last executing test programs:

1m42.501038928s ago: executing program 2 (id=977):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r0 = getpid()
ioprio_set$pid(0x1, r0, 0x4000)

1m42.44946149s ago: executing program 2 (id=979):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000600)={[{}]})

1m42.37664017s ago: executing program 2 (id=980):
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345})
io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0)

1m42.161091843s ago: executing program 2 (id=982):
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x200068c0, &(0x7f0000000180)={0x11, 0x888e, r1, 0x1, 0x0, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)={0x20, 0x0, 0x88}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000240)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@stripe={'stripe', 0x3d, 0x4000}}, {@errors_remount}, {@max_batch_time={'max_batch_time', 0x3d, 0x4}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r2, &(0x7f0000006b40)={0x2020}, 0x206e)

1m41.964646309s ago: executing program 2 (id=985):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0xfffffffc)
setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000100)=0xe85, 0x4)

1m40.983985345s ago: executing program 2 (id=996):
socket$igmp(0x2, 0x3, 0x2)
creat(&(0x7f0000001380)='./file0\x00', 0x12c)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f00000001c0))
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r0], 0xc4}}, 0x0)

1m40.869138377s ago: executing program 32 (id=996):
socket$igmp(0x2, 0x3, 0x2)
creat(&(0x7f0000001380)='./file0\x00', 0x12c)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f00000001c0))
socket$nl_rdma(0x10, 0x3, 0x14)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000009a40)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000040900010073797a30000000002c000000030a01080000000000000000010000000900030073797a32000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a30000000002800048024000180090001006d6574610000000014000280080001400000001208000240000000", @ANYRES16=r0], 0xc4}}, 0x0)

3.778930075s ago: executing program 0 (id=2055):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000f2d07c40501d89601dd0000000010902120001000000000904"], 0x0)

2.873824899s ago: executing program 3 (id=2062):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
close(r0)

2.787666002s ago: executing program 3 (id=2063):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$packet(0x11, 0xa, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0x47, &(0x7f0000000d40)={@link_local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0x11, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0x11, 0x0, @gue={{0x2}, 'J'}}}}}}}, 0x0)

2.707401035s ago: executing program 3 (id=2064):
r0 = io_uring_setup(0x75c0, &(0x7f0000000ac0)={0x0, 0x9de6, 0x40, 0x2, 0x4800020})
r1 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/asound/card1/oss_mixer\x00', 0x80401, 0x0)
writev(r1, &(0x7f0000004740)=[{&(0x7f0000002740)="417f31e934f331d83d0477949dc456655d003208676424181d5174b3e4ef0f6adf05d362a0e001505bc0dca83917657e2df9b758edf02b0443041b9df3bbfc2961ec25d2497a7c79c8873a6231769a3533395301243bd552427a54995252b99e341c677d6e318239e0d1f9c7b3f0efc1e3a94e89980bb68ae73a899bd4483efa2500ff31b7d00acad2b142cbc2ec3b5460bf402499bfbe45f7f36358c6034d59640e9f16e82c4e6c1624bc9d41e2e57e4dfe87be5bfea70b201272bbfaecd217e3a72be54054b7eb3ffd7ceeb6f46c68d4792e64454021f14143d0df4905d8a56e329c29a8bd5a28b8e37a0a62ab8e4068e92300e801dd04e19b7f0241e7b71921f4fd86915d783e379746c7f0e0a6c69c41ac514abcf8e06240c030ecf797ecc1b83d1464e945b3b561793bcc130625ce137b399d39b9224f7678c673ef91d590ebf337c7ee1080ec4d205c8f6a1d30ccd973bb39325343d5caf36295841ba99c3d167176f4a93b6921bdda18ee3ff8a6fc3dadebbe742556f8b632725da6c4ff341051ebe1c6092895a636788ddaf6e60056ac25de43a7c77fbf1509a9cd374a0810d48632e1df08b571801934901de15974036442636d789b071e4133e2de9fde3575589003e63eec4daed3e45760394fc5d5c6e6fa2f83dcf1680b668a00ec35ed1d4b509a0f1c0f6dbc4976f39de4046b0728d0ed0b59ff1e5bbea796d198e097f3edbef226913c2a94dd5f0796699b88ac3ae4717f9fefefa39d2792c8c072883c435ccf5f2cccb25bf07b55422be5114a057c582f841c2d72e435472c31fbf6f48a8e6901320017ccf85ad7fbda56654dff549d930c2acc054605b35fb0fec2a8ae6a0b90484c5f9026ebe978aacf457dd59a0dc78cddd4a2ca28581efd7a5edd8dec0ed0e532a0ef49d7dbd4beb68dfe4216e6090e43339af174b73be30bd2a026a2580c2e02e1f08ba3de00709e0934105c85235a5c4ec3d2d3d2c43948d6e334e77c443f7263ba0e31f5c588ed68ce800f1bea20c78721f711de7c6038807ca5d1b0cde1c6a8b45547baeabf2d5a87dd0a9591037f6834bf96d058ac841a5334763d0330159d5f3ea426e4cf209ff2f194c9133804f72481af76eb3d9481c800f2cfb07c1bdda698098f6741efd6cd7c644e10a2fdacfc61c821c474c80fb9085fa41113ff27901e7376b01555fbdff567924b9db10259b4af74f8efd7dcf7aa7893d52a52f1bce5edcc4fa05c4f0d65a64a6ed0087c4b87bdd8ab30e7e3aa671b4ec2280619a1b5d04d273279b3fc17470f5e465ef913dfdbac6cc0b2ed54ec5397d3572ea0c2040fa4841457c60bd379e52dd622647775a64d7b3e860f7f28ba98ee45173767b111cb79c077f6c1a1a80cd23cf5a4d518b5f6f4fa993f53af46184380c7fd00aed108c47cb7e4a65be878774da1dbb15d237e05f3cf02e1babee99e4674ff826850b3b1b121877f9697e3b59f3734de932183c5c30595f883f47a07ff85b2ca09d810af3a026948aefb22538d6d84e80d220a7c9c2f0d221d16746a2010b9f572556606c8dfd0378af56bfd11315ae637b5450e90ad49e99de88e2488c746dfb8bc45dd94788416db1cf732c41af68fe377b58cc22898926a3405773a83646cc7dd0004904132e926bf4bd3df5579fed6fcfd7f23286d3d8a8149415e5e2af16eb7d686c225ffeda98ae6a3fd2333e6c8b76f5582d7ff7475de0a2d7a35b28a635e1ef74a8304e51a368124cc19b9028f0a30c9f31f5484aeb079f205dde4eeacf389b4aa8797826a96502686b361ef74660decd04f580b48b3f4a77a2f9267553b24eea3fc03123d3fe144fb9537d2553b14edfa8804bb6612db232702f2421088e70bb32bd315079edf9bcf87a7a9dce85571e8ba7f0e195fc8031a3521da2fc70dc9aaf6b7ea2db3a878ea8845798c42ad128be33304adc7f89c13ae91998a5e99152f309f3a7d67fbc6287fecc78f2fa7827216418408abcc744da2c18e9973def77c98f615f7b845a874e77fc535e9a174cca0fb3a49cad15ed207e698714dad13d51e0863a51dcce6f261b8dfa1e2b0c65e9f1caa663c6011f6efe018d3950710b1d1e4651bc04cda36f68039483b094fde2e2e6b0068f8a92be5ba6fd3dd316242a61c6bccbd0ebf50fef1c4c95960496698db84d50169a855267666ff19ea2143965b2b842ee1cbc9dea6070da2b76275b27c2cccd52d265b33fde9e320b4d564f14aa66472e41818ccd80af7067ce1a5f37e825c20e15f62cc87557be5acd229cd61dbf792d615a5f6e67ffdadcd0099acd771a81652eeece90aadc940f45e331262c99c917d98d4478d24ba0d235c1ac428222ff86ffa4cdb4af6a0a0dfe285dc5ef0802aff5ae2d28aceb1a3f07b2789bb142c6b2265b92eddf21b9bef69549cd7852fb5c8e2902ded1d4db65b3ec01e07a54b334254ae3841709be6c0453ee2b5f8c65d6e252ced7fc4908922c9394a644e9a2137875e9a634817483f9a901017552b4b3cd8ffa4e3916bd05c548bafe4a7ec15fe6d1e7bf05f7ba0e0236e6685840fbca566cc880c3f1d6e6e6cf9430bd0098e5c5b017b6909662c9901e6799896624dfafa4015358cf314eaa8f4b976f856dd64eaf5fdbb84fe80bb27683c75e918ad476713c4bcfbbc88d17d2181d8a98eec395044375d3cba229c70fc9dbf15b0895a4d8424bc5fe9de2deee638cec8db77b4a59ac78a9dada119d788edda30c00e943e81f38527def611c79d05eb784f482e198f04acba96be6d9b72de74e8c7d4e30cedfea86934c8ae7b4d87a1854d2851dc9021c6777ce7cb8b6e6058850c46f96bd49b00d0a04369325b7f67bea493d2bcc7ed7c18386f819e622f605b06dfcaac6fde609931b8bd0c3a8c4b6120fcaa0edfe53d55de18e43173931389c5b9fbf1ced65a91422c663ec28b10ebc06fcd9c56aca1e0d4257e1f3edda827915669925282b5b145707b782f15e598ff5bf725dffb84086a25772c4f112442b5659db5e9e6c185de5eca22c043c14bea81569c8d8a2abb15a6aa14147cac5dd76fb8032feb3e6ade7284112379ca8cebdeb0b680820ea0809eb392e031de333bc090cd7172d181a42983beca07703750a16ef70a09", 0x8aa}], 0x1)
close_range(r0, 0xffffffffffffffff, 0x200000000000000)

2.569309001s ago: executing program 3 (id=2065):
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="7915a8000000000061138c0000000000bfa000000000000007000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350607000fff07206706000002000000160304000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04a19e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61dc18402cde8bf777b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154ba10a8e51489a614e69722bac300"/1546], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48)

2.488527326s ago: executing program 3 (id=2066):
prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0)
setreuid(0xee01, 0x0)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x20200, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setreuid(0xee01, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0)

1.269321159s ago: executing program 3 (id=2071):
syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
lsm_set_self_attr(0x68, &(0x7f0000000800)={0x68, 0x4b, 0x20}, 0x20, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0)
syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301)
r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1})
accept4(r0, &(0x7f00000004c0)=@pppoe={0x18, 0x0, {0x0, @random}}, &(0x7f0000000140)=0x80, 0x80800)
ioctl$vim2m_VIDIOC_QBUF(r5, 0xc058560f, &(0x7f0000000180)=@multiplanar_mmap={0x0, 0x2, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'y)\x00'}, 0x0, 0x1, {0x0}, 0xea})
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000200)=0x2)
close_range(r4, 0xffffffffffffffff, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89101)
connect$inet6(r1, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000280)={<r6=>0xffffffffffffffff})
getsockopt$sock_buf(r6, 0x1, 0x1f, 0x0, &(0x7f0000000240)=0xa00)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0xf, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000feffffff000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000008b7030000000000008500000008000000bf09000000000000a5090100ffffff80bf00200000000000ad980000000000005e080000000000008500000005000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

694.60997ms ago: executing program 0 (id=2073):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="0900000004000000e27f000001"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000feffffff0000000004000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008004000b704000000000000850000000300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

