522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 67.830947][ T6522] Call trace: [ 67.830952][ T6522] show_stack+0x2c/0x3c (C) [ 67.830972][ T6522] __dump_stack+0x30/0x40 [ 67.830987][ T6522] dump_stack_lvl+0xd8/0x12c [ 67.831000][ T6522] dump_stack+0x1c/0x28 [ 67.831013][ T6522] f2fs_handle_critical_error+0x34c/0x4b8 [ 67.831025][ T6522] f2fs_stop_checkpoint+0x5c/0x70 [ 67.831039][ T6522] f2fs_write_end_io+0x58c/0x818 [ 67.831051][ T6522] bio_endio+0x804/0x840 [ 67.831063][ T6522] submit_bio_noacct+0x158/0x176c [ 67.831076][ T6522] submit_bio+0x354/0x4d4 [ 67.831089][ T6522] f2fs_submit_write_bio+0x13c/0x324 [ 67.831100][ T6522] __submit_merged_bio+0x254/0x704 [ 67.831111][ T6522] __submit_merged_write_cond+0x23c/0x4ac [ 67.831122][ T6522] f2fs_write_data_pages+0x1d28/0x2634 [ 67.831134][ T6522] do_writepages+0x270/0x468 [ 67.831149][ T6522] filemap_fdatawrite+0x144/0x1e8 [ 67.831163][ T6522] f2fs_sync_dirty_inodes+0x2b8/0x788 [ 67.831177][ T6522] f2fs_write_checkpoint+0x684/0x1694 [ 67.831191][ T6522] kill_f2fs_super+0x21c/0x584 [ 67.831202][ T6522] deactivate_locked_super+0xc4/0x12c [ 67.831225][ T6522] deactivate_super+0xe0/0x100 [ 67.831235][ T6522] cleanup_mnt+0x31c/0x3ac [ 67.831247][ T6522] __cleanup_mnt+0x20/0x30 [ 67.831258][ T6522] task_work_run+0x1dc/0x260 [ 67.831275][ T6522] do_notify_resume+0x16c/0x1ec [ 67.831288][ T6522] el0_svc+0xb4/0x17c [ 67.831301][ T6522] el0t_64_sync_handler+0x78/0x108 [ 67.831313][ T6522] el0t_64_sync+0x198/0x19c [ 67.833733][ T6522] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 68.165356][ T7593] binder: 7591:7593 ERROR: Thread waiting for process work before calling BC_REGISTER_LOOPER or BC_ENTER_LOOPER (state 10) [ 68.165439][ T7593] binder: 7593 RLIMIT_NICE not set [ 68.216013][ T7597] loop2: detected capacity change from 0 to 1024 [ 68.296237][ T681] hfsplus: b-tree write err: -5, ino 8 [ 68.461780][ T7607] pimreg0: tun_chr_ioctl cmd 1074025677 [ 68.464113][ T7607] pimreg0: linktype set to 825 [ 68.480005][ T7611] loop2: detected capacity change from 0 to 128 [ 68.521758][ T7611] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 68.524386][ T7611] FAT-fs (loop2): Filesystem has been set read-only [ 68.859490][ T7633] netlink: 8 bytes leftover after parsing attributes in process `syz.1.360'. [ 69.542314][ T7663] loop2: detected capacity change from 0 to 512 [ 69.612074][ T7663] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.374: casefold flag without casefold feature [ 69.613285][ T7665] loop3: detected capacity change from 0 to 1764 [ 69.615679][ T7663] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.374: couldn't read orphan inode 15 (err -117) [ 69.618942][ T7663] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 69.622685][ T7665] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet. [ 69.623052][ T7665] ISOFS: unable to read i-node block [ 69.623118][ T7665] isofs_fill_super: get root inode failed [ 69.690005][ T7671] loop0: detected capacity change