last executing test programs:

1m38.768837117s ago: executing program 2 (id=252):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000380)='rxrpc_call\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0x3, &(0x7f00000002c0)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rxrpc_call\x00', r1}, 0x10)
r2 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r2, &(0x7f00000001c0)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0x47c94)

1m38.218522351s ago: executing program 2 (id=256):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/rpc\x00')
r1 = fanotify_init(0x20, 0x2)
readv(r1, &(0x7f0000000100)=[{&(0x7f0000000400)=""/169, 0xa9}], 0x1)
fanotify_mark(r1, 0x1, 0x40001019, r0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
getdents(r0, 0x0, 0x0)

1m37.764421076s ago: executing program 2 (id=257):
r0 = socket$inet6(0xa, 0x80002, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x200c8004, &(0x7f0000000280)={0xa, 0xe20, 0x0, @remote}, 0x1c)
sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000640)=0x3, 0x4)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@remote, 0x0, 0x2, 0x2, 0x4}, 0x20)
setsockopt$inet6_udp_int(r0, 0x88, 0x1, &(0x7f0000000080), 0x4)

1m37.367810245s ago: executing program 2 (id=259):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

1m37.045974032s ago: executing program 2 (id=262):
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)="604a772826dea736729103ad8de752c24b2367617ecb7b6e6831a11ecd0b3617817414bf3243338133aeb1ef59f7bb", 0x2f, 0x4}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000060a0b040000000000000000020000002c0004802800018007000100637400001c0002800800014000000002080002400000000b05000300000000000900010073797a30000000000900020073797a320000000014000000110001"], 0x80}}, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
sendto$inet(r1, &(0x7f0000000140)="0e00", 0x2, 0x0, &(0x7f0000000340)={0x2, 0xfffd, @loopback}, 0x10)

1m36.449178384s ago: executing program 2 (id=265):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept(r0, 0x0, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x1088}, 0x1, 0x0, 0x0, 0x2000c8c0}, 0x8010)
recvmsg(r1, &(0x7f000000b680)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f000000b4c0)=""/5, 0x5}], 0x1}, 0x0)

1m35.632062979s ago: executing program 32 (id=265):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000200)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-serpent-avx2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept(r0, 0x0, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x1088}, 0x1, 0x0, 0x0, 0x2000c8c0}, 0x8010)
recvmsg(r1, &(0x7f000000b680)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f000000b4c0)=""/5, 0x5}], 0x1}, 0x0)

35.8405169s ago: executing program 4 (id=602):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x24020000)
syz_clone(0x16040000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioprio_set$pid(0x3, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)

35.216766017s ago: executing program 4 (id=607):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=@newqdisc={0x24, 0x24, 0x9dece93493136c35, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xfff3, 0x6}, {0xf, 0x7}, {0x0, 0x3}}}, 0x24}, 0x1, 0x0, 0x0, 0x4c014}, 0x41)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'macvtap0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

34.450256264s ago: executing program 4 (id=617):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11", 0xfffffde6}], 0x3, &(0x7f0000000380)=[@op={0x18}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)

34.134037099s ago: executing program 4 (id=619):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

33.889584927s ago: executing program 4 (id=620):
r0 = socket$kcm(0x29, 0x2, 0x0)
close(r0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @local}, 0xfc, 0x0}, 0x30004001)
setsockopt$sock_attach_bpf(r1, 0x6, 0xd, &(0x7f0000000000), 0x4)
setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x2cb)

33.355639483s ago: executing program 4 (id=622):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000140)={r2, 0x1, 0x6, @remote}, 0x10)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000180)={r2, 0x11, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0)

32.729914626s ago: executing program 33 (id=622):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000140)={r2, 0x1, 0x6, @remote}, 0x10)
setsockopt$packet_add_memb(r1, 0x107, 0x1, &(0x7f0000000180)={r2, 0x11, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1a}}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}}, 0x0)

7.065286289s ago: executing program 0 (id=779):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee8, 0x400, 0x1, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x0, 0x3, r0, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
listen(r0, 0xfffffff7)

5.711232706s ago: executing program 7 (id=793):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0xd, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, &(0x7f0000000080), &(0x7f0000000380)=r0}, 0x20)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r3}, &(0x7f0000000240), &(0x7f0000000280)=r1}, 0x20)

5.630360265s ago: executing program 6 (id=794):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000200)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4010, &(0x7f0000000300)={[{@nombcache}, {@barrier_val={'barrier', 0x3d, 0x3ff}}, {@test_dummy_encryption}, {@stripe={'stripe', 0x3d, 0x9}}, {@data_ordered}, {@test_dummy_encryption}, {@max_batch_time}, {@max_batch_time={'max_batch_time', 0x3d, 0x48}}]}, 0xd, 0x609, &(0x7f00000004c0)="$eJzs3c1vFVUbAPBnbj9oKbwt5I2KC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyIiX+EEtmy0sTEBRtXhoSoYWniNXM7U3p7P9pe2t6W+f2SS2fOmZlzhtvnnpnTc+YGUFiD6T+liH0RMZ1E9Cfzi3mdkWUOLmz34O+Pz6SvJMrl1/9MIsnS8u2T7GdftnNPRPz8UxJ7O2rLnZm7emF8amrySrY+PHtxenhm7uqh8xfHz02em7w0+uLo8WNHjx0fOdzSeV2rk3bqxnsf9H869ta3X/+TjHx3dyyJE/FKtuHS84iIX0stlVptMAYr/ydJbVbf8XU4/lbQkf2eLH2Lk842Vog1yd+/roh4MvqjIx6+ef3xyattrRywocpJRBkoqKTl+J/3yQHbWn4dkN/bL7sPjvW4Dwa2pvsnFzoAauO/c6FvMHoqfQM7HySxtFsniYjWeuaq7YqIO7fHbpy9PXYjavvhgA00fz0inqoX/0kl/geiJwYq8V+qiv/0uuB09jNNf63F8pd3FdfG/5EWjwysZCH+e5rGfzSI/7eXxP87LZY/+HDx3d6q+O9t9ZQAAAAAAACgsG6djIgX6v39v7Q4/ifqjP/pi4gT61D+4LL12r//l+6tQzFAHfdPRrxcd/xvKR/9O9CRLe2ujAfoSs6en5o8HBH/i4iD0bUjXR9pUsahz/Z+1ShvMBv/l7/S8u9kYwGzetzr3FG9z8T47PijnjcQcf96xNN1x/8mi+1/Uqf9Tz8PpldZxt7nbp5ulLdy/AMbpfxNxIG67f/Dp1YkzZ/PMVy5HhjOrwpqPfPR5z80Kr/V+PeICXh0afu/s3n8DyRLn9czs/Yyjsx1lhvltXr93528UXnkTHeW9uH47OyVkYju5FRHmlqVPrr2OsPjKI+HPF7S+D/4bPP+v3rX/70RMb/s2Mlf1XOKc0/82/d7o/q4/of2SeN/Yk3t/9oXRm8O/Nio/NW1/0crbf3BPEX/H1R8mYdpd3V6bRQuBnRV1mbXFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeB6WI2BVJaWhxuVQaGoroi4j/x87S1OWZ2efPXn7/0kSaV/n+/1L+Tb/9C+tJ/v3/A0vWR5etH4mIPRHxRUdvZX3ozOWpiXafPAAAAAAAAAAAAAAAAAAAAGwRfQ3m/6f+6Gh37YAN19nuCgBtUyf+f2lHPYDNp/2H4hL/UFziH4pL/ENxiX8oriXxf3d3OysCbDrtPxSX+AcAAAAAgMfKnv23fksiYv6l3sor1Z3ldTXZzzAB2P5K7a4A0DYe8QPFZegPFFeze3ygGJIV8nsa7rTSns1Mn3mEnQEAAAAAAAAAAACgcA7sa23+P7D9mf8PxWX+PxRXPv9/f5vrAWw+9/hArDCTv+78/xX3AgAAAAAAAAAAAADW08zc1QvjU1OTV9ZzYUescuPvN6L0Vhfe3BrV2MyFcrl8Lf0t2Cr12eYL+VD4TS69M1a3cT7Xb3VHbt9nEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUO2/AAAA//+7DyL6")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000240))
chdir(&(0x7f00000003c0)='./bus\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000440)={0xb, 0x4, 0x5, 0xff, 0x1, 0x0, [{0x42, 0x3, 0x13c9bd22}]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

5.426776834s ago: executing program 7 (id=795):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x9}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x304}, "7817765dc5914c3d", "c0a9b92b592a8e91a6934cb6b7b18f7a7a6eaa9cbd8ef3b0fbc326100136e976", "58a190f0", "2a1e833e7af32011"}, 0x38)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x27fa7000)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x2, &(0x7f0000000280)=@gcm_256={{0x304}, "54164ace0300", "faad50724acb18aba4e3bc654d684ad9c694f3e96ca4b72643dd3689727968e9", "5cb6d03a", "29a78ab9b0a4e8ae"}, 0x38)

5.187690998s ago: executing program 0 (id=799):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x1, @private}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
syz_usb_connect(0x5, 0x0, 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000b00)={0x2020}, 0x2020)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

4.951125666s ago: executing program 7 (id=801):
r0 = syz_create_resource$binfmt(&(0x7f0000000500)='./file0\x00')
r1 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xc}}, 0x5}, 0x1c)
connect$inet6(r2, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000100)='vlan0\x00', 0x10)
close_range(r1, 0xffffffffffffffff, 0x0)

4.699671419s ago: executing program 6 (id=804):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b685b431c70ea948259c4c869b4fc8db714e4b94bdae214fa68a051d4dca7d2647bec1fc89398d2b9000f224891060017c4700de60beac671e8e8f00cb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c59005cff414ed55b0d18a9d446935fb332bb593ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4ac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a0000000000002248950b000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r2, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r0}, 0x20)
recvfrom$inet6(r0, 0x0, 0x0, 0x2000, 0x0, 0x0)

4.510772059s ago: executing program 5 (id=806):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000000)={0x7, 0x8, 0x4, 0xdd7, 0x800, 0x156, 0x3, 0x460, <r1=>0x0}, 0x0)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={r1, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0x8}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x79, &(0x7f0000000000)=ANY=[], 0x8)

4.460345845s ago: executing program 7 (id=807):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005cf000/0x4000)=nil, 0x400000, 0x2, 0x2})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
migrate_pages(0x0, 0x8, &(0x7f0000000040)=0x400000000001, &(0x7f0000000100)=0x2)

4.319123184s ago: executing program 6 (id=808):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581", @ANYRES8], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000b00)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="00000f00000009003d140f3c369197d09647190890"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0xd01c4813, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x2, 0xfffffffd, 0x2})
ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000000000)={0x2, 0x100, 0x180, 0x10, 0x5, 0x2})

4.215077087s ago: executing program 1 (id=810):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000b80)=ANY=[@ANYBLOB="1c0000001000ff05000000000000000009003c8004c937b184"], 0x1c}], 0x1}, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57)
sendmsg$xdp(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0)
recvmmsg(r0, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0)
ppoll(&(0x7f0000000180)=[{r0}], 0x1, 0x0, 0x0, 0x0)

2.529256955s ago: executing program 0 (id=811):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
mprotect(&(0x7f000003a000/0x2000)=nil, 0x2000, 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)

2.529028898s ago: executing program 1 (id=812):
r0 = syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
tgkill(r0, r0, 0x21)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
wait4(0x0, 0x0, 0x40000000, 0x0)

2.528789998s ago: executing program 3 (id=813):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002f000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a500000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r1, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
syz_emit_ethernet(0x3a, &(0x7f0000000100)=ANY=[], 0x0)

2.517163575s ago: executing program 7 (id=814):
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4)
setsockopt$inet_tcp_int(r1, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r1, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10)
sendto$inet(r1, &(0x7f0000000200)="e1", 0xfea8, 0x0, 0x0, 0x0)
splice(r1, 0x0, r0, 0x0, 0x7ffff000, 0xa)

2.516741253s ago: executing program 5 (id=815):
r0 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x80, 0x40000, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x20, 0x0, 0xfaac4106a1b87a7, 0x0, 0x0, {0xb}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x20}}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

2.35209412s ago: executing program 6 (id=816):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0)
write$cgroup_pid(r0, &(0x7f0000000080), 0x12)
r1 = syz_io_uring_setup(0xc4f, &(0x7f0000000440)={0x0, 0xfffffffc, 0x10100, 0x7fe}, &(0x7f0000000400)=<r2=>0x0, &(0x7f0000000200)=<r3=>0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000100)=@IORING_OP_SHUTDOWN)
io_uring_enter(r1, 0x2dbe, 0x0, 0x0, 0x0, 0x0)

2.272416127s ago: executing program 7 (id=817):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000006c0)='./bus\x00', 0x0, &(0x7f0000000380)=ANY=[], 0x6, 0x550c, &(0x7f000000f140)="$eJzs3E1rY+UXAPCTtJ33//yLuHA3FwahhUlo+jLoruoMvmCHMurClaZJGjKT5JYmTWtXLlyKC7+JKLhy6Wdw4dqduFDcCUruvdWpLzA4aWM7vx/cnPs8eXLuecIwcO4tCeCpNZ/8/GMprsfliJiJiGsR2XmpODLreXguIm5ERPmRo1TM/z5xISKuRMT1cfI8Z6l469Nbo5trP7zx01ffXJy9+tmX305v18C0PR8RvZ38fL+Xx7SdxwfFfH3UyWJvdVTE/I3ew2Kc5nG/tZVl2K8fratncaWdr0939gbjuN2tN8ax3dnO5nf6+QUHo/ZRnuwDD+q72bjZ2spiZ5BmsX2Y13VwmP/fdjgY5nmaRb4PsvQxHB7FfL510Mr3s/Mwi43+sJjP86bN1sE4jopYXC4aabeZ1bH1JN/0f9ubnf7eQTJq7Q46aT9Zq9ZeqNZuV2q7abM1bK1W6r3m7dVkod0dL6sMW/XeejtN291WtZH2FpOFdqNRqdWShTutrU69n9Rq1ZXqUmVtsTi7lbx6752k20wWxvHlTn9v2OkOku10N8k/sZgsV1deXExu1pK3NjaTzft3725svv3enXfvvbTx+ivFor+UlSwsLy0vV2pLleXa4mNutHwO9v9RUfS/2T+chNK0CwA4e/T/wDScXP+/ez/i5Pv/0P9PxJnqf5+k/7d/mDz9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAU+u7uc9fy07m8/HVYv5/xdQzxbgUEeWI+PVvzMSFYzlnijxz/7B+7k81fF2KLMP4GheL40pErBfHL/8/6W8BAAAAzq8vPrzxSd6t5y/z0y6I05TftClfe39C+UoRMTf//YSylccvz04oWfbvezYOJpQtu4F1aULJ8ltus5PK9lhmjoVLj4RSHsqnWg4AAHAqjncCp9uFAAAAcJo+nnYBTEcpjh5lHj0Lzv7y/o8HgpePjQAAAIAzqDTtAgAAAIATl/X/fv8PAAAAzrf89/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+Y+cOclIH4jgATwt98N7TSIx7r+IOzuDKI7h0aTiAl+AALvAKXoAz4M4jGDB2CoJhQey0jeb7kjK0GX75D4HFzCQDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAk16K+eTp/vKhbs5qXU+a0QAAAACHLIv5pHwzivf/q+en1aPz8u463/Q/NHfvhT97mb0qp/js/7jbv/hSw3MIZUIWQhhU178QwlV1vZ01+hUAAADAr7aYzsZxth5fRl0XRJviok1+cpMoLwshFKPXRGn5R95ForDy990Pd4nSygWsYaKwuOTWT5V2lPLvvl21G+40WWzygx/bFpls7AAAQIt6e027sxAAAADadNt1AXQjC5utzO1W4CA21fbe3707AAAA4AfKui4AAAAAaFw5/z/u/L/YOf/++X9r5/8BAABAN+L5fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADRpWcwni+lsXDdnta4nzWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB39ucdBUIgDMJg7/rOZO5/WGnQ1NSkCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3vzuL/8npsaZZO61sfQ8kqydGlunxt65cfSH8fVrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAv+t0v/yemxplk7rSxdDySrF01tq4aew8aRw/G278BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYuZ/XOKo4AOBvZna2tiquUfYQEQUPerHbbW3tTTwowYN/ghDSbY3d+qPNwZYi5uJNcu5F9CgiKPHW/yHnBHKJtxz2EMGzMrMz2ckPcP01s0k+H3jzvjsM875vFkK+814CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUBq9PYmT7NAZx3FxbnPv4VLWbx3qM4/XtuezlsVRnUmfDC9WP0Td5hIBAADg7EjK+j6EsJOuL2R93Mnr/7S8Jqv5v316HJf1/OG6v+zL2j9rv/y8+/z+QJ3xONlNby4PB5eOptL6/2Y52575yyta+ZPP370k+RcSv7f63CjNn2f09cbGO+08PFdHtgDAP3Gx7Iug/H0o6/tNJgbAmdGqFN5l/Z90ms0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoA6j1fBkGUchhPnWJM5s7T1cOq5/vLY9X7Zrjx6thS8n98xukYYQbi4PB5dqnc1su3f/we3F4XBwt/7gpRBCU6O/VUz/9gdTXBxCI89H8B8FcfFlz0o+JyNo8IcSAACnUlq0rK7fSdcXsnPRXAh/fHew/n+1Eocp6//dD69tVseq1v/92mY4+3ordz7t3bv/4PXlO4u3BrcGH79xuf9m/8r1q1ev9/J3JT1vTAAAAPh32kWr1v/x3NH1/wuVOExZ/3/2Tf+L6liJ+v9Yk0W/pjMBAAA42559+fffomPOR+12+HxxZeVuf3zc/3x5fGwg1b/tXNGq9X8y13RWAAAAQB1Gq9GB9f8blThMuf7/1Pcv/Fi9ZxJCOF+s/19c+mR4o77pzLQ6/py46TkCAADQrPNFq67/p/n+/3h/y0McQnjtlXFc/BvAqer/5N2vfqiOVd3/f6W+Kc6kuDt+HnnfDaHVbTojAAAATrMnipYV+7+m6wsf/XTh/bb9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1+zMAAP//X24+7Q==")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f00000008c0)='./file0\x00', 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000180)='./file0\x00', &(0x7f0000000140)='system.posix_acl_default\x00', &(0x7f0000000300)={{}, {0x1, 0x1}, [], {0x4, 0x4}, [], {0x10, 0x2}, {0x20, 0x6}}, 0x24, 0x1)
llistxattr(&(0x7f0000000080)='./file0\x00', 0x0, 0x39)

2.260541223s ago: executing program 3 (id=818):
creat(&(0x7f0000000140)='./file0\x00', 0x8)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000040)={0x13, 0x65, 0xffff, 0x1000, 0x6, '9P2000'}, 0x13)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000001740)={0x50, 0x0, 0x0, {0x7, 0x21, 0x0, 0x0, 0x6f, 0x0, 0x0, 0x803}}, 0x50)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])

2.096575769s ago: executing program 1 (id=820):
r0 = epoll_create(0x10000e9)
r1 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2)
r2 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3)
ftruncate(r2, 0xffff)
fcntl$addseals(r2, 0x409, 0x7)
r3 = ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000100)={r2, 0x0, 0x0, 0x1000})
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r3, &(0x7f0000000080)={0x2025})

2.024350258s ago: executing program 5 (id=821):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x300, 0x40488}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x44}}, 0x0)

2.008495639s ago: executing program 6 (id=822):
socket$nl_generic(0x10, 0x3, 0x10)
syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000340)=ANY=[], 0x2, 0x634, &(0x7f0000000480)="$eJzs3c1rXNfdB/DvHcmyxgZHeWI7fkogIoa0VNTWC0qrbuqWUlQIJaSLroUtY+Gxk0pKUUJp1De67SJ/QLrQrqtCN4WCIV23u2y1DBS6yUpdTbl37oxGtjwdxZJGTj8fc+ecM+fec3/nN/dlZoyYAP+zlmcy/ihFlmfe3CrbuzsLrd2dhQfdepLzSRrJeKdI8TApPklupbPk/8sn6+GKp+3no7Wltz/9fPezTmu8Xqr1G4O2G852vWQ6yVhdHtd4t595vKI3wzJh17uJg1E7l6R9wE+v7vcMduGZz1vgLCg6982edn1mT1WneSbr9wGdu2Lnnv1c2x51AAAAAHAKXtjLXrZyadRxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwPOk/v3/6lf/J3tPpZhO0f39/4luf5KLIwx1sInhVnvUOOlAAAAAAAAAAODkvbqXvWzlUrfdLtJI8lrVuFw9Xsx72chq1nMjW1nJZjaznrkkU30DTWytbG6uzw2x5fyhW84PGXDz2ecMAAAAAAAAAF9Cv8ry/v//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAWVAkY52iWi5361NpjCeZTDJRrred/KNbf549GnUAAAAAcApe2MtetnKp224X1Wf+q9Xn/sm8l4fZzFo208pq7lTfBXQ+9Td2dxZauzsLD8rlyXG/+68jhVGNmM53D4fv+Vq1RjN3s1Y9cyO3805auZNGtWXpWjeew+P6ZRlT8Z3akJHdqcty5r+vy5M3NsQ6U1VGzvUyMlvHVmbjxcGZOPjqbB91T3Np9L75uXwCOb9Ql0Vy8YenlvNh1Jl4NXUm5vuOvquDM5F89c9//Mm91sP79+5uzJydKR3B+Xa73a0/fkws9GXi5S99JvrNVpm40msv5wf5cWYynbeynrX8LCvZzGqm8/2qtlIfz+Xj1OBM3TrQeqt6bD49kon6delcPY4W02vVtpeylh/lndzJat6o/s1nLt/MYhaz1PcKXxnirG8c7ay//rW6Uk7wd4MnesrKvL5Y5/XD5MA1d6rq639mP0spctzXxvGv1JVyH7+uy7Ph8UzM9WXipcHHyx+qy8pG6+H99Xsr7w65v9frsjyPfnum7hLl8fJ/5YtVtQ4eHWXfS4f2zVV9l3t9jSf6rvT6/tuZOlG/h3typPmq7+VD+xaqvmt9fYe93wLgzLvw9QsTzX82/978uPmb5r3mm5PfO/+t869M5Nzfzn17fHbs9cYrxZ/ycX6x//kfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD44jbe/+D+Squ1uv5Ypd1uf/iUri9aGctRtvrrX45z793fIzrG6RxvZfIoK7fPRsxHqfy73W4fy4DbAw7aY6u0a2cidSOqjPjCBJy4m5sP3r258f4H31jr3iIXF5dmlxbfWLh5d621Ott5HHGQwInYv+mPOhIAAAAAAAAAAABgWKfx5wSjniMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwfFueyfijFJmbvTFbtnd3Flrl0q3vrzmepJGk+HlSfJLcSmfJVN9wxdP289Ha0tuffr772f5Y4931G4O2G852vWQ6yVhdHtd4t595vKI3wzJh17uJg1H7TwAAAP//UOQPsQ==")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000020000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='contention_end\x00', r0}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x800, &(0x7f0000000180)={[{@iocharset={'iocharset', 0x3d, 'cp850'}}, {@sys_tz}, {}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@iocharset={'iocharset', 0x3d, 'iso8859-14'}}, {@zero_size_dir}, {@gid}, {@namecase}, {@errors_continue}, {@errors_continue}]}, 0x1, 0x152f, &(0x7f00000037c0)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=")