694.462476ms ago: executing program 0 (id=2074):
syz_mount_image$jfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x381401a, &(0x7f0000000100)=ANY=[@ANYRES8=0x0, @ANYRESHEX=0x0, @ANYRES8=0x0], 0xff, 0x617f, &(0x7f0000012640)="$eJzs3ctvHVcdB/Df3JcfoWnURVUihNw2PEppniUECrSVgAUbFqhblMh1q4gUUBJQWkXElTcs+CNASCwRYsmKP6ALtuz4A4iUIIG6QJ1q7HOc8Y1vrl3Hd65zPh/JmfnNmfE9k+99embuCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgfvTDn5yrIuLyr9OCExGfi35EL2KpqVciYmnlRF5/EBHPxWZzPBsRw4WIZvvNf56OeDUiPjoece/+7dVm8fk99uMHf/nnH3967Mf/+PPwzP/+erP/2qT1bt363X//dudg+wwAAAClqeu6rtLH/JPp832v604BADORX//rJC+fVn9/n+ur1Wq1Wq3uvm6rd3enXUTEenub5j2Dw/EAcMSsx8ddd4EOyb9og4g41nUngLlWdd0BDsW9+7dXq5Rv1X49WNlqz+eC7Mh/vdq+vmPSdJrxc0xmdf/aiH48M6E/SzPqwzzJ+ffG87+81T5K6x12/rMyKf/R1qVPxcn598fzH/Pk5N/bNf9S5fwH+8q/L38AAAAAAJhj+e//Jzo+/rtw8F3Zk0cd/12ZUR8AAAAAAAAA4HE76Ph/24z/BwAAAHOr+aze+P3xB8smfRdbs/ytKuKpsfWBwqSLZZa77gcAAAAAAAAAAAAAlGSwdQ7vW1XEMCKeWl6u67r5aRuv9+ug2x91pe8/lKzrJ3kAANjy0fGxa/mriMVWOVxeXq7rxaXlerleWsjvZ0cLi/VS63NtnjbLFkZ7eEM8GNXNL1tsbdc27fPytPbx39fc1qju76Fjs9FB0ADQsvVqdM8r0hOmrp+Ort/lcDR4/D95PP7Zi67vpwAAAMDhq+u6rtLXeZ9M4/v1uu4UADAT+fV//LiA+vHX/5+z/qjVarW6vLqt3t2ddhER6+1tmvcMhuMHgCNmPT7uugt0SP5FG0TEc113AphrVdcd4FDcu397tUr5Vu3XgzS+ez4XZEf+69Xmdnn73abTjJ9jMqv710b045kJ/Xl2Rn2YJzn/3nj+l7faR2m9w85/Vibl3+zniQ7607Wcf388/zFPTv69XfMvVc5/sK/8+/IHAAAAAIA5lv/+f2Kujv+OPuvuTPWo478rh3arAAAAAAAAAHC47t2/vZqve83H/7+wy3qu/3wy5fwr+Rcp598by/+rY+v1W/N333yQ/3/u3179081/fz5P95r/Qp6p0j2rSveIKt1SNUjTg+zdwzaG/VFzS8Oq1x+kc37q4TtxNa7FWpzdsW4v/X88aD+3o73p6XCzve5vtZ/f0T7Ybs/bX9jRPkxnOtVLuf10rMYv4lq8vdnetC1M2f/FKe31lPacf9/jv0g5/0Hrp8l/ObVXY9PG3Q97Dz3u29PdbueNq1/87dnD352pNqK/vW9tzf690EF/Nv9Pjo3iVzfWrp++deXmzevnIk12LD0fafKY5fyH6Wf7+f/Frfb8vN9+vN79cLTv/OfFRgwm5v9ia77Z35dm3Lcu5PxH6Sfn/3Zq3/3xf5Tzn/z4f7mD/gAAAAAAAAAAAAAAAMCj1HW9eYnoGxFxMV3/09W1mQDAbOXX/zrJy2dV92d8e2r1Ea+rOevPTOtP6vnqj1o9Z/VgL+u31bt7vV1ExN/b2zTvGX6z2y8DAObX1hd7/avrbtCZT+Rfrvx9f830VNedAWbqxvsf/OzKtWtr12903RMAAAAAAAAA4LPK43+utMZ/PlXX9Z2x9XaM//pmrBx0/M9BntkeYHTCQNX9/e/To2z0Rv1ea7jx52PS+N/D7blHjf89mHJ7wyntoyntC1PaF6e073qhR0vO//nWeOenIuLk2PDrJYz/Oj7mfQly/i+07s9N/l8ZW6+df/2Ho5x/b0f+Z26+98szN97/4JWr7115d+3dtZ9fOHfu7IWLFy9dunTmnavX1s5u/dthjw9Xzj+Pfe080LLk/HPm8i9Lzv9LqZZ/WXL+X061/MuS88/v9+Rflpx//uwj/7Lk/F9KtfzLkvP/WqrlX5ac/8upln9Zcv5fT7X8y5LzfyXV8i9Lzv90quVflpz/mVTvMf+lw+4Xs5Hzz0e4Hsp/2gFsjrScfz6zwfN/WXL+51Mt/7Lk/C+kWv5lyfm/mmr5lyXn/41Uy78sOf+LqZZ/WXL+30y1/MuS87+UavmXJef/rVTLvyw5/2+nWv5lyfm/lmr5lyXn/51Uy78sOf/vplr+Zcn5fy/V8i9Lzv/1VMu/LA++/9+MGTNm8kzXz0wAAAAAAAAAAAAAwLhZnE7c9T4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Ck7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsLevcXIddd3AD979cYJiYGQOqkhG8cE42yy60t8oXUx4dpwK4FQ6AXb9a7Ngm947RJoJBsFSlSMiirahoe2gFCblwqr4oFWgPKAWlWqRNoH+oKoKvEQVQEFpEptBdlqzvn//zsze3Zm1zuxZ875fKT45505M+fMmTNn97vOdwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaHbXG+c+O5RlWeO//I9NWXZT4+83TG7KL3vd9d5CAAAAYL1+kf/5/C3pgkOruFHTMv/0qu99Y3FxcTH7wMifjn1xcTFdMZllYxuyLL8uuvKfHxxqXiZ4PJsYGm76erjL6ke6XD/a5fqxLtePd7l+Q5frJ7pcv2wHLHND8fuY/M625X/dVOzS7NZsLL9uW8mtHh/aMDwcf5eTG8pvszh2PJvPTmZz2UzL8sWyQ/ny37qrsa63ZXFdw03r2tI4Qn762LG4DUNhH29rWdfSfUY/fkM2+bOfPnbsr88/d3vZ7LobWu6v2M7tWxvb+elwSbGtQ9mGtE/idg43beeWkudkpGU7h/LbNf7evp3Pr3I7R5Y285pqf84nsuH878/k+2m0+dd6aT9tCZf9z91Zll1a2uz2ZZatKxvONrZcMrz0/EwUR2TjPhqH0suy0TUdp3et4jhtzNltrcdp+2siPv93hduNrrANzU/Tjz813vS8/3zxao7TqPGoV3qttB+DvX6t9MsxGI+LZ/IH/UTpMbgtPP7H7ln5GCw9dkqOwfS4m47Brd2OweHxkXyb05MwlN9m6Rjc2bL8SL6moXw+e0/nY3D6/Kmz0wuf+OR986eOnpg7MXd6986dM7v37t2/f//08fmTczPFn1e5t/vfxmw4vQa2hn0XXwOvaVu2+VBd/Mr4svPv1b4OJzq8Dje1Ldvr1+Fo+4MbujYvyOXHdPHaeF9jp09cHs5WeI3lz8+O9b8O0+Nueh2ONr0OS7+nlLwOR1fxOmwsc3bH6n5mGW36r2wbVv5esL5jcFPTMdj+80j7Mdjrn0f65RicCMfFD3as/L1gS9jeJ6bW+vPIyLJjMD3ccO5pXJJ+3p/Yn4+y4/KOxhU3jmcXFubO3f/o0fPnz+3MwrgmXt50rLQfrxubHlO27HgdXvPxemj+VU/cUXL5prCvJu5r/DGx4nPVWGbP/Z2fq/y7W/n+bLl0VxZGj13r/Vn23byxP8ez7Evf/dTD337sS29ccX828uanp9f/s3jKpU3n37EVzr8x979QrC/d1eMjY6PF63ck7Z2xlvNx61M1mp+7hvJ1Pz+9uvPxWPjvWp+Pb+1wPt7ctmyvz8dj7Q8uno+Huv22Y33an8+JcJycnOl8Pm4ss3nXWo/J0Y7n47vDHAr7/7UhKaRc1HTsrHTcpnWNjo6FxzUa19B6nO5uWX4sZLPGup7adXXH6fa7i/saSY9uybU6Tifblu31cZp+97XScTrU7bdvV6f9+ZwIx8Wtuzsfp41lnt6z/nPnDfGvTefO8W7H4NjIeGObx9JBmJ/vs8Ub4jF4f3YsO5OdzGbza8fz42koX9fUA6s7BsfDf9f6XLm5wzG4vW3ZXh+D6fvYSsfe0OjyB98D7c/nRDgunnyg8zHYWOZN+3r7s+v2cElapuln1/bfr630O6872nbTi3WsjIbt/O6+zr+bbSxzcv9ac2bn/XRvuOTGkv3U/vpd6TU1m12b/bQ5bOdz+1feT43taSzzxQOrPJ4OZVl28WMP5r/vDf++8ncXvv+Nln93Kfs3nYsfe/AnLzn+j2vZfgAG3wvF2Fh8r5tY+plrNf/+DwAAAAyEmPuHw0zkfwAAAKiMmPvj/xWeyP8AAABQGTH3j4aZ1CT/b37Tc/MvXMxSM38xiNen3fBQsVzsuM6ErycXlzQuf/Brc//9DxdXt+7hLMt+/tAflC6/+aG4XYXJsJ1X3tx6+TLfuG9V6z7yyMW03ub++pfD/cfHs9rDoKyCO5Nl2bdu+Xy+nskPXs7n0w8dyefDl554vLHM8weKr+Ptn315sfxfhCLKoeNHW27/bNgPPwpz5u3l+yPe7uuXX7tl3/uX1hdvN7T15vxhP/mh4n7j++R84fFi+bifV9r+b3/uqa83ln/01eXbf3G4fPufCvf7tTD/95XF8s3PQePreLvPhO2P64u3u/+r3ynd/iufLZY/+5ZiuSNhxvVvD19ve8tz883769Ghoy2PK3trsVxc/8z3/zi/Pt5fvP/27Z84fLllf7QfH0//W3E/023Lx8vjeqK/b1t/436aj8+4/qf+8EjLfu62/isPP/vKxv22r//etuXOfmxHvv6l+2t9x6a//MznS9cXt+fQ355teTyH3hNex2H9T34oHI/h+v+7Utxf+7srHHlP6/knLv/lTRdbHk/0tp8V67/y+hP53DBxw8Ybb3rJzZfubOy7LHtmQ3F/3dZ/4q/OtGz/V24r9ke8PvbF2te/krj+cx+fOn1m4cL8bNqrj92Sv3fOO4rtidt7Szi3tn99+Mz5D8+dm5yZnMmyyeq+hd5V+2qYPynGpbXefscj4fm848+/tfGef/1cvPzf31dcfvntxfet14TlvhAu3xSev/Wu/8m7bstf30NPF1+39Nh7YMu2/9q/qgXD42//uSAe72df8eF8PzSuy79vxNf1Orf/h7PF/Xwz7NfF8M7MW29bWl/z8vG9ES6/t3i9r3v/hdNcfF7/Jjzf7/xRcf9xu+Lj/WH4OeY7m1vPd/H4+ObF4fb7z9/F41I4n2SXiuvjUnF/X37+ttLNi+9Dkl26Pf/6T9L93L6mh7mShU8sTJ+cP33h0enzcwvnpxc+8cnDp85cOH3+cP5enoc/0u32S+enjfn5aXZu754sP1udKcaL7Hpv/9lHjs3um7lndu740QvHzz9ydu7ciWMLC8fmZhfuOXr8+NzHu91+fvbgzl0Hdu/bNXVifvbg/gMHdh+Ymj99prEZxUZ1sXfmo1Onzx3Ob7JwcM+BnQ88sGdm6tSZ2bmD+2Zmpi50u33+vWmqcevfnzo3d/Lo+flTc1ML85+cO7jzwN69u7q+G+Cps8cXJqfPXTg9fWFh7tx08Vgmz+cXN773dbs91bTwH8XPs+2Gijfiy9597970/qwNX/vUindVLNL2BqLPhfei+eeXnt2/mq9j7h8LM6lJ/gcAAIA6iLl/PMxE/gcAAIA+9tKb1rJ0zP0bwkzkfwAAAKiMmPsnwkxqkv8r1//ffHFV69f/1/9v3l817f8vXqxr//+9/db/L84X+v+9of/fmf5/F/r/+v/6//r/9FS/9f9j7r8hy2qZ/wEAAKAOYu7fGGYi/wMAAEBlxNx/Y5iJ/A8AAACVEXP/TWEmNcn/+v/6//r/te3/1/fz//X/K03/vzP9/y5W3/8fyira/8/q1f+/1Mvt1//X/2e5fuv/x9z/kjCTmuR/AAAAqIOY+28OM5H/AQAAoDJi7r8lzET+BwAAgMqIuX9TmElN8r/+v/6//r/+v/5/+fr1/wdT5fv/7S+QNdL/78Ln//v8f/1//X/WYHFDtyX6rf8fc/9Lw0xqkv8BAACgDmLuf1mYifwPAAAA/Wf06m4Wc//Lw0yW5f+rXAEAAABw3cXcf2vWVgSvyb//6//r/+v/6//r/5evf/X9/5FM/79/VL7/v076/13o/+v/6//r/9NT/db/z3N/NpG9IsykJvkfAAAA6iDm/tvCTOR/AAAAqIyY+38pzET+BwAAgMqIuX9zmElN8r/+v/6//r/+v/5/+fp9/v9g0v/vTP+/C/1//f/u2/9HZT/3Zfr/+v+U6rf+f8z9t4eZ1CT/AwAAQB3E3H9HmIn8DwAAAJURc/8vh5nI/wAAAFAZMfdvCTOpSf7X/9f/X7H/v6j/r/+v/6//P3j0/zvT/+9C/1//3+f/6//TU/3W/4+5/5VhJjXJ/wAAAFAHMfe/KsxE/gcAAIDKiLn/zjAT+R8AAAAqI+b+yTCTmuR//X/9f5//r/+v/1++fv3/waT/35n+fxf6//r/+v/6//TU+vr/LefQnvT/Y+6/K8ykJvkfAAAA6iDm/q1hJvI/AAAAVEbM/XeHmcj/AAAAUBkx928LM6lJ/tf/1//X/9f/1/8vX7/+/2DS/+9M/78L/X/9f/1//X96an39/9ab5H+us/8fc/+rw0xqkv8BAACgDmLuvyfMRP4HAACAyoi5/zVhJvI/AAAAVEbM/dvDTGqS//X/9f/1//X/9f/L16//P5j0/zvT/+9C/1//X/9f/5+e6rf+f8z9rw0zqUn+BwAAgDqIuX9HmIn8DwAAAJURc/+9YSbyPwAAAFRGzP1TYSY1yf/6//r/+v/6//r/5evX/x9M+v+d6f93of+v/6//r/9PT/Vb/z/m/vvCTGqS/wEAAKBKhle4POb++8NM5H8AAACojJj7p8NM5H8AAACojJj7Z8JMapL/9f/1//X/9f/X1P+/c+l+9f8L+v/9Rf+/M/3/LvT/9f+ve/9/TP+fSum3/n/M/TvDTGqS/wEAAKAOYu7fFWYi/wMAAEBlxNy/O8xE/gcAAIDKiLl/T5hJTfK//r/+v/6//r/P/y9fv/7/YNL/76z3/f/4EPX/9f/1/33+v/4/y/Vb/z/m/gfCTGqS/wEAAKAOYu7fG2Yi/wMAAEBlxNy/L8xE/gcAAIDKiLl/f5hJTfJ/lfv/i4uLKy6p/6//37y/9P/1/8vWr/8/mPT/O/P5/13o/+v/6//r/9NT/db/j7n/QJhJTfI/AAAA1EHM/a8LM5H/AQAAoDJi7v+VMBP5HwAAACoj5v5fDTOpSf6vcv+/E/1//f/m/aX/r/9ftn79/8Gk/9+Z/n8X+v/6//r/+v/0VL/1/2PuPxhmUpP8DwAAAHUQc/+vhZnI/wAAAFAZMfe/PsxE/gcAAIDKiLn/UJhJTfK//r/+v/6//r/+f/n69f8Hk/5/Z/r/Xej/6//3ef+/cXy8sMJxrf9PP+q3/n/M/W8IM6lJ/gcAAIA6iLn/wTAT+R8AAAAqI+b+N4aZyP8AAABQGTH3vynMpCb5X/9f/1//X/9f/798/fr/g0n/vzP9/y70//X/+7z/34n+P/2o3/r/Mfe/OcykJvkfAAAA6iDm/reEmcj/AAAAUBkx9781zET+BwAAgMqIuf9tYSY1yf/6//r/+v/6//r/5evX/x9M+v+d6f93UYP+/50drrve/fn1ut7br/+v/89y/db/j7n/18NMapL/AQAAoA5i7n8ozET+BwAAgMqIuf/tYSbyPwAAAFRGzP3vCDOpSf7X/9f/1//X/9f/L1+//v9g0v/vbMD6/7+4OVyu/1/w+f/9vf2D1f9f3NB+e/1/Xgz91v+Puf+dYSY1yf8AAABQBzH3vyvMRP4HAACAyoi5/91hJvI/AAAAVEbM/b8RZlKT/K//39iOpfay/r/+f36B/r/+v/7/wNL/72zA+v8+/7+N/n9/b/9g9f+X0//nxdBv/f+Y+98TZlKT/A8AAAB1EHP/w2Em8j8AAABURsz97w0zkf8BAACgMmLuf1+YSU3yv/6/z//X/9f/1/8vX7/+/2DS/+9M/78L/X/9f/1//X96qt/6/zH3PxJmUpP8DwAAAHUQc//7w0zkfwAAAKiMmPt/M8xE/gcAAIDKiLn/A2EmNcn/+v+D0v+f1P/X/9f/b3s8+v/6/2X0/zvT/+9C/1//X/9f/5+e6rf+f8z9HwwzqUn+BwAAgDqIuf+3wkzkfwAAAKiMmPt/O8xE/gcAAIDKiLn/d8JMapL/a9//HxmU/r/P/8/0//X/2x6P/r/+f5lr1/+PZx79f/1//f9I/1//X/+fdv3W/4+5/3fDTGqS/wEAAKAOYu7/UJiJ/A8AAAADoez/yW4Xc//hMBP5HwAAACoj5v4jYSY1yf+17/8PzOf/6/9ndev//9nWf/nB9951ZKf+v/6//v+aXNPP/2+8+H3+v/6//n+Szk93Fic2/X/9f/1/+q3/H3P/0TCTmuR/AAAAqIOY+3+vmEu/AJD/AQAAoDJC7s+OhZnI/wAAAFAZMffPhpnUJP/r/+v/6//3af9/gD//P+4P/f9WPev/x5Ou/n+pa9r/f/9ST1z/f639//HSS/X/K9L/9/n/+v/6/wT91v+PuX8uzKQm+R8AAADqIOT+4ePFXLpC/gcAAIDKiLn/RJiJ/A8AAACVEXP/h8NMapL/9f/1//X/9f99/n/5+vu2/+/z/zvS/++sf/r/5fT/9f8Hefv1//X/Wa7f+v8x98+HmdQk/wMAAEAdxNz/kTAT+R8AAAAqI+b+j4aZyP8AAABQGTH3nwwzqUn+1//X/9f/1//X/y9fv/7/YOr7/v9E5/Xr/+v/6/8P7vbr/+v/s1y/9f9j7j8VZlKT/A8AAAB1EHP/6TAT+R8AAAAqI+b+M2Em8v//s3cfTXrdVR7HWx55LJVfwCxmM/t5CV7MrGdeAAs2bKiiWFCAyckyOZocTDI5G4wNxiSTDdgkg8mYnDPGJEOVKKNzjjrcvo9aelq6z/98PgsObrl9m0KW9bP0rQsAAADDyN3/4Lilyf7X/x9G/3/6+5H+/wL2//+j/9/v+fp//f/IFt//r6D/1//r/zf369f/6//Za2n9f+7+h8QtTfY/AAAAdJC7/6Fxi/0PAAAAw8jdf3ncYv8DAADAMHL3PyxuabL/d/X/R7Z69v+Z8Xr//0j9v/f/7/v84fr/o/p/Tju//f+V9/7Ip//X/+v/g/5f/6//Z7el9f+5+x8etzTZ/wAAANBB7v5HxC32PwAAAAwjd/8j4xb7HwAAAIaRu/9RcUuT/e/9/4fx/v9T9P+b3P8f1/9vUv/v/f9s4/3/8zr1/5ffcemD7rrxP286yPP1//p//b/+n/VaWv+fu//RcUuT/Q8AAAAd5O5/TNxi/wMAAMAwcvc/Nm6x/wEAAGAYufsfF7c02f/6f/3/uvv/E0P0/97/r//X/28q/f+8Tv3/2Txf/6//36j+/7qdf6j/Z4mW1v/n7n983NJk/wMAAEAHufufELfY/wAAADCM3P1XxC32PwAAAAwjd/+JuKXJ/tf/6/+9/1//r/+ffr7+fzPp/+fp/1fQ/+v/N6n/30X/zxItrf/P3X9l3NJk/wMAAEAHufufGLfY/wAAADCM3P1PilvsfwAAABhG7v4nxy1N9r/+X/+v/9f/6/+nn6//30z6/3n6/xX0/+faz1+s/9f/6//Z7oD9/z0zP2yvpf/P3f+UuKXJ/gcAAIAOcvc/NW6x/wEAAGAYufufFrfY/wAAADCM3P1Pj1ua7H/9v/5f/6//1/9PP1//v5n0//MW0/8fOTr5Yf3/xvf/3v+v/9f/s8PS3v+fu/8ZcUuT/Q8AAAAd5O5/Ztxi/wMAAMAwcvc/K26x/wEAAGAYufufHbc02f/6f/2//l//r/+ffv5c/3/Ttq9P/78s+v95i+n/96H/1/9v8tev/9f/s9fZ9/+X7PmUf/3nOfb/ufufE7c02f8AAADQQe7+q+IW+x8AAACGkbv/uXGL/Q8AAADDyN3/vLilyf6f7v9Pf7v+/8zo/3d+/fr/6e8f6+r/86+o/5/t///X+/970v/P0/+voP/X/+v/9+v/j6/6fP0/U5b2/v/c/c+PW5rsfwAAAOggd/8L4hb7HwAAAIaRu/+FcYv9DwAAAMPI3f+iuKXJ/vf+f/2//n/z+n/v/z/lQr7/f+u89/9H9f9nSP8/T/+/gv5f/6//9/5/1mpp/X/u/hfHLU32PwAAAHSQu/8lcYv9DwAAAJth++8d2P0bSkPu/pfGLfY/AAAADCN3/8vilrH2/0X7fYP+X/+v/9f/L6n/Pz7xr2v1/97/fxD6/3n6/xX0/4fRzx8drP+/Zr/PX0L/f4X+n4XZ0f/ffPrjB+//j01+9KD9f+7+q3f/Ncfa/wAAANBa7v6Xxy32PwAAAAwjd/8r4hb7HwAAAIaRu/+VcUuT/X/o/f/x/Z+t/9f/6//1/97/r/9fN/3/PP3/Cvp/7//3/n/9P2u1o//f5uD9f/wpO386euD+P3f/q+KWJvsfAAAAOsjd/+q4xf4HAACAYeTuvyZusf8BAABgGLn7XxO3NNn/3v+v/9f/6//1/9PP1/9vJv3/PP3/Cvr/M+3nr576fP2//l//z25L6/9z9782bmmy/wEAAKCD3P2vi1vsfwAAABhG7v7Xxy32PwAAAAwjd/8b4pYm+1//f7j9f35c/6//39L/6//1/+dF2/7/yNQ/ifbap/+/7QEn/n/nR/T/+n/v/9f/6/9Zg0X0/ydP/+wyd/8b45Ym+x8AAAA6yN3/prjF/gcAAIBh5O5/c9xi/wMAAMAwcve/JW5psv/1/97/r//X/+v/p5+v/98s+f9j2/7/DHn//wr6f/2//l//z1otov/f9se5+98atzTZ/wAAANBB7v63xS32PwAAAAwjd//b4xb7HwAAAIaRu/8dcUuT/a//1//r//X/+v/p5+v/N5P+f57+fwX9/wH6+SNHd3++/l//r/9nt0Po/49s/4frQfv/3P3Xxi1N9j8AAAB0kLv/nXGL/Q8AAADDyN3/rrjF/gcAAIBh5O6/Lm5psv/1//p//b/+X/8//Xz9/2bS/8/T/29tbV0/8wVM9f8nL9H/r7Wf3/2j/Pro//X/LM/S3v+fu//dcUuT/Q8AAAAd5O6/Pm6x/wEAAGAYuftviFvsfwAAABhG7v73xC1N9r/+X/+v/9f/6/+nn6//30z6/3n6/xW8//+C9vOb/vXr//X/7LW0/j93/3vjhmNd9j8AAAB0kLv/xrjF/gcAAIBh5O5/X9xi/wMAAMAwcvffFLc02f/6f/2//l//r/+ffv459v97mmP9//lxeP3/lv5f/6//X0H/r//X/7Pb0vr/3P3vj1ua7H8AAADoIHf/B+IW+x8AAACGkbv/g3GL/Q8AAADDyN3/obilyf7X/+v/9f/6f/3/9PO9/38zef//PP3/Cvp//X/7/v/e76H6f9Znaf1/7v4Pxy1N9j8AAAB0kLv/5rjF/gcAAIBh5O7/SNxi/wMAAMAwcvd/NG5psv/1//p//b/+X/8//fzz0P8f29L/r53+f57+fwX9/5j9/0VbA/X/x/f9fO//Z4mW1v/n7v9Y3NJk/wMAAEAHufs/HrfY/wAAADCM3P2fiFvsfwAAABhG7v5Pxi1N9r/+X/+v/9f/6/+nn+/9/5tJ/z9P/7+C/n/M/t/7//X/XDBL6/9z938qbmmy/wEAAKCD3P23xC32PwAAAAwjd/+n4xb7HwAAAIaRu/8zcUuT/a//1//r//X/+v/p5+v/N5P+f57+fwX9v/5f/6//Z62W1v/n7v9s3NJk/wMAAEAHuftvjVvsfwAAABhG7v7b4hb7HwAAAIaRu/9zcUuT/a//1/8fRv+/++vQ/5+yzv7/mP5f/6//n7SU/v+yy/7vdv2//l//r//X/+v/u1ta/5+7//NxS5P9DwAAAB3k7v9C3GL/AwAAwDBy938xbvr3C/YVAQAAAOuWu/9LcUuTX//f2/9fvHWqUD1lqv+PRk3/v83Y/f+9f194///S+v8t/b/+X/8/aSn9/2jv/78nrv5f/z9H/3+A/v+/9n6+/p8RLa3/z91/e9zSZP8DAABAB7n7vxy32P8AAAAwjNz9X4lb7H8AAAAYRu7+O+KWJvvf+//1/4fx/n/9//T3D/2//l//f/j0//NW9f/1MO//1//r/0d9///JqZ+3bm3v//9N/8/6LK3/z93/1bilyf4HAACADnL3fy1usf8BAABgGLn7vx632P8AAAAwjNz934hbmux//b/+X/+v/9f/Tz9f/7+Z9P/zzvb9//lh/b/+f06z/v+W3R/YkP5/X97/z2FYWv+fu/+bcUuT/Q8AAAAd5O7/Vtxi/wMAAMAwcvd/O26x/wEAAGAYufu/E7c02f/6f/3/+P3//fT/u56v/9f/j+ys+/v4G3mE/v/imW/T/6+g/9f/j//+/33p/zkMS+v/c/ffGbc02f8AAADQQe7+78Yt9j8AAAAMI3f/9+IW+x8AAACGkbv/+3FLk/2v/+/V/x/Z6tj/e/+//l//34n3/8/T/6+g/9f/6//1/6zV0vr/3P0/iFua7H8AAADYVPf57wfeeaZ/bu7+H8Yt9j8AAAAMI3f/j+IW+x8AAACGkbv/x3FLk/2v/+/V//d8/7/+X/+v/+9E/z9P/7+C/l//r//X/7NWS+v/c/f/JG7ZNvyOHvh/JQAAALAkuft/Grc0+fV/AAAA6CB3/8/ilj37/+QZ/q52AAAAYGly9/88bmny6//6/4X3/1v6f/2//l//r/8/CP3/vHPs/08e0f/r/2fo//X/+n92W1r/n7v/F3FLk/0PAAAAg9rxbxRy9/8ybrH/AQAAYBi5+38Vt9j/AAAAMIzc/b+OW5rsf/3/wvv/s3r///H6b/r/5v3/Vccmn6//1/+PTP8/z/v/V9D/6//1//p/1mpp/X/u/t/ELU32PwAAAHSQu/+3cYv9DwAAAMPI3f+7uMX+BwAAgGHk7v993NJk/+v/R+z/vf9f/z///HH6//+49MSt973/Ddfq/zntfPb/+X1B/6//1/+fov/X/+v/2W1p/X/u/j/ELU32PwAAAHSQu/+uuMX+BwAAgGHk7v9j3GL/AwAAwDBy998dtzTZ//p//b/+fxP7/2yKu/f/3v+v/9/L+//n6f9X0P/r/w/09d+944/0//p/9lpa/5+7/09xS5P9DwAAAB3k7v9z3GL/AwAAwDBy9/8lbrH/AQAAYBi5+/8atzTZ//p//b/+fxP7f+//39L/6//3of+fp/9fQf+v//f+f/0/a7W0/j93/9/ilib7HwAAADrI3X9P3GL/AwAAwDBy9/89brH/AQAAYBi5+/8RtzTZ//p//b/+X/+v/59+vv5/M+n/5+n/V9D/6//1//p/1mpp/X/u/n8GAAD//wVCi78=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)