from 0 to 4096 [ 69.719052][ T7665] loop3: detected capacity change from 0 to 4096 [ 69.763643][ T7672] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 69.771476][ T7674] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 69.838463][ T6526] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 69.866446][ T7665] NILFS (loop3): bad btree node (ino=3, blocknr=0): level = 0, flags = 0x0, nchildren = 0 [ 69.866619][ T7665] NILFS error (device loop3): nilfs_bmap_lookup_at_level: broken bmap (inode number=3) [ 69.888474][ T7665] Remounting filesystem read-only [ 69.960656][ T2333] cfg80211: failed to load regulatory.db [ 70.014914][ T7679] xt_hashlimit: size too large, truncated to 1048576 [ 70.624015][ T7702] loop4: detected capacity change from 0 to 8 [ 70.785260][ T7689] loop0: detected capacity change from 0 to 32768 [ 70.945423][ T7689] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,fsck_memory_usage_percent=39,norecovery,nojournal_transaction_names [ 70.945423][ T7689] allowing incompatible features above 0.0: (unknown version) [ 70.945423][ T7689] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 70.945508][ T7689] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 70.945606][ T7689] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 70.945728][ T7689] bcachefs (loop0): Version upgrade required: [ 70.945728][ T7689] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete [ 70.945728][ T7689] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive [ 70.945728][ T7689] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 70.985635][ T7689] bcachefs (loop0): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:536870912:U32_MAX len 0 ver 0: (unpack error) [ 70.985697][ T7689] invalid variable length fields, deleting [ 71.011320][ T7689] bcachefs (loop0): accounting_read... done [ 71.107075][ T7689] bcachefs (loop0): alloc_read... done [ 71.107327][ T7689] bcachefs (loop0): snapshots_read... done [ 71.107520][ T7689] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 71.107688][ T7689] bcachefs (loop0): done starting filesystem [ 71.224740][ T7689] bcachefs (loop0): pointer to nonexistent device 237 in key [ 71.224812][ T7689] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.225727][ T7689] bcachefs (loop0): /file3 offset 0: no_devices_valid [ 71.225727][ T7689] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.274118][ T7689] bcachefs (loop0): /file3 offset 0: no_devices_valid [ 71.274118][ T7689] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.274881][ T7689] bcachefs (loop0): /file3 offset 0: no_devices_valid [ 71.274881][ T7689] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.275181][ T7689] bcachefs (loop0): /file3 offset 0: no_devices_valid [ 71.275181][ T7689] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.275481][ T7689] bcachefs (loop0): /file3 offset 0: no_devices_valid [ 71.275481][ T7689] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.275762][ T7689] bcachefs (loop0): /file3 