1.776685866s ago: executing program 1 (id=823):
pipe2$watch_queue(&(0x7f0000002240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
r1 = add_key$user(&(0x7f0000000100), &(0x7f0000000280)={'syz', 0x2}, &(0x7f00000002c0)="d3dd", 0x2, 0xffffffffffffffff)
pipe2$watch_queue(&(0x7f00000000c0)={<r2=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r2, 0x0)
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r3, 0x17)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x9)

1.575394021s ago: executing program 0 (id=824):
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, 0x0, &(0x7f00000002c0)=@tcp6}, 0x20)
syz_io_uring_setup(0x117, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x200000, 0x1000000}, &(0x7f0000000100), &(0x7f0000000140))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='rdma.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000000c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

1.516507491s ago: executing program 3 (id=825):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
close_range(r0, r0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, 0x0, 0x0, 0x5}, 0x94)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$FUSE_NOTIFY_INVAL_INODE(r0, 0x0, 0x0)

1.509256183s ago: executing program 5 (id=826):
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e24, 0x6, @rand_addr=' \x01\x00', 0x2}}, 0x5, 0x12, 0x40, 0x3}, 0x9c)
r0 = syz_io_uring_setup(0x466c, &(0x7f0000000280)={0x0, 0x0, 0x10100}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x40, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x1, {0x3}})
io_uring_enter(r0, 0x92c, 0x59f0, 0x44, 0x0, 0x0)

1.393233194s ago: executing program 1 (id=827):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a0000000500000002"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

1.246793208s ago: executing program 3 (id=828):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000f0cd000000000000044e690085000000a000000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r3, 0x5}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r2}, &(0x7f0000000300), &(0x7f0000000700)=r1}, 0x20)
sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x0)

1.245725269s ago: executing program 0 (id=829):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
r1 = epoll_create1(0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/wakeup_count', 0x141000, 0x20)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000200)={0xa000000a})
finit_module(r2, 0x0, 0x3)
close_range(r0, 0xffffffffffffffff, 0x0)

1.128342235s ago: executing program 5 (id=830):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NFC_CMD_GET_TARGET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x14, 0x0, 0x4}, 0x14}, 0x1, 0x0, 0x0, 0x4009840}, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), r1)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000300), r1)
sendmsg$NL802154_CMD_DEL_SEC_DEV(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x14, r2, 0x1, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4000000)

1.126464754s ago: executing program 6 (id=831):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c000006000000000000f183850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x2000000b, 0x80, &(0x7f0000000240)={0x3, 0x0, 0xfffc, 0x4360}, 0x8, 0x6, 0x7d, 0x0, 0x1, 0x101, 0x0})
ioctl$USBDEVFS_REAPURBNDELAY(r1, 0x4008550d, 0x0)

1.03916606s ago: executing program 1 (id=832):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
syz_mount_image$jfs(&(0x7f0000000080), &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[], 0x2, 0x62a6, &(0x7f0000009900)="$eJzs3c1vHGcdB/Df7JtfStOoh6pECLlteCmleS0hUKDtAQ5cOKBcUSLXrSJSQElAaRURV75w4I8AIXFBQogjJ/6AHrhy4w8gUoIE6qmD1n4eZzxde+2k3ln7+XwkZ+Y3z4z3mXx3vLueGT8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMQPf/Dj81VEXP1VWnAy4nPRj+hFLI3rlYhYWjmZ1x9ExPOx2RzPRcRwIaLKjc9EvBYRH52IePDw7up40YV99uP7f/nnH37y1I/+8efh2f/99Xb/9d3Wu3Pnt//9273H318AAAAoUV3XdZU+5p9Kn+97XXcKAJiJ/PpfJ3m5eu7q9Tnrj1qtVquPYN1UT3avWUTEenOb8XsGp+MB4IhZj4+77gIdkn/RBhHxVNedAOZa1XUHOBQPHt5drVK+VfP1YGWrPV8LsiP/9Wr7/o7dptO0rzGZ1fNrI/rx7C79WZpRH+ZJzr/Xzv/qVvsorXfY+c/KbvmPtm59Kk7Ov9/Ov+X45N+bmH+pcv6DA+Xflz8AAAAAAMyx/Pv/kx2f/1148l3Zl73O/67MqA8AAAAAAAAA8Fl70vH/tlXG/wMAAIB5Nf6sPva7E4+WNa/1H8XO5VeqiKdb6wOFSTfLLHfdDwAAAAAAAAAAAAAoyWDrGt4rVcQwIp5eXq7revzV1K4P6km3P+pK338oWdc/5AEAYMtHJ1r38lcRixFxJf2tv+Hy8nJdLy4t18v10kJ+PztaWKyXGp9r83S8bGG0jzfEg1E9/maLje2apn1entbe/n7jxxrV/X10bDY6DBwAImLr1eiBV6Rjpq6fia7f5XA0OP6PH8c/+9H18xQAAAA4fHVd11X6c96n0jn/XtedAgBmIr/+t88LqNVqtVqtPn51Uz3ZvWYREevNbcbvGQzHDwBHzHp83HUX6JD8izaIiOe77gQw16quO8ChePDw7mqV8q2arwdpfPd8LciO/Nerze3y9pOm07SvMZnV82sj+vHsLv15bkZ9mCc5/147/6tb7aO03mHnPyu75T/ez5Md9KdrOf9+O/+W45N/b2L+pcr5Dw6Uf1/+AAAAAAAwx/Lv/0/O1fnf0ePuzlR7nf9dObRHBQAAAAAAAIDD9eDh3dV832s+//+FCeu5//N4yvlX8i9Szr/Xyv+rrfX6jfn7bz3K/z8P767+8fa/P5+n+81/Ic9U6ZlVpWdElR6pGqTpk+zdp20M+6PxIw2rXn+Qrvmph+/E9bgRa3Fux7q99P/xqP38jvZxT4eb7XV/q/3CjvbBdnve/uKO9mG60qleyu1nYjV+Hjfi7c32cdvClP1fnNJeT2nP+fcd/0XK+Q8aX+P8l1N71ZqO3f+w96njvjmd9DhvXv/ib84d/u5MtRH97X1rGu/fix30Z/P/5KlR/PLW2s0zd67dvn3zfKTJjqUXIk0+Yzn/Yfra/vn/0lZ7/rnfPF7vfzg6cP7zYiMGu+b/UmN+vL8vz7hvXcj5j9JXzv/t1D75+D9A/r0/zWxf9mOv4/+VDvoDAAAAAAAAAAAAAAAAe6nrevMW0Tcj4lK6/6erezMBgNnKr/91kpfPqu7P+PHU6iNeV3PWn5nWn9Tz1R+1+ijWTfVkbzSLiPh7c5vxe4ZfT/pmAMA8+yQi/tV1J+iM/AuW/97feHq6684AM3Xr/Q9+eu3GjbWbt7ruCQAAAAAAAADwuPL4nyuN8Z9P13V9r7XejvFf34qVJx3/dZBntgcY3WWg6v7B92kvG71Rv9cYbvyF2G387+H23F7jfw+mPN5wSvtoSvvClPbFKe0Tb/RoyPm/0Bjv/HREnGoNv/7Y47/Omb3Gf22PeV+CnP+LjefzOP+vtNZr5l///ijn39uR/9nb7/3i7K33P3j1+nvX3l17d+1nF8+fP3fx0qXLly+ffef6jbVzW/922OPDlfPPY1+7DrQsOf+cufzLkvP/UqrlX5ac/5dTLf+y5Pzz+z35lyXnnz/7yL8sOf+XUy3/suT8v5Zq+Zcl5/9KquVflpz/11Mt/7Lk/F9NtfzLkvM/k2r5lyXnfzbV+8x/6bD7xWzk/PMZLsd/WXL++coG+Zcl538h1fIvS87/YqrlX5ac/2upln9Zcv7fSLX8y5Lzv5Rq+Zcl5//NVMu/LDn/y6mWf1ly/t9KtfzLkvP/dqrlX5ac/+upln9Zcv7fSbX8y5Lz/26q5V+WnP/3Ui3/suT830i1/Mvy6O//mzFjxkye6fonEwAAAAAAAAAAAADQNovLibveRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCnv3FiPXXd8B/MzevHEgMRBSJzVh4xhjnE12fYkvtC4mXBtuJSEUesF2vWuz4BteuwQa1Y4CJRJGRRVtw0NbQKjNS4VV8UArQHlArSpVgvaBviAqVB6iKqCAVKmtgK1mzv//35nZ2Zld73h95pzPR4Kfd+bMnP858z9n5reb7xwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmt39htlP1bIsq9Vq+Q2bsuxF9XrTxKbGLa+9seMDAAAA1u7njf9/4dZ0w+EVPKhpmX+669tfXVhYWMjeN/yno59bWEh3TGTZ6IYsa9wXXf3B+2vNywRPZuO1oaafh3qsfrjH/SM97h/tcf9Yj/s39Lh/vMf9S3bAEjdltfRk2xr/3JTv0uy2bLRx37YOj3qytmGovu/SY7Na4zELoyeyuexUNptNtyyfL1trLP/1u+vremsW1zXUtK4t9Rnyk8ePxzHUwj7e1rKuxeeMfvT6bOKnP3n8+F9feP6OTrXnbmh5vnycO7bWx/mJcEs+1lq2Ie2TOM6hpnFu6fCaDLeMs9Z4XP3f7eN8YYXjHF4c5rpqf83Hs6HGv7/T2E8jtazDftoSbvufe7Isu7w47PZllqwrG8o2ttwytPj6jOczsv4c9an00myk+zxdqLXM07vTv5efp/U6s611nrYfE/H1vzs8bmSZMTS/TD96Yqzpdf/ZwrXM06i+1csdK+1zsN/HSlHmYJwX32ls9FMd5+C2sP2Pb19+DnacOx3mYNrupjm4tdccHBobbow5vQi1xmMWz5W7WpYfbqyp1qjPbe8+B6cunD43Nf+xj983d/rYydmTs2f27No1vWffvgMHDkydmDs1O53//zXu7eLbmA2lY2Br2HfxGHh127LNU3Xhi2NLzr/XehyOdzkON7Ut2+/jcKR942rrc0AundP5sfGe+k4fvzKULXOMNV6fnWs/DtN2Nx2HI03HYcf3lA7H4cgKjsP6Mud2ruwzy0jT/zqNYfn3grXNwU1Nc7D980j7HOz355GizMHxMC++t3P594ItYbxPTa7288jwkjmYNjece+q3pM/74wcapdO8vLN+x81j2cX52fP3P3bswoXzu7JQ1sXLmuZK+3zd2LRN2ZL5OrTq+Xp47q6n7uxw+6awr8bvq//f+LKvVX2Zvfd3f60a726d92fLrbuzUPos7M+FDeu0Pzu9m9f351iWff5bTzz8jcc//4Zl92e93/zE1No/i6e+tOn8O7rM+Tf2/b/I15ee6snh0ZH8+B1Oe2e05Xzc+lKNNM5dtca6X5jqcT4eyY7HMY3egPPxbV3Ox5vblu33+Xi0fePi+bjW67cda9P+eo6HeXJquvv5uL7M5t2rnZMjXc/H94RaC/v/NaFTSH1R09xZbt6mdY2MjIbtGolraJ2ne1qWHw29WX1dz+xe2eeG9nm64578uYbT1i1ar3k60bZsv+dp+t3XcvO01uu3b9em/fUcD/Pitj3d52l9mWf3rv3ceVP8Z9O5c6zXHBwdHquPeTRNwsb5Plu4Kc7B+7Pj2dnsVDbTuHesMZ9qjXVNPrCyOTgW/rfe58rNXebgjrZl+z0H0/vYcnOvNrJ04/ug/fUcD/Pi6Qe6z8H6Mm/c39/PrjvCLWmZps+u7b9fW+53Xne27abecyW2Jav/nVd9nN/a3/13s/VlTh1YbZ/ZfT/dG265ucN+aj9+lzumZrLV7qdrP6bq43z+wPL7qT6e+jKfO7jC+XQ4y7JLH3mw8fve8PeVv7v43a+2/N2l0990Ln3kwR+/+MQ/rmb8AAy+X+RlY/5e1/SXqZX8/R8AAAAYCLHvHwo10f8DAABAacS+P/5X4Yn+HwAAAEoj9v0joSYV6f83v/H5uV9cylIyfyGI96fd8FC+XMy4ToefJxYW1W9/8Muz//0Pl1a27qEsy3720B90XH7zQ3FcuYkwzqtvar19ia/et6J1H330Ulpvc379C+H54/asdBp0iuBOZ1n29Vs/01jPxPuvNOqzDx1t1IcvP/VkfZkXDuY/x8c/97J8+b8I4d/DJ461PP65sB9+GOr02zrvj/i4r1x5zZb9711cX3xcbestjc1++gP588bvyfnsk/nycT8vN/5vfPqZr9SXf+xVncd/aajz+J8Jz/vlUP/3Ffnyza9B/ef4uE+G8cf1xcfd/6Vvdhz/1U/ly597c77c0VDj+neEn7e9+fm55v31WO1Yy3Zlb8mXi+uf/u4fN+6Pzxefv33840eutOyP9vnx7L/lzzPVtny8Pa4n+vu29defp3l+xvU/80dHW/Zzr/Vfffi5V9Sft33997Ytd+4jOxvrX3y+1m9s+stPfqbj+uJ4Dv/tuZbtOfzucByH9T/9gTAfw/3/dzV/vvZvVzj67tbzT1z+C5suNW3P4jeSvvWn+fqvvu5ko24Yv2njzS968S2XX1nfd1n2nQ358/Va/8m/Otsy/i/enu+PeH9cY9yeXuL6z3908szZ+YtzM2mvPn5r47tz3p6PJ4731nBubf/5yNkLH5w9PzE9MZ1lE+X9Cr1r9qVQf5yXy92XXlhyBt35aHg97/zzr2/c/q+fjrf/+3vy26+8LX/fenVY7rPh9k3h9Vvd+pd6+u7bG8d37dkwwoWl3xe8Flu2/deBFS0Ytr/9c0Gc7+de/sHGfqjf13jfiMf1Gsf//Zn8eb4W9utC+Gbmrbcvrq95+fjdCFceyY/3Ne+/cJqLr+vfhNf7HT/Mnz+OK27v98PnmG9ubj3fxfnxtUtD7c/f+BaPy+F8kl3O749Lxf195YXbOw4vfg9JdvmOxs9/kp7njlVt5nLmPzY/dWruzMXHpi7Mzl+Ymv/Yx4+cPnvxzIUjje/yPPKhXo9fPD9tbJyfZmb37c0aZ6uzebnObvT4zz16fGb/9PaZ2RPHLp648Oi52fMnj8/PH5+dmd9+7MSJ2Y/2evzczKFduw/u2b978uTczKEDBw/uOTg5d+ZsfRj5oHrYN/3hyTPnjzQeMn9o78FdDzywd3ry9NmZ2UP7p6cnL/Z6fOO9abL+6N+fPD976tiFudOzk/NzH589tOvgvn27e34b4OlzJ+Ynps5fPDN1cX72/FS+LRMXGjfX3/t6PZ5ymv+P/PNsu1r+RXzZu+7dl76fte7LTyz7VPkibV8g+nz4Lpp/fsm5Ayv5Ofb9o6EmFen/AQAAoApi3z8WaqL/BwAAgNKIff+GUBP9PwAAAJRG7PvHQ00q0v+XLv+/+dKK1i//L//fvL/k/8uQ/19cvmf+/5Gi5f/z84X8f3+sNX8v/x/I/8v/y/8PTP5/Ibwhyf9TREXL/8e+/6Ysq2T/DwAAAFUQ+/6NoSb6fwAAACiN2PffHGqi/wcAAIDSiH3/i0JNKtL/y//L/8v/y//L/3dev/z/YJL/707+vwf5/6msWvn/y/0cv+v/y/+zVNHy/7Hvf3GoSUX6fwAAAKiC2PffEmqi/wcAAIDSiH3/raEm+n8AAAAojdj3bwo1qUj/L/8v/y//L/8v/995/fL/g0n+vzv5/x7k/13/X/5f/p++Klr+P/b9Lwk1qUj/DwAAAFUQ+/6Xhpro/wEAAKB4Rq7tYbHvf1moyZL+/xpXAAAAANxwse+/LWsLglfk7//y//L/xc//b0j3yf/L/2eFzP8PZ/L/xSH/3538fw/y//L/8v/y//RV0fL/jb4/G89eHmpSkf4fAAAAqiD2/beHmuj/AQAAoDRi3/9LoSb6fwAAACiN2PdvDjWpSP8v/y//f6Pz/6NtY3f9/8XHyf/nip//d/3/IpH/707+vwf5f/l/+X/5f/qqaPn/2PffEWpSkf4fAAAAqiD2/XeGmuj/AQAAoDRi3//LoSb6fwAAACiN2PdvCTWpSP8v/1/w/H9MjpY4/9/7+v/y//L/8v/y/ysn/9+d/H8P8v/y//L/8v/0VdHy/7Hvf0WoSUX6fwAAAKiC2PffFWqi/wcAAIDSiH3/K0NN9P8AAABQGrHvnwg1qUj/L/9f8Px/noMfK/P1/+X/5f/l/+X/+0n+vzv5/x7Cae5HWZbJ/1c4/x9bAvl/+X/WrGj5/9j33x1qUpH+HwAAAKog9v1bQ030/wAAAFAase+/J9RE/w8AAAClEfv+baEmFen/5f8HIv+fyf/L/8v/y//L/6+M/H938v89uP6//L/r/8v/01dFy//Hvv9VoSYV6f8BAACgCmLfvz3URP8PAAAApRH7/leHmuj/AQAAoDRi378j1KQi/b/8v/y//L/8v/x/5/XL/w8m+f/u5P97kP+X/5f/l/+nr4qW/499/2tCTSrS/wMAAEAVxL5/Z6iJ/h8AAABKI/b994aa6P8BAACgNGLfPxlqUpH+X/5f/l/+X/5f/r/z+uX/B5P8f3fy/z3I/8v/y//L/9NXRcv/x77/vlCTivT/AAAAUAWx778/1ET/DwAAAKUR+/6pUBP9PwAAAJRG7PunQ00q0v/L/8v/y//L/68q///KxeeV/8/J/xeL/H938v89yP/L/9/w/P+o/D+lUrT8f+z7d4WapMZv7Bq2EgAAACiS2PfvDjWpyN//AQAAoApi378n1ET/DwAAAKUR+/69oSYV6f/l/+X/5f/l/13/v/P65f8Hk/x/d/3P/8dNlP+X/5f/d/1/+X+WKlr+P/b9D4SaVKT/BwAAgCqIff++UBP9PwAAAJRG7Pv3h5ro/wEAAKA0Yt9/INSkIv2//L/8v/y//L/8f+f1y/8PJvn/7lz/v4fi5f9f1/zw9cz/19cl/y//L//P6j3yh80/FS3/H/v+g6EmFen/AQAAoApi3//aUBP9PwAAAJRG7Pt/JdSke/+/4fqOCgAAAOin2Pf/aqhJRf7+L/8v/y//L/8v/995/fL/g0n+vzv5/x6Kl/9v4fr/xR6//L/8P0sVLf8f+/5DoSYV6f8BAACgCmLf/2uhJvp/AAAAKI3Y978u1ET/DwAAAKUR+/7DoQad4tylJP8v/z+Y+f9x+X/5/9Ll/8fi88r/r4n8f3fy/z3I/8v/y//L/9NXRcv/x77/9aEm/v4PAAAApRH7/gdDTfT/AAAAUBqx739DqIn+HwAAAEoj9v1vDDWpSP8v/y//P5j5f9f/z+T/S5f/d/3//pD/707+vwf5f/l/+X/5f/qqaPn/2Pe/KdSkIv0/AAAAVEHs+98caqL/BwAAgNKIff9bQk30/wAAAFAase9/a6hJRfp/+X/5/xuZ/89dlv+X/2+Q/5f/7wf5/+7k/3uQ/5f/l/+X/6evipb/j33/r4eaVKT/BwAAgCqIff9DoSb6fwAAACiN2Pe/LdRE/w8AAAClEfv+t4eaVKT/l/+X/3f9f/l/+f/O65f/H0zy/90NWP7/57eE2+X/c/L/xR7/avP/I20/X5f8/w+Wy/8vbGh/vPw/10PR8v+x739HqElF+n8AAACogtj3vzPURP8PAAAApRH7/neFmjT1/339D+8AAACAdRf7/t8INanI3//l/+vjWEwvy//L/zdukP+X/5f/H1jy/90NWP7f9f/byP8Xe/yu/y//z1JFy//Hvv/doSYV6f8BAACgCmLf/3Coif4fAAAASiP2/Y+Emuj/AQAAoDRi3/+eUJOK9P/y/67/L/8v/y//33n98v+DSf6/O/n/HuT/5f+Llv//T/l/BlvR8v+x73801KQi/T8AAABUQez73xtqov8HAACA0oh9/2+Gmuj/AQAAoDRi3/++UJOK9P/y/4OS/58Y0Pz/E/L/1zH/f9ct+XLy//L/LJL/707+vwf5f/n/ouX/Xf+fAVe0/H/s+98farLy/n98xUsCAAAA19HIsvfEvv+3Qk0q8vd/AAAAqILY9/92qIn+HwAAAEoj9v2/E2pSkf5f/n9Q8v+u/5/J/7v+f9v2yP/L/3eyfvn/eOaR/5f/L1b+f9OqNrjVjc7Pr9WNHn918//5O6P8P50ULf8f+/7fDTWpSP8PAAAAVRD7/g+Emuj/AQAAYCB0+m+y28W+/0ioif4fAAAASiP2/UdDTSrS/8v/y//L/xc0//9nW//le99+59Fd8v/y//L/q7Ku1/+vH/yu/y//X7D8/1rc6Pz8eo2/tsylweT/Xf+f/ita/j/2/cdCTSrS/wMAAEAVxL7/90JN9P8AAABQGrHvPx5qov8HAACA0oh9/0yoSUX6f/l/+X/5/4Lm/wf4+v9xf8j/t+pb/j+edOX/O1rX/P97F3Pi8v+rzf+PdbxV/l/+f5DHL/8v/89SRcv/x75/NtSkIv0/AAAAVEHo+4dO5HXxDv0/AAAAlEbs+0+Gmuj/AQAAoDRi3//BUJOK9P/y//L/8v/y/67/33n93fL/tRHX/y8q+f/uipP/70z+X/5/kMcv/y//T5YtfjLPFS3/H/v+uVCTivT/AAAAUAWx7/9QqIn+HwAAAEoj9v0fDjXR/wMAAEBpxL7/VKhJRfp/+X/5f/l/+X/5//9n706+LK3rO47fgoauPmSRXRbZ5Jws8yewCOtknyyyySI5JyfnBJKQhMw0GZxFUXFWFGcFBxBEVJwncEJxBhUV5xEnRD3toer7/XYNT91bVX1v3+f5/V6vBd90hep77dNCf7r67TP8+qN9/r/+fy79/3z6/wX0//p//b/+n6UaW/+fu//v4pZO9j8AAAD0IHf/5XGL/Q8AAADNyN1/Rdxi/wMAAEAzcvf/fdzSyf7X/+v/m+3//1j/f9Dr6//1/y3T/8+n/19A/6//1//r/1mqsfX/ufv/IW7pZP8DAABAD3L3/2PcYv8DAABAM3L3Xxm32P8AAADQjNz9/xS3dLL/9/T/G7M++//MePX/LfX/nv9/4Ovr/8+h/79Q/z9257f/v+axf/Lp//X/+v+g/z9U/3/yoM/X/9OisfX/ufv/OW7pZP8DAABAD3L3/0vcYv8DAADA9O36kzebs6viFvsfAAAAmpG7/1/jlk72//Ke/39q6+MT7f+L/l//v/UB/b/+/6D+/8TZb+v/x8nz/+frqf+/8r5LLn/49t+/4yivr//X/3v+v/6f5Rpb/5+7/9/ilk72PwAAAPQgd/+/xy32PwAAADQjd/9/xC32PwAAADQjd/9/xi2d7P/l9f+Tfv5/0f/r/7c+oP/X/x/U//+Z5/+Pnf5/vp76/+O8vv5f/6//1/+zXOvu//M7zm/n7v+vuKWT/Q8AAAA9yN3/33GL/Q8AAADNyN1/ddxi/wMAAEAzcvefjls62f/6/9X3/7/R/+v/4+r/9f/6/9XT/8+n/19A/6//1//r/1mqdff/e7+du/+auKWT/Q8AAAA9yN3/P3GL/Q8AAADNyN3/v3GL/Q8AAADNyN3/f3FLJ/tf/+/5//p//b/+f/j19f/TpP+fT/+/gP7/XPv5i/T/E+z/4xdS+n9W4Yj9/6Nz/rG9lP4/d///xy2d7H8AAADoQe7+x8Ut9j8AAAA0I3f/4+MW+x8AAACakbv/CXFLJ/tf/6//1//r/4/d/+//qbdF/z9M/39+6P/nG03/v3Fi8MP6/8n3/57/P8X+P+j/WYWxPf8/d/8T45ZO9j8AAAD0IHf/k+KWOfv/yL+ZDwAAAKxV7v4nxy2+/g8AAACTl9VZ7v6nxC2d7H/9v/5f/6//9/z/4def1//fseP96f/HRf8/32j6/wPo//X/U37/+v+z/X/+2kz/z9j6/9z9T41bOtn/AAAA0IPc/dfGLfY/AAAANCN3/9PiFvsfAAAAmpG7/+lxSyf7f7j/P/v/1/8fjv5/9/vX/w///FhW/5/fo/5/bv9/mef/90n/P9/57/9P6v93f//6/xVa9/tvvP8/tejzPf+fIWPr/3P3Xxe3dLL/AQAAoAe5+58Rt9j/AAAA0Izc/c+MW+x/AAAAaEbu/mfFLZ3s/zU///+aiw96X/r/Lfp//b/n/4/z+f+z897/n9D/H5L+fz7P/19A/6//1/8v5fn/+n/S2Pr/3P3Xxy2d7H8AAADowfWPzLZ2/7NnM/sfAAAApmjnnx3Y+wdKQ+7+58Qt9j8AAAA0I3f/c+OWTvb/mvv/VT3//6JFr63/1//v/PHS/+v/h15/XP2/5/8flv5/Pv3/Avr/VfTzJxrr/2846PPH0P9frf9nZHb1/3ed/fi6+v/c/c+LWzrZ/wAAANCD3P3Pj1vsfwAAAGhG7v4XxC32PwAAADQjd/8L45ZO9v/K+/9TB7/2Cvv/hfT/+v+dP176f/3/0Ovr/6dJ/z+f/n8B/b/n/3v+v/6fpdrV/++wrv4/d/+L4pZO9j8AAAD0IHf/i+MW+x8AAACakbv/hrjF/gcAAIBm5O5/SdzSyf5v9Pn/C+n/9f87f7z0//r/odfX/0+T/n8+/f8C+n/9v/5/cf+/91/UQf/PkLH1/7n7Xxq3dLL/AQAAoAe5+2+MW+x/AAAAaEbu/pfFLfY/AAAANCN3/8vjlk72v/5/tf1/flz/r/+fHaX/j0/Q/2/T/+v/j2Jq/f/e//4cu1/fGPo30X4H9P/3/M3pP939Ef2//l//r//3/H+WYBT9/5mzv7rM3f+KuKWT/Q8AAAA9yN3/yrjF/gcAAIBm5O5/Vdxi/wMAAEAzcve/Om454v7/3aW+q/NH/+/5//r/Efb/Qf+/Tf+v/z+KqfX/e3n+v/5f/z/d96//1/+z3yj6/x3fzt3/mrjF1/8BAACgGbn7Xxu32P8AAADQjNz9r4tb7H8AAABoRu7+m+KWTva//l//r//X/+v/h1//uP3/5myY/v/80P/Pp/9fQP+v/9f/6/9ZqrH1/7n7b45bOtn/AAAA0IPc/a+PW+x/AAAAaEbu/jfELfY/AAAATEmmY4Ny978xbulk/+v/9f/6f/2//n/49T3/f5om2v/XPwan2v9fOKX+/5Y5b2Co/z9zUv+v/9f/6/85prH1/7n73xS3dLL/AQAAoAe5+2+JW+x/AAAAaEbu/lvjFvsfAAAAmpG7/81xSyf7X/+v/19m/5/0/8M/P/T/+n/9/+pNtP8vU+3/Pf9f/z/T/+v/9f8MGFv/n7v/trilk/0PAAAAPcjdf3vcYv8DAABAM3L3vyVusf8BAACgGbn774hbOtn/+n/9v+f/6//1/8Ovr/+fptX1/7P19f8PXXDU7+ZA+v8F9P/6f/2//p+lGlv/n7v/rXFLJ/sfAAAAepC7/864xf4HAACAZuTuf1vcYv8DAABAM3L3vz1u6WT/6//1/9Ps/6/bHHr/+n/9/0z/3z3P/59P/7+A/l//r//X/7NUY+v/c/e/I27pZP8DAABAD3L33xW32P8AAADQjNz974xb7H8AAABoRu7+d8Utnex//b/+f3f/P5tNo//3/P+Z/r+F/n9zpv9fOv3/fIfr/y/T/+v/2+r/L5g11P+fOvDz9f+M0dj6/9z9745bOtn/AAAA0IPc/e+JW+x/AAAAaMD2n53J3f/euMX+BwAAgDE7cZS/OXf/++KWTvb/9Pv/k3s+Uf8/m83uv6r55//r/2f6/xb6//pR1f8vj/5/Ps//X0D/32b/7/n/+n/WZmz9f+7+98ctnex/AAAA6EHu/g/ELfY/AAAANCN3/wfjFvsfAAAAmpG7/0NxSyf7f/r9/95P1P/Pzun5//r/rQ/o//X/+v/J0v/Pp/9fQP+/sJ/fOODXPTP9v/5f/8+AsfX/ufs/HLd0sv8BAACgB7n7745b7H8AAABoRu7+e+IW+x8AAACakbv/I3FLJ/tf/6//1/9Ps//f1P/r//X/g8bS/1966Z/cq//X/7fY/8+j/9f/6//Za2z9f+7+j8Ytnex/AAAA6EHu/o/FLfY/AAAANCN3/8fjFvsfAAAAmpG7/xNxSyf7f3//f9Fsu1DdNtT/R6Om/99B/7/7/ev/h39+eP6//l//v3pj6f89//9471//r/+f8vs/Uv//B/s/X/9Pi8bW/+fuvzdu6WT/AwAAQA9y938ybrH/AQAAoBm5+z8Vt9j/AAAA0Izc/ffFLZ3sf8//1//r//X/+v/h19f/T5P+fz79/wL6f/2/5/9f8VcX6v9ZnrH1/7n7Px23bA2/P/ydY/7HBAAAAEYkd/9n4pZOvv4PAAAAPcjd/9m4xf4HAACAZuTu/1zc0sn+1//r//X/+n/9//Dr6/+nSf8/n/5/gX76/82hD667nz9X637/zfT/nv/PEo2t/8/d//m4pZP9DwAAAD3I3f+FuMX+BwAAgGbk7v9i3GL/AwAAQDNy998ft3Sy//X/+v/2+/+/1P/veX39v/6/Zfr//Df6MP3/Av30/4PW3c9P/f3r//X/7De2/j93/wNxSyf7HwAAAHqQu/9LcYv9DwAAAM3I3f/luMX+BwAAgGbk7v9K3NLJ/tf/99X/b8x67P89/1//r//vyXT6/xtPDH3U8//1//r/6b5//b/+n/3G1v/n7n9w40SX+x8AAACm6s//6G8fOOzf++DWXzdnX41b7H8AAABoRu7+r8Ut9j8AAAA0I3f/1+OWTva//r+v/r/P5//r//X/+v+eTKf/H6b/1//r/6f7/vX/+n/2G1v/n7v/obhlx/Ab/B/oAQAAACYjd/834pZOvv4PAAAAPcjd/824Zd/+P3PIP9UOAAAAjE3u/m/FLZ18/V//P/L+f7ai/j/+Pv3/Nv2//n/o9fX/09Ra/39yNqr+/8yG/l//P4f+X/+v/2evsfX/ufvvvG3W5f4HAACARu36HYVvb/11c/aduMX+BwAAgGbk7v9u3GL/AwAAQDNy938vbulk/+v/R97/H+v5/6fq//L8/877/2s3B19f/6//b1lr/b/n/29/XP+/Tf8/7vev/9f/s98R+v+tQbrq/j93//fjlk72PwAAAPQgd/8P4hb7HwAAAJqRu/+HcYv9DwAAAM3I3f+juKWT/a//X0P/f93J2Wyl/f8hnv+v/++j/z/g9dvp/3/vktN3/8Vf33qz/p+zzmf/nz8X9P/6/zX0/zfFzz/9/4jev/5f/89+Y3v+f+7+H8ctnex/AAAA6EHu/ofjFvsfAAAAmpG7/ydxi/0PAAAAzcjd/9O4pZP9r/9v8fn/0+z/88d6Df3/6en1/9kU997/e/6//n8/z/+fT/+/wHT6/61ve/7/uN6//l//z35j6/9z9/8sbulk/wMAAEAPcvf/PG7J/b9x5N+6BwAAAEYmd/8v4hZf/wcAAIBm5O5/JG7pZP/r//X/Y+n/k+f/n/08z//fpv/X/x+F/n8+/f8C+n/9v/5f/89Sja3/z93/y7ilk/0PAAAAPcjd/2jcYv8DAABAM3L3/ypusf8BAACgGbn7fx23dLL/9f/6f/2//l//P/z6+v9p0v/Pp/9/zMUHvwH9v/5f/6//Z6nG1v/n7v9tAAAA//89hVJZ")
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000c80)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[], 0x1, 0xc4d, &(0x7f0000001b40)="$eJzs3V1sXGdaB/DnnWMndsqyU9qmXbpIsxSxaZoE56OtUVrkbIy1K0VtVMcLNyCP40kY1R67trNKK1gFCbgBQVCRVsAFuUHigovcIKEVQhE3iwRIEajSIpAItI1WQoBXsLBiJYzOzDv22BvXbr6cNL/fbvKfc+Y9M++Z9jlzpprnTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEV/46RNDh9NOzwIAuJ9eG39j6Kj3fwB4pJzx+R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK2lKOKtSPHe2HKabC93DJxqti5cnBgdu/VmgylSVKJojy//DBw+cvTYiy+9PNzNj97+bvtMvD5+5kTt5Nzs/EJjcbExXZtoNc/OTTe2/Qh3uv1G+9svQG32zQvT584t1o4cOrru7ovVm7sf21s9Pvzsgee7YydGx8bGe8b09d/2s3+fdPceik+QXVHEFyPFNw5+K9UjohJ3XgtbHDvutcHoK+uvvRMTo2PtHZlp1ltL5Z2pkkf1RVR7Nhrp1sh9qMU7MhJxqfznVE54f7l74/P1hfrUTKN2ur6w1FxqzrVSpTPbcn+qUYnhFDEfEcvFTk+eB01/FPFqpLj5veU0FRFFtw5eeG38jaGjm2/Ydx8nucnTV4uI6/EQ1Cw8oHZHEb8dKd6dHIqzua7aZfNBxOfLfCXirTKvpbicl1N5gBiO+Lb3E3io9UURfxMp5tJymu7Wfvu88tSXa19qnZvrGds9r3zoPx/cT85NeIANRBFT7TP+5XT7/7ELAAAAAAAAAAAAALg/ivh6pLg6uy/NR29PabN1vnamPjXT+VZw97v/tbzVysrKSjV1spZzKOdIztM5J3PO57yU83LOKzmv5ryW83rOGzmXc0YlP3/OWs6hnCM5T+eczDmf81LOyzmvdLLb0bhyLa+/nvNGzuWcoe8JAAAAAAAAAAAAAAAAAACAu2wwiviNSPHvv/+V9u9KR/t36T99fPjkqU/1/mb8M1s8Tjn2UER8Pbb3m7y78m+Np0r5v7u/X8DWBqKIr+bf//vlnZ4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQKhEEb8SKb72neUUKSJGIiajkzeKnZ4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDanYp4NVL87O+OrK7ri4jU/n/HvvKvYzFS5HyizFdi5HA7KyMnyhyIOLQD8wdu3+Lb77xZn5lpLLjhhhturN7Y6SMTAAAAAAAAAAAAAAAAADzCUhF/Hyl+8veWUzUiLlZv7n5sb/X48LMHni+iaF8EIPWOf338zInaybnZ+YXG4mJjujbRap6dm25s9+kGTjVbFy5OjI7dk53Z0uA9nv/gwMm5+bcXmud/YemW9+8ZODG1uLRQP3vru2Mw+iKGetfsb094YnSsPemZZr3V3jRVNplgX0RtuzvDI29PKuJ/I8V7B78Zj+d1+fof/Z2lter/w19cW/rhvvW5+q9j+/jx6ePDJ/c8t53babsT3d8uvLIQxsZ7VvflWf5Qz7pqnte2HxseUWX9vxApfv6PitStoVz/P9BZKlbH/s9X12rq+IZctUP1/0TPuuP5qNXfFzGwNDvf/3TEwOLb7xxsztbPN843WseOvPzS8LGXXzz2Uv+uiIFzzZnG0Nqtbb92AAAAAAAAAAAAAAAAAHCv9KcivhApfunv/nK1bzz3/32qs7TW/9fb/7tvw+P0Xjdgs9u37PXboq+vV/mcKRXxVKR49s+eac83xR4973Cb9qQivlvW0/QX0+fyulz/ubP/1vV/aUOu2qH+38d71l3Kx4n/iBSP/8Ez8bme48TG7t5y3F9Eiqkf+WweF7vKcd3H6/REdxqDy7FfiRTvn14/tts3/cTa2MPb3S3YSWX9z0aKf/itv40fzevWX//j1vW/Z0Ou2qH6f7J3nyJi8e133qzPzDQWFrf9UsAjp6z/X48Uf/0n34zn8rqPuv5P9zo/+55bn4PdQTtU/0/1rKvmef3Yx3wtAAAAAAAAAAAA4GGxJxXxT5Hiz//0QDqY123n+7/TG3LVDn3/7+meddPrvv97725s+0UGAIAHRH8q4icixR9Pf5C6vbGb9v++stb/M7rxxL19Tv+D7T7/j3Wu/zH6/8vnTKmI/8t9vUNb9PX+eKT4tZ86kMelveW4ke50238PvDbXOnhiZmbubH2pPjXTqI3P1882ym33R4p//bfP5m0r7T7fbn90pzd4rSf4dyLFz33YHdvpCe72Uj65NvZwOfZgpPju++vHdvuunlobe6Qc+5uRYuy/bz1279rYo+XYf4wU//lurTt2Tzm2+3nu6bWxh87OzXzfRzYAAAAAAAAAAAAAAAAAAAB2Xn8qIkWKaz9zZbU3fv31v7rXAVh//a+N7tXv/1fvzm4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEMhRRH/FSneG1tON4pyuWPgVLN14eLE6NitNxtMkaISRXt8+Wfg8JGjx1586eXhbn709nfbZ+L18TMnaifnZucXGouLjenaRKt5dm66se1HuL3ti03v2d9+AWqzb16YPndusXbk0NF1d1+s3tz92N7q8eFnDzzfHTsxOjY23jOmr3/bs99SunsPxSfIrijiryLFNw5+K/1zEVGJ266FVVscO+61wegr66+9ExOjY+0dmWnWW0vlnamSR/VFVHs2GunWyH2oxTsyEnEpIirlhPeXuzc+X1+oT800aqfrC0vNpeZcK1U6sy33pxqVGE4R8xGxvPnRikdUfxRxLVLc/N5y+pei84bWroMXXht/Y+jo5hv23cdJbvL01SLiejwENQsPqN1RxJOR4t3JoXi/6NRVu2w+iPh8ma9EvFXmtRSX83IqDxDDEd/2fgIPtb4o4nSkmEvL6YMi1377vPLUl2tfap2b6xnbPa986D8f3E/OTXiADUQRH7bP+JfTh97PAQAAAAAAAAAAAOABV8SrkeLq7L7U7g9d7Sltts7XztSnZjpf6+9+97+Wt1pZWVmppk7Wcg7lHMl5Oudkzvmcl3Jeznkl59Wc13Jez3mjnbvbjYnlclTy8+es5RzKOZLzdM7JnPM5L+W8nPNKzqs5r+W8nvNGzuWcH9H1DwAAAAAAAAAAAAAAAAAAd6QSRfxqpPjad5bTStH5fdnJ6OSN9X2uu3ZqjsC98f8BAAD//3zgG/w=")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0xa00}])