359.616515ms ago: executing program 0 (id=2078):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a64000000060a0b04000000000000000002000004380004803400018009000100686173680000000024000280080007400000000108000440fdfffff70800024000000010080006402f0000080900010073797a30000000000900020073797a32"], 0x8c}}, 0x0)

312.380435ms ago: executing program 0 (id=2080):
r0 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x5})

255.039224ms ago: executing program 0 (id=2081):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000100)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x441f, &(0x7f0000008940)="$eJzs3c9PHFUcAPA3A1qobYXaQ01M3MQmGjUEelJpIqW0FFqsqbYxXrYLbFt0YRtYjIce8NbEk4kH46HRxBunhoPX+id48VjPTfTgxcSkEbO7s8AMbFmRBdt8PkkZ5v1mvzNv3xymL05Ubs4s5GYWcoW5XHnq+sLJ3Gfl0uJsMcR7ZL/7pzXtiJPY759LZ859cPVkCD9N//JwdfVAeJyBDb//+cftqY3HhjhTp9ruYxv9zz4OIRzbNK6qjhDCRz+GEIUQTidpw8mxO4RwJNTzrt7+8lpul0Zz70HxVP7RxJ2VwRPjy3dXmv/tUQjfll5888bsb690DP76+i51DwAAAAAAAAAAAAAAAADAE2708qUr7/cPhPtR6FyONr+vO5ocm70fu7prXm7/HwsAAAAAAAAAAAAAAAAAAAD/U+vv/+eio1u8/z+SHIea1F99t/1jpH3G3rs0crZ/INn/PdqU/1aS9PvpjtC7xb7v2f3fT2fqb73/++Z+dqoxvka/PSGK+1LncdzXF8L3ycbvx6ODcam8UHnjenlxbnrXhvHESse/vnt/KjrJhv6txn8403779/9/YdPVVD2/tnuX2FMtHf+OpuV++CJqKf5nMvX2Iv7sXDr+nbW07o0FhuoTQDX+X3VuH/+RTPvtiv+REEIuqo41tz4DNC7fqPl6hbR0/J+ppUXr0/7aB9ns/v8rE/+zmfb3a/5fyn4RsaV0/J+tpXWlSqzf/73x9vf/uUz7+xH/6viXfP+3JB3/A/XEzlSR2ifZ6vw/mmm/XfG/EifjPBKlroDlqJ7e7P+rIy0d/65N+evPf3FL67/zmfp79fzX6Lfx/NeY/l+L6s9/bC0d/+6m5Vq9/8cy9do9/w/V1n/sVDr+B2tp6bVzT+1nq/Efz7TfrvjXViVdjfivzyd/H6inf2f915J0/J+rJ8YbSyzVftbWf9H26/8Lmfb3Y/1XHf9S3N5enxbp+B9qWq4a/59b+P6/mKnX/viH0G+tv2Pp+B9uWq52/3dtH/+JTL12x//VdjYOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8AQYTo49IYr7Uudx3NcXwpnk/Hg4GE0WpvOTpfLUpwshjCTpuXA0ulEqTxZK+Zm58nQxXyiVylMhnE3yj4WuaKFUruRnC7fOrbXVHd0sFuYrk8VCJYQwmqS/FA432pqcqcwWboUQzq/lPR+X52/dLMzlp2fm3+nv7+8PY2tj6I2Kn1eKc5V67/XcEMbX6vZEGwZXy76wNpZD0Sflxfm5QqmWfnFDnVJ5qlDaUGciyfs69EaV+cW5qUKlmC+VbzT6209DyXFk7PKHly8ObMq/FtWPw3s7LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+pfuDb38TQuisn8UhhFyU/BIl/1LuPSieyj+auLMyeGJ8+e7Kw63KAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/sAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYVdOkaJGIjCAPxmRLT0GFYh6WwjimhhRPAEegwPo0fxEt7BwsLWYlnYTCAkG0izW31f80h+Zt6DeQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsN7dc/fyVDcRKc43ZxFfb98/4/yh1I/r/edPjjAjh3P/2N3c1k159zTLr8qv3zbv0v+/99fo62mMvgefkz2Z7lNv3mdqad+W5hv6XkTKVUS0Jb9MOVfVursAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC07cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZR9G0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwKwAA//8hvRzL")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0)
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)

99.519722ms ago: executing program 1 (id=2087):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000011c0)='/proc/cpuinfo\x00', 0x0, 0x0)
preadv(r0, &(0x7f0000001280)=[{&(0x7f0000000180)=""/4096, 0x1000}], 0x1, 0x4, 0xf5ff)

99.372557ms ago: executing program 1 (id=2088):
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_mreq(r0, 0x0, 0x20, &(0x7f00000000c0)={@empty, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x8)
connect$inet(r0, &(0x7f0000000100)={0x2, 0x4e21, @multicast1}, 0x10)

70.85436ms ago: executing program 1 (id=2089):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a70020000060a0b0400000000000000000200000044020480400201800a0001006d61746368000000300202800800010062706600080002400000000114020300d67a8527f76ec1d39e537c4c3060c6a405106c72848aa8bcb429b3a20d532452032d5f166334739d1719a5778bd4f724ee4ca57f2527aeeb0c75755d68fc6fa55f4825682ee95e581039823e5963beedcf65b8b005623d90772b8b6ebd2498b0aff725a3eabb6c99cb2edfe10b9c33be8a971e08401bc0807e75a2ff376b7934473bc1f02bb512b77414daf260c9c7d4e1f0758b56ec5823892af310e6252fcfb1d9dbaddefdaa26f43f12f831fd221926d6536eeff641db46920ae0e48f3ff5de599714ba6510ce479d4116a519792281736f39c9fc0e10ef557392c43389271cebcf36543fcf6f83bf74b93ee4eb5e8c82e35bb4784cc1ed0ad291b16e8368487589f7590bf5896f340a36555a1cf69736da230a809176dbdfba3d47efb9a6932e5503d277532b7d4e6f7c7373a298e5843a9f74d5fd07fbc6ad22bc644ba9b3c94ec3c8f0b9321b16e5826b1f058f781760a5d4b6a8880202b41689139c37cd51f65a92d883f8901add03b650c9ec182fb565a4d657ebba9d6a5eb426b22d5933b72362e6ec327fb679aa8034b8b3b6680ad138be47652a3e77981187d2921cebfc1639aa280e3d38dba9b1af49ceded79c78a2d656b3a3e946e17e6257def6679f70f11aa01a2d906aecf4dbc7d1a332a8932ed719ce7eecb5450f494f944b3f6b637502ddba609c6e45ccfad1db7c7dda3e2c755ddcf27132985442e9b8df16f96c82e72e3e2491856d07756b9f08000240000000000900020073797a32000000000900010073797a30"], 0x2c8}}, 0x4048010)

180.907µs ago: executing program 1 (id=2090):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ipvlan1\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000100)={0x11, 0x1, r1, 0x1, 0x8}, 0x14)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000280)={0x0, 0x1000}, 0x4)

71.052µs ago: executing program 1 (id=2091):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@bloom_filter={0x1e, 0x0, 0xffbf, 0x9}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001100)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20)

0s ago: executing program 1 (id=2092):
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={<r3=>r2, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000001100)={r3, 0x4}, 0x8)

kernel console output (not intermixed with test programs):