offset 0: no_devices_valid [ 71.275762][ T7689] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.276045][ T7689] bcachefs (loop0): /file3 offset 0: no_devices_valid [ 71.276045][ T7689] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.289025][ T7689] bcachefs (loop0): /file3 offset 0: no_devices_valid [ 71.289025][ T7689] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.289370][ T7689] bcachefs (loop0): /file3 offset 0: no_devices_valid [ 71.289370][ T7689] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.300222][ T7688] bcachefs (loop0): /file3 offset 0: no_devices_valid [ 71.300222][ T7688] u64s 7 type extent 536870913:24:U32_MAX len 24 ver 0: durability: 0 crc: c_size 8 size 24 offset 0 nonce 0 csum none 0:0 compress lz4 ptr: 237:893353206280 gen 0 [ 71.406752][ T7689] [ 71.407395][ T7689] ====================================================== [ 71.409348][ T7689] WARNING: possible circular locking dependency detected [ 71.411192][ T7689] 6.16.0-rc1-syzkaller-g39dfc971e42d #0 Not tainted [ 71.412959][ T7689] ------------------------------------------------------ [ 71.414898][ T7689] syz.0.383/7689 is trying to acquire lock: [ 71.416469][ T7689] ffff0000f7ae41b0 (bcachefs_btree){+.+.}-{0:0}, at: trans_set_locked+0x68/0x200 [ 71.418910][ T7689] [ 71.418910][ T7689] but task is already holding lock: [ 71.420890][ T7689] ffff0000f91602e8 (mapping.invalidate_lock#8){.+.+}-{4:4}, at: filemap_fault+0x3fc/0x1280 [ 71.423643][ T7689] [ 71.423643][ T7689] which lock already depends on the new lock. [ 71.423643][ T7689] [ 71.426442][ T7689] [ 71.426442][ T7689] the existing dependency chain (in reverse order) is: [ 71.428921][ T7689] [ 71.428921][ T7689] -> #3 (mapping.invalidate_lock#8){.+.+}-{4:4}: [ 71.431255][ T7689] down_read+0x58/0x2f8 [ 71.432514][ T7689] filemap_fault+0x3fc/0x1280 [ 71.433889][ T7689] bch2_page_fault+0x2cc/0x700 [ 71.435341][ T7689] __do_fault+0x1fc/0x4cc [ 71.436665][ T7689] handle_mm_fault+0x2c94/0x4d38 [ 71.438142][ T7689] __get_user_pages+0x1ddc/0x309c [ 71.439716][ T7689] populate_vma_page_range+0x218/0x2e8 [ 71.441360][ T7689] __mm_populate+0x208/0x330 [ 71.442747][ T7689] vm_mmap_pgoff+0x378/0x43c [ 71.444087][ T7689] ksys_mmap_pgoff+0x394/0x5b8 [ 71.445521][ T7689] __arm64_sys_mmap+0xf8/0x110 [ 71.446929][ T7689] invoke_syscall+0x98/0x2b8 [ 71.448336][ T7689] el0_svc_common+0x130/0x23c [ 71.449766][ T7689] do_el0_svc+0x48/0x58 [ 71.451050][ T7689] el0_svc+0x58/0x17c [ 71.452288][ T7689] el0t_64_sync_handler+0x78/0x108 [ 71.453781][ T7689] el0t_64_sync+0x198/0x19c [ 71.455136][ T7689] [ 71.455136][ T7689] -> #2 (&mm->mmap_lock){++++}-{4:4}: [ 71.457273][ T7689] __might_fault+0xc4/0x124 [ 71.458631][ T7689] bch2_fs_ioctl+0xe34/0x29c4 [ 71.460056][ T7689] bch2_fs_file_ioctl+0x4dc/0x1964 [ 71.461571][ T7689] __arm64_sys_ioctl+0x14c/0x1c4 [ 71.463022][ T7689] invoke_syscall+0x98/0x2b8 [ 71.464393][ T7689] el0_svc_common+0x130/0x23c [ 71.465816][ T7689] do_el0_svc+0x48/0x58 [ 71.467088][ T7689] el0_svc+0x58/0x17c [ 71.468319][ T7689] el0t_64_sync_handler+0x78/0x108 [ 71.469819][ T7689] el0t_64_sync+0x198/0x19c [ 71.471178][ T7689] [ 71.471178][ T7689] -> #1 (&c->sb_lock){+.