315.549699ms ago: executing program 0 (id=833):
r0 = syz_io_uring_setup(0x5ce, &(0x7f0000000240)={0x0, 0x7734, 0x80, 0x40000, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
r3 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r3, 0xc01064c8, &(0x7f0000000200)={0x0, 0x0, 0x0})
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0xb2752a96f73d6e14, 0x0, 0x0, 0x0, 0x23456})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

315.098246ms ago: executing program 3 (id=834):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x200000, 0x0, 0x0, 0x0, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='configfs\x00', 0x2018005, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mount$9p_unix(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x12d7498, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
umount2(&(0x7f0000000180)='./file0/file0\x00', 0x0)

314.214105ms ago: executing program 5 (id=835):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000340)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000300)=[{&(0x7f00000000c0)="a8", 0x1}], 0x1}, 0x7d7c4ec64fb8ab44)
ioctl$BTRFS_IOC_INO_LOOKUP(r0, 0xd0009412, &(0x7f0000000380)={0x0, 0x6a0})
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000100)=@sack_info={0x0, 0x101, 0xafb}, 0xc)

0s ago: executing program 3 (id=836):
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
r1 = dup2(r0, r0)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000240)={'\x00', 0x40, 0xa, 0x1, 0x40000000, 0x10})
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)
ioctl$BLKTRACETEARDOWN(r1, 0x1276, 0x0)

kernel console output (not intermixed with test programs):