rqs_on+0x9c/0x150
[  169.539610][ T5857]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.539622][ T5857]  ? exc_page_fault+0x9f/0xf0
[  169.539649][ T5857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  169.539660][ T5857] RIP: 0033:0x7f02caf8ff17
[  169.539672][ T5857] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  169.539681][ T5857] RSP: 002b:00007ffc8bc63c98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  169.539694][ T5857] RAX: 0000000000000000 RBX: 00007f02cb011c05 RCX: 00007f02caf8ff17
[  169.539702][ T5857] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc8bc63d50
[  169.539709][ T5857] RBP: 00007ffc8bc63d50 R08: 0000000000000000 R09: 0000000000000000
[  169.539716][ T5857] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc8bc64de0
[  169.539724][ T5857] R13: 00007f02cb011c05 R14: 00000000000295c4 R15: 00007ffc8bc64e20
[  169.539746][ T5857]  </TASK>
[  169.540628][ T5857] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  170.180653][ T6873] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  170.243296][ T9111] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  170.346441][ T6873] usb 2-1: Using ep0 maxpacket: 16
[  170.351998][ T6873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  170.357983][ T6873] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  170.359885][ T9117] loop0: detected capacity change from 0 to 1024
[  170.361704][ T6873] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  170.379892][ T6873] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  170.382483][ T9117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  170.384415][ T6873] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.389115][ T9117] ext4 filesystem being mounted at /430/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  170.400527][ T6873] usb 2-1: config 0 descriptor??
[  170.406825][   T33] audit: type=1800 audit(1755400676.325:30): pid=9117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1188" name="file1" dev="loop0" ino=15 res=0 errno=0
[  170.408600][ T9117] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: comm syz.0.1188: lblock 0 mapped to illegal pblock 0 (length 1)
[  170.431922][   T33] audit: type=1804 audit(1755400676.355:31): pid=9117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1188" name="/newroot/430/file1/file1" dev="loop0" ino=15 res=1 errno=0
[  170.442962][   T33] audit: type=1800 audit(1755400676.355:32): pid=9117 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1188" name="file1" dev="loop0" ino=15 res=0 errno=0
[  170.454978][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  170.668022][ T9124] loop0: detected capacity change from 0 to 32768
[  170.688803][ T9124] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  170.704935][ T9124] XFS (loop0): Ending clean mount
[  170.766762][   T33] audit: type=1800 audit(1755400676.695:33): pid=9124 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1190" name="file1" dev="overlay" ino=6150 res=0 errno=0
[  170.813548][ T6873] microsoft 0003:045E:07DA.0009: unbalanced delimiter at end of report description
[  170.815274][ T5848] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  170.820074][ T6873] microsoft 0003:045E:07DA.0009: parse failed
[  170.822429][ T6873] microsoft 0003:045E:07DA.0009: probe with driver microsoft failed with error -22
[  170.959741][ T9134] loop0: detected capacity change from 0 to 4096
[  170.979068][ T9134] ntfs3(loop0): $Secure::$SII is corrupted.
[  170.981141][ T9134] ntfs3(loop0): Failed to initialize $Secure (-22).
[  171.036276][ T6873] usb 2-1: USB disconnect, device number 25
[  171.871907][ T9156] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1196'.
[  172.436253][    T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  172.638232][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  172.641850][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 31, changing to 7
[  172.647505][    T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  172.652463][    T9] usb 4-1: language id specifier not provided by device, defaulting to English
[  172.656963][   T33] audit: type=1804 audit(1755400678.575:34): pid=9166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1205" name="/newroot/408/file0" dev="tmpfs" ino=2154 res=1 errno=0
[  172.660506][    T9] usb 4-1: New USB device found, idVendor=2013, idProduct=0251, bcdDevice=e8.6e
[  172.668358][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.671236][    T9] usb 4-1: Manufacturer: 
[  172.672716][    T9] usb 4-1: SerialNumber: syz
[  172.680524][    T9] usb 4-1: config 0 descriptor??
[  172.686252][    T9] em28xx 4-1:0.0: New device   @ 480 Mbps (2013:0251, interface 0, class 0)
[  172.689302][    T9] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  172.947044][    T9] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  172.952125][    T9] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  172.955467][    T9] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  172.959084][    T9] em28xx 4-1:0.0: No AC97 audio processor
[  172.967590][    T9] usb 4-1: USB disconnect, device number 4
[  172.974801][    T9] em28xx 4-1:0.0: Disconnecting em28xx
[  172.983639][    T9] em28xx 4-1:0.0: Freeing device
[  173.058120][ T9172] loop1: detected capacity change from 0 to 40427
[  173.062553][ T9172] F2FS-fs (loop1): build fault injection rate: 14
[  173.065491][ T9172] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  173.070991][ T9172] F2FS-fs (loop1): invalid crc value
[  173.078838][    C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  173.091572][    C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  173.138929][ T9172] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  173.142717][ T9172] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  173.149410][ T9172] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  173.168907][ T9172] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  173.174253][   T33] audit: type=1800 audit(1755400679.095:35): pid=9172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1208" name="file1" dev="loop1" ino=10 res=0 errno=0
[  173.182594][ T9172] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_get_read_data_folio+0xc1/0x7d0
[  173.209944][ T5857] syz-executor: attempt to access beyond end of device
[  173.209944][ T5857] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  173.215952][ T5857] CPU: 0 UID: 0 PID: 5857 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  173.215969][ T5857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  173.215976][ T5857] Call Trace:
[  173.215981][ T5857]  <TASK>
[  173.215986][ T5857]  dump_stack_lvl+0x189/0x250
[  173.216007][ T5857]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.216020][ T5857]  ? __pfx_queue_work_on+0x10/0x10
[  173.216053][ T5857]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  173.216069][ T5857]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  173.216091][ T5857]  f2fs_handle_critical_error+0x37c/0x540
[  173.216114][ T5857]  f2fs_write_end_io+0x886/0xb60
[  173.216155][ T5857]  __submit_merged_bio+0x27a/0x6a0
[  173.216178][ T5857]  __submit_merged_write_cond+0x255/0x530
[  173.216199][ T5857]  f2fs_write_data_pages+0x261d/0x3000
[  173.216240][ T5857]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  173.216297][ T5857]  ? folios_put_refs+0x559/0x640
[  173.216319][ T5857]  ? __lock_acquire+0xab9/0xd20
[  173.216342][ T5857]  ? do_raw_spin_lock+0x121/0x290
[  173.216365][ T5857]  ? do_raw_spin_unlock+0x4d/0x240
[  173.216379][ T5857]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  173.216396][ T5857]  do_writepages+0x32e/0x550
[  173.216420][ T5857]  ? do_raw_spin_unlock+0x4d/0x240
[  173.216463][ T5857]  filemap_fdatawrite+0x199/0x240
[  173.216480][ T5857]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  173.216529][ T5857]  ? do_raw_spin_unlock+0x4d/0x240
[  173.216546][ T5857]  f2fs_sync_dirty_inodes+0x31f/0x830
[  173.216569][ T5857]  f2fs_write_checkpoint+0x95a/0x1df0
[  173.216596][ T5857]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  173.216641][ T5857]  ? kill_f2fs_super+0x298/0x6c0
[  173.216657][ T5857]  kill_f2fs_super+0x2c3/0x6c0
[  173.216672][ T5857]  ? __pfx_kill_f2fs_super+0x10/0x10
[  173.216682][ T5857]  ? radix_tree_delete_item+0x2b6/0x400
[  173.216703][ T5857]  ? shrinker_free+0x2ce/0x3e0
[  173.216717][ T5857]  deactivate_locked_super+0xbc/0x130
[  173.216733][ T5857]  cleanup_mnt+0x425/0x4c0
[  173.216746][ T5857]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.216764][ T5857]  task_work_run+0x1d4/0x260
[  173.216782][ T5857]  ? __pfx_task_work_run+0x10/0x10
[  173.216795][ T5857]  ? __x64_sys_umount+0x122/0x160
[  173.216814][ T5857]  ? exit_to_user_mode_loop+0x40/0x110
[  173.216834][ T5857]  exit_to_user_mode_loop+0xec/0x110
[  173.216856][ T5857]  do_syscall_64+0x2bd/0x3b0
[  173.216871][ T5857]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.216886][ T5857]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.216897][ T5857]  ? exc_page_fault+0x9f/0xf0
[  173.216913][ T5857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.216924][ T5857] RIP: 0033:0x7f02caf8ff17
[  173.216935][ T5857] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  173.216946][ T5857] RSP: 002b:00007ffc8bc63c98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  173.216959][ T5857] RAX: 0000000000000000 RBX: 00007f02cb011c05 RCX: 00007f02caf8ff17
[  173.216967][ T5857] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc8bc63d50
[  173.216973][ T5857] RBP: 00007ffc8bc63d50 R08: 0000000000000000 R09: 0000000000000000
[  173.216980][ T5857] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc8bc64de0
[  173.216987][ T5857] R13: 00007f02cb011c05 R14: 000000000002a415 R15: 00007ffc8bc64e20
[  173.217009][ T5857]  </TASK>
[  173.347326][    C0] vkms_vblank_simulate: vblank timer overrun
[  173.356454][ T5857] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  173.827567][ T9192] netlink: 'syz.1.1216': attribute type 3 has an invalid length.
[  173.832215][ T9192] netlink: 'syz.1.1216': attribute type 1 has an invalid length.
[  173.835480][ T9192] netlink: 192 bytes leftover after parsing attributes in process `syz.1.1216'.
[  173.842201][ T9192] NCSI netlink: No device for ifindex 0
[  173.880148][ T9185] loop3: detected capacity change from 0 to 32768
[  173.895607][ T9185] ERROR: (device loop3): dtSearch: DT_GETPAGE: dtree page corrupt
[  173.895607][ T9185] 
[  173.908033][ T9185] ERROR: (device loop3): remounting filesystem as read-only
[  173.910479][ T9185] jfs_lookup: dtSearch returned -5
[  173.988077][ T9198] loop1: detected capacity change from 0 to 8
[  174.238919][ T9207] loop3: detected capacity change from 0 to 1764
[  174.442459][ T9212] loop0: detected capacity change from 0 to 16
[  174.452890][ T9212] erofs (device loop0): unidentified algorithms fff0, please upgrade kernel
[  174.652806][ T9216] loop3: detected capacity change from 0 to 32768
[  174.683689][ T9216] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  174.718402][ T9216] XFS (loop3): Ending clean mount
[  174.730293][ T9216] XFS (loop3): Quotacheck needed: Please wait.
[  174.751233][ T9216] XFS (loop3): Quotacheck: Done.
[  174.761317][   T33] audit: type=1800 audit(1755400680.685:36): pid=9216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1226" name="file2" dev="loop3" ino=9287 res=0 errno=0
[  174.779007][ T9238] netlink: 'syz.0.1234': attribute type 1 has an invalid length.
[  174.794166][ T8488] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  174.836560][ T9238] bond1: (slave bridge1): making interface the new active one
[  174.847857][ T9238] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  174.982162][ T9243] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (8)
[  175.021562][ T9247] tipc: Failed to obtain node identity
[  175.027605][ T9247] tipc: Enabling of bearer <ib:sit0> rejected, failed to enable media
[  175.129653][ T9253] loop1: detected capacity change from 0 to 4096
[  175.149276][ T9253] ntfs3(loop1): ino=3, Correct links count -> 2.
[  175.172777][ T9253] ntfs3(loop1): ino=1a, mi_enum_attr
[  175.174645][ T9253] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  175.191171][ T9253] ntfs3(loop1): Failed to load root (-22).
[  175.291609][ T9264] ip6erspan0: entered promiscuous mode
[  175.380764][ T9274] sch_fq: defrate 4294967295 ignored.
[  175.696595][ T6873] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  175.702442][ T9302] netlink: 'syz.1.1263': attribute type 32 has an invalid length.
[  175.766184][    T9] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  175.861376][ T6873] usb 4-1: Using ep0 maxpacket: 16
[  175.865679][ T6873] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  175.871529][ T6873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  175.879007][ T6873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  175.882970][ T6873] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  175.889356][ T6873] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  175.898181][ T6873] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  175.901908][ T6873] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  175.905548][ T6873] usb 4-1: Manufacturer: syz
[  175.912543][ T6873] usb 4-1: config 0 descriptor??
[  175.918734][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  175.922556][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  175.931833][    T9] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  175.935183][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.938459][    T9] usb 1-1: Product: syz
[  175.940312][    T9] usb 1-1: Manufacturer: syz
[  175.942165][    T9] usb 1-1: SerialNumber: syz
[  175.960702][    T9] usb 1-1: config 0 descriptor??
[  176.189541][    T9] usb 1-1: USB disconnect, device number 25
[  176.196369][ T6873] rc_core: IR keymap rc-hauppauge not found
[  176.198433][ T6873] Registered IR keymap rc-empty
[  176.201729][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.226226][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.258043][ T6873] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  176.267535][ T6873] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input11
[  176.279960][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.299446][ T9318] loop1: detected capacity change from 0 to 32768
[  176.306386][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.323420][ T9318] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  176.326869][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.347927][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.357878][ T9318] XFS (loop1): Ending clean mount
[  176.367668][   T33] audit: type=1800 audit(1755400682.295:37): pid=9318 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1270" name="file1" dev="loop1" ino=6150 res=0 errno=0
[  176.376240][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.396353][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.397052][ T5857] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  176.416567][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.443233][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.457121][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.477048][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.496709][ T6873] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  176.520018][ T6873] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  176.523680][ T6873] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  176.583427][ T6873] usb 4-1: USB disconnect, device number 5
[  176.752038][ T9333] loop0: detected capacity change from 0 to 1024
[  176.766420][   T47] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  176.805763][   T26] hfsplus: b-tree write err: -5, ino 4
[  176.851475][ T9336] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1274'.
[  176.857612][ T9336] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  176.931519][   T47] usb 2-1: New USB device found, idVendor=093a, idProduct=050f, bcdDevice=c2.b7
[  176.935299][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.942855][   T47] usb 2-1: config 0 descriptor??
[  176.954244][   T47] gspca_main: mars-2.14.0 probing 093a:050f
[  177.023101][ T9345] loop0: detected capacity change from 0 to 512
[  177.033476][ T9345] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  177.041487][ T9345] EXT4-fs (loop0): invalid journal inode
[  177.043807][ T9345] EXT4-fs (loop0): can't get journal size
[  177.052797][ T9345] EXT4-fs (loop0): 1 truncate cleaned up
[  177.057056][ T9345] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.090822][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.150851][    T9] usb 2-1: USB disconnect, device number 26
[  177.454292][ T9376] loop0: detected capacity change from 0 to 64
[  177.469759][ T9376] minix_free_block (loop0:21): bit already cleared
[  177.554552][ T9382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1294'.
[  177.556310][   T47] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  177.602180][ T9386] netlink: 6 bytes leftover after parsing attributes in process `syz.0.1296'.
[  177.605556][ T9386] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  177.717453][   T47] usb 4-1: config 1 interface 0 has no altsetting 0
[  177.722208][   T47] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  177.725556][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.730395][   T47] usb 4-1: Product: syz
[  177.732019][   T47] usb 4-1: Manufacturer: syz
[  177.733737][   T47] usb 4-1: SerialNumber: syz
[  177.970864][   T47] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  177.979324][   T47] usb 4-1: USB disconnect, device number 6
[  177.987922][   T47] usblp0: removed
[  178.077426][ T9395] loop1: detected capacity change from 0 to 32768
[  178.086661][ T9395] XFS: noikeep mount option is deprecated.
[  178.127393][ T9395] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  178.156523][ T9395] XFS (loop1): Ending clean mount
[  178.168404][ T9395] XFS (loop1): Quotacheck needed: Please wait.
[  178.198595][ T9395] XFS (loop1): Quotacheck: Done.
[  178.245611][ T5857] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  178.423318][ T9420] loop0: detected capacity change from 0 to 32768
[  178.433729][ T9420] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1309 (9420)
[  178.457152][ T9420] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  178.460580][ T9420] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  178.472236][ T9420] BTRFS info (device loop0): using free-space-tree
[  178.506307][ T9430] loop3: detected capacity change from 0 to 128
[  178.513648][ T9430] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  178.524286][ T9430] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  178.535583][ T9430] UDF-fs: error (device loop3): udf_read_inode: (ino 86) failed !bh
[  178.552412][ T9430] UDF-fs: error (device loop3): udf_fill_super: Error in udf_iget, block=2, partition=0
[  178.579315][   T33] audit: type=1800 audit(1755400684.505:38): pid=9420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1309" name="file1" dev="loop0" ino=260 res=0 errno=0
[  178.627865][ T5848] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  178.741919][ T9455] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1317'.
[  178.862879][ T9457] netlink: 'syz.0.1315': attribute type 6 has an invalid length.
[  178.912499][ T9459] pim6reg: tun_chr_ioctl cmd 2147767507
[  178.988677][ T9454] loop1: detected capacity change from 0 to 32768
[  178.991960][ T9454] bcachefs: bch2_fs_parse_param() Error parsing option move_bytes_in_flight: option_value
[  179.161491][ T9467] loop1: detected capacity change from 0 to 512
[  179.164261][ T9467] EXT4-fs: Ignoring removed mblk_io_submit option
[  179.168841][ T9467] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  179.172884][ T9467] EXT4-fs (loop1): can't mount with journal_async_commit, fs mounted w/o journal
[  179.206611][   T47] usb 1-1: new full-speed USB device number 26 using dummy_hcd
[  179.322936][ T9472] misc userio: No port type given on /dev/userio
[  179.371127][   T47] usb 1-1: unable to get BOS descriptor or descriptor too short
[  179.374929][   T47] usb 1-1: not running at top speed; connect to a high speed hub
[  179.379814][   T47] usb 1-1: config 4 has an invalid interface number: 111 but max is 0
[  179.382793][   T47] usb 1-1: config 4 has no interface number 0
[  179.385129][   T47] usb 1-1: config 4 interface 111 has no altsetting 0
[  179.390073][   T47] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=44.99
[  179.393102][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.395688][   T47] usb 1-1: Product: syz
[  179.397314][   T47] usb 1-1: Manufacturer: syz
[  179.398923][   T47] usb 1-1: SerialNumber: syz
[  179.628990][   T47] pvrusb2: Hardware description: Terratec Grabster AV400
[  179.631373][   T47] pvrusb2: **********
[  179.632750][   T47] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  179.637499][   T47] pvrusb2: Important functionality might not be entirely working.
[  179.640606][   T47] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  179.644838][   T47] pvrusb2: **********
[  179.648063][   T47] usb 1-1: selecting invalid altsetting 0
[  179.651575][   T47] usb 1-1: USB disconnect, device number 26
[  179.652168][ T2399] pvrusb2: Failed to submit write-control URB status=-19
[  179.676378][ T2399] pvrusb2: Device being rendered inoperable
[  179.682103][ T2399] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  179.685564][ T2399] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  180.376515][ T9484] loop3: detected capacity change from 0 to 64
[  180.491161][ T9486] loop0: detected capacity change from 0 to 512
[  180.508800][ T9486] EXT4-fs: Ignoring removed nomblk_io_submit option
[  180.511895][ T9486] EXT4-fs: Ignoring removed nomblk_io_submit option
[  180.517655][ T9486] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  180.527525][ T9422] Bluetooth: hci0: command 0x0406 tx timeout
[  180.530390][ T9422] Bluetooth: hci2: command 0x0406 tx timeout
[  180.548984][ T9486] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2
[  180.587542][ T9486] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2
[  180.615711][ T9486] EXT4-fs (loop0): 1 truncate cleaned up
[  180.623116][ T9486] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  180.680663][ T9486] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  180.714323][ T9499] loop1: detected capacity change from 0 to 164
[  180.751755][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.841185][    C1] hrtimer: interrupt took 96107 ns
[  181.695733][ T9517] loop1: detected capacity change from 0 to 512
[  182.676255][ T5883] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  182.778189][ T9545] loop3: detected capacity change from 0 to 128
[  182.793129][ T9545] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  182.800122][ T9545] ext4 filesystem being mounted at /86/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  182.825726][ T9545] EXT4-fs error (device loop3): dx_make_map:1296: inode #2: block 20: comm syz.3.1357: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1
[  182.833971][ T9545] EXT4-fs error (device loop3) in do_split:2029: Corrupt filesystem
[  182.848207][ T8488] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  182.856494][ T5883] usb 2-1: Using ep0 maxpacket: 16
[  182.862139][ T5883] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  182.876382][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  182.890857][ T5883] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  182.894366][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.900618][ T5883] usb 2-1: Product: syz