+.}-{4:4}: [ 71.473229][ T7689] __mutex_lock_common+0x1d0/0x2190 [ 71.474811][ T7689] mutex_lock_nested+0x2c/0x38 [ 71.476288][ T7689] bch2_run_explicit_recovery_pass+0x48/0xc8 [ 71.478007][ T7689] bch2_dev_missing_bkey+0x104/0x188 [ 71.479574][ T7689] bch2_bkey_pick_read_device+0x954/0x133c [ 71.481276][ T7689] __bch2_read_extent+0x6f0/0x3638 [ 71.482834][ T7689] bchfs_read+0x107c/0x17e8 [ 71.484181][ T7689] bch2_readahead+0xa18/0xd88 [ 71.485638][ T7689] read_pages+0x13c/0x4c4 [ 71.486973][ T7689] page_cache_ra_order+0x7b8/0xb34 [ 71.488503][ T7689] do_sync_mmap_readahead+0x2f0/0x660 [ 71.490089][ T7689] filemap_fault+0x5e4/0x1280 [ 71.491540][ T7689] bch2_page_fault+0x2cc/0x700 [ 71.492958][ T7689] __do_fault+0x1fc/0x4cc [ 71.494327][ T7689] handle_mm_fault+0x2c94/0x4d38 [ 71.495865][ T7689] __get_user_pages+0x1ddc/0x309c [ 71.497392][ T7689] populate_vma_page_range+0x218/0x2e8 [ 71.499022][ T7689] __mm_populate+0x208/0x330 [ 71.500466][ T7689] vm_mmap_pgoff+0x378/0x43c [ 71.501899][ T7689] ksys_mmap_pgoff+0x394/0x5b8 [ 71.503348][ T7689] __arm64_sys_mmap+0xf8/0x110 [ 71.504847][ T7689] invoke_syscall+0x98/0x2b8 [ 71.506269][ T7689] el0_svc_common+0x130/0x23c [ 71.507681][ T7689] do_el0_svc+0x48/0x58 [ 71.508956][ T7689] el0_svc+0x58/0x17c [ 71.510176][ T7689] el0t_64_sync_handler+0x78/0x108 [ 71.511792][ T7689] el0t_64_sync+0x198/0x19c [ 71.513229][ T7689] [ 71.513229][ T7689] -> #0 (bcachefs_btree){+.+.}-{0:0}: [ 71.515368][ T7689] __lock_acquire+0x1774/0x30a4 [ 71.516862][ T7689] lock_acquire+0x14c/0x2e0 [ 71.518262][ T7689] trans_set_locked+0x94/0x200 [ 71.519779][ T7689] bch2_trans_begin+0x71c/0xaac [ 71.521264][ T7689] bch2_read_err_msg_trans+0x64/0x298 [ 71.522852][ T7689] __bch2_read_extent+0x25f0/0x3638 [ 71.524422][ T7689] bchfs_read+0x107c/0x17e8 [ 71.525812][ T7689] bch2_read_single_folio+0x498/0x6e4 [ 71.527437][ T7689] bch2_read_folio+0x40/0x84 [ 71.528862][ T7689] filemap_read_folio+0xec/0x2f8 [ 71.530379][ T7689] filemap_fault+0xd48/0x1280 [ 71.531816][ T7689] bch2_page_fault+0x2cc/0x700 [ 71.533303][ T7689] __do_fault+0x1fc/0x4cc [ 71.534705][ T7689] handle_mm_fault+0x2c94/0x4d38 [ 71.536217][ T7689] __get_user_pages+0x1ddc/0x309c [ 71.537776][ T7689] populate_vma_page_range+0x218/0x2e8 [ 71.539392][ T7689] __mm_populate+0x208/0x330 [ 71.540785][ T7689] vm_mmap_pgoff+0x378/0x43c [ 71.542214][ T7689] ksys_mmap_pgoff+0x394/0x5b8 [ 71.543672][ T7689] __arm64_sys_mmap+0xf8/0x110 [ 71.545121][ T7689] invoke_syscall+0x98/0x2b8 [ 71.546562][ T7689] el0_svc_common+0x130/0x23c [ 71.547936][ T7689] do_el0_svc+0x48/0x58 [ 71.549189][ T7689] el0_svc+0x58/0x17c [ 71.550415][ T7689] el0t_64_sync_handler+0x78/0x108 [ 71.551923][ T7689] el0t_64_sync+0x198/0x19c [ 71.553262][ T7689] [ 71.553262][ T7689] other info that might help us debug this: [ 71.553262][ T7689] [ 71.556069][ T7689] Chain exists of: [ 71.556069][ T7689] bcachefs_btree --> &mm->mmap_lock --> mapping.invalidate_lock#8 [ 71.556069][ T7689] [ 71.559844][ T7689] Possible unsafe locking scenario: [ 71.559844][ T7689] [ 71.561874][ T7689] CPU0 CPU1 [ 71.563412][ T7689] ---- ---- [ 71.564870][ T7689] rlock(mapping.invalidate_lock#8); [ 71.566386][ T7689] lock(&mm->mmap_lock); [ 71.568345][ T7689] lock(mapping.invalidate_lock#8); [ 71.570545][ T7689] lock(bcachefs_btree); [ 71.571691][ T7689] [ 71.571691][ T7689] *** DEADLOCK *** [ 71.571691][ T7689] [ 71.573876][ T7689] 1 lock held by syz.0.383/7689: [ 71.575189][ T7689] #0: ffff0000f91602e8 (mapping.invalidate_lock#8){.+.+}-{4:4}, at: filemap_fault+0x3fc/0x1280 [ 71.578100][ T7689] [ 71.578100][ T7689] stack backtrace: [ 71.579777][ T7689] CPU: 0 UID: 0 PID: 7689 Comm: syz.0.383 Not tainted 6.16.0-rc1-syzkaller-g39dfc971e42d #0 PREEMPT [ 71.582729][ T7689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 71.585549][ T7689] Call trace: [ 71.586469][ T7689] show_stack+0x2c/0x3c (C) [ 71.587698][ T7689] __dump_stack+0x30/0x40 [ 71.588919][ T7689] dump_stack_lvl+0xd8/0x12c [ 71.590155][ T7689] dump_stack+0x1c/0x28 [ 71.591270][ T7689] print_circular_bug+0x324/0x32c [ 71.592681][ T7689] check_noncircular+0x154/0x174 [ 71.594015][ T7689] __lock_acquire+0x1774/0x30a4 [ 71.595338][ T7689] lock_acquire+0x14c/0x2e0 [ 71.595885][ T7727] netlink: 4 bytes leftover after parsing attributes in process `syz.1.398'. [ 71.598973][ T7689] trans_set_locked+0x94/0x200 [ 71.600280][ T7689] bch2_trans_begin+0x71c/0xaac [ 71.601629][ T7689] bch2_read_err_msg_trans+0x64/0x298 [ 71.603095][ T7689] __bch2_read_extent+0x25f0/0x3638 [ 71.604525][ T7689] bchfs_read+0x107c/0x17e8 [ 71.605759][ T7689] bch2_read_single_folio+0x498/0x6e4 [ 71.607296][ T7689] bch2_read_folio+0x40/0x84 [ 71.608577][ T7689] filemap_read_folio+0xec/0x2f8 [ 71.609948][ T7689] filemap_fault+0xd48/0x1280 [ 71.611249][ T7689] bch2_page_fault+0x2cc/0x700 [ 71.612532][ T7689] __do_fault+0x1fc/0x4cc [ 71.613790][ T7689] handle_mm_fault+0x2c94/0x4d38 [ 71.615159][ T7689] __get_user_pages+0x1ddc/0x309c [ 71.616525][ T7689] populate_vma_page_range+0x218/0x2e8 [ 71.618035][ T7689] __mm_populate+0x208/0x330 [ 71.619340][ T7689] vm_mmap_pgoff+0x378/0x43c [ 71.620562][ T7689] ksys_mmap_pgoff+0x394/0x5b8 [ 71.621884][ T7689] __arm64_sys_mmap+0xf8/0x110 [ 71.623192][ T7689] invoke_syscall+0x98/0x2b8 [ 71.624492][ T7689] el0_svc_common+0x130/0x23c [ 71.625795][ T7689] do_el0_svc+0x48/0x58 [ 71.626971][ T7689] el0_svc+0x58/0x17c [ 71.628059][ T7689] el0t_64_sync_handler+0x78/0x108 [ 71.629464][ T7689] el0t_64_sync+0x198/0x19c [ 71.669857][ T31] audit: type=1326 audit(71.290:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7724 comm="syz.3.397" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff9b95a8a8 code=0x0 [ 71.782679][ T6518] bcachefs (loop0): shutting down [ 71.841022][ T6518] bcachefs (loop0): shutdown complete