651824][   T24] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  160.712740][   T24] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  161.500473][ T6759] loop3: detected capacity change from 0 to 40427
[  161.576792][ T6759] F2FS-fs (loop3): invalid crc value
[  161.996464][ T6759] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  162.400984][ T5850] syz-executor: attempt to access beyond end of device
[  162.400984][ T5850] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  162.418304][ T6780] loop5: detected capacity change from 0 to 40427
[  162.449615][ T5850] CPU: 0 UID: 0 PID: 5850 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  162.449663][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  162.449685][ T5850] Call Trace:
[  162.449696][ T5850]  <TASK>
[  162.449710][ T5850]  dump_stack_lvl+0x16c/0x1f0
[  162.449773][ T5850]  f2fs_handle_critical_error+0x621/0x9f0
[  162.449822][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.449867][ T5850]  ? f2fs_build_fault_attr+0x53/0x1f0
[  162.449918][ T5850]  f2fs_write_end_io+0x785/0xc20
[  162.449973][ T5850]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  162.450031][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.450084][ T6780] F2FS-fs (loop5): invalid crc value
[  162.450087][ T5850]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  162.450135][ T5850]  bio_endio+0x70d/0x850
[  162.450176][ T5850]  submit_bio_noacct+0x56d/0x1eb0
[  162.450238][ T5850]  __submit_merged_bio+0x33c/0x770
[  162.450294][ T5850]  __submit_merged_write_cond+0x319/0x3f0
[  162.450357][ T5850]  f2fs_write_cache_pages+0x2067/0x2570
[  162.450445][ T5850]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  162.450500][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.450544][ T5850]  ? exit_to_user_mode_loop+0xeb/0x110
[  162.450598][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.450639][ T5850]  ? __lock_acquire+0xb8a/0x1c90
[  162.450727][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.450844][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.450885][ T5850]  ? _raw_spin_unlock+0x28/0x50
[  162.450930][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.450971][ T5850]  ? free_unref_folios+0x1195/0x1800
[  162.451016][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.451067][ T5850]  f2fs_write_data_pages+0x4ad/0xd90
[  162.451132][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  162.451183][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.451239][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.451287][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  162.451360][ T5850]  do_writepages+0x27a/0x600
[  162.451424][ T5850]  ? __pfx_do_writepages+0x10/0x10
[  162.451477][ T5850]  ? do_raw_spin_unlock+0x172/0x230
[  162.451519][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.451560][ T5850]  ? _raw_spin_unlock+0x28/0x50
[  162.451618][ T5850]  filemap_fdatawrite_wbc+0x104/0x160
[  162.451680][ T5850]  __filemap_fdatawrite_range+0xb2/0xf0
[  162.451725][ T5850]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  162.451837][ T5850]  ? find_held_lock+0x2b/0x80
[  162.451884][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.451927][ T5850]  ? do_raw_spin_unlock+0x172/0x230
[  162.451968][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.452018][ T5850]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  162.452099][ T5850]  block_operations+0x2a3/0xfd0
[  162.452162][ T5850]  ? __pfx___schedule+0x10/0x10
[  162.452215][ T5850]  ? __pfx_block_operations+0x10/0x10
[  162.452336][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.452378][ T5850]  ? down_write+0x14d/0x200
[  162.452411][ T5850]  ? __pfx_down_write+0x10/0x10
[  162.452448][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.452489][ T5850]  ? rcu_is_watching+0x12/0xc0
[  162.452543][ T5850]  f2fs_write_checkpoint+0x2b8/0x4c60
[  162.452614][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.452655][ T5850]  ? kfree+0x2b4/0x4d0
[  162.452682][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.452730][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.452771][ T5850]  ? rcu_is_watching+0x12/0xc0
[  162.452815][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.452856][ T5850]  ? kthread_stop+0x273/0x650
[  162.452896][ T5850]  kill_f2fs_super+0x3c2/0x470
[  162.452930][ T5850]  ? __pfx_kill_f2fs_super+0x10/0x10
[  162.452961][ T5850]  ? lockdep_hardirqs_on+0x7c/0x110
[  162.453036][ T5850]  deactivate_locked_super+0xc1/0x1a0
[  162.453076][ T5850]  deactivate_super+0xde/0x100
[  162.453116][ T5850]  cleanup_mnt+0x225/0x450
[  162.453160][ T5850]  task_work_run+0x150/0x240
[  162.453202][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  162.453238][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  162.453284][ T5850]  ? __pfx___x64_sys_umount+0x10/0x10
[  162.453340][ T5850]  exit_to_user_mode_loop+0xeb/0x110
[  162.453384][ T5850]  do_syscall_64+0x3f6/0x4c0
[  162.453444][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  162.453479][ T5850] RIP: 0033:0x7fdafb98fc57
[  162.453507][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  162.453540][ T5850] RSP: 002b:00007ffe89f294a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  162.453572][ T5850] RAX: 0000000000000000 RBX: 00007fdafba10a8d RCX: 00007fdafb98fc57
[  162.453601][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe89f29560
[  162.453622][ T5850] RBP: 00007ffe89f29560 R08: 0000000000000000 R09: 0000000000000000
[  162.453643][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe89f2a5f0
[  162.453665][ T5850] R13: 00007fdafba10a8d R14: 00000000000279b6 R15: 00007ffe89f2a630
[  162.453717][ T5850]  </TASK>
[  162.756963][ T5850] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  163.033018][ T1157] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.061812][ T6780] F2FS-fs (loop5): Start checkpoint disabled!
[  163.102338][ T6780] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  163.229140][ T1157] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.283506][ T6812] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.269'.
[  163.368467][ T6780] F2FS-fs (loop5): ino:10, start:0, end:8192, need to trigger GC to reclaim enough free segment when checkpoint is enabled
[  163.513341][ T1157] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  163.549169][   T12] kworker/u8:0: attempt to access beyond end of device
[  163.549169][   T12] loop5: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  163.564159][ T6816] netlink: 12 bytes leftover after parsing attributes in process `syz.0.270'.
[  163.612851][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  163.612899][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.612923][   T12] Workqueue: writeback wb_workfn (flush-7:5)
[  163.612967][   T12] Call Trace:
[  163.612978][   T12]  <TASK>
[  163.612991][   T12]  dump_stack_lvl+0x16c/0x1f0
[  163.613049][   T12]  f2fs_handle_critical_error+0x621/0x9f0
[  163.613098][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.613145][   T12]  ? f2fs_build_fault_attr+0x53/0x1f0
[  163.613193][   T12]  f2fs_write_end_io+0x785/0xc20
[  163.613245][   T12]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  163.613298][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.613351][   T12]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  163.613398][   T12]  bio_endio+0x70d/0x850
[  163.613437][   T12]  submit_bio_noacct+0x56d/0x1eb0
[  163.613493][   T12]  __submit_merged_bio+0x33c/0x770
[  163.613548][   T12]  __submit_merged_write_cond+0x319/0x3f0
[  163.613616][   T12]  f2fs_write_cache_pages+0x2067/0x2570
[  163.613701][   T12]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  163.613763][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.613815][   T12]  ? __pfx_f2fs_sync_meta_pages+0x10/0x10
[  163.613874][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.614014][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.614067][   T12]  f2fs_write_data_pages+0x4ad/0xd90
[  163.614135][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  163.614204][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.614248][   T12]  ? __lock_acquire+0xb8a/0x1c90
[  163.614308][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  163.614366][   T12]  do_writepages+0x27a/0x600
[  163.614431][   T12]  ? __pfx_do_writepages+0x10/0x10
[  163.614487][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.614530][   T12]  ? reacquire_held_locks+0xcd/0x1f0
[  163.614563][   T12]  ? writeback_sb_inodes+0x3a4/0xf90
[  163.614636][   T12]  __writeback_single_inode+0x160/0xfb0
[  163.614699][   T12]  ? __pfx___writeback_single_inode+0x10/0x10
[  163.614757][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.614800][   T12]  ? do_raw_spin_unlock+0x172/0x230
[  163.614843][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.614894][   T12]  writeback_sb_inodes+0x601/0xf90
[  163.614974][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  163.615031][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.615141][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.615185][   T12]  ? rcu_is_watching+0x12/0xc0
[  163.615232][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.615275][   T12]  ? queue_io+0x3f6/0x520
[  163.615332][   T12]  wb_writeback+0x419/0xb70
[  163.615399][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  163.615455][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.615511][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.615553][   T12]  ? mark_held_locks+0x49/0x80
[  163.615625][   T12]  wb_workfn+0x14d/0xbe0
[  163.615663][   T12]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  163.615720][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  163.615757][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.615805][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.615855][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.615897][   T12]  ? rcu_is_watching+0x12/0xc0
[  163.615952][   T12]  process_one_work+0x9cf/0x1b70
[  163.616012][   T12]  ? __pfx_process_one_work+0x10/0x10
[  163.616053][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.616108][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.616151][   T12]  ? assign_work+0x1a0/0x250
[  163.616192][   T12]  worker_thread+0x6c8/0xf10
[  163.616254][   T12]  ? __pfx_worker_thread+0x10/0x10
[  163.616294][   T12]  kthread+0x3c5/0x780
[  163.616330][   T12]  ? __pfx_kthread+0x10/0x10
[  163.616367][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.616410][   T12]  ? rcu_is_watching+0x12/0xc0
[  163.616458][   T12]  ? __pfx_kthread+0x10/0x10
[  163.616496][   T12]  ret_from_fork+0x5d7/0x6f0
[  163.616550][   T12]  ? __pfx_kthread+0x10/0x10
[  163.616592][   T12]  ret_from_fork_asm+0x1a/0x30
[  163.616657][   T12]  </TASK>
[  163.669978][ T5986] IPVS: starting estimator thread 0...
[  163.692613][   T12] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  163.716162][ T6818] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  163.720275][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  163.720322][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  163.720345][   T12] Workqueue: writeback wb_workfn (flush-7:5)
[  163.720387][   T12] Call Trace:
[  163.720398][   T12]  <TASK>
[  163.720411][   T12]  dump_stack_lvl+0x16c/0x1f0
[  163.720467][   T12]  f2fs_handle_critical_error+0x621/0x9f0
[  163.720513][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.720555][   T12]  ? f2fs_build_fault_attr+0x53/0x1f0
[  163.720606][   T12]  f2fs_write_end_io+0x785/0xc20
[  163.720656][   T12]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  163.720709][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.720761][   T12]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  163.720807][   T12]  bio_endio+0x70d/0x850
[  163.720846][   T12]  submit_bio_noacct+0x56d/0x1eb0
[  163.720901][   T12]  __submit_merged_bio+0x33c/0x770
[  163.720954][   T12]  __submit_merged_write_cond+0x319/0x3f0
[  163.721014][   T12]  f2fs_write_cache_pages+0x2067/0x2570
[  163.721096][   T12]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  163.721155][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.721204][   T12]  ? __pfx_f2fs_sync_meta_pages+0x10/0x10
[  163.721263][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.721402][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.721451][   T12]  f2fs_write_data_pages+0x4ad/0xd90
[  163.721514][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  163.721584][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.721625][   T12]  ? __lock_acquire+0xb8a/0x1c90
[  163.721683][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  163.721740][   T12]  do_writepages+0x27a/0x600
[  163.721803][   T12]  ? __pfx_do_writepages+0x10/0x10
[  163.721856][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.721897][   T12]  ? reacquire_held_locks+0xcd/0x1f0
[  163.721928][   T12]  ? writeback_sb_inodes+0x3a4/0xf90
[  163.721991][   T12]  __writeback_single_inode+0x160/0xfb0
[  163.722051][   T12]  ? __pfx___writeback_single_inode+0x10/0x10
[  163.722106][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.722147][   T12]  ? do_raw_spin_unlock+0x172/0x230
[  163.722189][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.722237][   T12]  writeback_sb_inodes+0x601/0xf90
[  163.722315][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  163.722368][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.722476][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.722518][   T12]  ? rcu_is_watching+0x12/0xc0
[  163.722563][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.722608][   T12]  ? queue_io+0x3f6/0x520
[  163.722662][   T12]  wb_writeback+0x419/0xb70
[  163.722728][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  163.722781][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.722835][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.722876][   T12]  ? mark_held_locks+0x49/0x80
[  163.722939][   T12]  wb_workfn+0x14d/0xbe0
[  163.722976][   T12]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  163.723030][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  163.723067][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.723113][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.723160][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.723202][   T12]  ? rcu_is_watching+0x12/0xc0
[  163.723254][   T12]  process_one_work+0x9cf/0x1b70
[  163.723313][   T12]  ? __pfx_process_one_work+0x10/0x10
[  163.723352][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.723405][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.723446][   T12]  ? assign_work+0x1a0/0x250
[  163.723486][   T12]  worker_thread+0x6c8/0xf10
[  163.723547][   T12]  ? __pfx_worker_thread+0x10/0x10
[  163.723588][   T12]  kthread+0x3c5/0x780
[  163.723624][   T12]  ? __pfx_kthread+0x10/0x10
[  163.723660][   T12]  ? srso_alias_return_thunk+0x5/0xfbef5
[  163.723701][   T12]  ? rcu_is_watching+0x12/0xc0
[  163.723747][   T12]  ? __pfx_kthread+0x10/0x10
[  163.723784][   T12]  ret_from_fork+0x5d7/0x6f0
[  163.723836][   T12]  ? __pfx_kthread+0x10/0x10
[  163.723871][   T12]  ret_from_fork_asm+0x1a/0x30
[  163.723934][   T12]  </TASK>
[  163.724095][   T12] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  163.891562][ T6820] IPVS: using max 21 ests per chain, 50400 per kthread
[  164.230035][ T6826] loop1: detected capacity change from 0 to 128
[  164.463877][ T6829] loop3: detected capacity change from 0 to 128
[  164.506533][ T5159] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  164.518511][ T6829] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  164.526577][ T5159] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  164.536301][ T6826] EXT4-fs (loop1): Test dummy encryption mode enabled
[  164.538019][ T6829] ext4 filesystem being mounted at /25/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  164.556171][ T5159] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  164.564064][ T1157] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  164.564494][ T5159] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  164.584814][ T5159] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  164.627378][ T6826] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  164.656469][ T6826] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.742964][ T6826] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  164.845655][ T5850] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  165.013084][ T6842] loop3: detected capacity change from 0 to 512
[  165.067062][ T5846] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  165.127341][ T6842] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.162655][ T6842] ext4 filesystem being mounted at /26/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  165.486655][ T6856] loop0: detected capacity change from 0 to 1024
[  165.495773][ T1157] bridge_slave_1: left allmulticast mode
[  165.512581][ T1157] bridge_slave_1: left promiscuous mode
[  165.530428][ T6856] EXT4-fs: Ignoring removed bh option
[  165.535736][ T1157] bridge0: port 2(bridge_slave_1) entered disabled state
[  165.573229][ T1157] bridge_slave_0: left allmulticast mode
[  165.585582][ T1157] bridge_slave_0: left promiscuous mode
[  165.593398][ T6856] EXT4-fs: Ignoring removed mblk_io_submit option
[  165.608174][ T1157] bridge0: port 1(bridge_slave_0) entered disabled state
[  165.617527][ T5850] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.639178][ T6856] EXT4-fs: Ignoring removed bh option
[  165.700498][ T6856] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.864494][   T30] audit: type=1800 audit(1752710471.395:25): pid=6856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.280" name="file1" dev="loop0" ino=15 res=0 errno=0
[  166.002848][   T30] audit: type=1804 audit(1752710471.525:26): pid=6864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.280" name="/newroot/57/file1/file1" dev="loop0" ino=15 res=1 errno=0
[  166.071475][   T30] audit: type=1800 audit(1752710471.525:27): pid=6864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.280" name="file1" dev="loop0" ino=15 res=0 errno=0
[  166.473519][ T5845] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.654925][ T5159] Bluetooth: hci5: command tx timeout
[  167.205733][ T6873] loop0: detected capacity change from 0 to 65536
[  167.299802][ T6873] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  167.539369][ T6873] XFS (loop0): Ending clean mount
[  167.562795][ T6873] XFS (loop0): Metadata CRC error detected at xfs_agf_read_verify+0x139/0x1e0, xfs_agf block 0x1 
[  167.575678][ T6873] XFS (loop0): Unmount and run xfs_repair
[  167.581500][ T6873] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  167.588875][ T6873] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  167.597777][ T6873] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  167.606667][ T6873] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  167.615937][ T6873] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  167.624832][ T6873] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  167.633720][ T6873] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  167.643145][ T6873] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  167.652218][ T6873] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  167.661433][ T6873] XFS (loop0): metadata I/O error in "xfs_read_agf+0x290/0x560" at daddr 0x1 len 1 error 74
[  167.674924][ T6873] XFS (loop0): page discard on page ffffea00004b6500, inode 0x26, pos 3072.
[  167.703255][ T6885] XFS (loop0): Metadata CRC error detected at xfs_agf_read_verify+0x139/0x1e0, xfs_agf block 0x1 
[  167.828474][ T6885] XFS (loop0): Unmount and run xfs_repair
[  167.851371][ T6885] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  167.886906][ T6885] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  167.938094][ T6885] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  167.949042][ T1157] bond1 (unregistering): (slave bridge1): Releasing backup interface
[  167.953808][ T6885] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  167.991348][ T1157] bridge1 (unregistering): left promiscuous mode
[  167.998034][ T6885] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  168.018076][ T6885] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  168.051616][ T6885] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  168.093180][ T6885] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  168.119792][ T6885] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  168.140945][ T6885] XFS (loop0): metadata I/O error in "xfs_read_agf+0x290/0x560" at daddr 0x1 len 1 error 74
[  168.165674][ T6885] XFS (loop0): page discard on page ffffea00004acd80, inode 0x26, pos 4096.
[  168.181098][ T6892] loop1: detected capacity change from 0 to 256
[  168.198455][ T6873] XFS (loop0): Metadata CRC error detected at xfs_agf_read_verify+0x139/0x1e0, xfs_agf block 0x1 
[  168.209326][ T6873] XFS (loop0): Unmount and run xfs_repair
[  168.215165][ T6873] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  168.223673][ T6873] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  168.232768][ T6873] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  168.241769][ T6873] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  168.250626][ T6873] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  168.259594][ T6873] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  168.268534][ T6873] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  168.277462][ T6873] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  168.286441][ T6873] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  168.297410][ T6873] XFS (loop0): metadata I/O error in "xfs_read_agf+0x290/0x560" at daddr 0x1 len 1 error 74
[  168.307725][ T6873] XFS (loop0): page discard on page ffffea0001a4c880, inode 0x26, pos 8192.
[  168.317944][ T6873] XFS (loop0): Metadata CRC error detected at xfs_agf_read_verify+0x139/0x1e0, xfs_agf block 0x1 
[  168.328648][ T6873] XFS (loop0): Unmount and run xfs_repair
[  168.334472][ T6873] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  168.341917][ T6873] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  168.350784][ T6873] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  168.359695][ T6873] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  168.368575][ T6873] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  168.377469][ T6873] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  168.386344][ T6873] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  168.397341][ T6873] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  168.406234][ T6873] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  168.415345][ T6873] XFS (loop0): metadata I/O error in "xfs_read_agf+0x290/0x560" at daddr 0x1 len 1 error 74
[  168.425686][ T6873] XFS (loop0): page discard on page ffffea00012bc400, inode 0x26, pos 16384.
[  168.435427][ T6873] XFS (loop0): Metadata CRC error detected at xfs_agf_read_verify+0x139/0x1e0, xfs_agf block 0x1 
[  168.446134][ T6873] XFS (loop0): Unmount and run xfs_repair
[  168.452003][ T6873] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  168.459380][ T6873] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  168.468260][ T6873] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  168.477145][ T6873] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  168.486030][ T6873] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  168.497125][ T6873] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  168.506004][ T6873] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  168.514927][ T6873] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  168.523841][ T6873] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  168.532737][ T6873] XFS (loop0): metadata I/O error in "xfs_read_agf+0x290/0x560" at daddr 0x1 len 1 error 74
[  168.543068][ T6873] XFS (loop0): page discard on page ffffea0001281800, inode 0x26, pos 32768.
[  168.552359][ T6873] XFS (loop0): Metadata CRC error detected at xfs_agf_read_verify+0x139/0x1e0, xfs_agf block 0x1 
[  168.563030][ T6873] XFS (loop0): Unmount and run xfs_repair
[  168.568762][ T6873] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  168.576353][ T6873] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  168.585254][ T6873] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  168.594152][ T6873] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  168.605056][ T6873] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  168.613953][ T6873] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  168.622844][ T6873] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  168.631738][ T6873] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  168.640588][ T6873] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  168.649485][ T6873] XFS (loop0): metadata I/O error in "xfs_read_agf+0x290/0x560" at daddr 0x1 len 1 error 74
[  168.659778][ T6873] XFS (loop0): page discard on page ffffea0000498340, inode 0x26, pos 65536.
[  168.670189][ T5928] loop0: writeback error on inode 38, offset 0, sector 22
[  168.731672][ T5159] Bluetooth: hci5: command tx timeout
[  168.733615][ T6892] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  168.812687][ T5845] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  168.908342][ T5845] XFS (loop0): Uncorrected metadata errors detected; please run xfs_repair.
[  169.044017][ T1157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  169.047409][ T6896] netlink: 4 bytes leftover after parsing attributes in process `syz.4.291'.
[  169.105913][ T1157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  169.126748][ T6896] netlink: 4 bytes leftover after parsing attributes in process `syz.4.291'.
[  169.148637][ T1157] bond0 (unregistering): Released all slaves
[  169.378188][ T6902] loop1: detected capacity change from 0 to 512
[  169.435521][ T1157] bond1 (unregistering): Released all slaves
[  169.436549][ T6902] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.489324][ T6902] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  169.494649][ T6830] chnl_net:caif_netlink_parms(): no params data found
[  169.519807][ T6889] sch_fq: defrate 2048 ignored.
[  169.649273][ T5846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.891985][ T6921] loop0: detected capacity change from 0 to 128