[  182.902071][ T5883] usb 2-1: Manufacturer: syz
[  182.903647][ T5883] usb 2-1: SerialNumber: syz
[  182.908355][ T5883] usb 2-1: config 0 descriptor??
[  182.911922][ T5883] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  182.917939][ T5883] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class)
[  183.012472][ T9548] loop0: detected capacity change from 0 to 32768
[  183.030169][ T9548] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  183.047181][ T9548] XFS (loop0): Ending clean mount
[  183.054785][ T9548] XFS (loop0): Quotacheck needed: Please wait.
[  183.068738][ T9548] XFS (loop0): Quotacheck: Done.
[  183.100370][ T5848] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  183.129688][   T47] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  183.277872][   T47] usb 4-1: config 0 has an invalid interface number: 128 but max is 0
[  183.280560][   T47] usb 4-1: config 0 has no interface number 0
[  183.284996][   T47] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  183.287989][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.290701][   T47] usb 4-1: Product: syz
[  183.292416][   T47] usb 4-1: Manufacturer: syz
[  183.294427][   T47] usb 4-1: SerialNumber: syz
[  183.298705][   T47] usb 4-1: config 0 descriptor??
[  183.466343][ T6873] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  183.518791][ T5883] em28xx 2-1:0.0: chip ID is em2750
[  183.616096][ T6873] usb 1-1: Using ep0 maxpacket: 32
[  183.619583][ T6873] usb 1-1: config 0 has an invalid interface number: 35 but max is 0
[  183.622357][ T6873] usb 1-1: config 0 has no interface number 0
[  183.626966][ T6873] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  183.630680][ T6873] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  183.633413][ T6873] usb 1-1: Product: syz
[  183.634818][ T6873] usb 1-1: Manufacturer: syz
[  183.636456][ T6873] usb 1-1: SerialNumber: syz
[  183.640341][ T6873] usb 1-1: config 0 descriptor??
[  183.707442][   T47] usb 4-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0)
[  183.710121][   T47] usb 4-1: Firmware version (0.0) predates our first public release.
[  183.712824][   T47] usb 4-1: Please update to version 0.2 or newer
[  183.719190][ T5883] em28xx 2-1:0.0: Config register raw data: 0xfffffffb
[  183.721885][ T5883] em28xx 2-1:0.0: AC97 chip type couldn't be determined
[  183.724238][ T5883] em28xx 2-1:0.0: No AC97 audio processor
[  183.729128][ T5883] usb 2-1: USB disconnect, device number 27
[  183.731653][ T5883] em28xx 2-1:0.0: Disconnecting em28xx
[  183.734727][ T5883] em28xx 2-1:0.0: Freeing device
[  183.940625][   T47] usb 4-1: USB disconnect, device number 7
[  184.048087][ T6873] radio-si470x 1-1:0.35: si470x_get_report: usb_control_msg returned -71
[  184.051799][ T6873] radio-si470x 1-1:0.35: probe with driver radio-si470x failed with error -5
[  184.076905][ T6873] radio-raremono 1-1:0.35: this is not Thanko's Raremono.
[  184.086489][ T6873] usb 1-1: USB disconnect, device number 27
[  184.331825][ T9570] netlink: 'syz.1.1364': attribute type 1 has an invalid length.
[  184.606171][ T6873] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  184.613336][ T9576] loop3: detected capacity change from 0 to 32768
[  184.672962][ T9576] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=gzip,str_hash=crc32c,wide_macs,norecovery,version_upgrade=incompatible
[  184.672974][ T9576]   allowing incompatible features above 0.0: (unknown version)
[  184.672978][ T9576]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  184.687834][ T9576] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  184.690871][ T9576] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  184.693622][ T9576] bcachefs (loop3): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete
[  184.693622][ T9576] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive
[  184.693622][ T9576]   running recovery passes: check_extents_to_backpointers,check_inodes
[  184.703119][ T9576] bcachefs (loop3): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 0.0: (unknown version)
[  184.703119][ T9576] 
[  184.720468][ T9576] bcachefs (loop3): accounting_read... done
[  184.723371][ T9576] bcachefs (loop3): alloc_read... done
[  184.725400][ T9576] bcachefs (loop3): snapshots_read... done
[  184.728406][ T9576] bcachefs (loop3): done starting filesystem
[  184.730751][ T9589] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1370'.
[  184.759143][ T6873] usb 2-1: unable to get BOS descriptor or descriptor too short
[  184.779195][ T6873] usb 2-1: not running at top speed; connect to a high speed hub
[  184.783682][ T6873] usb 2-1: config 1 interface 0 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  184.790947][ T6873] usb 2-1: config 1 interface 0 has no altsetting 0
[  184.799323][ T6873] usb 2-1: New USB device found, idVendor=0b0e, idProduct=ffff, bcdDevice= 0.40
[  184.804382][ T6873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.810789][ T6873] usb 2-1: Product: syz
[  184.812594][ T6873] usb 2-1: Manufacturer: syz
[  184.816008][ T8488] bcachefs (loop3): shutting down
[  184.826601][ T6873] usb 2-1: SerialNumber: syz
[  184.888562][ T8488] bcachefs (loop3): shutdown complete
[  184.947209][ T5883] hid-generic 0005:15C2:3010.000A: item fetching failed at offset 0/1
[  184.952944][ T5883] hid-generic 0005:15C2:3010.000A: probe with driver hid-generic failed with error -22
[  185.054048][ T6873] usbhid 2-1:1.0: can't add hid device: -71
[  185.057268][ T6873] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  185.062409][ T6873] usb 2-1: USB disconnect, device number 28
[  185.266817][ T5883] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  185.416235][ T5883] usb 1-1: Using ep0 maxpacket: 16
[  185.422101][ T5883] usb 1-1: config 0 has an invalid interface number: 105 but max is 0
[  185.425711][ T5883] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  185.430939][ T5883] usb 1-1: config 0 has no interface number 0
[  185.435867][ T5883] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  185.441917][ T5883] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.445363][ T5883] usb 1-1: Product: syz
[  185.447333][ T5883] usb 1-1: Manufacturer: syz
[  185.449308][ T5883] usb 1-1: SerialNumber: syz
[  185.457539][ T5883] usb 1-1: config 0 descriptor??
[  185.464608][ T5883] usb 1-1: Found UVC 0.00 device syz (046d:08f3)
[  185.467406][ T5883] usb 1-1: No valid video chain found.
[  185.620981][ T9604] loop1: detected capacity change from 0 to 512
[  185.629735][ T9604] EXT4-fs (loop1): orphan cleanup on readonly fs
[  185.632340][ T9604] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  185.639158][ T9604] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  185.648062][ T9604] EXT4-fs error (device loop1): ext4_clear_blocks:876: inode #13: comm syz.1.1378: attempt to clear invalid blocks 2 len 1
[  185.655524][ T9604] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.1378: invalid indirect mapped block 1819239214 (level 0)
[  185.661103][ T9604] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #13: comm syz.1.1378: invalid indirect mapped block 1819239214 (level 1)
[  185.673960][ T6873] usb 1-1: USB disconnect, device number 28
[  185.679112][ T9604] EXT4-fs (loop1): 1 truncate cleaned up
[  185.684697][ T9604] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  185.691977][ T9604] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  185.697094][ T9604] EXT4-fs error (device loop1): __ext4_remount:6736: comm syz.1.1378: Abort forced by user
[  185.701486][ T9604] EXT4-fs (loop1): Remounting filesystem read-only
[  185.704214][ T9604] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  185.722303][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.604667][ T9653] futex_wake_op: syz.3.1397 tries to shift op by -1; fix this program
[  187.627034][ T9638] loop0: detected capacity change from 0 to 40427
[  187.649677][ T9638] F2FS-fs (loop0): Image doesn't support compression
[  187.662183][ T9638] F2FS-fs (loop0): build fault injection rate: 693
[  187.675966][ T9638] F2FS-fs (loop0): invalid crc value
[  187.769593][ T9638] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  187.773752][ T9638] F2FS-fs (loop0): Start checkpoint disabled!
[  187.778211][ T9638] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  187.808874][ T4586] kworker/u9:8: attempt to access beyond end of device
[  187.808874][ T4586] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  187.824787][ T4586] CPU: 0 UID: 0 PID: 4586 Comm: kworker/u9:8 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  187.824806][ T4586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  187.824814][ T4586] Workqueue: writeback wb_workfn (flush-7:0)
[  187.824833][ T4586] Call Trace:
[  187.824838][ T4586]  <TASK>
[  187.824844][ T4586]  dump_stack_lvl+0x189/0x250
[  187.824863][ T4586]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.824875][ T4586]  ? __pfx_queue_work_on+0x10/0x10
[  187.824886][ T4586]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  187.824902][ T4586]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  187.824923][ T4586]  f2fs_handle_critical_error+0x37c/0x540
[  187.824943][ T4586]  f2fs_write_end_io+0x886/0xb60
[  187.824967][ T4586]  __submit_merged_bio+0x27a/0x6a0
[  187.824987][ T4586]  __submit_merged_write_cond+0x255/0x530
[  187.825007][ T4586]  f2fs_write_data_pages+0x261d/0x3000
[  187.825045][ T4586]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  187.825071][ T4586]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  187.825105][ T4586]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  187.825121][ T4586]  ? look_up_lock_class+0x74/0x170
[  187.825143][ T4586]  ? trace_f2fs_writepages+0x7f/0x200
[  187.825159][ T4586]  ? f2fs_write_node_pages+0x478/0x6e0
[  187.825177][ T4586]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  187.825201][ T4586]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  187.825217][ T4586]  do_writepages+0x32e/0x550
[  187.825237][ T4586]  ? reacquire_held_locks+0x127/0x1d0
[  187.825271][ T4586]  ? writeback_sb_inodes+0x384/0x1010
[  187.825291][ T4586]  __writeback_single_inode+0x145/0xff0
[  187.825306][ T4586]  ? do_raw_spin_unlock+0x4d/0x240
[  187.825322][ T4586]  writeback_sb_inodes+0x6c7/0x1010
[  187.825354][ T4586]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  187.825395][ T4586]  ? rcu_is_watching+0x15/0xb0
[  187.825414][ T4586]  wb_writeback+0x43b/0xaf0
[  187.825435][ T4586]  ? queue_io+0x3c1/0x590
[  187.825450][ T4586]  ? __pfx_wb_writeback+0x10/0x10
[  187.825470][ T4586]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.825487][ T4586]  wb_workfn+0x409/0xef0
[  187.825511][ T4586]  ? __pfx_wb_workfn+0x10/0x10
[  187.825526][ T4586]  ? __lock_acquire+0xab9/0xd20
[  187.825550][ T4586]  ? process_scheduled_works+0x9ef/0x17b0
[  187.825565][ T4586]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.825576][ T4586]  ? process_scheduled_works+0x9ef/0x17b0
[  187.825584][ T4586]  ? process_scheduled_works+0x9ef/0x17b0
[  187.825597][ T4586]  process_scheduled_works+0xae1/0x17b0
[  187.825628][ T4586]  ? __pfx_process_scheduled_works+0x10/0x10
[  187.825660][ T4586]  worker_thread+0x8a0/0xda0
[  187.825690][ T4586]  kthread+0x711/0x8a0
[  187.825706][ T4586]  ? __pfx_worker_thread+0x10/0x10
[  187.825717][ T4586]  ? __pfx_kthread+0x10/0x10
[  187.825733][ T4586]  ? _raw_spin_unlock_irq+0x23/0x50
[  187.825744][ T4586]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.825756][ T4586]  ? __pfx_kthread+0x10/0x10
[  187.825770][ T4586]  ret_from_fork+0x3fc/0x770
[  187.825785][ T4586]  ? __pfx_ret_from_fork+0x10/0x10
[  187.825801][ T4586]  ? __switch_to_asm+0x39/0x70
[  187.825815][ T4586]  ? __switch_to_asm+0x33/0x70
[  187.825826][ T4586]  ? __pfx_kthread+0x10/0x10
[  187.825839][ T4586]  ret_from_fork_asm+0x1a/0x30
[  187.825864][ T4586]  </TASK>
[  187.825869][ T4586] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  188.558145][ T9680] loop3: detected capacity change from 0 to 32768
[  188.563090][ T9680] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1409 (9680)
[  188.571446][ T9680] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  188.575775][ T9680] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  188.579553][ T9680] BTRFS info (device loop3): disk space caching is enabled
[  188.582752][ T9680] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  188.702283][ T9680] BTRFS info (device loop3): rebuilding free space tree
[  188.716863][ T9680] BTRFS info (device loop3): disabling free space tree
[  188.719726][ T9680] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  188.723609][ T9680] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  188.769155][ T9680] BTRFS info (device loop3): scrub: started on devid 1
[  188.776866][ T9680] BTRFS info (device loop3): scrub: finished on devid 1 with status: 0
[  188.830679][ T8488] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  189.038765][ T9694] loop0: detected capacity change from 0 to 32768
[  189.050768][ T9694] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  189.075886][ T9694] XFS (loop0): Ending clean mount
[  189.079943][ T9694] XFS (loop0): Quotacheck needed: Please wait.
[  189.112263][ T9694] XFS (loop0): Quotacheck: Done.
[  189.172283][ T9714] loop1: detected capacity change from 0 to 64
[  189.214574][ T5848] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  189.472556][ T9726] loop1: detected capacity change from 0 to 16
[  189.510793][ T9726] erofs (device loop1): mounted with root inode @ nid 36.
[  189.524371][ T9726] erofs (device loop1): corrupted dir block 8200 @ nid 36
[  189.527073][ T6873] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  189.676215][ T6873] usb 4-1: Using ep0 maxpacket: 32
[  189.679683][ T6873] usb 4-1: config 2 has an invalid interface number: 86 but max is 0
[  189.682826][ T6873] usb 4-1: config 2 has no interface number 0
[  189.691096][ T6873] usb 4-1: config 2 interface 86 altsetting 0 endpoint 0xA has invalid maxpacket 1584, setting to 1024
[  189.691633][ T9740] netlink: 340 bytes leftover after parsing attributes in process `syz.0.1423'.
[  189.695174][ T6873] usb 4-1: New USB device found, idVendor=1b3d, idProduct=018f, bcdDevice=92.aa
[  189.695191][ T6873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.703831][ T9740] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1423'.
[  189.714049][ T9720] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  189.940766][ T6873] usb 4-1: string descriptor 0 read error: -71
[  189.944189][ T6873] ftdi_sio 4-1:2.86: FTDI USB Serial Device converter detected
[  189.948641][ T6873] ftdi_sio ttyUSB0: unknown device type: 0x92aa
[  189.952785][ T9756] loop0: detected capacity change from 0 to 1024
[  189.957717][ T9756] EXT4-fs: Ignoring removed nobh option
[  189.962782][ T9756] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  189.972024][ T6873] usb 4-1: USB disconnect, device number 8
[  189.976841][ T6873] ftdi_sio 4-1:2.86: device disconnected
[  190.013646][ T9756] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #11: comm syz.0.1431: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  190.035866][ T9756] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1431: couldn't read orphan inode 11 (err -117)
[  190.268714][ T9756] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.290071][ T9756] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.1431: Invalid block bitmap block 0 in block_group 0
[  190.299173][ T9756] Quota error (device loop0): write_blk: dquota write failed
[  190.304262][ T9756] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  190.311139][ T9756] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.1431: Failed to acquire dquot type 0
[  190.336447][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.340419][   T26] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-8
[  190.344188][   T26] EXT4-fs error (device loop0): ext4_release_dquot:6969: comm kworker/u9:0: Failed to release dquot type 0
[  190.482955][ T9768] loop0: detected capacity change from 0 to 512
[  190.495072][ T9768] EXT4-fs warning (device loop0): dx_probe:801: inode #2: comm syz.0.1435: Unrecognised inode hash code 255
[  190.501616][ T9768] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.1435: Corrupt directory, running e2fsck is recommended
[  190.510960][ T9768] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[  190.514319][ T9768] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.1435: corrupted in-inode xattr: invalid ea_ino
[  190.520384][ T9768] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1435: couldn't read orphan inode 15 (err -117)
[  190.526588][ T9768] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.534117][ T9768] EXT4-fs (loop0): shut down requested (1)
[  190.648539][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.654105][ T9771] loop3: detected capacity change from 0 to 512
[  190.685458][ T9771] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.715335][ T9771] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  190.757525][ T9771] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.1436: corrupted inode contents
[  190.785181][ T9771] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #2: comm syz.3.1436: mark_inode_dirty error
[  190.794082][ T9771] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #2: comm syz.3.1436: corrupted inode contents
[  190.808503][ T9771] EXT4-fs error (device loop3): __ext4_ext_dirty:206: inode #2: comm syz.3.1436: mark_inode_dirty error
[  190.972582][ T8488] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.909091][ T5883] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  192.090327][ T5883] usb 4-1: unable to get BOS descriptor or descriptor too short
[  192.109704][ T5883] usb 4-1: not running at top speed; connect to a high speed hub
[  192.119040][ T5883] usb 4-1: config 4 has an invalid interface number: 147 but max is 0
[  192.122559][ T5883] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  192.140086][ T5883] usb 4-1: config 4 has no interface number 0
[  192.144164][ T5883] usb 4-1: Dual-Role OTG device on HNP port
[  192.147587][ T5883] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[  192.150689][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=38
[  192.153351][ T5883] usb 4-1: Product: syz
[  192.155045][ T5883] usb 4-1: Manufacturer: syz
[  192.157950][ T5883] usb 4-1: SerialNumber: syz
[  192.331909][ T9810] loop0: detected capacity change from 0 to 32768
[  192.335071][ T9810] XFS (loop0): Invalid device [./bus], error=-16
[  192.542444][ T5883] usb 4-1: Found UVC 0.02 device syz (04f2:b746)
[  192.545359][ T5883] usb 4-1: No valid video chain found.
[  192.549520][ T5883] usb 4-1: USB disconnect, device number 9
[  192.649861][ T9820] loop0: detected capacity change from 0 to 512
[  192.652860][ T9820] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  192.664480][ T9820] EXT4-fs (loop0): 1 truncate cleaned up
[  192.669547][ T9820] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.677669][   T33] audit: type=1800 audit(1755400698.605:39): pid=9820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1452" name="file2" dev="loop0" ino=16 res=0 errno=0
[  192.822866][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.091896][ T9834] loop1: detected capacity change from 0 to 128
[  193.095170][ T9834] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  193.103748][ T9834] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  193.363779][ T9852] tmpfs: Bad value for 'grpquota_inode_hardlimit'
[  193.610013][ T9855] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1467'.
[  193.652003][ T9857] binder: 9856:9857 ioctl c0306201 200000000240 returned -14
[  193.812487][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  193.815356][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  193.850850][ T9868] netlink: 'syz.0.1473': attribute type 237 has an invalid length.
[  193.953263][ T9872] loop0: detected capacity change from 0 to 2048
[  194.371610][ T9877] loop1: detected capacity change from 0 to 40427
[  194.374137][ T9877] F2FS-fs: heap/no_heap options were deprecated
[  194.376814][ T9877] F2FS-fs (loop1): build fault injection rate: 19
[  194.378923][ T9877] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  194.382916][ T9877] F2FS-fs (loop1): invalid crc value
[  194.391854][ T9877] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  194.432485][ T9877] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  194.440374][ T9877] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  194.445187][ T9877] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  194.487849][  T791] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  194.636308][  T791] usb 4-1: Using ep0 maxpacket: 32
[  194.644760][  T791] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  194.650103][  T791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  194.654760][  T791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  194.661705][  T791] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  194.665712][  T791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.672611][  T791] usb 4-1: config 0 descriptor??
[  194.675602][ T9881] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  194.683508][  T791] hub 4-1:0.0: USB hub found
[  194.889930][  T791] hub 4-1:0.0: config failed, can't read hub descriptor (err -22)
[  195.016188][    T9] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  195.100532][  T791] hid-generic 0003:046D:C314.000B: unknown main item tag 0x0
[  195.105743][  T791] hid-generic 0003:046D:C314.000B: hidraw0: USB HID v8.00 Device [HID 046d:c314] on usb-dummy_hcd.3-1/input0
[  195.170738][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  195.175345][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  195.179491][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  195.185001][    T9] usb 2-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  195.191074][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.196539][    T9] usb 2-1: config 0 descriptor??
[  195.476663][ T5883] usb 4-1: USB disconnect, device number 10
[  195.606969][    T9] hid-udraw 0003:20D6:CB17.000C: unbalanced collection at end of report description
[  195.612800][    T9] hid-udraw 0003:20D6:CB17.000C: parse failed
[  195.615460][    T9] hid-udraw 0003:20D6:CB17.000C: probe with driver hid-udraw failed with error -22
[  195.810083][  T791] usb 2-1: USB disconnect, device number 29
[  197.074547][ T9900] loop1: detected capacity change from 0 to 32768
[  197.085260][ T9900] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1486 (9900)
[  197.101437][ T9900] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  197.103542][ T9906] loop3: detected capacity change from 0 to 1024
[  197.105171][ T9900] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  197.109939][ T9900] BTRFS info (device loop1): using free-space-tree
[  197.128952][ T9906] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  197.133728][ T9906] ext4 filesystem being mounted at /127/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.145593][   T33] audit: type=1800 audit(1755400703.065:40): pid=9906 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1489" name="file1" dev="loop3" ino=15 res=0 errno=0
[  197.160336][ T9900] BTRFS info (device loop1): rebuilding free space tree
[  197.169702][ T9906] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 1: comm syz.3.1489: lblock 1 mapped to illegal pblock 1 (length 3)
[  197.187952][ T9906] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 3: comm syz.3.1489: lblock 3 mapped to illegal pblock 3 (length 1)
[  197.206395][ T9906] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117