[  169.913688][ T6921] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  169.963515][ T6921] ext4 filesystem being mounted at /59/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  170.096885][ T6924] cgroup: fork rejected by pids controller in /syz5
[  170.362741][ T5845] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  170.424453][ T6830] bridge0: port 1(bridge_slave_0) entered blocking state
[  170.459861][ T6830] bridge0: port 1(bridge_slave_0) entered disabled state
[  170.480348][ T6830] bridge_slave_0: entered allmulticast mode
[  170.503680][ T6830] bridge_slave_0: entered promiscuous mode
[  170.741070][ T6830] bridge0: port 2(bridge_slave_1) entered blocking state
[  170.760190][ T6830] bridge0: port 2(bridge_slave_1) entered disabled state
[  170.780468][ T6830] bridge_slave_1: entered allmulticast mode
[  170.802767][ T6830] bridge_slave_1: entered promiscuous mode
[  170.816145][ T5159] Bluetooth: hci5: command tx timeout
[  170.922660][ T6932] loop0: detected capacity change from 0 to 40427
[  171.063470][ T6932] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  171.085001][ T6830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  171.117801][ T1157] hsr_slave_0: left promiscuous mode
[  171.125048][ T1157] hsr_slave_1: left promiscuous mode
[  171.131099][ T1157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  171.152269][ T5845] syz-executor: attempt to access beyond end of device
[  171.152269][ T5845] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  171.171087][ T1157] batman_adv: batadv0: Removing interface: batadv_slave_0
[  171.185717][ T5845] CPU: 1 UID: 0 PID: 5845 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  171.185766][ T5845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  171.185785][ T5845] Call Trace:
[  171.185796][ T5845]  <TASK>
[  171.185808][ T5845]  dump_stack_lvl+0x16c/0x1f0
[  171.185863][ T5845]  f2fs_handle_critical_error+0x621/0x9f0
[  171.185906][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.185946][ T5845]  ? f2fs_build_fault_attr+0x53/0x1f0
[  171.185991][ T5845]  f2fs_write_end_io+0x785/0xc20
[  171.186040][ T5845]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  171.186090][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.186140][ T5845]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  171.186184][ T5845]  bio_endio+0x70d/0x850
[  171.186220][ T5845]  submit_bio_noacct+0x56d/0x1eb0
[  171.186274][ T5845]  __submit_merged_bio+0x33c/0x770
[  171.186325][ T5845]  __submit_merged_write_cond+0x319/0x3f0
[  171.186383][ T5845]  f2fs_write_cache_pages+0x2067/0x2570
[  171.186464][ T5845]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  171.186524][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.186562][ T5845]  ? __lock_acquire+0x622/0x1c90
[  171.186631][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.186759][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.186797][ T5845]  ? mod_memcg_lruvec_state+0x394/0x610
[  171.186854][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.186893][ T5845]  ? __mod_zone_page_state+0xcc/0x1a0
[  171.186945][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.186993][ T5845]  f2fs_write_data_pages+0x4ad/0xd90
[  171.187053][ T5845]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  171.187120][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.187160][ T5845]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  171.187215][ T5845]  do_writepages+0x27a/0x600
[  171.187274][ T5845]  ? __pfx_do_writepages+0x10/0x10
[  171.187323][ T5845]  ? do_raw_spin_unlock+0x172/0x230
[  171.187362][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.187401][ T5845]  ? _raw_spin_unlock+0x28/0x50
[  171.187450][ T5845]  filemap_fdatawrite_wbc+0x104/0x160
[  171.187508][ T5845]  __filemap_fdatawrite_range+0xb2/0xf0
[  171.187550][ T5845]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  171.187655][ T5845]  ? find_held_lock+0x2b/0x80
[  171.187699][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.187739][ T5845]  ? do_raw_spin_unlock+0x172/0x230
[  171.187777][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.187823][ T5845]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  171.187898][ T5845]  block_operations+0x2a3/0xfd0
[  171.187956][ T5845]  ? __pfx___schedule+0x10/0x10
[  171.188005][ T5845]  ? __pfx_block_operations+0x10/0x10
[  171.188117][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.188155][ T5845]  ? down_write+0x14d/0x200
[  171.188185][ T5845]  ? __pfx_down_write+0x10/0x10
[  171.188219][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.188258][ T5845]  ? rcu_is_watching+0x12/0xc0
[  171.188307][ T5845]  f2fs_write_checkpoint+0x2b8/0x4c60
[  171.188369][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.188407][ T5845]  ? kfree+0x2b4/0x4d0
[  171.188433][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.188476][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.188514][ T5845]  ? rcu_is_watching+0x12/0xc0
[  171.188556][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.188597][ T5845]  ? kthread_stop+0x273/0x650
[  171.188634][ T5845]  kill_f2fs_super+0x3c2/0x470
[  171.188665][ T5845]  ? __pfx_kill_f2fs_super+0x10/0x10
[  171.188693][ T5845]  ? lockdep_hardirqs_on+0x7c/0x110
[  171.188763][ T5845]  deactivate_locked_super+0xc1/0x1a0
[  171.188799][ T5845]  deactivate_super+0xde/0x100
[  171.188836][ T5845]  cleanup_mnt+0x225/0x450
[  171.188876][ T5845]  task_work_run+0x150/0x240
[  171.188915][ T5845]  ? __pfx_task_work_run+0x10/0x10
[  171.188948][ T5845]  ? srso_alias_return_thunk+0x5/0xfbef5
[  171.188990][ T5845]  ? __pfx___x64_sys_umount+0x10/0x10
[  171.189042][ T5845]  exit_to_user_mode_loop+0xeb/0x110
[  171.189086][ T5845]  do_syscall_64+0x3f6/0x4c0
[  171.189143][ T5845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  171.189175][ T5845] RIP: 0033:0x7f67d378fc57
[  171.189200][ T5845] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  171.189231][ T5845] RSP: 002b:00007ffe5f085a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  171.189260][ T5845] RAX: 0000000000000000 RBX: 00007f67d3810a8d RCX: 00007f67d378fc57
[  171.189281][ T5845] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe5f085af0
[  171.189301][ T5845] RBP: 00007ffe5f085af0 R08: 0000000000000000 R09: 0000000000000000
[  171.189321][ T5845] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe5f086b80
[  171.189342][ T5845] R13: 00007f67d3810a8d R14: 0000000000029c4b R15: 00007ffe5f086bc0
[  171.189389][ T5845]  </TASK>
[  171.190392][ T5845] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  171.553376][ T1157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  171.975231][ T1157] batman_adv: batadv0: Removing interface: batadv_slave_1
[  172.022045][ T1157] veth1_macvtap: left promiscuous mode
[  172.027793][ T1157] veth0_macvtap: left promiscuous mode
[  172.040717][ T1157] veth1_vlan: left promiscuous mode
[  172.046186][ T1157] veth0_vlan: left promiscuous mode
[  172.506819][ T1157] team0 (unregistering): Port device team_slave_1 removed
[  172.539661][ T1157] team0 (unregistering): Port device team_slave_0 removed
[  172.837949][ T6830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  172.891437][ T5159] Bluetooth: hci5: command tx timeout
[  172.907810][ T6830] team0: Port device team_slave_0 added
[  172.919454][ T6830] team0: Port device team_slave_1 added
[  172.970526][ T6830] batman_adv: batadv0: Adding interface: batadv_slave_0
[  172.978920][ T6830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.007392][ T6830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  173.020536][ T6830] batman_adv: batadv0: Adding interface: batadv_slave_1
[  173.032951][ T6830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  173.067088][ T6830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  173.138492][ T6830] hsr_slave_0: entered promiscuous mode
[  173.145866][ T6830] hsr_slave_1: entered promiscuous mode
[  173.152708][ T6830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  173.160291][ T6830] Cannot create hsr debugfs directory
[  173.386622][ T1157] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.419688][ T6830] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  173.430840][ T6830] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  173.445767][ T6830] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  173.468949][ T1157] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.485851][ T6830] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  173.568704][ T1157] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.630875][ T6830] 8021q: adding VLAN 0 to HW filter on device bond0
[  173.657898][ T1157] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  173.695069][ T6830] 8021q: adding VLAN 0 to HW filter on device team0
[  173.709372][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  173.716532][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  173.737946][   T37] bridge0: port 2(bridge_slave_1) entered blocking state
[  173.745093][   T37] bridge0: port 2(bridge_slave_1) entered forwarding state
[  173.849339][ T1157] bridge_slave_1: left allmulticast mode
[  173.855339][ T1157] bridge_slave_1: left promiscuous mode
[  173.861061][ T1157] bridge0: port 2(bridge_slave_1) entered disabled state
[  174.136356][ T1157] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.147480][ T1157] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.158497][ T1157] bond0 (unregistering): Released all slaves
[  174.418318][ T1157] hsr_slave_0: left promiscuous mode
[  174.424896][ T1157] hsr_slave_1: left promiscuous mode
[  174.430989][ T1157] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  174.443936][ T1157] batman_adv: batadv0: Removing interface: batadv_slave_0
[  174.452205][ T1157] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  174.459622][ T1157] batman_adv: batadv0: Removing interface: batadv_slave_1
[  174.479787][ T1157] veth1_macvtap: left promiscuous mode
[  174.485440][ T1157] veth0_macvtap: left promiscuous mode
[  174.491040][ T1157] veth1_vlan: left promiscuous mode
[  174.497425][ T1157] veth0_vlan: left promiscuous mode
[  174.865678][ T1157] team0 (unregistering): Port device team_slave_1 removed
[  174.904123][ T1157] team0 (unregistering): Port device team_slave_0 removed
[  175.243641][ T6830] 8021q: adding VLAN 0 to HW filter on device batadv0
[  175.449631][ T1157] IPVS: stop unused estimator thread 0...
[  175.601033][ T6830] veth0_vlan: entered promiscuous mode
[  175.618443][ T6830] veth1_vlan: entered promiscuous mode
[  175.654134][ T6830] veth0_macvtap: entered promiscuous mode
[  175.667436][ T6830] veth1_macvtap: entered promiscuous mode
[  175.688714][ T6830] batman_adv: batadv0: Interface activated: batadv_slave_0
[  175.711794][ T6830] batman_adv: batadv0: Interface activated: batadv_slave_1
[  175.725286][ T6830] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  175.735758][ T6830] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  175.744849][ T6830] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  175.754007][ T6830] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  175.830999][ T1157] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  175.847446][ T1157] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  175.877004][ T1157] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  175.885613][ T1157] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  177.220365][   T55] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  177.408480][   T55] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  177.440028][   T55] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  177.469535][   T55] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  177.512794][   T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  177.573848][ T6971] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  177.594734][   T55] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  177.648875][ T5868] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  177.673564][ T5868] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  177.683663][ T5868] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  177.699189][ T5868] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  177.710534][ T5868] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  177.816988][   T55] usb 4-1: USB disconnect, device number 2
[  177.876478][ T5159] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  177.888436][ T5159] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  177.896324][ T5159] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  177.904819][ T5159] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  177.917466][ T5159] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  178.871196][ T6977] chnl_net:caif_netlink_parms(): no params data found
[  179.008630][ T6985] chnl_net:caif_netlink_parms(): no params data found
[  179.262436][ T6007] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[  179.392296][ T5972] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  179.470261][ T6007] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  179.500312][ T6007] usb 5-1: config 0 has no interface number 0
[  179.506918][ T6977] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.531843][ T6007] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  179.543323][ T6977] bridge0: port 1(bridge_slave_0) entered disabled state
[  179.550616][ T6977] bridge_slave_0: entered allmulticast mode
[  179.568412][ T6007] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  179.582950][ T6977] bridge_slave_0: entered promiscuous mode
[  179.590318][ T6007] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  179.599923][ T5972] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  179.612897][ T6977] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.620041][ T6977] bridge0: port 2(bridge_slave_1) entered disabled state
[  179.627479][ T5972] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  179.636638][ T6007] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.646640][ T5972] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  179.659302][ T5972] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  179.667633][ T6977] bridge_slave_1: entered allmulticast mode
[  179.674976][ T6007] usb 5-1: config 0 descriptor??
[  179.680764][ T7006] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  179.683158][ T7021] loop0: detected capacity change from 0 to 128
[  179.690801][ T6977] bridge_slave_1: entered promiscuous mode
[  179.700527][ T5972] usb 4-1: SerialNumber: syz
[  179.725685][ T6007] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  179.744698][ T7021] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  179.760892][ T7015] loop6: detected capacity change from 0 to 32768
[  179.770919][ T7021] ext4 filesystem being mounted at /67/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.771902][ T5159] Bluetooth: hci1: command tx timeout
[  179.794056][ T7021] EXT4-fs (loop0): shut down requested (1)
[  179.826730][ T7015] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  179.861007][ T5845] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  179.924235][   T24] usb 5-1: USB disconnect, device number 3
[  179.936778][ T7015] XFS (loop6): Ending clean mount
[  179.940107][ T5972] usb 4-1: 0:2 : does not exist
[  179.958924][ T5972] usb 4-1: 5:0: cannot get min/max values for control 1 (id 5)
[  179.975849][ T6977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  179.985415][ T5972] usb 4-1: 5:0: cannot get min/max values for control 3 (id 5)
[  179.986478][ T7015] XFS (loop6): Quotacheck needed: Please wait.
[  180.012068][ T5159] Bluetooth: hci3: command tx timeout
[  180.024181][ T6977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.040164][ T6985] bridge0: port 1(bridge_slave_0) entered blocking state
[  180.057671][ T5972] usb 4-1: USB disconnect, device number 3
[  180.061895][ T6985] bridge0: port 1(bridge_slave_0) entered disabled state
[  180.076302][ T7015] XFS (loop6): Quotacheck: Done.
[  180.086542][ T7034] overlayfs: overlapping lowerdir path
[  180.102258][ T6985] bridge_slave_0: entered allmulticast mode
[  180.109794][ T6985] bridge_slave_0: entered promiscuous mode
[  180.133440][ T7034] overlayfs: failed to verify upper root origin
[  180.174554][ T6985] bridge0: port 2(bridge_slave_1) entered blocking state
[  180.182519][ T6985] bridge0: port 2(bridge_slave_1) entered disabled state
[  180.189716][ T6985] bridge_slave_1: entered allmulticast mode
[  180.198216][ T6985] bridge_slave_1: entered promiscuous mode
[  180.279238][ T6977] team0: Port device team_slave_0 added
[  180.303280][ T7036] loop0: detected capacity change from 0 to 4096
[  180.323741][ T6985] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  180.336016][ T6977] team0: Port device team_slave_1 added
[  180.350957][ T7037] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  180.377453][   T30] audit: type=1800 audit(1752710485.905:28): pid=7036 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.325" name="file1" dev="loop0" ino=15 res=0 errno=0
[  180.408404][ T6985] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  180.540148][ T6977] batman_adv: batadv0: Adding interface: batadv_slave_0
[  180.570434][ T6977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  180.596374][    C0] vkms_vblank_simulate: vblank timer overrun
[  180.624901][ T6977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  180.691941][ T7045] netlink: 'syz.4.329': attribute type 4 has an invalid length.
[  180.756072][ T7048] netlink: 'syz.4.329': attribute type 4 has an invalid length.
[  180.798561][ T6830] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  180.970681][ T6985] team0: Port device team_slave_0 added
[  180.990265][ T6977] batman_adv: batadv0: Adding interface: batadv_slave_1
[  180.999451][ T6977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  181.025395][    C0] vkms_vblank_simulate: vblank timer overrun
[  181.179734][ T6977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  181.439124][ T6985] team0: Port device team_slave_1 added
[  181.851991][ T5159] Bluetooth: hci1: command tx timeout
[  181.963297][ T7064] loop6: detected capacity change from 0 to 256
[  181.982449][ T7064] exFAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  182.047995][ T7064] exFAT-fs (loop6): Medium has reported failures. Some data may be lost.
[  182.085156][ T6977] hsr_slave_0: entered promiscuous mode
[  182.091581][ T5159] Bluetooth: hci3: command tx timeout
[  182.136658][ T6977] hsr_slave_1: entered promiscuous mode
[  182.161350][ T7064] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  182.194941][ T6985] batman_adv: batadv0: Adding interface: batadv_slave_0
[  182.231303][ T6985] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.257285][    C0] vkms_vblank_simulate: vblank timer overrun
[  182.425497][ T6985] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  182.464592][ T6985] batman_adv: batadv0: Adding interface: batadv_slave_1
[  182.511000][ T6985] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  182.579542][ T6985] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  183.087214][ T6985] hsr_slave_0: entered promiscuous mode
[  183.102736][ T6985] hsr_slave_1: entered promiscuous mode
[  183.109206][ T6985] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  183.117983][ T6985] Cannot create hsr debugfs directory
[  183.690939][ T7096] binder: 7094:7096 ioctl 4018620d 0 returned -22
[  183.737047][ T7096] binder: 7094:7096 ioctl c0306201 0 returned -14
[  183.767389][ T7096] binder: 7094:7096 ioctl c018620c 0 returned -14
[  183.940856][ T5159] Bluetooth: hci1: command tx timeout
[  184.171684][ T5868] Bluetooth: hci3: command tx timeout
[  185.006849][ T6985] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.299157][ T6985] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.441362][ T5972] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  185.473341][ T7118] loop4: detected capacity change from 0 to 32768
[  185.508586][ T7118] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.355 (7118)
[  185.542851][ T7118] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  185.554547][ T7118] BTRFS info (device loop4): using crc32c (crc32c-x86_64) checksum algorithm
[  185.563405][ T7118] BTRFS info (device loop4): using free-space-tree
[  185.595572][ T6985] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.655141][ T5972] usb 1-1: Using ep0 maxpacket: 32
[  185.683332][ T5972] usb 1-1: config 0 has no interfaces?
[  185.704413][ T5972] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  185.720796][ T6985] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.741142][ T5972] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.770739][ T5972] usb 1-1: Product: syz
[  185.791458][ T5972] usb 1-1: Manufacturer: syz
[  185.809314][ T5972] usb 1-1: SerialNumber: syz
[  185.961024][ T5972] usb 1-1: config 0 descriptor??
[  186.007174][ T5847] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  186.017557][ T5868] Bluetooth: hci1: command tx timeout
[  186.069196][ T6977] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  186.121145][ T6977] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  186.161732][ T6977] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  186.200662][ T6977] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  186.215509][ T5972] usb 1-1: USB disconnect, device number 3
[  186.251877][ T5868] Bluetooth: hci3: command tx timeout
[  186.504559][ T6985] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  186.557344][ T6985] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  186.589695][ T6985] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  186.630786][ T6985] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  186.728542][ T7161] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  186.802186][ T5972] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  186.896402][ T6977] 8021q: adding VLAN 0 to HW filter on device bond0
[  186.996260][ T6977] 8021q: adding VLAN 0 to HW filter on device team0
[  187.001367][ T5972] usb 5-1: Using ep0 maxpacket: 8
[  187.025409][ T1157] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.032648][ T1157] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.033294][ T5972] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  187.063116][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.070265][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.106436][ T5972] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  187.155166][ T5972] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  187.206939][ T5972] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  187.219753][ T6985] 8021q: adding VLAN 0 to HW filter on device bond0
[  187.235200][ T5972] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  187.269979][ T5972] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  187.299050][ T6985] 8021q: adding VLAN 0 to HW filter on device team0
[  187.305184][ T5972] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.340733][   T37] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.347970][   T37] bridge0: port 1(bridge_slave_0) entered forwarding state
[  187.394797][ T1157] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.402034][ T1157] bridge0: port 2(bridge_slave_1) entered forwarding state
[  187.567217][ T5972] usb 5-1: usb_control_msg returned -32
[  187.577630][ T5972] usbtmc 5-1:16.0: can't read capabilities
[  187.745061][ T7182] loop3: detected capacity change from 0 to 256
[  187.851082][ T7182] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  187.864473][ T7182] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  187.886886][ T7182] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  187.971138][   T30] audit: type=1800 audit(1752710493.495:29): pid=7182 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.369" name="file1" dev="loop3" ino=1048616 res=0 errno=0
[  187.987673][ T7182] exFAT-fs (loop3): error, broken FAT chain.
[  188.019028][ T7182] exFAT-fs (loop3): Filesystem has been set read-only
[  188.036872][ T7182] exFAT-fs (loop3): error, failed to bmap (inode : ffff888047d20158 iblock : 8, err : -5)
[  188.927059][ T7192] loop3: detected capacity change from 0 to 40427
[  188.948482][ T7192] F2FS-fs (loop3): build fault injection rate: 690
[  188.955152][ T7192] F2FS-fs (loop3): Image doesn't support compression
[  188.959788][ T6977] 8021q: adding VLAN 0 to HW filter on device batadv0
[  188.961977][ T7192] F2FS-fs (loop3): Image doesn't support compression
[  188.978918][ T7192] F2FS-fs (loop3): invalid crc value
[  189.108372][ T7192] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  189.180083][ T5850] syz-executor: attempt to access beyond end of device
[  189.180083][ T5850] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  189.231844][ T5850] CPU: 1 UID: 0 PID: 5850 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  189.231895][ T5850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  189.231916][ T5850] Call Trace:
[  189.231927][ T5850]  <TASK>
[  189.231940][ T5850]  dump_stack_lvl+0x16c/0x1f0
[  189.231997][ T5850]  f2fs_handle_critical_error+0x621/0x9f0
[  189.232043][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.232085][ T5850]  ? f2fs_build_fault_attr+0x53/0x1f0
[  189.232131][ T5850]  f2fs_write_end_io+0x785/0xc20
[  189.232181][ T5850]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  189.232233][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.232285][ T5850]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  189.232330][ T5850]  bio_endio+0x70d/0x850
[  189.232368][ T5850]  submit_bio_noacct+0x56d/0x1eb0
[  189.232421][ T5850]  __submit_merged_bio+0x33c/0x770
[  189.232474][ T5850]  __submit_merged_write_cond+0x319/0x3f0
[  189.232534][ T5850]  f2fs_write_cache_pages+0x2067/0x2570
[  189.232623][ T5850]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  189.232685][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.232725][ T5850]  ? __lock_acquire+0x622/0x1c90
[  189.232792][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.232916][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.232958][ T5850]  ? bpf_ksym_find+0x124/0x1c0