[  197.211676][ T9906] EXT4-fs (loop3): This should not happen!! Data will be lost
[  197.211676][ T9906] 
[  197.260018][ T5857] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  197.459931][ T9933] sit0: entered promiscuous mode
[  197.476613][ T9933] netlink: 21 bytes leftover after parsing attributes in process `syz.0.1492'.
[  197.584191][ T9931] loop1: detected capacity change from 0 to 32768
[  197.597908][ T9931] read_mapping_page failed!
[  197.599967][ T9931] ERROR: (device loop1): txCommit: 
[  197.599967][ T9931] 
[  197.689589][ T4622] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  197.698033][ T4622] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 32 with max blocks 36 with error 28
[  197.703747][ T4622] EXT4-fs (loop3): This should not happen!! Data will be lost
[  197.703747][ T4622] 
[  197.714085][ T4622] EXT4-fs (loop3): Total free blocks count 0
[  197.717280][ T4622] EXT4-fs (loop3): Free/Dirty block details
[  197.721851][ T4622] EXT4-fs (loop3): free_blocks=4293918720
[  197.724231][ T4622] EXT4-fs (loop3): dirty_blocks=48
[  197.729921][ T4622] EXT4-fs (loop3): Block reservation details
[  197.733012][   T33] audit: type=1400 audit(1755400703.655:41): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//(@\)//&@},['%%&\#*" pid=9941 comm="syz.1.1497"
[  197.748502][ T9944] netlink: 495 bytes leftover after parsing attributes in process `syz.0.1499'.
[  198.485065][ T9960] loop3: detected capacity change from 0 to 32768
[  198.567500][ T9962] loop1: detected capacity change from 0 to 32768
[  198.573729][ T9962] xfs: Unknown parameter 'smackfstransmute'
[  198.697861][ T9960] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  198.697949][ T9960]   allowing incompatible features above 0.0: (unknown version)
[  198.697956][ T9960]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  198.714572][ T9960] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  198.719199][ T9960] bcachefs (loop3): initializing new filesystem
[  198.754537][ T9960] bcachefs (loop3): going read-write
[  198.763864][ T9960] bcachefs (loop3): marking superblocks
[  198.801062][ T9960] bcachefs (loop3): initializing freespace
[  198.812297][ T9960] bcachefs (loop3): done initializing freespace
[  198.835393][ T9960] bcachefs (loop3): reading snapshots table
[  198.839947][ T9960] bcachefs (loop3): reading snapshots done
[  198.884956][ T9960] bcachefs (loop3): done starting filesystem
[  198.980698][ T8488] bcachefs (loop3): shutting down
[  198.982691][ T8488] bcachefs (loop3): going read-only
[  198.985096][ T8488] bcachefs (loop3): finished waiting for writes to stop
[  198.994835][ T8488] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[  199.046195][   T47] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  199.060006][ T8488] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  199.065275][ T8488] bcachefs (loop3): clean shutdown complete, journal seq 4
[  199.074762][ T8488] bcachefs (loop3): marking filesystem clean
[  199.093303][ T8488] bcachefs (loop3): shutdown complete
[  199.114034][   T33] audit: type=1800 audit(1755400705.035:42): pid=9986 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1509" name="bus" dev="tmpfs" ino=2859 res=0 errno=0
[  199.208770][   T47] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  199.211970][   T47] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  199.214900][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.226699][   T47] usb 2-1: config 0 descriptor??
[  199.230989][   T47] pwc: Askey VC010 type 2 USB webcam detected.
[  199.638666][   T47] pwc: recv_control_msg error -32 req 02 val 2b00
[  199.644413][   T47] pwc: recv_control_msg error -32 req 02 val 2700
[  199.649594][   T47] pwc: recv_control_msg error -32 req 02 val 2c00
[  199.653186][   T47] pwc: recv_control_msg error -32 req 04 val 1000
[  199.661419][   T47] pwc: recv_control_msg error -32 req 04 val 1300
[  199.668002][   T47] pwc: recv_control_msg error -32 req 04 val 1400
[  199.677878][   T47] pwc: recv_control_msg error -32 req 02 val 2000
[  199.682629][   T47] pwc: recv_control_msg error -32 req 02 val 2100
[  199.773197][T10008] loop0: detected capacity change from 0 to 128
[  199.783949][T10008] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  199.787857][T10008] FAT-fs (loop0): Filesystem has been set read-only
[  199.791064][T10008] syz.0.1520: attempt to access beyond end of device
[  199.791064][T10008] loop0: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  199.797739][T10008] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  199.801223][T10008] FAT-fs (loop0): error, invalid access to FAT (entry 0x00000100)
[  199.805236][T10008] syz.0.1520: attempt to access beyond end of device
[  199.805236][T10008] loop0: rw=0, sector=2065, nr_sectors = 8 limit=128
[  199.812930][   T33] audit: type=1800 audit(1755400705.735:43): pid=10008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1520" name="file2" dev="loop0" ino=1048623 res=0 errno=0
[  199.887302][   T47] pwc: recv_control_msg error -71 req 02 val 2500
[  199.892440][   T47] pwc: recv_control_msg error -71 req 02 val 2400
[  199.894674][T10012] loop0: detected capacity change from 0 to 128
[  199.900065][   T47] pwc: recv_control_msg error -71 req 02 val 2600
[  199.903246][   T47] pwc: recv_control_msg error -71 req 02 val 2900
[  199.907249][   T47] pwc: recv_control_msg error -71 req 02 val 2800
[  199.908197][T10012] hpfs: hpfs_map_sector(): read error
[  199.910834][   T47] pwc: recv_control_msg error -71 req 04 val 1100
[  199.914212][T10012] hpfs: filesystem error: can't load hotfix map; going on - but anything won't be destroyed because it's read-only
[  199.917164][   T47] pwc: recv_control_msg error -71 req 04 val 1200
[  199.926747][T10012] hpfs: hpfs_map_sector(): read error
[  199.927382][   T47] pwc: Registered as video103.
[  199.932569][   T47] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input13
[  199.943077][   T47] usb 2-1: USB disconnect, device number 30
[  200.225208][T10014] loop0: detected capacity change from 0 to 32768
[  200.272712][T10014] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,str_hash=crc32c,noacl,usrquota,grpquota,nojournal_transaction_names,allocator_stuck_timeout=256
[  200.272731][T10014]   allowing incompatible features above 0.0: (unknown version)
[  200.272740][T10014]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  200.296179][T10014] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  200.299664][T10014] bcachefs (loop0): initializing new filesystem
[  200.311624][T10014] bcachefs (loop0): going read-write
[  200.316832][T10014] bcachefs (loop0): marking superblocks
[  200.344295][T10014] bcachefs (loop0): initializing freespace
[  200.352241][T10014] bcachefs (loop0): done initializing freespace
[  200.360799][T10014] bcachefs (loop0): reading snapshots table
[  200.363377][T10014] bcachefs (loop0): reading snapshots done
[  200.386335][T10014] bcachefs (loop0): done starting filesystem
[  200.463962][ T5848] bcachefs (loop0): shutting down
[  200.467448][ T5848] bcachefs (loop0): going read-only
[  200.469717][ T5848] bcachefs (loop0): finished waiting for writes to stop
[  200.483414][ T5848] bcachefs (loop0): flushing journal and stopping allocators, journal seq 2
[  200.487657][T10040] netlink: 140 bytes leftover after parsing attributes in process `syz.1.1530'.
[  200.512140][ T5848] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 3
[  200.531463][ T5848] bcachefs (loop0): clean shutdown complete, journal seq 4
[  200.533976][ T5848] bcachefs (loop0): marking filesystem clean
[  200.559121][ T5848] bcachefs (loop0): shutdown complete
[  200.661705][T10038] loop3: detected capacity change from 0 to 32768
[  200.665998][T10038] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1529 (10038)
[  200.674762][T10038] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  200.678406][T10038] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  200.681245][T10038] BTRFS info (device loop3): disk space caching is enabled
[  200.683701][T10038] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  200.698154][T10038] BTRFS info (device loop3): rebuilding free space tree
[  200.708359][T10038] BTRFS info (device loop3): disabling free space tree
[  200.710705][T10038] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  200.714539][T10038] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  200.744690][ T8488] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  200.876331][   T47] usb 2-1: new full-speed USB device number 31 using dummy_hcd
[  201.028208][   T47] usb 2-1: config index 0 descriptor too short (expected 69, got 36)
[  201.031835][   T47] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  201.038898][   T47] usb 2-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89
[  201.042786][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.047008][   T47] usb 2-1: Product: syz
[  201.048825][   T47] usb 2-1: Manufacturer: syz
[  201.050824][   T47] usb 2-1: SerialNumber: syz
[  201.055103][   T47] usb 2-1: config 0 descriptor??
[  201.065689][   T47] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622
[  201.472669][   T47] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71
[  201.475976][   T47] gspca_pac7302 2-1:0.0: probe with driver gspca_pac7302 failed with error -71
[  201.483910][   T47] usb 2-1: USB disconnect, device number 31
[  202.182473][T10089] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  202.574973][T10100] loop0: detected capacity change from 0 to 764
[  202.580948][T10100] rock: directory entry would overflow storage
[  202.583305][T10100] rock: sig=0x5850, size=36, remaining=7
[  203.027200][T10104] loop0: detected capacity change from 0 to 2048
[  203.052576][T10104] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.062684][T10104] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  203.073196][T10104] EXT4-fs (loop0): Remounting filesystem read-only
[  203.090457][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  203.182572][T10124] vivid-001: disconnect
[  203.185185][T10121] vivid-001: reconnect
[  203.220161][T10126] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  203.231722][T10126] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  203.351446][T10135] loop3: detected capacity change from 0 to 1024
[  203.363622][T10135] hfsplus: Bad value for 'uid'
[  203.453940][T10145] loop1: detected capacity change from 0 to 1024
[  203.499234][ T4622] hfsplus: b-tree write err: -5, ino 4
[  203.681925][T10142] loop0: detected capacity change from 0 to 32768
[  203.688815][T10142] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1566 (10142)
[  203.697483][T10142] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  203.701727][T10142] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  203.704761][T10142] BTRFS info (device loop0): using free-space-tree
[  203.745340][T10142] BTRFS info (device loop0): rebuilding free space tree
[  203.793579][T10142] BTRFS info (device loop0): balance: start -susage=34359738372,drange=7..526332,limit=4294967292..6
[  203.798726][T10142] BTRFS info (device loop0): balance: ended with status: 0
[  203.862468][ T5848] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  203.916514][ T5883] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  204.106523][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  204.125572][ T5883] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  204.135206][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  204.152710][ T5883] usb 2-1: config 0 descriptor??
[  204.406263][ T5883] ath6kl: Failed to submit usb control message: -71
[  204.409023][ T5883] ath6kl: unable to send the bmi data to the device: -71
[  204.416205][ T5883] ath6kl: Unable to send get target info: -71
[  204.434244][ T5883] ath6kl: Failed to init ath6kl core: -71
[  204.437765][ T5883] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[  204.448909][ T5883] usb 2-1: USB disconnect, device number 32
[  206.480490][   T55] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  206.484317][   T55] CPU: 0 UID: 0 PID: 55 Comm: kworker/u11:0 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  206.484329][   T55] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  206.484334][   T55] Workqueue: hci1 hci_rx_work
[  206.484347][   T55] Call Trace:
[  206.484351][   T55]  <TASK>
[  206.484355][   T55]  dump_stack_lvl+0x189/0x250
[  206.484367][   T55]  ? __pfx_dump_stack_lvl+0x10/0x10
[  206.484375][   T55]  ? __pfx__printk+0x10/0x10
[  206.484388][   T55]  ? kernfs_path_from_node+0x250/0x290
[  206.484395][   T55]  ? kernfs_path_from_node+0x2f/0x290
[  206.484404][   T55]  sysfs_create_dir_ns+0x259/0x280
[  206.484414][   T55]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  206.484422][   T55]  ? do_raw_spin_unlock+0x4d/0x240
[  206.484435][   T55]  kobject_add_internal+0x59f/0xb40
[  206.484450][   T55]  kobject_add+0x155/0x220
[  206.484461][   T55]  ? __pfx_kobject_add+0x10/0x10
[  206.484470][   T55]  ? _raw_spin_unlock+0x28/0x50
[  206.484479][   T55]  ? get_device_parent+0x366/0x3a0
[  206.484488][   T55]  device_add+0x408/0xb50
[  206.484497][   T55]  hci_conn_add_sysfs+0xd5/0x1e0
[  206.484506][   T55]  le_conn_complete_evt+0xc3a/0x1220
[  206.484519][   T55]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  206.484528][   T55]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  206.484539][   T55]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  206.484547][   T55]  ? skb_pull_data+0xfb/0x200
[  206.484557][   T55]  hci_le_enh_conn_complete_evt+0x189/0x470
[  206.484566][   T55]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[  206.484576][   T55]  hci_event_packet+0x78f/0x1200
[  206.484585][   T55]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  206.484594][   T55]  ? __pfx_hci_event_packet+0x10/0x10
[  206.484602][   T55]  ? kcov_remote_start+0x4d3/0x7f0
[  206.484612][   T55]  ? lockdep_hardirqs_on+0x90/0x150
[  206.484622][   T55]  ? hci_send_to_monitor+0xe2/0x570
[  206.484634][   T55]  hci_rx_work+0x46a/0xe80
[  206.484646][   T55]  ? process_scheduled_works+0x9ef/0x17b0
[  206.484654][   T55]  process_scheduled_works+0xae1/0x17b0
[  206.484671][   T55]  ? __pfx_process_scheduled_works+0x10/0x10
[  206.484684][   T55]  worker_thread+0x8a0/0xda0
[  206.484701][   T55]  kthread+0x711/0x8a0
[  206.484710][   T55]  ? __pfx_worker_thread+0x10/0x10
[  206.484716][   T55]  ? __pfx_kthread+0x10/0x10
[  206.484725][   T55]  ? _raw_spin_unlock_irq+0x23/0x50
[  206.484732][   T55]  ? lockdep_hardirqs_on+0x9c/0x150
[  206.484739][   T55]  ? __pfx_kthread+0x10/0x10
[  206.484747][   T55]  ret_from_fork+0x3fc/0x770
[  206.484756][   T55]  ? __pfx_ret_from_fork+0x10/0x10
[  206.484765][   T55]  ? __switch_to_asm+0x39/0x70
[  206.484772][   T55]  ? __switch_to_asm+0x33/0x70
[  206.484779][   T55]  ? __pfx_kthread+0x10/0x10
[  206.484787][   T55]  ret_from_fork_asm+0x1a/0x30
[  206.484801][   T55]  </TASK>
[  206.484816][   T55] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  206.590759][   T55] Bluetooth: hci1: failed to register connection device
[  206.762783][T10228] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1597'.
[  206.870405][T10236] loop1: detected capacity change from 0 to 22
[  206.873418][T10236] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  206.880924][T10236] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  207.092044][T10250] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  207.097900][T10250] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration
[  208.026667][T10289] loop1: detected capacity change from 0 to 1024
[  208.029373][T10289] EXT4-fs: Ignoring removed orlov option
[  208.032262][T10289] EXT4-fs (loop1): invalid inodes per group: 0
[  208.032262][T10289] 
[  208.216806][T10293] loop3: detected capacity change from 0 to 512
[  208.232023][T10293] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  208.237978][T10293] ext4 filesystem being mounted at /159/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  208.268175][ T8488] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.494854][T10301] loop0: detected capacity change from 0 to 1024
[  208.568516][ T4622] hfsplus: b-tree write err: -5, ino 4
[  208.686226][ T5242] Bluetooth: hci2: command 0x0406 tx timeout
[  208.822518][T10303] loop0: detected capacity change from 0 to 32768
[  209.802080][   T33] audit: type=1107 audit(1755400715.725:44): pid=10306 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  210.126628][   T55] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  210.292835][T10334] loop1: detected capacity change from 0 to 256
[  210.960062][T10343] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1647'.
[  211.038447][T10347] loop0: detected capacity change from 0 to 512
[  211.044348][T10347] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  211.054306][T10347] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it
[  211.058354][T10347] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.1649: Corrupt directory, running e2fsck is recommended
[  211.068377][T10347] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[  211.071776][T10347] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.1649: corrupted in-inode xattr: invalid ea_ino
[  211.077358][T10347] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1649: couldn't read orphan inode 15 (err -117)
[  211.083272][T10347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  211.115854][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.346128][  T791] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  211.475004][T10361] loop1: detected capacity change from 0 to 32768
[  211.484337][T10361] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  211.496267][  T791] usb 4-1: Using ep0 maxpacket: 32
[  211.502715][  T791] usb 4-1: config 1 has an invalid interface number: 242 but max is 0
[  211.505786][  T791] usb 4-1: config 1 has no interface number 0
[  211.512518][  T791] usb 4-1: config 1 interface 242 has no altsetting 0
[  211.517312][T10361] XFS (loop1): Ending clean mount
[  211.522869][  T791] usb 4-1: New USB device found, idVendor=2eca, idProduct=c101, bcdDevice= 7.df
[  211.527590][T10361] XFS (loop1): Quotacheck needed: Please wait.
[  211.533365][  T791] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.537238][  T791] usb 4-1: Product: syz
[  211.538712][  T791] usb 4-1: Manufacturer: syz
[  211.540320][  T791] usb 4-1: SerialNumber: syz
[  211.555034][T10361] XFS (loop1): Quotacheck: Done.
[  211.595353][ T5857] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  211.697737][T10372] loop1: detected capacity change from 0 to 4096
[  211.710063][T10373] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  211.785118][  T791] aqc111 4-1:1.242: probe with driver aqc111 failed with error -22
[  211.789471][  T791] usb 4-1: USB disconnect, device number 11
[  212.006166][ T5849] usb 2-1: new full-speed USB device number 33 using dummy_hcd
[  212.052610][T10377] loop0: detected capacity change from 0 to 128
[  212.158748][ T5849] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC6, changing to 0x86
[  212.163753][ T5849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  212.170671][ T5849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  212.177137][ T5849] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87
[  212.180903][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  212.184101][ T5849] usb 2-1: Product: syz
[  212.185926][ T5849] usb 2-1: Manufacturer: syz
[  212.190493][ T5849] usb 2-1: SerialNumber: syz
[  212.194625][ T5849] usb 2-1: config 0 descriptor??
[  212.198870][ T5849] port100 2-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint
[  212.324139][T10383] program syz.3.1660 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  212.402997][T10387] netlink: 'syz.3.1662': attribute type 10 has an invalid length.
[  212.407236][T10387] bridge0: port 2(bridge_slave_1) entered disabled state
[  212.409629][ T5849] usb 2-1: USB disconnect, device number 33
[  212.410729][T10387] bridge0: port 1(bridge_slave_0) entered disabled state
[  212.425077][T10387] bridge0: port 2(bridge_slave_1) entered blocking state
[  212.428058][T10387] bridge0: port 2(bridge_slave_1) entered forwarding state
[  212.432296][T10387] bridge0: port 1(bridge_slave_0) entered blocking state
[  212.435022][T10387] bridge0: port 1(bridge_slave_0) entered forwarding state
[  212.441256][T10387] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  213.021614][T10394] vlan2: entered allmulticast mode
[  213.023895][T10394] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  213.125171][T10396] netlink: 'syz.1.1665': attribute type 3 has an invalid length.
[  213.164959][T10398] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1666'.
[  213.169983][T10398] veth0_to_bond: entered allmulticast mode
[  213.475983][T10407] sg_write: data in/out 16514940/4 bytes for SCSI command 0x1c-- guessing data in;
[  213.475983][T10407]    program syz.3.1670 not setting count and/or reply_len properly
[  214.224410][T10414] loop9: detected capacity change from 0 to 7
[  214.231137][T10414] Dev loop9: unable to read RDB block 7
[  214.234074][T10414]  loop9: AHDI p1 p2 p3
[  214.235816][T10414] loop9: partition table partially beyond EOD, truncated
[  214.239197][T10414] loop9: p1 start 1601398130 is beyond EOD, truncated
[  214.241957][T10414] loop9: p2 start 1702059890 is beyond EOD, truncated
[  214.506188][ T5849] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  214.576498][T10420] loop3: detected capacity change from 0 to 32768
[  214.582173][T10420] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  214.612098][T10420] XFS (loop3): Ending clean mount
[  214.655397][ T8488] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  214.663100][ T5849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[  214.667686][ T5849] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  214.671355][ T5849] usb 2-1: New USB device found, idVendor=046a, idProduct=0023, bcdDevice= 0.00
[  214.678353][ T5849] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.682380][ T5849] usb 2-1: config 0 descriptor??
[  214.928893][T10438] loop3: detected capacity change from 0 to 64
[  214.943754][T10438] syz.3.1681: attempt to access beyond end of device
[  214.943754][T10438] loop3: rw=2049, sector=268435468, nr_sectors = 2 limit=64
[  215.107195][ T5849] cherry 0003:046A:0023.000D: item fetching failed at offset 5/7
[  215.111119][ T5849] cherry 0003:046A:0023.000D: probe with driver cherry failed with error -22
[  215.163812][T10453] loop3: detected capacity change from 0 to 512
[  215.170856][T10453] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  215.186964][T10453] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=800ec018, mo2=0082]
[  215.191276][T10453] EXT4-fs (loop3): 1 truncate cleaned up
[  215.194830][T10453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.270996][ T8488] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  215.313684][ T5849] usb 2-1: USB disconnect, device number 34
[  215.323089][T10463] loop0: detected capacity change from 0 to 16
[  215.331316][T10463] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  215.462987][T10474] loop3: detected capacity change from 0 to 256
[  215.470056][T10474] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011d5f, chksum : 0x09863542, utbl_chksum : 0x000cd30d)
[  215.479681][   T33] audit: type=1800 audit(1755400721.405:45): pid=10474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1697" name="file2" dev="loop3" ino=1048626 res=0 errno=0
[  215.859499][T10481] loop3: detected capacity change from 0 to 1024
[  215.870176][T10481] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  215.904123][ T8488] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.037201][T10490] can0: slcan on ttyS3.
[  216.047681][T10485] loop3: detected capacity change from 0 to 32768
[  216.050479][T10485] btrfs: Deprecated parameter 'usebackuproot'
[  216.052765][T10485] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  216.056400][T10485] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1701 (10485)
[  216.063296][T10485] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  216.066862][T10485] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  216.069840][T10485] BTRFS info (device loop3): using free-space-tree
[  216.100686][T10490] can0 (unregistered): slcan off ttyS3.
[  216.142503][T10485] BTRFS info (device loop3): rebuilding free space tree
[  216.421339][T10519] loop6: detected capacity change from 0 to 524288000
[  216.468252][   T36] BTRFS info (device loop3): space_info DATA+METADATA (sub-group id 0) has 1789952 free, is full
[  216.472321][   T36] BTRFS info (device loop3): space_info total=11534336, used=8302592, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0
[  216.477457][   T36] BTRFS info (device loop3): global_block_rsv: size 1441792 reserved 1437696
[  216.480564][   T36] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0
[  216.483038][   T36] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0
[  216.485510][   T36] BTRFS info (device loop3): delayed_block_rsv: size 0 reserved 0
[  216.488427][   T36] BTRFS info (device loop3): delayed_refs_rsv: size 262144 reserved 0
[  216.503664][   T36] BTRFS info (device loop3): space_info DATA+METADATA (sub-group id 0) has 1789952 free, is full
[  216.507933][   T36] BTRFS info (device loop3): space_info total=11534336, used=8302592, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0
[  216.513135][   T36] BTRFS info (device loop3): global_block_rsv: size 1441792 reserved 1433600
[  216.516597][   T36] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0
[  216.519245][   T36] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0
[  216.522310][   T36] BTRFS info (device loop3): delayed_block_rsv: size 0 reserved 0
[  216.525000][   T36] BTRFS info (device loop3): delayed_refs_rsv: size 524288 reserved 0
[  216.535591][   T36] BTRFS info (device loop3): space_info DATA+METADATA (sub-group id 0) has 1789952 free, is full
[  216.540084][   T36] BTRFS info (device loop3): space_info total=11534336, used=8302592, pinned=0, reserved=4096, may_use=1437696, readonly=0 zone_unusable=0
[  216.544915][   T36] BTRFS info (device loop3): global_block_rsv: size 1441792 reserved 1437696
[  216.548181][   T36] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0
[  216.550786][   T36] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0
[  216.553735][   T36] BTRFS info (device loop3): delayed_block_rsv: size 0 reserved 0
[  216.556859][   T36] BTRFS info (device loop3): delayed_refs_rsv: size 262144 reserved 0
[  216.573405][   T36] BTRFS info (device loop3): space_info DATA+METADATA (sub-group id 0) has 1789952 free, is full
[  216.577858][   T36] BTRFS info (device loop3): space_info total=11534336, used=8302592, pinned=0, reserved=8192, may_use=1433600, readonly=0 zone_unusable=0
[  216.583480][   T36] BTRFS info (device loop3): global_block_rsv: size 1441792 reserved 1433600
[  216.587150][   T36] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0
[  216.590215][   T36] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0
[  216.593290][   T36] BTRFS info (device loop3): delayed_block_rsv: size 0 reserved 0
[  216.596656][   T36] BTRFS info (device loop3): delayed_refs_rsv: size 524288 reserved 0
[  216.601600][   T36] BTRFS info (device loop3): cannot satisfy tickets, dumping space info
[  216.605527][   T36] BTRFS info (device loop3): space_info DATA+METADATA (sub-group id 0) has 1789952 free, is full
[  216.609962][   T36] BTRFS info (device loop3): space_info total=11534336, used=8302592, pinned=0, reserved=0, may_use=1441792, readonly=0 zone_unusable=0
[  216.615307][   T36] BTRFS info (device loop3): failing ticket with 3145728 bytes
[  216.628372][T10512] BTRFS info (device loop3): space_info DATA+METADATA (sub-group id 0) has 1781760 free, is full
[  216.632420][T10512] BTRFS info (device loop3): space_info total=11534336, used=8302592, pinned=12288, reserved=0, may_use=1437696, readonly=0 zone_unusable=0
[  216.637749][T10512] BTRFS info (device loop3): global_block_rsv: size 1441792 reserved 1437696
[  216.641079][T10512] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0
[  216.643640][T10512] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0
[  216.647310][T10512] BTRFS info (device loop3): delayed_block_rsv: size 0 reserved 0
[  216.650580][T10512] BTRFS info (device loop3): delayed_refs_rsv: size 0 reserved 0
[  216.715009][T10536] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1712'.
[  216.720549][ T8488] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  216.982597][T10540] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1715'.
[  217.092377][T10543] netlink: 'syz.1.1715': attribute type 10 has an invalid length.
[  217.108731][T10543] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.111428][T10543] bridge_slave_1: left allmulticast mode
[  217.113293][T10543] bridge_slave_1: left promiscuous mode
[  217.119398][T10547] af_packet: tpacket_rcv: packet too big, clamped from 42 to 4294967286. macoff=82
[  217.130822][T10543] bridge0: port 2(bridge_slave_1) entered disabled state
[  217.144634][T10543] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link
[  217.376006][T10564] loop3: detected capacity change from 0 to 64
[  217.380053][T10564] BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted on loop3
[  217.412349][T10568] loop0: detected capacity change from 0 to 1024
[  217.649145][T10574] random: crng reseeded on system resumption
[  218.197423][   T47] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  218.243087][T10591] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1735'.
[  218.246260][T10591] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1735'.
[  218.280387][T10593] ksmbd: Unknown IPC event: 4, ignore.
[  218.349084][   T47] usb 4-1: config 2 has an invalid interface number: 20 but max is 0
[  218.352160][   T47] usb 4-1: config 2 has no interface number 0
[  218.356980][   T47] usb 4-1: New USB device found, idVendor=0c0b, idProduct=a109, bcdDevice=17.a3
[  218.360067][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.362936][   T47] usb 4-1: Product: syz
[  218.364574][   T47] usb 4-1: Manufacturer: syz
[  218.367241][   T47] usb 4-1: SerialNumber: syz
[  218.428216][T10601] loop1: detected capacity change from 0 to 4096
[  218.465857][   T33] audit: type=1800 audit(1755400724.385:46): pid=10601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1740" name="file1" dev="loop1" ino=30 res=0 errno=0
[  218.579569][T10603] loop0: detected capacity change from 0 to 4096
[  218.581522][   T47] ums-datafab 4-1:2.20: USB Mass Storage device detected
[  218.585995][T10603] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  218.592462][   T47] ums-datafab 4-1:2.20: Quirks match for vid 0c0b pid a109: 1
[  218.617633][T10603] ntfs3(loop0): failed to convert "c46c" to cp866
[  218.664326][   T47] ums-sddr55 4-1:2.20: USB Mass Storage device detected
[  218.752511][   T47] usb 4-1: USB disconnect, device number 12
[  218.809002][T10619] loop1: detected capacity change from 0 to 4096
[  218.812917][T10619] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  218.823434][T10619] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  218.829435][T10619] ntfs3(loop1): Failed to load $MFT (-2).
[  218.862477][T10626] tipc: Failed to remove unknown binding: 66,1,1/0:1015546235/1015546237
[  218.866835][T10626] tipc: Failed to remove unknown binding: 66,1,1/0:1015546235/1015546237
[  218.870349][T10626] tipc: Failed to remove unknown binding: 66,1,1/0:1015546235/1015546237
[  218.918528][T10628] libceph: resolve '0' (ret=-3): failed
[  219.172645][T10649] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1761'.
[  219.228188][T10653] loop0: detected capacity change from 0 to 4096
[  219.231162][T10653] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  219.241670][T10653] ntfs3(loop0): Failed to load $Secure (-22).
[  219.243833][T10653] ntfs3(loop0): Failed to initialize $Secure (-22).
[  219.246361][T10641] loop1: detected capacity change from 0 to 32768
[  219.385285][T10660] netlink: 'syz.1.1765': attribute type 33 has an invalid length.
[  219.389108][T10660] netlink: 164 bytes leftover after parsing attributes in process `syz.1.1765'.
[  219.522316][T10676] futex_wake_op: syz.0.1773 tries to shift op by -1; fix this program
[  220.177551][   T33] audit: type=1326 audit(1755400726.105:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10650 comm="syz.3.1762" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe3a6d8ebe9 code=0x7fc00000
[  220.193721][ T5849] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  220.346244][ T5849] usb 2-1: Using ep0 maxpacket: 16
[  220.352959][ T5849] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  220.357803][ T5849] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  220.366824][ T5849] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  220.370830][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.374506][ T5849] usb 2-1: Product: syz
[  220.377627][ T5849] usb 2-1: Manufacturer: syz
[  220.380970][ T5849] usb 2-1: SerialNumber: syz
[  220.443628][   T33] audit: type=1326 audit(1755400726.365:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10687 comm="syz.3.1778" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe3a6d8ebe9 code=0x0
[  220.683860][T10692] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1779'.
[  220.860454][T10694] loop0: detected capacity change from 0 to 1024
[  220.864635][T10694] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  220.875153][T10694] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  220.878920][T10694] EXT4-fs (loop0): orphan cleanup on readonly fs
[  220.885946][T10694] EXT4-fs error (device loop0): __ext4_get_inode_loc:4861: comm syz.0.1780: Invalid inode table block 0 in block_group 0
[  220.893596][T10694] EXT4-fs (loop0): Remounting filesystem read-only
[  220.896772][T10694] Quota error (device loop0): write_blk: dquota write failed
[  220.899929][T10694] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  220.904018][T10694] EXT4-fs (loop0): 1 truncate cleaned up
[  220.914056][T10694] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  220.939560][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.014609][   T33] audit: type=1400 audit(1755400726.935:49): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=10698 comm="syz.0.1782"
[  221.045607][ T5849] usb 2-1: 0:2 : does not exist
[  221.051497][ T5849] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  221.069214][ T5849] usb 2-1: USB disconnect, device number 35
[  221.299111][T10710] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1787'.
[  221.325290][T10712] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1788'.
[  221.329186][T10712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1788'.
[  221.401892][T10716] loop0: detected capacity change from 0 to 2048
[  221.430750][T10716] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.445741][T10716] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  221.453028][T10716] EXT4-fs (loop0): Remounting filesystem read-only
[  221.475857][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.121189][T10734] loop3: detected capacity change from 0 to 512
[  222.124611][T10734] EXT4-fs: Ignoring removed nomblk_io_submit option
[  222.163765][T10734] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  222.176852][T10734] ext4 filesystem being mounted at /215/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  222.218115][T10734] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #2: block 7: comm syz.3.1796: lblock 12 mapped to illegal pblock 7 (length 22)
[  222.256324][ T8488] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.324185][T10738] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input14
[  222.924910][T10747] loop3: detected capacity change from 0 to 32768
[  222.935270][T10747] JBD2: Ignoring recovery information on journal
[  222.948104][T10757] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1804'.
[  222.954052][T10757] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1804'.
[  222.987064][T10747] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  223.008269][ T8488] ocfs2: Unmounting device (7,3) on (node local)
[  224.259896][T10777] loop0: detected capacity change from 0 to 512
[  224.264569][T10777] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  224.276317][T10777] EXT4-fs (loop0): 1 truncate cleaned up
[  224.281188][T10777] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  224.365261][T10780] EXT4-fs (loop0): shut down requested (1)
[  224.453236][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.681564][T10797] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1820'.
[  225.152808][T10807] netlink: 'syz.3.1824': attribute type 10 has an invalid length.
[  225.159219][T10807] bond0: (slave bond_slave_0): Releasing backup interface
[  225.723753][T10834] loop1: detected capacity change from 0 to 256
[  226.034569][T10836] loop1: detected capacity change from 0 to 32768
[  226.045392][T10836] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  226.061083][T10836] XFS (loop1): Ending clean mount
[  226.142475][T10846] loop3: detected capacity change from 0 to 8
[  226.157401][ T5857] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  226.227271][T10847] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1837'.
[  227.987829][T10857] loop1: detected capacity change from 0 to 32768
[  228.027693][T10857]  loop1: p9 p11 p16
[  228.238335][T10870] loop3: detected capacity change from 0 to 32768
[  228.248352][T10870] XFS (loop3): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  228.261660][T10870] XFS (loop3): Ending clean mount
[  228.274126][T10870] XFS (loop3): syz.3.1847 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported
[  228.282101][  T791] kernel write not supported for file /input/mouse0 (pid: 791 comm: kworker/1:2)
[  228.294670][ T8488] XFS (loop3): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  228.379794][T10892] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1852'.
[  228.477796][T10900] loop3: detected capacity change from 0 to 4096
[  228.490275][T10900] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  228.493317][T10900] ntfs3(loop3): Failed to load $Extend (-22).
[  228.495622][T10900] ntfs3(loop3): Failed to initialize $Extend.
[  228.510074][T10900] ntfs3(loop3): ino=1b, "file0" ntfs_readdir
[  228.554520][T10906] loop3: detected capacity change from 0 to 1024
[  228.562843][T10906] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  228.568414][T10906] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  228.571180][T10906] EXT4-fs (loop3): orphan cleanup on readonly fs
[  228.574084][T10906] EXT4-fs error (device loop3): ext4_free_blocks:6696: comm syz.3.1860: Freeing blocks not in datazone - block = 0, count = 4096
[  228.579768][T10906] EXT4-fs (loop3): 1 orphan inode deleted
[  228.582616][T10906] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  228.605290][ T8488] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.642410][T10913] loop3: detected capacity change from 0 to 512
[  228.645277][T10913] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  228.654777][T10913] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #16: comm syz.3.1862: invalid indirect mapped block 83886080 (level 1)
[  228.676267][T10913] EXT4-fs (loop3): Remounting filesystem read-only
[  228.680167][T10913] EXT4-fs (loop3): 1 orphan inode deleted
[  228.683012][T10913] EXT4-fs (loop3): 1 truncate cleaned up
[  228.695979][T10917] loop1: detected capacity change from 0 to 2048
[  228.698136][T10913] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  228.705069][T10917] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  228.720708][ T8488] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.764413][T10921] pim6reg: entered allmulticast mode
[  228.786822][T10921] netlink: 'syz.3.1866': attribute type 10 has an invalid length.
[  228.807203][T10921] team0: Failed to send port change of device netdevsim0 via netlink (err -105)
[  228.823108][T10921] team0: Failed to send options change via netlink (err -105)
[  228.825903][T10921] team0: Port device netdevsim0 added
[  228.846442][T10927] loop0: detected capacity change from 0 to 4096
[  228.858254][T10932] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1871'.
[  228.864879][T10927] ntfs3(loop0): ino=1a, mi_enum_attr
[  228.869778][T10927] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  228.893418][T10932] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1871'.
[  228.950705][ T5849] IPVS: starting estimator thread 0...
[  229.004141][T10948] loop0: detected capacity change from 0 to 2048
[  229.008403][T10948] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  229.012447][T10948] EXT4-fs (loop0): group descriptors corrupted!
[  229.036179][T10942] IPVS: using max 81 ests per chain, 194400 per kthread
[  229.383687][T10961] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1883'.
[  229.620969][T10983] netlink: 'syz.1.1887': attribute type 10 has an invalid length.
[  229.631136][T10985] mmap: syz.0.1892 (10985) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  229.633308][T10983] veth0_vlan: left promiscuous mode
[  229.640986][T10983] veth0_vlan: entered promiscuous mode
[  229.647099][T10983] team0: Device veth0_vlan failed to register rx_handler
[  229.791538][T10989] loop0: detected capacity change from 0 to 512
[  229.794976][T10989] EXT4-fs: Ignoring removed i_version option
[  229.798841][T10989] EXT4-fs: Ignoring removed mblk_io_submit option
[  229.802287][T10989] EXT4-fs (loop0): Test dummy encryption mode enabled
[  229.807681][T10989] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8842c018, mo2=0103]
[  229.823292][T10989] EXT4-fs error (device loop0): ext4_orphan_get:1392: comm syz.0.1894: inode #13: comm syz.0.1894: iget: illegal inode #
[  229.829372][T10989] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.1894: couldn't read orphan inode 13 (err -117)
[  229.836824][T10989] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  229.845243][T10989] EXT4-fs (loop0): shut down requested (1)
[  229.880810][ T5848] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.123066][T11013] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  230.209327][T11017] loop3: detected capacity change from 0 to 4096
[  230.221310][T11018] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  230.234258][   T33] audit: type=1800 audit(1755400736.155:50): pid=11017 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1907" name="file1" dev="loop3" ino=15 res=0 errno=0
[  230.302123][T11020] input: syz1 as /devices/virtual/input/input15
[  230.522565][T11033] loop3: detected capacity change from 0 to 512
[  230.532384][T11033] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  230.535629][T11033] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842e018, mo2=0002]
[  230.540018][T11033] System zones: 0-1, 15-15, 18-18, 34-34
[  230.542563][T11033] EXT4-fs (loop3): orphan cleanup on readonly fs
[  230.545870][T11033] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #16: comm syz.3.1914: casefold flag without casefold feature
[  230.552466][T11033] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1914: couldn't read orphan inode 16 (err -117)
[  230.559467][T11033] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  230.568808][T11033] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  230.571457][T11033] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842e018, mo2=0002]
[  230.596863][ T8488] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.671465][T11038] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1916'.
[  230.677261][T11038] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1916'.
[  231.850956][T11059] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1926'.
[  232.100731][T11063] loop3: detected capacity change from 0 to 32768
[  232.174443][T11063] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  232.174463][T11063]   allowing incompatible features above 0.0: (unknown version)
[  232.174470][T11063]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  232.190617][T11063] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  232.194131][T11063] bcachefs (loop3): initializing new filesystem
[  232.202860][T11063] bcachefs (loop3): going read-write
[  232.210570][T11063] bcachefs (loop3): marking superblocks
[  232.218521][T11063] bcachefs (loop3): initializing freespace
[  232.223779][T11063] bcachefs (loop3): done initializing freespace
[  232.228468][T11063] bcachefs (loop3): reading snapshots table
[  232.230966][T11063] bcachefs (loop3): reading snapshots done
[  232.272516][T11063] bcachefs (loop3): done starting filesystem
[  232.321884][ T8488] bcachefs (loop3): shutting down
[  232.324216][ T8488] bcachefs (loop3): going read-only
[  232.326968][ T8488] bcachefs (loop3): finished waiting for writes to stop
[  232.330290][ T8488] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  232.362441][ T8488] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  232.368448][ T8488] bcachefs (loop3): clean shutdown complete, journal seq 4
[  232.372221][ T8488] bcachefs (loop3): marking filesystem clean
[  232.397030][ T8488] bcachefs (loop3): shutdown complete
[  232.609664][T11081] syzkaller0: entered promiscuous mode
[  232.611589][T11081] syzkaller0: entered allmulticast mode
[  233.792810][T11098] loop3: detected capacity change from 0 to 4096
[  233.818109][T11099] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  233.835743][   T33] audit: type=1800 audit(1755400739.755:51): pid=11097 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1939" name="file1" dev="loop3" ino=15 res=0 errno=0
[  233.858032][   T33] audit: type=1800 audit(1755400739.765:52): pid=11097 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1939" name="file1" dev="loop3" ino=15 res=0 errno=0
[  234.492966][T11101] loop0: detected capacity change from 0 to 64
[  234.517889][T11101] syz.0.1941: attempt to access beyond end of device
[  234.517889][T11101] loop0: rw=0, sector=1024, nr_sectors = 2 limit=64
[  234.523241][T11101] buffer_io_error: 5254 callbacks suppressed
[  234.523250][T11101] Buffer I/O error on dev loop0, logical block 512, async page read
[  234.528958][T11101] syz.0.1941: attempt to access beyond end of device
[  234.528958][T11101] loop0: rw=0, sector=113152, nr_sectors = 2 limit=64
[  234.538773][T11101] Buffer I/O error on dev loop0, logical block 56576, async page read
[  234.615875][T11109] loop0: detected capacity change from 0 to 2048
[  234.620446][T11109] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  234.638196][T11112] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  234.647541][T11109] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  234.648408][   T33] audit: type=1800 audit(1755400740.575:53): pid=11109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1944" name="file1" dev="loop0" ino=15 res=0 errno=0
[  234.655852][T11109] Remounting filesystem read-only
[  235.459332][T11129] loop3: detected capacity change from 0 to 4096
[  235.496862][T11130] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  235.999783][T11141] Unsupported ieee802154 address type: 0