[  189.233007][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.233055][ T5850]  f2fs_write_data_pages+0x4ad/0xd90
[  189.233117][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  189.233185][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.233226][ T5850]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  189.233281][ T5850]  do_writepages+0x27a/0x600
[  189.233342][ T5850]  ? __pfx_do_writepages+0x10/0x10
[  189.233394][ T5850]  ? do_raw_spin_unlock+0x172/0x230
[  189.233434][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.233475][ T5850]  ? _raw_spin_unlock+0x28/0x50
[  189.233525][ T5850]  filemap_fdatawrite_wbc+0x104/0x160
[  189.233585][ T5850]  __filemap_fdatawrite_range+0xb2/0xf0
[  189.233632][ T5850]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  189.233730][ T5850]  ? find_held_lock+0x2b/0x80
[  189.233775][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.233817][ T5850]  ? do_raw_spin_unlock+0x172/0x230
[  189.233856][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.233903][ T5850]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  189.233979][ T5850]  block_operations+0x2a3/0xfd0
[  189.234037][ T5850]  ? __pfx___schedule+0x10/0x10
[  189.234088][ T5850]  ? __pfx_block_operations+0x10/0x10
[  189.234196][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.234236][ T5850]  ? down_write+0x14d/0x200
[  189.234267][ T5850]  ? __pfx_down_write+0x10/0x10
[  189.234302][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.234342][ T5850]  ? rcu_is_watching+0x12/0xc0
[  189.234393][ T5850]  f2fs_write_checkpoint+0x2b8/0x4c60
[  189.234466][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.234507][ T5850]  ? rcu_is_watching+0x12/0xc0
[  189.234551][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.234598][ T5850]  ? kthread_stop+0x273/0x650
[  189.234636][ T5850]  kill_f2fs_super+0x3c2/0x470
[  189.234669][ T5850]  ? __pfx_kill_f2fs_super+0x10/0x10
[  189.234699][ T5850]  ? lockdep_hardirqs_on+0x7c/0x110
[  189.234770][ T5850]  deactivate_locked_super+0xc1/0x1a0
[  189.234809][ T5850]  deactivate_super+0xde/0x100
[  189.234847][ T5850]  cleanup_mnt+0x225/0x450
[  189.234890][ T5850]  task_work_run+0x150/0x240
[  189.234930][ T5850]  ? __pfx_task_work_run+0x10/0x10
[  189.234966][ T5850]  ? srso_alias_return_thunk+0x5/0xfbef5
[  189.235012][ T5850]  ? __pfx___x64_sys_umount+0x10/0x10
[  189.235068][ T5850]  exit_to_user_mode_loop+0xeb/0x110
[  189.235114][ T5850]  do_syscall_64+0x3f6/0x4c0
[  189.235174][ T5850]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  189.235210][ T5850] RIP: 0033:0x7fdafb98fc57
[  189.235237][ T5850] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  189.235273][ T5850] RSP: 002b:00007ffe89f294a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  189.235306][ T5850] RAX: 0000000000000000 RBX: 00007fdafba10a8d RCX: 00007fdafb98fc57
[  189.235330][ T5850] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe89f29560
[  189.235352][ T5850] RBP: 00007ffe89f29560 R08: 0000000000000000 R09: 0000000000000000
[  189.235374][ T5850] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe89f2a5f0
[  189.235398][ T5850] R13: 00007fdafba10a8d R14: 000000000002e2be R15: 00007ffe89f2a630
[  189.235447][ T5850]  </TASK>
[  189.235460][ T5850] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  189.734088][ T6977] veth0_vlan: entered promiscuous mode
[  189.820280][ T6985] 8021q: adding VLAN 0 to HW filter on device batadv0
[  189.862002][ T5986] usb 5-1: USB disconnect, device number 4
[  189.863510][ T6977] veth1_vlan: entered promiscuous mode
[  190.050524][ T6977] veth0_macvtap: entered promiscuous mode
[  190.109455][ T6977] veth1_macvtap: entered promiscuous mode
[  190.244805][ T6977] batman_adv: batadv0: Interface activated: batadv_slave_0
[  190.313891][ T6977] batman_adv: batadv0: Interface activated: batadv_slave_1
[  190.362488][ T6977] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  190.384540][ T6977] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  190.396512][ T6977] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  190.428638][ T6977] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  190.651111][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  190.681507][ T5972] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  190.686228][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  190.774974][   T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  190.806878][   T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  190.854711][ T5972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  190.889398][ T5972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  190.919840][ T5972] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  190.945356][ T5972] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.990752][ T5972] usb 1-1: config 0 descriptor??
[  191.014783][ T5972] hub 1-1:0.0: USB hub found
[  191.018187][ T7212] input: syz0 as /devices/virtual/input/input7
[  191.041388][ T5928] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  191.097867][ T6985] veth0_vlan: entered promiscuous mode
[  191.144721][ T6985] veth1_vlan: entered promiscuous mode
[  191.192683][ T5928] usb 7-1: Using ep0 maxpacket: 32
[  191.219313][ T5972] hub 1-1:0.0: 1 port detected
[  191.237820][ T5928] usb 7-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  191.268155][ T5928] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.291189][ T6985] veth0_macvtap: entered promiscuous mode
[  191.299166][ T5928] usb 7-1: config 0 descriptor??
[  191.352928][ T6985] veth1_macvtap: entered promiscuous mode
[  191.396804][ T6985] batman_adv: batadv0: Interface activated: batadv_slave_0
[  191.440810][ T6985] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.488440][ T6985] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.506896][ T6985] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.516764][ T6985] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  191.518600][ T5928] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  191.530825][ T6985] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  191.562674][ T7220] pimreg: entered allmulticast mode
[  191.600282][ T5928] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  191.633063][ T5972] usb 1-1: USB disconnect, device number 4
[  191.647659][ T5928] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  191.681473][ T5928] usb 7-1: media controller created
[  191.796645][ T5928] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  191.836040][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.881919][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.904327][ T5928] az6027: usb out operation failed. (-71)
[  191.938999][ T5928] az6027: usb out operation failed. (-71)
[  191.979040][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.988535][ T5928] stb0899_attach: Driver disabled by Kconfig
[  192.019823][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  192.021885][ T5928] az6027: no front-end attached
[  192.021885][ T5928] 
[  192.073660][ T5928] az6027: usb out operation failed. (-71)
[  192.092655][ T5928] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  192.139686][ T5928] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.6/usb7/7-1/input/input8
[  192.199234][ T5928] dvb-usb: schedule remote query interval to 400 msecs.
[  192.226719][ T5928] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  192.282307][ T7232] netlink: 348 bytes leftover after parsing attributes in process `syz.3.384'.
[  192.341838][ T5928] usb 7-1: USB disconnect, device number 2
[  192.433312][ T6007] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  192.522820][ T7236] loop0: detected capacity change from 0 to 8
[  192.568570][ T5928] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  192.646456][ T6007] usb 5-1: Using ep0 maxpacket: 8
[  192.684091][ T6007] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  192.702038][ T6007] usb 5-1: New USB device found, idVendor=050d, idProduct=3201, bcdDevice= 0.00
[  192.728720][ T6007] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  192.787294][ T6007] usb 5-1: config 0 descriptor??
[  192.942319][ T7243] fuse: Bad value for 'fd'
[  193.296287][ T6007] belkin 0003:050D:3201.0005: unknown main item tag 0x0
[  193.329903][ T6007] belkin 0003:050D:3201.0005: unknown main item tag 0x0
[  193.387329][ T6007] belkin 0003:050D:3201.0005: item fetching failed at offset 2/5
[  193.487306][ T6007] belkin 0003:050D:3201.0005: parse failed
[  193.508672][ T6007] belkin 0003:050D:3201.0005: probe with driver belkin failed with error -22
[  193.534792][ T6007] usb 5-1: USB disconnect, device number 5
[  194.561804][  T132] nci: nci_rx_work: unknown MT 0x1
[  195.085435][   T30] audit: type=1326 audit(1752710500.615:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.1.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f3e78e929 code=0x7ffc0000
[  195.152228][   T30] audit: type=1326 audit(1752710500.645:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.1.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f2f3e78e929 code=0x7ffc0000
[  195.264703][   T30] audit: type=1326 audit(1752710500.645:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7279 comm="syz.1.401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2f3e78e929 code=0x7ffc0000
[  196.308194][ T7308] loop0: detected capacity change from 0 to 4096
[  196.391684][ T6007] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  196.446630][ T7308] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  196.488613][ T7308] ntfs3(loop0): Failed to load $Extend (-22).
[  196.561368][ T6007] usb 7-1: Using ep0 maxpacket: 16
[  196.584077][ T6007] usb 7-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=e8.cf
[  196.613611][ T6007] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.646632][ T6007] usb 7-1: Product: syz
[  196.650859][ T6007] usb 7-1: Manufacturer: syz
[  196.691391][ T6007] usb 7-1: SerialNumber: syz
[  196.728324][ T6007] usb 7-1: config 0 descriptor??
[  196.761365][ T7308] ntfs3(loop0): Failed to initialize $Extend.
[  196.772125][ T6007] cypress_cy7c63 7-1:0.0: Cypress CY7C63xxx device now attached
[  196.811532][ T5159] Bluetooth: hci3: command 0x0405 tx timeout
[  196.992795][ T7314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.032113][ T7314] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.155962][ T5928] usb 7-1: USB disconnect, device number 3
[  197.169402][ T5928] cypress_cy7c63 7-1:0.0: Cypress CY7C63xxx device now disconnected
[  197.828829][ T7332] batadv_slave_0: entered promiscuous mode
[  197.852690][ T7332] syz_tun: entered promiscuous mode
[  197.853465][ T7296] loop5: detected capacity change from 0 to 40427
[  197.866467][ T7331] syz_tun: left promiscuous mode
[  197.871970][ T7331] batadv_slave_0: left promiscuous mode
[  197.907515][ T7330] loop1: detected capacity change from 0 to 4096
[  197.995507][ T7296] F2FS-fs (loop5): build fault injection rate: 690
[  198.026943][ T7296] F2FS-fs (loop5): Image doesn't support compression
[  198.063797][ T7296] F2FS-fs (loop5): Image doesn't support compression
[  198.098764][ T7338] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  198.110439][ T7296] F2FS-fs (loop5): invalid crc value
[  198.443181][ T5935] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  198.541495][ T7296] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  198.591182][ T5962] kworker/u8:8: attempt to access beyond end of device
[  198.591182][ T5962] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  198.617518][ T7350] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  198.640243][ T5962] CPU: 1 UID: 0 PID: 5962 Comm: kworker/u8:8 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  198.640290][ T5962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  198.640318][ T5962] Workqueue: writeback wb_workfn (flush-7:5)
[  198.640365][ T5962] Call Trace:
[  198.640377][ T5962]  <TASK>
[  198.640389][ T5962]  dump_stack_lvl+0x16c/0x1f0
[  198.640446][ T5962]  f2fs_handle_critical_error+0x621/0x9f0
[  198.640492][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.640535][ T5962]  ? f2fs_build_fault_attr+0x53/0x1f0
[  198.640583][ T5962]  f2fs_write_end_io+0x785/0xc20
[  198.640634][ T5962]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  198.640688][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.640740][ T5962]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  198.640787][ T5962]  bio_endio+0x70d/0x850
[  198.640825][ T5962]  submit_bio_noacct+0x56d/0x1eb0
[  198.640881][ T5962]  __submit_merged_bio+0x33c/0x770
[  198.640935][ T5962]  __submit_merged_write_cond+0x319/0x3f0
[  198.640995][ T5962]  f2fs_write_cache_pages+0x2067/0x2570
[  198.641078][ T5962]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  198.641131][ T5962]  ? ret_from_fork+0x5d7/0x6f0
[  198.641189][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.641234][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.641277][ T5962]  ? unwind_get_return_address+0x59/0xa0
[  198.641314][ T5962]  ? arch_stack_walk+0x88/0x100
[  198.641382][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.641489][ T5962]  ? __pfx___page_table_check_zero+0x10/0x10
[  198.641534][ T5962]  ? mark_held_locks+0x49/0x80
[  198.641593][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.641640][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.641692][ T5962]  f2fs_write_data_pages+0x4ad/0xd90
[  198.641757][ T5962]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  198.641824][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.641872][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.641915][ T5962]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  198.641973][ T5962]  do_writepages+0x27a/0x600
[  198.642037][ T5962]  ? __pfx_do_writepages+0x10/0x10
[  198.642092][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.642134][ T5962]  ? reacquire_held_locks+0xcd/0x1f0
[  198.642166][ T5962]  ? writeback_sb_inodes+0x3a4/0xf90
[  198.642229][ T5962]  __writeback_single_inode+0x160/0xfb0
[  198.642290][ T5962]  ? __pfx___writeback_single_inode+0x10/0x10
[  198.642353][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.642395][ T5962]  ? do_raw_spin_unlock+0x172/0x230
[  198.642437][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.642485][ T5962]  writeback_sb_inodes+0x601/0xf90
[  198.642564][ T5962]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  198.642620][ T5962]  ? __lock_acquire+0xb8a/0x1c90
[  198.642742][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.642784][ T5962]  ? rcu_is_watching+0x12/0xc0
[  198.642830][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.642872][ T5962]  ? queue_io+0x3f6/0x520
[  198.642928][ T5962]  wb_writeback+0x419/0xb70
[  198.642998][ T5962]  ? __pfx_wb_writeback+0x10/0x10
[  198.643047][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.643097][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.643135][ T5962]  ? mark_held_locks+0x49/0x80
[  198.643194][ T5962]  wb_workfn+0x14d/0xbe0
[  198.643228][ T5962]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  198.643278][ T5962]  ? __pfx_wb_workfn+0x10/0x10
[  198.643312][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.643360][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.643404][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.643442][ T5962]  ? rcu_is_watching+0x12/0xc0
[  198.643491][ T5962]  process_one_work+0x9cf/0x1b70
[  198.643545][ T5962]  ? __pfx_process_one_work+0x10/0x10
[  198.643581][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.643630][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.643669][ T5962]  ? assign_work+0x1a0/0x250
[  198.643705][ T5962]  worker_thread+0x6c8/0xf10
[  198.643750][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.643791][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.643829][ T5962]  ? __kthread_parkme+0x19e/0x250
[  198.643876][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.643917][ T5962]  ? __pfx_worker_thread+0x10/0x10
[  198.643953][ T5962]  kthread+0x3c5/0x780
[  198.643986][ T5962]  ? __pfx_kthread+0x10/0x10
[  198.644020][ T5962]  ? srso_alias_return_thunk+0x5/0xfbef5
[  198.644058][ T5962]  ? rcu_is_watching+0x12/0xc0
[  198.644100][ T5962]  ? __pfx_kthread+0x10/0x10
[  198.644134][ T5962]  ret_from_fork+0x5d7/0x6f0
[  198.644182][ T5962]  ? __pfx_kthread+0x10/0x10
[  198.644215][ T5962]  ret_from_fork_asm+0x1a/0x30
[  198.644273][ T5962]  </TASK>
[  199.128971][ T7351] syz.5.406: attempt to access beyond end of device
[  199.128971][ T7351] loop5: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  199.144851][ T7351] syz.5.406: attempt to access beyond end of device
[  199.144851][ T7351] loop5: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  199.340358][ T5962] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  199.415213][ T5935] usb 1-1: config 0 has an invalid interface number: 230 but max is 0
[  199.425620][ T5935] usb 1-1: config 0 has no interface number 0
[  199.431799][ T5935] usb 1-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  199.442743][ T5935] usb 1-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  199.454097][ T5935] usb 1-1: config 0 interface 230 has no altsetting 0
[  199.472482][ T5935] usb 1-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  199.483166][ T5935] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.491402][ T5935] usb 1-1: Product: syz
[  199.495586][ T5935] usb 1-1: Manufacturer: syz
[  199.500201][ T5935] usb 1-1: SerialNumber: syz
[  199.512062][ T5935] usb 1-1: config 0 descriptor??
[  199.517756][ T7344] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  199.539190][ T7344] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  199.558853][ T7361] loop4: detected capacity change from 0 to 2048
[  199.590997][ T7346] loop6: detected capacity change from 0 to 32768
[  199.597540][ T7361] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  199.609044][ T5935] ums-usbat 1-1:0.230: USB Mass Storage device detected
[  199.677528][ T5935] ums-usbat 1-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  199.717769][ T7363] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  199.733065][ T7346] ocfs2: Mounting device (7,6) on (node local, slot 0) with writeback data mode.
[  199.967048][ T6830] (syz-executor,6830,0):ocfs2_inode_is_valid_to_delete:885 ERROR: Skipping delete of system file 76
[  200.030207][ T6830] ocfs2: Unmounting device (7,6) on (node local)
[  200.092085][ T7372] loop4: detected capacity change from 0 to 4096
[  200.166836][ T7372] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  200.228590][ T7372] ntfs3(loop4): Failed to load $Extend (-22).
[  200.257592][ T7372] ntfs3(loop4): Failed to initialize $Extend.
[  200.508142][ T7385] loop5: detected capacity change from 0 to 1024
[  200.524544][ T7385] EXT4-fs: Ignoring removed nomblk_io_submit option
[  200.615036][ T7385] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  200.690737][ T7397] netlink: 12 bytes leftover after parsing attributes in process `syz.6.434'.
[  200.758421][ T7397] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  200.767490][ T7397] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  200.776332][ T7397] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  200.785667][ T7397] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  200.863704][ T7397] vxlan0: entered promiscuous mode
[  200.996314][ T6985] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.227193][ T5928] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  201.291745][ T5868] Bluetooth: hci2: command tx timeout
[  201.592490][ T5928] usb 2-1: unable to get BOS descriptor or descriptor too short
[  201.612584][ T5928] usb 2-1: unable to read config index 0 descriptor/start: -71
[  201.621307][ T5928] usb 2-1: can't read configurations, error -71
[  201.640239][ T5986] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  201.660394][ T5986] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  201.881620][ T5936] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  202.057884][ T5936] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  202.091499][ T5936] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.111779][ T5935] ums-usbat 1-1:0.230: probe with driver ums-usbat failed with error -5
[  202.143582][ T5936] usb 6-1: config 0 descriptor??
[  202.157405][ T5935] usb 1-1: USB disconnect, device number 5
[  203.388047][ T5936] usb 6-1: Cannot set autoneg
[  203.418937][ T5936] MOSCHIP usb-ethernet driver 6-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  203.480689][ T5936] usb 6-1: USB disconnect, device number 3
[  203.797264][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  203.803917][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  204.094153][ T7466] xt_hashlimit: size too large, truncated to 1048576
[  204.352282][ T7474] mmap: syz.3.466 (7474) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  204.568133][ T7470] block nbd5: shutting down sockets
[  205.950391][ T7483] loop0: detected capacity change from 0 to 32768
[  206.021488][ T7483] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  206.268315][ T7512] loop5: detected capacity change from 0 to 2048
[  206.317247][ T7483] XFS (loop0): Ending clean mount
[  206.388966][ T7483] XFS (loop0): Quotacheck needed: Please wait.
[  206.461730][ T7512] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  206.517478][ T7483] XFS (loop0): Quotacheck: Done.
[  206.554937][ T7517] loop1: detected capacity change from 0 to 4096
[  206.606417][ T7501] Invalid ELF header magic: != ELF
[  206.658061][ T7517] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.851411][ T5845] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  206.878552][   T30] audit: type=1800 audit(1752710512.405:33): pid=7517 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.484" name="file1" dev="loop1" ino=15 res=0 errno=0
[  206.929629][ T7522] EXT4-fs (loop1): shut down requested (2)
[  207.415915][ T7508] loop6: detected capacity change from 0 to 32768
[  207.443338][ T7508] XFS: ikeep mount option is deprecated.
[  207.522385][ T7508] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.595854][ T6977] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.699996][ T7508] XFS (loop6): Ending clean mount
[  207.767185][ T7508] XFS (loop6): Quotacheck needed: Please wait.
[  207.830162][ T7508] XFS (loop6): Quotacheck: Done.
[  208.036735][ T7508] XFS (loop6): User initiated shutdown received.
[  208.051944][ T7508] XFS (loop6): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0xf5/0x190 (fs/xfs/xfs_fsops.c:466).  Shutting down filesystem.
[  208.099732][ T7508] XFS (loop6): Please unmount the filesystem and rectify the problem(s)
[  208.210839][ T6830] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  208.545067][ T7564] loop0: detected capacity change from 0 to 2048
[  208.579545][ T7564] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  208.750081][ T7570] vlan2: entered allmulticast mode
[  208.770058][ T7570] macvtap0: entered allmulticast mode
[  208.791462][ T7570] veth0_macvtap: entered allmulticast mode
[  208.954694][ T7572] loop4: detected capacity change from 0 to 4096
[  209.006775][ T7572] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.158938][   T30] audit: type=1800 audit(1752710514.685:34): pid=7572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.506" name="file1" dev="loop4" ino=15 res=0 errno=0
[  209.283883][ T7585] netlink: 'syz.0.508': attribute type 29 has an invalid length.
[  209.311424][ T7585] netlink: 'syz.0.508': attribute type 29 has an invalid length.
[  209.339215][ T7585] netlink: 500 bytes leftover after parsing attributes in process `syz.0.508'.
[  209.871706][ T7597] loop6: detected capacity change from 0 to 512
[  209.879976][ T5847] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.175242][ T7601] netlink: 12 bytes leftover after parsing attributes in process `syz.0.518'.
[  210.182149][ T7597] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  210.221436][ T7597] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  211.373814][ T6830] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.536762][ T7629] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  211.665123][ T7609] loop1: detected capacity change from 0 to 131072
[  211.673978][ T7609] F2FS-fs (loop1): Test dummy encryption mode enabled
[  211.683564][ T7609] F2FS-fs (loop1): invalid crc value
[  211.801495][ T7609] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  211.855153][ T7635] loop6: detected capacity change from 0 to 2048
[  211.973507][ T7635] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  212.629691][ T7654] netlink: 12 bytes leftover after parsing attributes in process `syz.5.537'.
[  212.641655][ T7653] netlink: 40 bytes leftover after parsing attributes in process `syz.3.549'.
[  212.802840][ T7658] batadv_slave_1: entered promiscuous mode
[  212.940872][ T7660] netlink: 'syz.4.540': attribute type 1 has an invalid length.
[  213.216208][ T7662] bond1: (slave gretap1): making interface the new active one
[  213.243941][ T7662] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  213.309405][ T7655] batadv_slave_1: left promiscuous mode
[  215.064406][ T5935] IPVS: starting estimator thread 0...
[  215.076000][ T7697] overlayfs: failed to clone upperpath
[  215.083711][ T7692] loop4: detected capacity change from 0 to 2048
[  215.112990][ T7692] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  215.162135][ T7698] IPVS: using max 22 ests per chain, 52800 per kthread
[  215.212525][ T7701] netlink: 'syz.6.555': attribute type 1 has an invalid length.
[  215.304073][ T7702] netlink: 8 bytes leftover after parsing attributes in process `syz.6.555'.
[  215.447022][ T7701] 8021q: adding VLAN 0 to HW filter on device bond1
[  215.530107][ T7708] loop5: detected capacity change from 0 to 8
[  215.772576][ T7708] unable to read inode lookup table
[  215.780172][ T7707] loop1: detected capacity change from 0 to 256
[  216.105330][   T60] IPVS: stop unused estimator thread 0...
[  216.157622][ T7707] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  216.378561][ T7717] netlink: 12 bytes leftover after parsing attributes in process `syz.4.557'.
[  216.529473][ T7724] batadv_slave_1: entered promiscuous mode
[  216.592011][   T55] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  216.631334][ T6007] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  216.667469][ T7723] batadv_slave_1: left promiscuous mode
[  216.775346][   T55] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  216.791788][ T6007] usb 1-1: Using ep0 maxpacket: 32
[  216.831794][   T55] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  216.840831][   T55] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  216.856385][ T6007] usb 1-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  216.878669][ T7730] Illegal XDP return value 4294967274 on prog  (id 99) dev syz_tun, expect packet loss!
[  216.902369][   T55] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.913069][ T6007] usb 1-1: config 0 interface 0 has no altsetting 0
[  216.919723][ T6007] usb 1-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  216.936197][   T55] usb 6-1: config 0 descriptor??
[  216.941858][ T6007] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.973127][   T55] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  216.979784][   T55] dvb-usb: bulk message failed: -22 (3/0)
[  216.986818][ T6007] usb 1-1: config 0 descriptor??
[  217.006386][   T55] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  217.026786][   T55] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  217.053170][   T55] usb 6-1: media controller created
[  217.062366][   T55] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  217.078331][   T55] dvb-usb: bulk message failed: -22 (6/0)
[  217.095000][   T55] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  217.160386][   T55] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input9
[  217.205730][   T55] dvb-usb: schedule remote query interval to 150 msecs.
[  217.291280][   T55] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  217.315034][ T7740] loop6: detected capacity change from 0 to 2048
[  217.416811][ T6007] uclogic 0003:5543:0781.0007: ignoring exceeding usage max
[  217.442365][ T6007] uclogic 0003:5543:0781.0007: unbalanced collection at end of report description
[  217.453100][   T55] dvb-usb: bulk message failed: -22 (1/0)
[  217.459028][   T55] dvb-usb: error while querying for an remote control event.
[  217.492224][ T6007] uclogic 0003:5543:0781.0007: parse failed
[  217.498270][ T6007] uclogic 0003:5543:0781.0007: probe with driver uclogic failed with error -22
[  217.533556][ T7740] EXT4-fs (loop6): mounted filesystem 00000800-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  217.581345][ T6007] usb 6-1: USB disconnect, device number 4
[  217.608576][ T6007] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  217.650060][ T5972] usb 1-1: USB disconnect, device number 6
[  217.853114][   T55] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  218.013776][   T55] usb 7-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  218.037567][   T55] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.070416][   T55] usb 7-1: config 0 descriptor??
[  218.102561][   T55] cp210x 7-1:0.0: cp210x converter detected
[  218.498889][   T55] cp210x 7-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  218.527484][   T55] usb 7-1: cp210x converter now attached to ttyUSB0
[  218.723314][   T55] usb 7-1: USB disconnect, device number 4
[  218.739642][   T55] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  218.793082][   T55] cp210x 7-1:0.0: device disconnected
[  219.213942][ T7751] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1217: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  219.390462][ T6830] EXT4-fs (loop6): unmounting filesystem 00000800-0000-0000-0000-000000000000.
[  219.604369][ T7767] batadv_slave_1: entered promiscuous mode
[  219.724619][ T7770] netlink: 8 bytes leftover after parsing attributes in process `syz.3.582'.
[  219.727876][ T7770] netlink: 'syz.3.582': attribute type 30 has an invalid length.
[  219.805480][ T7770] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  219.805574][ T7770] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  219.805625][ T7770] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  219.805676][ T7770] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  219.823428][ T7770] netlink: 8 bytes leftover after parsing attributes in process `syz.3.582'.
[  219.823475][ T7770] netlink: 'syz.3.582': attribute type 30 has an invalid length.
[  219.862340][ T7772] netlink: 12 bytes leftover after parsing attributes in process `syz.6.577'.
[  219.951530][ T7763] batadv_slave_1: left promiscuous mode
[  220.096520][ T7774] gtp0: entered promiscuous mode
[  220.180261][ T7777] loop1: detected capacity change from 0 to 512
[  220.186843][ T7778] trusted_key: syz.3.585 sent an empty control message without MSG_MORE.
[  220.265072][ T7777] EXT4-fs (loop1): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  220.401452][ T7777] Quota error (device loop1): v2_read_file_info: Free block number 58381 out of range (1, 6).
[  220.445669][ T7777] EXT4-fs warning (device loop1): ext4_enable_quotas:7164: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  220.515674][ T7785] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[  220.527147][ T7792] vlan2: entered allmulticast mode
[  220.532566][ T7792] macvtap0: entered allmulticast mode
[  220.537967][ T7792] veth0_macvtap: entered allmulticast mode
[  220.553281][ T7785] Quota error (device loop1): v2_read_file_info: Free block number 58381 out of range (1, 6).
[  220.565136][ T7785] EXT4-fs warning (device loop1): ext4_enable_quotas:7164: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  220.642809][ T5972] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  220.785594][ T6977] EXT4-fs (loop1): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[  220.822200][ T5972] usb 7-1: Using ep0 maxpacket: 16
[  220.838121][ T5972] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  220.870749][ T5972] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  220.899078][ T5972] usb 7-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  220.947312][ T5972] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  220.964136][ T5972] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.985309][ T5972] usb 7-1: Product: syz
[  221.020477][ T5972] usb 7-1: Manufacturer: syz
[  221.057525][ T5972] usb 7-1: SerialNumber: syz
[  221.478804][ T5972] usb 7-1: 2:1 : format type 0 is detected, processed as PCM
[  222.078606][   T24] libceph: connect (1)[c::]:6789 error -101
[  222.094125][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  222.155638][ T7822] ceph: No mds server is up or the cluster is laggy
[  222.547263][ T7833] netlink: 12 bytes leftover after parsing attributes in process `syz.1.600'.
[  222.568247][ T7834] batadv_slave_1: entered promiscuous mode
[  222.706572][ T5972] usb 7-1: USB disconnect, device number 5
[  223.025778][ T7830] batadv_slave_1: left promiscuous mode
[  223.359556][ T7848] loop0: detected capacity change from 0 to 47
[  223.485433][ T7848] syz.0.604: attempt to access beyond end of device
[  223.485433][ T7848] loop0: rw=2049, sector=48, nr_sectors = 2 limit=47
[  223.591541][ T7848] Buffer I/O error on dev loop0, logical block 24, lost async page write
[  223.643637][ T7848] syz.0.604: attempt to access beyond end of device
[  223.643637][ T7848] loop0: rw=2049, sector=50, nr_sectors = 2 limit=47
[  223.697986][ T7853] overlayfs: failed to clone upperpath
[  223.709424][ T7848] Buffer I/O error on dev loop0, logical block 25, lost async page write
[  223.850914][ T7856] vlan2: entered allmulticast mode
[  223.861392][ T7856] macvtap0: entered allmulticast mode
[  223.901391][ T7856] veth0_macvtap: entered allmulticast mode
[  224.342609][ T7869] netlink: 40 bytes leftover after parsing attributes in process `syz.0.613'.
[  224.560819][ T7849] loop6: detected capacity change from 0 to 32768
[  224.684041][ T7849] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  224.767426][ T7849] XFS (loop6): Ending clean mount
[  224.779490][ T7849] XFS (loop6): Quotacheck needed: Please wait.
[  224.887717][ T7849] XFS (loop6): Quotacheck: Done.
[  225.180271][ T6830] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  225.351327][   T24] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  225.557204][   T24] usb 6-1: config 0 has an invalid interface number: 230 but max is 0
[  225.581325][   T24] usb 6-1: config 0 has no interface number 0
[  225.588130][   T24] usb 6-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  225.639909][   T24] usb 6-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  225.674085][   T24] usb 6-1: config 0 interface 230 has no altsetting 0
[  225.696542][   T24] usb 6-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  225.721444][   T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  225.749798][   T24] usb 6-1: Product: syz
[  225.759913][   T24] usb 6-1: Manufacturer: syz
[  225.771672][   T24] usb 6-1: SerialNumber: syz
[  225.787225][   T24] usb 6-1: config 0 descriptor??
[  225.798383][ T7889] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  225.811517][ T7889] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  225.830828][   T24] ums-usbat 6-1:0.230: USB Mass Storage device detected
[  225.875111][   T24] ums-usbat 6-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  226.102057][ T7901] loop2: detected capacity change from 0 to 7
[  226.127525][ T7901]  loop2:
[  226.140956][ T7901] loop2: partition table partially beyond EOD, truncated
[  226.153769][ T7903] netlink: 4 bytes leftover after parsing attributes in process `syz.0.626'.
[  226.780533][ T7917] vlan2: entered allmulticast mode
[  226.785900][ T7917] macvtap0: entered allmulticast mode
[  226.791379][ T7917] veth0_macvtap: entered allmulticast mode
[  227.133022][ T5159] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  227.144160][ T5159] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  227.157824][ T5159] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  227.166917][ T5159] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  227.176968][ T5159] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  227.846876][ T7921] chnl_net:caif_netlink_parms(): no params data found
[  228.765087][   T24] ums-usbat 6-1:0.230: probe with driver ums-usbat failed with error -5
[  228.785894][   T24] usb 6-1: USB disconnect, device number 5
[  229.093510][ T7957] loop6: detected capacity change from 0 to 256
[  229.145606][ T7957] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  229.170109][ T7921] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.187910][ T7921] bridge0: port 1(bridge_slave_0) entered disabled state
[  229.202179][ T7921] bridge_slave_0: entered allmulticast mode
[  229.229796][ T7921] bridge_slave_0: entered promiscuous mode
[  229.247821][ T7961] netlink: 'syz.3.649': attribute type 29 has an invalid length.
[  229.274295][ T7921] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.301338][ T5868] Bluetooth: hci0: command tx timeout
[  229.308923][ T7921] bridge0: port 2(bridge_slave_1) entered disabled state
[  229.312053][ T7961] netlink: 500 bytes leftover after parsing attributes in process `syz.3.649'.
[  229.337772][ T7921] bridge_slave_1: entered allmulticast mode
[  229.353520][ T7921] bridge_slave_1: entered promiscuous mode
[  229.365921][ T7963] netlink: 'syz.3.649': attribute type 29 has an invalid length.
[  229.452260][ T7969] vlan2: entered allmulticast mode
[  229.457434][ T7969] macvtap0: entered allmulticast mode
[  229.462971][ T7969] veth0_macvtap: entered allmulticast mode
[  229.554873][ T7921] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  229.605283][ T7921] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  229.738637][ T7921] team0: Port device team_slave_0 added
[  229.780316][ T7921] team0: Port device team_slave_1 added
[  229.965102][ T7921] batman_adv: batadv0: Adding interface: batadv_slave_0
[  229.985736][ T7921] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  230.016917][ T5935] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  230.040820][ T7921] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  230.055682][ T7921] batman_adv: batadv0: Adding interface: batadv_slave_1
[  230.062947][ T7921] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  230.089262][ T7921] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  230.211895][ T5935] usb 2-1: config 0 has an invalid interface number: 230 but max is 0
[  230.220121][ T5935] usb 2-1: config 0 has no interface number 0
[  230.252418][ T5935] usb 2-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  230.291922][ T5935] usb 2-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  230.316284][ T5935] usb 2-1: config 0 interface 230 has no altsetting 0
[  230.339975][ T5935] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  230.353877][ T7921] hsr_slave_0: entered promiscuous mode
[  230.360618][ T7921] hsr_slave_1: entered promiscuous mode
[  230.371254][ T5935] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.391249][ T5935] usb 2-1: Product: syz
[  231.310808][ T7994] netlink: 52 bytes leftover after parsing attributes in process `syz.6.672'.
[  231.351279][ T5935] usb 2-1: Manufacturer: syz
[  231.355954][ T5935] usb 2-1: SerialNumber: syz
[  231.362174][ T7921] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  231.369325][ T7996] overlayfs: failed to clone upperpath
[  231.373738][ T7921] Cannot create hsr debugfs directory
[  231.375715][ T5870] Bluetooth: hci0: command tx timeout
[  231.392106][ T5935] usb 2-1: config 0 descriptor??
[  231.422047][ T7973] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  231.429626][ T7973] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  231.454244][ T5870] Bluetooth: hci4: command 0x0406 tx timeout
[  231.462194][ T5870] Bluetooth: hci2: command 0x0406 tx timeout
[  231.544775][ T7994] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.675656][ T7987] loop5: detected capacity change from 0 to 131072
[  231.684158][ T7987] F2FS-fs (loop5): Test dummy encryption mode enabled
[  231.689780][ T7997] bridge_slave_0: left allmulticast mode
[  231.695392][ T5935] ums-usbat 2-1:0.230: USB Mass Storage device detected
[  231.716755][ T7987] F2FS-fs (loop5): invalid crc value
[  231.744110][ T5935] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  231.749889][ T7997] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.871306][ T7987] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  232.210997][ T8009] netlink: 'syz.6.664': attribute type 29 has an invalid length.
[  232.303008][ T8010] netlink: 500 bytes leftover after parsing attributes in process `syz.6.664'.
[  232.394504][ T8009] netlink: 'syz.6.664': attribute type 29 has an invalid length.
[  232.798089][ T8018] gtp0: entered promiscuous mode
[  232.820344][ T7921] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  232.869716][ T7921] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  232.922444][ T7921] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  232.958649][ T7921] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  233.425528][ T7921] 8021q: adding VLAN 0 to HW filter on device bond0
[  233.451436][ T5868] Bluetooth: hci0: command tx timeout
[  233.546787][ T7921] 8021q: adding VLAN 0 to HW filter on device team0
[  233.617187][ T6232] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.624422][ T6232] bridge0: port 1(bridge_slave_0) entered forwarding state
[  233.760424][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.767664][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  233.851835][ T5935] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5
[  233.881876][ T5935] usb 2-1: USB disconnect, device number 5
[  234.018643][ T7921] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  234.926427][ T8060] loop5: detected capacity change from 0 to 256
[  235.019345][ T8060] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e00961, utbl_chksum : 0xe619d30d)
[  235.531525][ T5868] Bluetooth: hci0: command tx timeout
[  236.723781][ T7921] 8021q: adding VLAN 0 to HW filter on device batadv0
[  236.872651][ T8066] IPVS: lblc: UDP 224.0.0.2:0 - no destination available
[  236.874602][ T8068] netlink: 'syz.1.681': attribute type 29 has an invalid length.
[  236.897342][ T5935] IPVS: starting estimator thread 0...
[  236.985682][ T8071] netlink: 'syz.1.681': attribute type 29 has an invalid length.
[  237.009542][ T8070] IPVS: using max 22 ests per chain, 52800 per kthread
[  237.065684][ T8068] netlink: 500 bytes leftover after parsing attributes in process `syz.1.681'.
[  237.421426][ T5935] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[  237.603467][ T5935] usb 7-1: config 0 has an invalid interface number: 230 but max is 0
[  237.649458][ T5935] usb 7-1: config 0 has no interface number 0
[  237.680837][ T5935] usb 7-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  237.721818][ T5935] usb 7-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  237.762053][ T5935] usb 7-1: config 0 interface 230 has no altsetting 0
[  237.789071][ T5935] usb 7-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  237.809893][ T5935] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.899594][ T5935] usb 7-1: Product: syz
[  237.928888][ T5935] usb 7-1: Manufacturer: syz
[  237.948259][ T5935] usb 7-1: SerialNumber: syz
[  237.986830][ T5935] usb 7-1: config 0 descriptor??
[  238.012583][ T8078] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  238.026831][ T8078] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  238.090565][ T5935] ums-usbat 7-1:0.230: USB Mass Storage device detected
[  238.102298][ T7921] veth0_vlan: entered promiscuous mode
[  238.142387][ T5935] ums-usbat 7-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  238.176598][ T7921] veth1_vlan: entered promiscuous mode
[  238.390670][ T7921] veth0_macvtap: entered promiscuous mode
[  238.428940][ T7921] veth1_macvtap: entered promiscuous mode
[  238.555296][ T7921] batman_adv: batadv0: Interface activated: batadv_slave_0
[  238.596428][ T7921] batman_adv: batadv0: Interface activated: batadv_slave_1
[  238.634899][ T7921] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  238.674860][ T7921] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  238.706760][ T7921] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  238.734733][ T7921] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  238.838370][ T8081] loop0: detected capacity change from 0 to 32768
[  238.950313][ T8081] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  239.194438][ T8098] (syz.0.685,8098,1):ocfs2_read_blocks_sync:112 ERROR: status = -12
[  239.225252][  T132] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  239.241565][  T132] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.264050][ T8098] (syz.0.685,8098,1):update_backups:196 ERROR: status = -12
[  239.317563][ T8098] ocfs2: Failed to update super blocks on 7,0 during fs resize. This condition is not fatal, but fsck.ocfs2 should be run to fix it
[  239.396102][ T6232] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  239.413839][ T6232] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.978995][ T5845] ocfs2: Unmounting device (7,0) on (node local)
[  240.079278][ T8112] netlink: 'syz.1.690': attribute type 1 has an invalid length.
[  240.239302][ T8118] bond1: (slave gretap1): making interface the new active one
[  240.248653][ T8118] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  240.390087][ T5935] ums-usbat 7-1:0.230: probe with driver ums-usbat failed with error -5
[  240.670113][ T8127] loop0: detected capacity change from 0 to 8
[  240.821453][ T8127] unable to read inode lookup table
[  241.243654][ T6083] usb 7-1: USB disconnect, device number 6
[  241.755049][ T8143] loop5: detected capacity change from 0 to 512
[  241.804011][ T8143] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  242.014157][ T8143] EXT4-fs (loop5): 1 truncate cleaned up
[  242.053593][ T8143] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.179469][ T8140] loop1: detected capacity change from 0 to 65536
[  242.249332][ T8156] loop0: detected capacity change from 0 to 512
[  242.287706][ T8156] EXT4-fs (loop0): Test dummy encryption mode enabled
[  242.295349][ T8156] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  242.306872][ T8140] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  242.310559][ T6985] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.374778][ T8156] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00cc018, mo2=0002]
[  242.384232][ T8140] XFS (loop1): Ending clean mount
[  242.409785][ T8156] System zones: 1-12
[  242.422080][ T8140] XFS (loop1): Quotacheck needed: Please wait.
[  242.441517][ T8156] EXT4-fs (loop0): 1 truncate cleaned up
[  242.449162][ T8156] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.524034][ T8140] XFS (loop1): Quotacheck: Done.
[  242.602303][ T8167] netlink: 16 bytes leftover after parsing attributes in process `syz.6.712'.
[  242.681939][   T55] libceph: connect (1)[c::]:6789 error -101
[  242.714295][ T6977] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  242.741625][   T55] libceph: mon0 (1)[c::]:6789 connect error
[  242.961133][ T5845] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  243.002608][ T6007] libceph: connect (1)[c::]:6789 error -101
[  243.009958][ T6007] libceph: mon0 (1)[c::]:6789 connect error
[  243.024117][   T55] IPVS: starting estimator thread 0...
[  243.090523][ T8180] netlink: 12 bytes leftover after parsing attributes in process `syz.3.718'.
[  243.131952][ T8178] IPVS: using max 28 ests per chain, 67200 per kthread
[  243.412392][ T8169] ceph: No mds server is up or the cluster is laggy
[  243.574602][ T1157] IPVS: stop unused estimator thread 0...
[  244.275049][ T8197] loop1: detected capacity change from 0 to 32768
[  244.492443][ T8197] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  244.492481][ T8197]   allowing incompatible features above 0.0: (unknown version)
[  244.492502][ T8197]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  244.529340][ T8197] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  244.537577][ T8197] bcachefs (loop1): initializing new filesystem
[  244.552147][ T8197] bcachefs (loop1): going read-write
[  244.552375][ T8217] loop7: detected capacity change from 0 to 512
[  244.652428][ T8197] bcachefs (loop1): marking superblocks
[  244.658892][ T8217] EXT4-fs: Ignoring removed bh option
[  244.670834][ T8197] bcachefs (loop1): initializing freespace
[  244.685748][ T8197] bcachefs (loop1): done initializing freespace
[  244.698915][ T8197] bcachefs (loop1): reading snapshots table
[  244.708643][ T8197] bcachefs (loop1): reading snapshots done
[  244.716211][ T8217] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  244.822147][ T8217] EXT4-fs (loop7): 1 truncate cleaned up
[  244.822454][ T8197] bcachefs (loop1):  loop1: Superblock write was silently dropped! (seq 0 expected 42)
[  244.852345][ T8197] bcachefs (loop1): done starting filesystem
[  244.865219][ T8217] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  245.188876][ T8228] input: syz1 as /devices/virtual/input/input10
[  245.300569][ T6977] bcachefs (loop1): shutting down
[  245.323649][ T6977] bcachefs (loop1): going read-only
[  245.328921][ T6977] bcachefs (loop1): finished waiting for writes to stop
[  245.405848][ T7921] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.424656][ T6977] bcachefs (loop1): flushing journal and stopping allocators, journal seq 4
[  245.595660][ T6977] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 4
[  245.641314][ T6977] bcachefs (loop1): clean shutdown complete, journal seq 5
[  245.649518][ T6977] bcachefs (loop1): marking filesystem clean
[  246.024886][ T8236] loop5: detected capacity change from 0 to 32768
[  246.081932][ T6977] bcachefs (loop1): shutdown complete
[  246.222740][ T8236] bcachefs (loop5): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  246.222779][ T8236]   allowing incompatible features above 0.0: (unknown version)
[  246.222800][ T8236]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  246.260592][ T8236] bcachefs (loop5): Using encoding defined by superblock: utf8-12.1.0
[  246.269716][ T8236] bcachefs (loop5): initializing new filesystem
[  246.285901][ T8236] bcachefs (loop5): going read-write
[  246.310834][ T8236] bcachefs (loop5): marking superblocks
[  246.328412][ T8236] bcachefs (loop5): initializing freespace
[  246.339199][ T8236] bcachefs (loop5): done initializing freespace
[  246.348327][ T8236] bcachefs (loop5): reading snapshots table
[  246.354321][ T8236] bcachefs (loop5): reading snapshots done
[  246.415767][ T8236] bcachefs (loop5):  loop5: Superblock write was silently dropped! (seq 0 expected 42)
[  246.454377][ T8236] bcachefs (loop5): done starting filesystem
[  247.002393][ T6985] bcachefs (loop5): shutting down
[  247.017700][ T6985] bcachefs (loop5): going read-only
[  247.057434][ T6985] bcachefs (loop5): finished waiting for writes to stop
[  247.102773][ T6985] bcachefs (loop5): flushing journal and stopping allocators, journal seq 44
[  247.234776][ T6985] bcachefs (loop5): flushing journal and stopping allocators complete, journal seq 44
[  247.265249][ T6985] bcachefs (loop5): clean shutdown complete, journal seq 45
[  247.280772][ T6985] bcachefs (loop5): marking filesystem clean
[  247.485122][ T6985] bcachefs (loop5): shutdown complete
[  247.723738][ T8270] loop1: detected capacity change from 0 to 32768
[  247.774991][ T8270] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  247.783279][ T8270] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  247.795840][ T8270] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  247.805898][ T5935] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  247.821921][ T5935] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  247.940715][ T5935] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 118ms
[  247.973648][ T5935] gfs2: fsid=syz:syz.0: jid=0: Done
[  247.993824][ T8270] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  249.000748][ T8300] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.755'.
[  249.239750][ T8277] loop6: detected capacity change from 0 to 40427
[  249.338213][ T8277] F2FS-fs (loop6): invalid crc value
[  249.458825][ T8316] loop1: detected capacity change from 0 to 256
[  249.624962][ T8277] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  249.820383][ T8327] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  249.827977][ T8327] IPv6: NLM_F_CREATE should be set when creating new route
[  249.835249][ T8327] IPv6: NLM_F_CREATE should be set when creating new route
[  249.879199][ T6830] syz-executor: attempt to access beyond end of device
[  249.879199][ T6830] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  249.932967][ T6830] CPU: 0 UID: 0 PID: 6830 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  249.933018][ T6830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  249.933040][ T6830] Call Trace:
[  249.933051][ T6830]  <TASK>
[  249.933065][ T6830]  dump_stack_lvl+0x16c/0x1f0
[  249.933124][ T6830]  f2fs_handle_critical_error+0x621/0x9f0
[  249.933172][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.933216][ T6830]  ? f2fs_build_fault_attr+0x53/0x1f0
[  249.933264][ T6830]  f2fs_write_end_io+0x785/0xc20
[  249.933316][ T6830]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  249.933370][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.933423][ T6830]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  249.933469][ T6830]  bio_endio+0x70d/0x850
[  249.933507][ T6830]  submit_bio_noacct+0x56d/0x1eb0
[  249.933564][ T6830]  __submit_merged_bio+0x33c/0x770
[  249.933625][ T6830]  __submit_merged_write_cond+0x319/0x3f0
[  249.933687][ T6830]  f2fs_write_cache_pages+0x2067/0x2570
[  249.933771][ T6830]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  249.933836][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.933878][ T6830]  ? __lock_acquire+0x622/0x1c90
[  249.933948][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.934033][ T6830]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  249.934122][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.934165][ T6830]  ? __lock_acquire+0x622/0x1c90
[  249.934229][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.934279][ T6830]  f2fs_write_data_pages+0x4ad/0xd90
[  249.934344][ T6830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  249.934397][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.934450][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.934498][ T6830]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  249.934558][ T6830]  do_writepages+0x27a/0x600
[  249.934626][ T6830]  ? __pfx_do_writepages+0x10/0x10
[  249.934682][ T6830]  ? do_raw_spin_unlock+0x172/0x230
[  249.934725][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.934767][ T6830]  ? _raw_spin_unlock+0x28/0x50
[  249.934821][ T6830]  filemap_fdatawrite_wbc+0x104/0x160
[  249.934884][ T6830]  __filemap_fdatawrite_range+0xb2/0xf0
[  249.934929][ T6830]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  249.935029][ T6830]  ? find_held_lock+0x2b/0x80
[  249.935076][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.935120][ T6830]  ? do_raw_spin_unlock+0x172/0x230
[  249.935162][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.935212][ T6830]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  249.935290][ T6830]  block_operations+0x2a3/0xfd0
[  249.935352][ T6830]  ? __pfx___schedule+0x10/0x10
[  249.935410][ T6830]  ? __pfx_block_operations+0x10/0x10
[  249.935523][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.935566][ T6830]  ? down_write+0x14d/0x200
[  249.935599][ T6830]  ? __pfx_down_write+0x10/0x10
[  249.935640][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.935683][ T6830]  ? rcu_is_watching+0x12/0xc0
[  249.935736][ T6830]  f2fs_write_checkpoint+0x2b8/0x4c60
[  249.935802][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.935844][ T6830]  ? kfree+0x2b4/0x4d0
[  249.935872][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.935920][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.935962][ T6830]  ? rcu_is_watching+0x12/0xc0
[  249.936008][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.936050][ T6830]  ? kthread_stop+0x273/0x650
[  249.936088][ T6830]  kill_f2fs_super+0x3c2/0x470
[  249.936121][ T6830]  ? __pfx_kill_f2fs_super+0x10/0x10
[  249.936153][ T6830]  ? lockdep_hardirqs_on+0x7c/0x110
[  249.936225][ T6830]  deactivate_locked_super+0xc1/0x1a0
[  249.936265][ T6830]  deactivate_super+0xde/0x100
[  249.936304][ T6830]  cleanup_mnt+0x225/0x450
[  249.936348][ T6830]  task_work_run+0x150/0x240
[  249.936389][ T6830]  ? __pfx_task_work_run+0x10/0x10
[  249.936427][ T6830]  ? srso_alias_return_thunk+0x5/0xfbef5
[  249.936473][ T6830]  ? __pfx___x64_sys_umount+0x10/0x10
[  249.936528][ T6830]  exit_to_user_mode_loop+0xeb/0x110
[  249.936572][ T6830]  do_syscall_64+0x3f6/0x4c0
[  249.936637][ T6830]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  249.936673][ T6830] RIP: 0033:0x7fe772d8fc57
[  249.936701][ T6830] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  249.936736][ T6830] RSP: 002b:00007ffc4c3b6988 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  249.936769][ T6830] RAX: 0000000000000000 RBX: 00007fe772e10a8d RCX: 00007fe772d8fc57
[  249.936792][ T6830] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc4c3b6a40
[  249.936814][ T6830] RBP: 00007ffc4c3b6a40 R08: 0000000000000000 R09: 0000000000000000
[  249.936836][ T6830] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc4c3b7ad0
[  249.936859][ T6830] R13: 00007fe772e10a8d R14: 000000000003cfa4 R15: 00007ffc4c3b7b10
[  249.936907][ T6830]  </TASK>
[  249.936919][ T6830] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  250.800296][ T8341] loop1: detected capacity change from 0 to 512
[  250.859474][ T8341] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  250.880460][ T8341] EXT4-fs (loop1): orphan cleanup on readonly fs
[  250.966643][ T8341] EXT4-fs warning (device loop1): ext4_enable_quotas:7164: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  251.047199][ T8341] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  251.068783][ T8341] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #16: comm syz.1.772: iget: immutable or append flags not allowed on symlinks
[  251.116407][ T8341] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.772: couldn't read orphan inode 16 (err -117)
[  251.169874][ T8341] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  251.385766][ T6977] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.415747][ T8353] block nbd6: NBD_DISCONNECT
[  251.421038][ T8353] block nbd6: Send disconnect failed -22
[  251.432279][ T8353] block nbd6: Disconnected due to user request.
[  251.467947][ T8353] block nbd6: shutting down sockets
[  251.507015][ T8357] IPVS: set_ctl: invalid protocol: 43 172.30.0.1:20000
[  252.297780][ T8374] netlink: 16 bytes leftover after parsing attributes in process `syz.5.785'.
[  253.338111][ T8400] loop6: detected capacity change from 0 to 1024
[  253.391278][ T8400] EXT4-fs (loop6): Test dummy encryption mode enabled
[  253.438748][ T8400] EXT4-fs (loop6): stripe (9) is not aligned with cluster size (16), stripe is disabled
[  253.491068][ T8400] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.047054][ T6830] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.138843][ T8431] 9pnet_fd: Insufficient options for proto=fd
[  254.793302][   T24] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  254.963113][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  254.997058][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  255.006984][   T24] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  255.025905][   T24] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  255.035083][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.047594][   T24] usb 7-1: config 0 descriptor??
[  255.473410][   T24] plantronics 0003:047F:FFFF.0008: reserved main item tag 0xd
[  255.490724][   T24] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  255.768306][ T6007] usb 7-1: USB disconnect, device number 7
[  256.570266][ T8464] cgroup: fork rejected by pids controller in /syz6
[  256.926905][ T8473] bond0: (slave macvlan2): Error -98 calling set_mac_address
[  257.592223][ T8484] Bluetooth: MGMT ver 1.23
[  257.944194][   T13] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  258.013667][   T13] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.203752][ T8493] loop1: detected capacity change from 0 to 32768
[  258.229098][   T13] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  258.240885][   T13] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.256341][ T8467] loop7: detected capacity change from 0 to 40427
[  258.265273][ T8493] 
[  258.265273][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.265273][ T8493] 
[  258.321391][ T8493] 
[  258.321391][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.321391][ T8493] 
[  258.332193][ T8493] 
[  258.332193][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.332193][ T8493] 
[  258.342655][ T8493] 
[  258.342655][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.342655][ T8493] 
[  258.353131][ T8493] 
[  258.353131][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.353131][ T8493] 
[  258.370389][ T8467] F2FS-fs (loop7): invalid crc value
[  258.384845][  T112] 
[  258.384845][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.384845][  T112] 
[  258.419182][ T8493] 
[  258.419182][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.419182][ T8493] 
[  258.430185][ T8493] 
[  258.430185][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.430185][ T8493] 
[  258.446085][ T8493] 
[  258.446085][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.446085][ T8493] 
[  258.456965][ T8493] 
[  258.456965][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.456965][ T8493] 
[  258.467636][   T13] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  258.467718][   T13] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.523033][ T8493] 
[  258.523033][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.523033][ T8493] 
[  258.541020][ T8493] 
[  258.541020][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.541020][ T8493] 
[  258.551499][ T8493] 
[  258.551499][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.551499][ T8493] 
[  258.561965][ T8493] 
[  258.561965][ T8493]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.561965][ T8493] 
[  258.575716][  T112] 
[  258.575716][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.575716][  T112] 
[  258.652609][ T8467] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  258.719318][   T13] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  258.758935][   T13] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.865018][ T6232] 
[  258.865018][ T6232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.865018][ T6232] 
[  258.898656][ T6232] 
[  258.898656][ T6232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.898656][ T6232] 
[  258.941536][ T6232] 
[  258.941536][ T6232]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.941536][ T6232] 
[  258.952657][ T8507] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  258.963557][ T6977] 
[  258.963557][ T6977]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.963557][ T6977] 
[  258.998753][  T112] 
[  258.998753][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  258.998753][  T112] 
[  259.012136][ T7921] syz-executor: attempt to access beyond end of device
[  259.012136][ T7921] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  259.026236][ T6977] 
[  259.026236][ T6977]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  259.026236][ T6977] 
[  259.039472][  T112] ==================================================================
[  259.047556][  T112] BUG: KASAN: slab-use-after-free in txEnd+0x369/0x5a0
[  259.054445][  T112] Write of size 8 at addr ffff88807bf55040 by task jfsCommit/112
[  259.062177][  T112] 
[  259.064511][  T112] CPU: 1 UID: 0 PID: 112 Comm: jfsCommit Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  259.064559][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  259.064581][  T112] Call Trace:
[  259.064592][  T112]  <TASK>
[  259.064605][  T112]  dump_stack_lvl+0x116/0x1f0
[  259.064665][  T112]  print_report+0xcd/0x610
[  259.064709][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.064752][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.064795][  T112]  ? __phys_addr+0xe8/0x180
[  259.064839][  T112]  ? txEnd+0x369/0x5a0
[  259.064881][  T112]  kasan_report+0xe0/0x110
[  259.064926][  T112]  ? txEnd+0x369/0x5a0
[  259.064974][  T112]  kasan_check_range+0x100/0x1b0
[  259.065028][  T112]  txEnd+0x369/0x5a0
[  259.065073][  T112]  jfs_lazycommit+0x783/0xb30
[  259.065126][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[  259.065176][  T112]  ? __pfx_default_wake_function+0x10/0x10
[  259.065226][  T112]  ? lockdep_hardirqs_on+0x7c/0x110
[  259.065280][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.065326][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.065379][  T112]  ? __kthread_parkme+0x19e/0x250
[  259.065433][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[  259.065480][  T112]  kthread+0x3c5/0x780
[  259.065514][  T112]  ? __pfx_kthread+0x10/0x10
[  259.065548][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.065592][  T112]  ? rcu_is_watching+0x12/0xc0
[  259.065638][  T112]  ? __pfx_kthread+0x10/0x10
[  259.065674][  T112]  ret_from_fork+0x5d7/0x6f0
[  259.065729][  T112]  ? __pfx_kthread+0x10/0x10
[  259.065763][  T112]  ret_from_fork_asm+0x1a/0x30
[  259.065815][  T112]  </TASK>
[  259.065828][  T112] 
[  259.086643][ T7921] CPU: 0 UID: 0 PID: 7921 Comm: syz-executor Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  259.086692][ T7921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  259.086714][ T7921] Call Trace:
[  259.086725][ T7921]  <TASK>
[  259.086738][ T7921]  dump_stack_lvl+0x16c/0x1f0
[  259.086797][ T7921]  f2fs_handle_critical_error+0x621/0x9f0
[  259.086844][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.086886][ T7921]  ? f2fs_build_fault_attr+0x53/0x1f0
[  259.086936][ T7921]  f2fs_write_end_io+0x785/0xc20
[  259.086989][ T7921]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  259.087045][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.087099][ T7921]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  259.087146][ T7921]  bio_endio+0x70d/0x850
[  259.087186][ T7921]  submit_bio_noacct+0x56d/0x1eb0
[  259.087246][ T7921]  __submit_merged_bio+0x33c/0x770
[  259.087301][ T7921]  __submit_merged_write_cond+0x319/0x3f0
[  259.087364][ T7921]  f2fs_write_cache_pages+0x2067/0x2570
[  259.087453][ T7921]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  259.087518][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.087560][ T7921]  ? __lock_acquire+0x622/0x1c90
[  259.087634][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.087777][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.087819][ T7921]  ? mod_memcg_lruvec_state+0x394/0x610
[  259.087887][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.087939][ T7921]  f2fs_write_data_pages+0x4ad/0xd90
[  259.088004][ T7921]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  259.088056][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.088112][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.088162][ T7921]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  259.088221][ T7921]  do_writepages+0x27a/0x600
[  259.088285][ T7921]  ? __pfx_do_writepages+0x10/0x10
[  259.088339][ T7921]  ? do_raw_spin_unlock+0x172/0x230
[  259.088381][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.088423][ T7921]  ? _raw_spin_unlock+0x28/0x50
[  259.088480][ T7921]  filemap_fdatawrite_wbc+0x104/0x160
[  259.088546][ T7921]  __filemap_fdatawrite_range+0xb2/0xf0
[  259.088591][ T7921]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  259.088707][ T7921]  ? find_held_lock+0x2b/0x80
[  259.088755][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.088798][ T7921]  ? do_raw_spin_unlock+0x172/0x230
[  259.088840][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.088891][ T7921]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  259.088973][ T7921]  block_operations+0x2a3/0xfd0
[  259.089036][ T7921]  ? __pfx___schedule+0x10/0x10
[  259.089089][ T7921]  ? __pfx_block_operations+0x10/0x10
[  259.089212][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.089254][ T7921]  ? down_write+0x14d/0x200
[  259.089287][ T7921]  ? __pfx_down_write+0x10/0x10
[  259.089325][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.089366][ T7921]  ? rcu_is_watching+0x12/0xc0
[  259.089420][ T7921]  f2fs_write_checkpoint+0x2b8/0x4c60
[  259.089487][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.089529][ T7921]  ? kfree+0x2b4/0x4d0
[  259.089557][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.089605][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.089650][ T7921]  ? rcu_is_watching+0x12/0xc0
[  259.089695][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.089737][ T7921]  ? kthread_stop+0x273/0x650
[  259.089777][ T7921]  kill_f2fs_super+0x3c2/0x470
[  259.089812][ T7921]  ? __pfx_kill_f2fs_super+0x10/0x10
[  259.089843][ T7921]  ? lockdep_hardirqs_on+0x7c/0x110
[  259.089921][ T7921]  deactivate_locked_super+0xc1/0x1a0
[  259.089961][ T7921]  deactivate_super+0xde/0x100
[  259.090002][ T7921]  cleanup_mnt+0x225/0x450
[  259.090046][ T7921]  task_work_run+0x150/0x240
[  259.090088][ T7921]  ? __pfx_task_work_run+0x10/0x10
[  259.090124][ T7921]  ? srso_alias_return_thunk+0x5/0xfbef5
[  259.090171][ T7921]  ? __pfx___x64_sys_umount+0x10/0x10
[  259.090228][ T7921]  exit_to_user_mode_loop+0xeb/0x110
[  259.090273][ T7921]  do_syscall_64+0x3f6/0x4c0
[  259.090333][ T7921]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.090369][ T7921] RIP: 0033:0x7ff4f898fc57
[  259.090396][ T7921] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  259.090431][ T7921] RSP: 002b:00007fff0ed40158 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  259.090464][ T7921] RAX: 0000000000000000 RBX: 00007ff4f8a10a8d RCX: 00007ff4f898fc57
[  259.090487][ T7921] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff0ed40210
[  259.090509][ T7921] RBP: 00007fff0ed40210 R08: 0000000000000000 R09: 0000000000000000
[  259.090531][ T7921] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff0ed412a0
[  259.090554][ T7921] R13: 00007ff4f8a10a8d R14: 000000000003f32c R15: 00007fff0ed412e0
[  259.090608][ T7921]  </TASK>
[  259.091544][ T7921] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  259.093831][  T112] Allocated by task 8493:
[  259.690669][  T112]  kasan_save_stack+0x33/0x60
[  259.695368][  T112]  kasan_save_track+0x14/0x30
[  259.700061][  T112]  __kasan_kmalloc+0xaa/0xb0
[  259.704664][  T112]  lmLogOpen+0x571/0x1400
[  259.709008][  T112]  jfs_mount_rw+0x2e9/0x6f0
[  259.713525][  T112]  jfs_fill_super+0xc64/0x1060
[  259.718317][  T112]  get_tree_bdev_flags+0x38c/0x620
[  259.723445][  T112]  vfs_get_tree+0x8e/0x340
[  259.727888][  T112]  path_mount+0x1414/0x2020
[  259.732415][  T112]  __x64_sys_mount+0x28d/0x310
[  259.737204][  T112]  do_syscall_64+0xcd/0x4c0
[  259.741738][  T112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.747647][  T112] 
[  259.749966][  T112] Freed by task 6977:
[  259.753942][  T112]  kasan_save_stack+0x33/0x60
[  259.758636][  T112]  kasan_save_track+0x14/0x30
[  259.763326][  T112]  kasan_save_free_info+0x3b/0x60
[  259.768379][  T112]  __kasan_slab_free+0x51/0x70
[  259.773161][  T112]  kfree+0x2b4/0x4d0
[  259.777061][  T112]  lmLogClose+0x585/0x710
[  259.781409][  T112]  jfs_umount+0x2f0/0x440
[  259.785749][  T112]  jfs_put_super+0x88/0x1d0
[  259.790279][  T112]  generic_shutdown_super+0x156/0x390
[  259.795681][  T112]  kill_block_super+0x3b/0x90
[  259.800385][  T112]  deactivate_locked_super+0xc1/0x1a0
[  259.805766][  T112]  deactivate_super+0xde/0x100
[  259.810537][  T112]  cleanup_mnt+0x225/0x450
[  259.814964][  T112]  task_work_run+0x150/0x240
[  259.819566][  T112]  exit_to_user_mode_loop+0xeb/0x110
[  259.824864][  T112]  do_syscall_64+0x3f6/0x4c0
[  259.829484][  T112]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.835391][  T112] 
[  259.837709][  T112] The buggy address belongs to the object at ffff88807bf55000
[  259.837709][  T112]  which belongs to the cache kmalloc-1k of size 1024
[  259.851774][  T112] The buggy address is located 64 bytes inside of
[  259.851774][  T112]  freed 1024-byte region [ffff88807bf55000, ffff88807bf55400)
[  259.865585][  T112] 
[  259.867907][  T112] The buggy address belongs to the physical page:
[  259.874314][  T112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7bf50
[  259.883087][  T112] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  259.891594][  T112] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  259.899147][  T112] page_type: f5(slab)
[  259.903135][  T112] raw: 00fff00000000040 ffff88801b841dc0 ffffea0000a28800 dead000000000002
[  259.911732][  T112] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  259.920327][  T112] head: 00fff00000000040 ffff88801b841dc0 ffffea0000a28800 dead000000000002
[  259.929014][  T112] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[  259.937705][  T112] head: 00fff00000000003 ffffea0001efd401 00000000ffffffff 00000000ffffffff
[  259.946399][  T112] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  259.955075][  T112] page dumped because: kasan: bad access detected
[  259.961486][  T112] page_owner tracks the page as allocated
[  259.967194][  T112] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 132, tgid 132 (kworker/u8:5), ts 199090138538, free_ts 194548412505
[  259.986501][  T112]  post_alloc_hook+0x1c0/0x230
[  259.991283][  T112]  get_page_from_freelist+0x1321/0x3890
[  259.996842][  T112]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  260.002752][  T112]  alloc_pages_mpol+0x1fb/0x550
[  260.007622][  T112]  new_slab+0x23b/0x330
[  260.011812][  T112]  ___slab_alloc+0xd9c/0x1940
[  260.016495][  T112]  __slab_alloc.constprop.0+0x56/0xb0
[  260.021886][  T112]  __kmalloc_noprof+0x2f2/0x510
[  260.026752][  T112]  ieee802_11_parse_elems_full+0x1db/0x3770
[  260.032677][  T112]  ieee80211_inform_bss+0x10b/0x1140
[  260.037998][  T112]  cfg80211_inform_single_bss_data+0x8ea/0x1df0
[  260.044291][  T112]  cfg80211_inform_bss_data+0x224/0x3bc0
[  260.049981][  T112]  cfg80211_inform_bss_frame_data+0x26f/0x750
[  260.056081][  T112]  ieee80211_bss_info_update+0x310/0xab0
[  260.061758][  T112]  ieee80211_ibss_rx_queued_mgmt+0x1905/0x2fd0
[  260.067951][  T112]  ieee80211_iface_work+0xbf4/0x1020
[  260.073259][  T112] page last free pid 7267 tgid 7265 stack trace:
[  260.079581][  T112]  __free_frozen_pages+0x7fe/0x1180
[  260.084813][  T112]  __put_partials+0x16d/0x1c0
[  260.089498][  T112]  qlist_free_all+0x4d/0x120
[  260.094103][  T112]  kasan_quarantine_reduce+0x195/0x1e0
[  260.099592][  T112]  __kasan_slab_alloc+0x69/0x90
[  260.104476][  T112]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  260.110402][  T112]  kmalloc_reserve+0x18b/0x2c0
[  260.115181][  T112]  __alloc_skb+0x166/0x380
[  260.119620][  T112]  nci_send_cmd+0xac/0x370
[  260.124056][  T112]  nci_reset_req+0x75/0xa0
[  260.128492][  T112]  __nci_request+0x8a/0x2d0
[  260.133006][  T112]  nci_dev_up+0x36a/0x680
[  260.137349][  T112]  nfc_dev_up+0x1b2/0x3d0
[  260.141692][  T112]  nfc_genl_dev_up+0xa5/0xf0
[  260.146306][  T112]  genl_family_rcv_msg_doit+0x209/0x2f0
[  260.151871][  T112]  genl_rcv_msg+0x55c/0x800
[  260.156396][  T112] 
[  260.158716][  T112] Memory state around the buggy address:
[  260.164347][  T112]  ffff88807bf54f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  260.172421][  T112]  ffff88807bf54f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  260.180485][  T112] >ffff88807bf55000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  260.188548][  T112]                                            ^
[  260.194701][  T112]  ffff88807bf55080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  260.202767][  T112]  ffff88807bf55100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  260.210831][  T112] ==================================================================
[  260.267755][  T112] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[  260.275533][  T112] CPU: 0 UID: 0 PID: 112 Comm: jfsCommit Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[  260.287379][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  260.297449][  T112] Call Trace:
[  260.300738][  T112]  <TASK>
[  260.303684][  T112]  dump_stack_lvl+0x3d/0x1f0
[  260.308322][  T112]  panic+0x71c/0x800
[  260.312274][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  260.317947][  T112]  ? __pfx_panic+0x10/0x10
[  260.322412][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  260.328082][  T112]  ? lockdep_hardirqs_on+0x7c/0x110
[  260.333327][  T112]  ? txEnd+0x369/0x5a0
[  260.337434][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  260.343096][  T112]  ? preempt_schedule_common+0x44/0xc0
[  260.348598][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  260.354264][  T112]  ? preempt_schedule_thunk+0x16/0x30
[  260.359678][  T112]  ? txEnd+0x369/0x5a0
[  260.363777][  T112]  end_report+0x159/0x170
[  260.368140][  T112]  kasan_report+0xee/0x110
[  260.372592][  T112]  ? txEnd+0x369/0x5a0
[  260.376703][  T112]  kasan_check_range+0x100/0x1b0
[  260.381687][  T112]  txEnd+0x369/0x5a0
[  260.385620][  T112]  jfs_lazycommit+0x783/0xb30
[  260.390342][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[  260.395584][  T112]  ? __pfx_default_wake_function+0x10/0x10
[  260.401430][  T112]  ? lockdep_hardirqs_on+0x7c/0x110
[  260.406667][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  260.412323][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  260.417980][  T112]  ? __kthread_parkme+0x19e/0x250
[  260.423033][  T112]  ? __pfx_jfs_lazycommit+0x10/0x10
[  260.428254][  T112]  kthread+0x3c5/0x780
[  260.432333][  T112]  ? __pfx_kthread+0x10/0x10
[  260.436942][  T112]  ? srso_alias_return_thunk+0x5/0xfbef5
[  260.442591][  T112]  ? rcu_is_watching+0x12/0xc0
[  260.447386][  T112]  ? __pfx_kthread+0x10/0x10
[  260.452001][  T112]  ret_from_fork+0x5d7/0x6f0
[  260.456636][  T112]  ? __pfx_kthread+0x10/0x10
[  260.461241][  T112]  ret_from_fork_asm+0x1a/0x30
[  260.466033][  T112]  </TASK>
[  260.469255][  T112] Kernel Offset: disabled
[  260.473580][  T112] Rebooting in 86400 seconds..