[  236.181279][T11147] loop1: detected capacity change from 0 to 2048
[  236.187257][T11147] UDF-fs: warning (device loop1): udf_fill_super: No fileset found
[  236.195696][T11141] loop3: detected capacity change from 0 to 32768
[  236.228878][T11152] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1961'.
[  236.318972][T11141] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  236.318989][T11141]   allowing incompatible features above 0.0: (unknown version)
[  236.318997][T11141]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  236.334163][T11141] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  236.340100][T11141] bcachefs (loop3): initializing new filesystem
[  236.351271][T11141] bcachefs (loop3): going read-write
[  236.356716][T11141] bcachefs (loop3): marking superblocks
[  236.367255][T11141] bcachefs (loop3): initializing freespace
[  236.373908][T11141] bcachefs (loop3): done initializing freespace
[  236.381312][T11141] bcachefs (loop3): reading snapshots table
[  236.383954][T11141] bcachefs (loop3): reading snapshots done
[  236.394660][T11163] loop1: detected capacity change from 0 to 1024
[  236.431110][T11141] bcachefs (loop3): done starting filesystem
[  236.475382][T11167] netlink: 'syz.1.1965': attribute type 6 has an invalid length.
[  236.524243][ T5849] Process accounting resumed
[  236.551387][T11171] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1967'.
[  236.558291][T11171] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  237.369237][ T8488] bcachefs (loop3): shutting down
[  237.372737][ T8488] bcachefs (loop3): going read-only
[  237.374823][ T8488] bcachefs (loop3): finished waiting for writes to stop
[  237.383969][ T8488] bcachefs (loop3): flushing journal and stopping allocators, journal seq 4
[  237.439588][ T8488] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 5
[  237.443978][ T8488] bcachefs (loop3): clean shutdown complete, journal seq 6
[  237.448839][ T8488] bcachefs (loop3): marking filesystem clean
[  237.483435][ T8488] bcachefs (loop3): shutdown complete
[  238.160859][T11183] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1972'.
[  238.164349][T11183] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1972'.
[  238.406939][T11191] loop1: detected capacity change from 0 to 40427
[  238.412334][T11191] F2FS-fs (loop1): invalid crc value
[  238.438977][T11191] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  238.442976][T11191] F2FS-fs (loop1): Start checkpoint disabled!
[  238.445846][T11191] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  238.475766][ T1088] kworker/u10:4: attempt to access beyond end of device
[  238.475766][ T1088] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  238.486160][ T1088] CPU: 1 UID: 0 PID: 1088 Comm: kworker/u10:4 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  238.486173][ T1088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  238.486178][ T1088] Workqueue: writeback wb_workfn (flush-7:1)
[  238.486193][ T1088] Call Trace:
[  238.486196][ T1088]  <TASK>
[  238.486199][ T1088]  dump_stack_lvl+0x189/0x250
[  238.486211][ T1088]  ? __pfx_dump_stack_lvl+0x10/0x10
[  238.486219][ T1088]  ? __pfx_queue_work_on+0x10/0x10
[  238.486226][ T1088]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  238.486235][ T1088]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  238.486247][ T1088]  f2fs_handle_critical_error+0x37c/0x540
[  238.486259][ T1088]  f2fs_write_end_io+0x886/0xb60
[  238.486272][ T1088]  __submit_merged_bio+0x27a/0x6a0
[  238.486283][ T1088]  __submit_merged_write_cond+0x255/0x530
[  238.486295][ T1088]  f2fs_write_data_pages+0x261d/0x3000
[  238.486316][ T1088]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  238.486331][ T1088]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  238.486350][ T1088]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  238.486359][ T1088]  ? look_up_lock_class+0x74/0x170
[  238.486372][ T1088]  ? trace_f2fs_writepages+0x7f/0x200
[  238.486381][ T1088]  ? f2fs_write_node_pages+0x478/0x6e0
[  238.486391][ T1088]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  238.486405][ T1088]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  238.486414][ T1088]  do_writepages+0x32e/0x550
[  238.486425][ T1088]  ? reacquire_held_locks+0x127/0x1d0
[  238.486432][ T1088]  ? writeback_sb_inodes+0x384/0x1010
[  238.486443][ T1088]  __writeback_single_inode+0x145/0xff0
[  238.486451][ T1088]  ? do_raw_spin_unlock+0x4d/0x240
[  238.486461][ T1088]  writeback_sb_inodes+0x6c7/0x1010
[  238.486479][ T1088]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  238.486502][ T1088]  ? rcu_is_watching+0x15/0xb0
[  238.486513][ T1088]  wb_writeback+0x43b/0xaf0
[  238.486524][ T1088]  ? queue_io+0x3c1/0x590
[  238.486533][ T1088]  ? __pfx_wb_writeback+0x10/0x10
[  238.486550][ T1088]  ? _raw_spin_unlock_irq+0x23/0x50
[  238.486564][ T1088]  wb_workfn+0x409/0xef0
[  238.486582][ T1088]  ? __pfx_wb_workfn+0x10/0x10
[  238.486596][ T1088]  ? __lock_acquire+0xab9/0xd20
[  238.486633][ T1088]  ? process_scheduled_works+0x9ef/0x17b0
[  238.486645][ T1088]  ? _raw_spin_unlock_irq+0x23/0x50
[  238.486657][ T1088]  ? process_scheduled_works+0x9ef/0x17b0
[  238.486665][ T1088]  ? process_scheduled_works+0x9ef/0x17b0
[  238.486676][ T1088]  process_scheduled_works+0xae1/0x17b0
[  238.486701][ T1088]  ? __pfx_process_scheduled_works+0x10/0x10
[  238.486715][ T1088]  worker_thread+0x8a0/0xda0
[  238.486727][ T1088]  ? __kthread_parkme+0x7b/0x200
[  238.486743][ T1088]  kthread+0x711/0x8a0
[  238.486752][ T1088]  ? __pfx_worker_thread+0x10/0x10
[  238.486759][ T1088]  ? __pfx_kthread+0x10/0x10
[  238.486768][ T1088]  ? _raw_spin_unlock_irq+0x23/0x50
[  238.486775][ T1088]  ? lockdep_hardirqs_on+0x9c/0x150
[  238.486783][ T1088]  ? __pfx_kthread+0x10/0x10
[  238.486791][ T1088]  ret_from_fork+0x3fc/0x770
[  238.486799][ T1088]  ? __pfx_ret_from_fork+0x10/0x10
[  238.486809][ T1088]  ? __switch_to_asm+0x39/0x70
[  238.486816][ T1088]  ? __switch_to_asm+0x33/0x70
[  238.486823][ T1088]  ? __pfx_kthread+0x10/0x10
[  238.486831][ T1088]  ret_from_fork_asm+0x1a/0x30
[  238.486846][ T1088]  </TASK>
[  238.486848][ T1088] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  239.025087][T11221] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.090916][T11231] loop0: detected capacity change from 0 to 128
[  239.103963][T11231] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  239.115767][T11231] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  239.129433][T11221] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.231859][T11221] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.334275][T11221] team0: Port device netdevsim0 removed
[  239.340309][T11221] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  239.517699][T11254] loop0: detected capacity change from 0 to 4096
[  239.521834][T11254] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  239.580355][ T5698] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  239.594142][ T5698] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  239.629718][ T5698] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  239.633137][ T5698] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  240.626214][ T5883] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  240.796244][ T5883] usb 2-1: Using ep0 maxpacket: 32
[  240.803276][ T5883] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  240.807157][ T5883] usb 2-1: config 0 has no interface number 0
[  240.841097][ T5883] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  240.844940][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  240.848665][ T5883] usb 2-1: Product: syz
[  240.851548][ T5883] usb 2-1: Manufacturer: syz
[  240.853764][ T5883] usb 2-1: SerialNumber: syz
[  240.858096][ T5883] usb 2-1: config 0 descriptor??
[  240.862373][ T5883] smsc95xx v2.0.0
[  241.144155][T11266] loop3: detected capacity change from 0 to 32768
[  241.148073][T11266] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2007 (11266)
[  241.159292][T11266] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  241.163049][T11266] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  241.166488][T11266] BTRFS info (device loop3): disk space caching is enabled
[  241.168721][T11266] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  241.292881][ T5883] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -61
[  241.300095][ T5883] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  241.304332][T11266] BTRFS info (device loop3): rebuilding free space tree
[  241.316454][T11266] BTRFS info (device loop3): disabling free space tree
[  241.318882][T11266] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  241.322067][T11266] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  241.473425][T11297] btrfs: Unknown parameter '18446744073709551615@LqE: 艞t}0$'
[  241.840932][ T8488] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  241.899514][ T5883] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  241.909500][ T5883] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[  241.924860][ T5883] usb 2-1: USB disconnect, device number 36
[  242.647962][T11309] loop1: detected capacity change from 0 to 2048
[  242.673365][T11309] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  242.714022][ T5857] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  242.834903][T11324] netlink: 'syz.1.2024': attribute type 1 has an invalid length.
[  242.844252][T11324] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2024'.
[  243.042327][T11326] loop0: detected capacity change from 0 to 4096
[  243.382129][T11341] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  243.385201][T11341] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  243.394277][T11341] vhci_hcd vhci_hcd.0: Device attached
[  243.403483][T11341] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(10)
[  243.406355][T11341] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  243.412025][T11341] vhci_hcd vhci_hcd.0: Device attached
[  243.420034][T11341] vhci_hcd vhci_hcd.0: pdev(3) rhport(2) sockfd(12)
[  243.422821][T11341] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  243.428444][T11341] vhci_hcd vhci_hcd.0: Device attached
[  243.432732][T11341] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  243.442143][T11341] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(16)
[  243.445071][T11341] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  243.451915][T11341] vhci_hcd vhci_hcd.0: Device attached
[  243.462312][T11341] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(18)
[  243.465175][T11341] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  243.479162][T11341] vhci_hcd vhci_hcd.0: Device attached
[  243.495902][T11341] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  243.520164][T11341] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  243.538421][T11341] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  243.565575][T11341] vhci_hcd vhci_hcd.0: port 0 already used
[  243.595063][T11350] vhci_hcd: connection closed
[  243.598345][T11348] vhci_hcd: connection closed
[  243.601914][T11342] vhci_hcd: connection closed
[  243.606354][T11346] vhci_hcd: connection closed
[  243.608384][T11344] vhci_hcd: connection closed
[  243.625734][ T5698] vhci_hcd: stop threads
[  243.631310][  T791] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  243.637436][T11343] vhci_hcd: sendmsg failed!, ret=-32 for 48
[  243.651237][ T5698] vhci_hcd: release socket
[  243.658965][ T5698] vhci_hcd: disconnect device
[  243.663634][ T5698] vhci_hcd: stop threads
[  243.670279][ T5698] vhci_hcd: release socket
[  243.674672][ T5698] vhci_hcd: disconnect device
[  243.679683][ T5698] vhci_hcd: stop threads
[  243.683951][ T5698] vhci_hcd: release socket
[  243.692845][ T5698] vhci_hcd: disconnect device
[  243.698617][ T5698] vhci_hcd: stop threads
[  243.700387][ T5698] vhci_hcd: release socket
[  243.706425][ T5698] vhci_hcd: disconnect device
[  243.708957][ T5698] vhci_hcd: stop threads
[  243.710766][ T5698] vhci_hcd: release socket
[  243.714279][ T5698] vhci_hcd: disconnect device
[  243.815854][T11356] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  244.431493][T11365] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2036'.
[  244.649879][T11375] netlink: 'syz.1.2041': attribute type 21 has an invalid length.
[  244.694488][T11375] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2041'.
[  245.070578][T11375] netlink: 'syz.1.2041': attribute type 5 has an invalid length.
[  245.073202][T11375] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2041'.
[  245.156018][T11384] team_slave_1: entered promiscuous mode
[  245.164339][T11384] netlink: 'syz.0.2043': attribute type 10 has an invalid length.
[  245.171174][T11384] team0: Failed to send options change via netlink (err -105)
[  245.174968][T11384] team0: Failed to send port change of device team_slave_0 via netlink (err -105)
[  245.179159][T11384] team0: Port device team_slave_0 removed
[  245.366389][T11386] loop1: detected capacity change from 0 to 40427
[  245.370376][T11386] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[  245.373280][T11386] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  245.377099][T11386] F2FS-fs (loop1): build fault injection rate: 17008
[  245.380560][T11386] F2FS-fs (loop1): build fault injection type: 0x1f8
[  245.383965][T11386] F2FS-fs (loop1): invalid crc value
[  245.432513][T11386] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  245.437078][T11386] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  245.439891][T11386] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  245.726343][ T5849] usb 4-1: new full-speed USB device number 13 using dummy_hcd
[  245.881282][ T5849] usb 4-1: unable to get BOS descriptor or descriptor too short
[  245.885286][ T5849] usb 4-1: not running at top speed; connect to a high speed hub
[  245.886167][   T47] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  245.892608][ T5849] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  245.898296][ T5849] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4
[  245.902823][ T5849] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  245.909961][ T5849] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  245.913876][ T5849] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  245.917504][ T5849] usb 4-1: Product: syz
[  245.919302][ T5849] usb 4-1: Manufacturer: syz
[  245.921281][ T5849] usb 4-1: SerialNumber: syz
[  246.036423][   T47] usb 2-1: Using ep0 maxpacket: 8
[  246.042693][   T47] usb 2-1: unable to get BOS descriptor or descriptor too short
[  246.047112][   T47] usb 2-1: config 0 has an invalid interface number: 88 but max is 0
[  246.050590][   T47] usb 2-1: config 0 has no interface number 0
[  246.056477][   T47] usb 2-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  246.060942][   T47] usb 2-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[  246.064842][   T47] usb 2-1: config 0 interface 88 has no altsetting 0
[  246.070577][   T47] usb 2-1: string descriptor 0 read error: -22
[  246.073171][   T47] usb 2-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  246.076994][   T47] usb 2-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  246.082009][   T47] usb 2-1: config 0 descriptor??
[  246.091400][   T47] input: USB Acecad Flair Tablet 0460:0004 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.88/input/input16
[  246.135124][ T5849] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  246.141638][ T5849] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor
[  246.144950][ T5849] usb 4-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  246.158603][ T5849] usb 4-1: USB disconnect, device number 13
[  246.297860][ T5883] usb 2-1: USB disconnect, device number 37
[  246.873656][T11403] loop3: detected capacity change from 0 to 32768
[  246.885347][T11403] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  246.899178][T11413] netlink: 84 bytes leftover after parsing attributes in process `syz.1.2052'.
[  246.916828][T11403] XFS (loop3): Ending clean mount
[  246.920548][T11403] XFS (loop3): Quotacheck needed: Please wait.
[  246.955341][T11419] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  246.956664][T11403] XFS (loop3): Quotacheck: Done.
[  247.086247][ T8488] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  247.599134][T11430] netlink: 'syz.3.2059': attribute type 26 has an invalid length.
[  247.652171][T11432] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  247.656117][T11432] IPv6: NLM_F_CREATE should be set when creating new route
[  247.659424][T11432] IPv6: NLM_F_CREATE should be set when creating new route
[  247.662616][T11432] IPv6: NLM_F_CREATE should be set when creating new route
[  247.678555][T11432] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  248.070957][T11440] ALSA: mixer_oss: invalid OSS volume 'A141=wVe]'
[  248.073723][T11440] ALSA: mixer_oss: invalid OSS volume 'ұB;T`@$EcXMYd,'
[  248.080350][T11440] ALSA: mixer_oss: invalid OSS volume 'b@h#'
[  248.082638][T11440] ALSA: mixer_oss: invalid OSS volume 'h4XS4v=0_>&'
[  248.085302][T11440] ALSA: mixer_oss: invalid OSS volume '|/"tj'
[  248.088149][T11440] ALSA: mixer_oss: invalid OSS volume '-z5c^J6$'
[  248.090733][T11440] ALSA: mixer_oss: invalid OSS volume '0Ty󉴪jP&at'
[  248.093856][T11440] ALSA: mixer_oss: invalid OSS volume '|~\'
[  248.098457][T11440] ALSA: mixer_oss: invalid OSS volume '@^3bɜ}G$#\("/oL'
[  248.101888][T11440] ALSA: mixer_oss: invalid OSS volume ''
[  248.757318][  T791] vhci_hcd: vhci_device speed not set
[  250.025843][ T6873] usb usb40-port1: attempt power cycle
[  250.052595][T11465] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  250.064139][T11465] syzkaller0: entered promiscuous mode
[  250.068894][T11465] syzkaller0: entered allmulticast mode
[  250.107843][T11465] tipc: Resetting bearer <eth:syzkaller0>
[  250.122543][T11463] tipc: Resetting bearer <eth:syzkaller0>
[  250.149116][T11463] tipc: Disabling bearer <eth:syzkaller0>
[  250.251014][T11470] loop1: detected capacity change from 0 to 128
[  250.295965][T11472] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2076'.
[  250.312236][T11468] loop0: detected capacity change from 0 to 32768
[  250.322740][T11468] ERROR: (device loop0): diAllocBit: iag inconsistent
[  250.322740][T11468] 
[  250.329284][T11468] ERROR: (device loop0): remounting filesystem as read-only
[  250.330582][T11474] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  250.334764][T11468] ialloc: diAlloc returned -5!
[  250.335864][T11474] syzkaller0: entered promiscuous mode
[  250.338768][T11474] syzkaller0: entered allmulticast mode
[  250.358619][T11474] tipc: Resetting bearer <eth:syzkaller0>
[  250.361792][T11473] tipc: Resetting bearer <eth:syzkaller0>
[  250.372607][T11473] tipc: Disabling bearer <eth:syzkaller0>
[  250.453633][T11480] loop1: detected capacity change from 0 to 8
[  250.596566][ T6873] usb usb40-port1: unable to enumerate USB device
[  250.729841][T11482] loop0: detected capacity change from 0 to 32768
[  250.739429][T11482] JBD2: Ignoring recovery information on journal
[  250.787991][T11482] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  250.820435][T11482] 
[  250.821565][T11482] ======================================================
[  250.824612][T11482] WARNING: possible circular locking dependency detected
[  250.825254][T11511] netlink: 'syz.1.2094': attribute type 10 has an invalid length.
[  250.827695][T11482] 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 Not tainted
[  250.827705][T11482] ------------------------------------------------------
[  250.827710][T11482] syz.0.2081/11482 is trying to acquire lock:
[  250.827718][T11482] ffff888113b2ef40 (&ocfs2_sysfile_lock_key[TRUNCATE_LOG_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_xattr_set+0xadd/0x11f0
[  250.827751][T11482] 
[  250.827751][T11482] but task is already holding lock:
[  250.827755][T11482] ffff888113b2b278 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[  250.827785][T11482] 
[  250.827785][T11482] which lock already depends on the new lock.
[  250.827785][T11482] 
[  250.827789][T11482] 
[  250.827789][T11482] the existing dependency chain (in reverse order) is:
[  250.827795][T11482] 
[  250.827795][T11482] -> #2 (&oi->ip_xattr_sem){++++}-{4:4}:
[  250.827814][T11482]        lock_acquire+0x120/0x360
[  250.827828][T11482]        down_read+0x46/0x2e0
[  250.827875][T11482]        ocfs2_init_acl+0x2f9/0x720
[  250.827888][T11482]        ocfs2_mknod+0x1321/0x2050
[  250.827900][T11482]        ocfs2_create+0x1a5/0x440
[  250.827910][T11482]        path_openat+0x14f4/0x3830
[  250.870719][T11482]        do_filp_open+0x1fa/0x410
[  250.872414][T11482]        do_sys_openat2+0x121/0x1c0
[  250.874169][T11482]        __x64_sys_openat+0x138/0x170
[  250.875961][T11482]        do_syscall_64+0xfa/0x3b0
[  250.877662][T11482]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.879804][T11482] 
[  250.879804][T11482] -> #1 (jbd2_handle){++++}-{0:0}:
[  250.882246][T11482]        lock_acquire+0x120/0x360
[  250.884169][T11482]        jbd2_journal_lock_updates+0xaa/0x360
[  250.886586][T11482]        __ocfs2_flush_truncate_log+0x2ba/0x10e0
[  250.889136][T11482]        ocfs2_flush_truncate_log+0x4f/0x70
[  250.891503][T11482]        ocfs2_sync_fs+0x116/0x310
[  250.893585][T11482]        sync_filesystem+0x1cf/0x230
[  250.895721][T11482]        generic_shutdown_super+0x6f/0x2c0
[  250.898098][T11482]        kill_block_super+0x44/0x90
[  250.900204][T11482]        deactivate_locked_super+0xbc/0x130
[  250.902616][T11482]        cleanup_mnt+0x425/0x4c0
[  250.904436][T11482]        task_work_run+0x1d4/0x260
[  250.906246][T11482]        exit_to_user_mode_loop+0xec/0x110
[  250.908612][T11482]        do_syscall_64+0x2bd/0x3b0
[  250.910680][T11482]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.913251][T11482] 
[  250.913251][T11482] -> #0 (&ocfs2_sysfile_lock_key[TRUNCATE_LOG_SYSTEM_INODE]){+.+.}-{4:4}:
[  250.917238][T11482]        validate_chain+0xb9b/0x2140
[  250.919367][T11482]        __lock_acquire+0xab9/0xd20
[  250.921505][T11482]        lock_acquire+0x120/0x360
[  250.923557][T11482]        down_write+0x96/0x1f0
[  250.925367][T11482]        ocfs2_xattr_set+0xadd/0x11f0
[  250.927550][T11482]        __vfs_setxattr+0x43c/0x480
[  250.929666][T11482]        __vfs_setxattr_noperm+0x12d/0x660
[  250.932041][T11482]        vfs_setxattr+0x16b/0x2f0
[  250.934072][T11482]        filename_setxattr+0x274/0x600
[  250.936269][T11482]        path_setxattrat+0x364/0x3a0
[  250.938425][T11482]        __x64_sys_setxattr+0xbc/0xe0
[  250.940582][T11482]        do_syscall_64+0xfa/0x3b0
[  250.942613][T11482]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.945184][T11482] 
[  250.945184][T11482] other info that might help us debug this:
[  250.945184][T11482] 
[  250.949241][T11482] Chain exists of:
[  250.949241][T11482]   &ocfs2_sysfile_lock_key[TRUNCATE_LOG_SYSTEM_INODE] --> jbd2_handle --> &oi->ip_xattr_sem
[  250.949241][T11482] 
[  250.955482][T11482]  Possible unsafe locking scenario:
[  250.955482][T11482] 
[  250.958390][T11482]        CPU0                    CPU1
[  250.960528][T11482]        ----                    ----
[  250.962686][T11482]   lock(&oi->ip_xattr_sem);
[  250.964536][T11482]                                lock(jbd2_handle);
[  250.967147][T11482]                                lock(&oi->ip_xattr_sem);
[  250.969965][T11482]   lock(&ocfs2_sysfile_lock_key[TRUNCATE_LOG_SYSTEM_INODE]);
[  250.972634][T11482] 
[  250.972634][T11482]  *** DEADLOCK ***
[  250.972634][T11482] 
[  250.975639][T11482] 3 locks held by syz.0.2081/11482:
[  250.977547][T11482]  #0: ffff888122278428 (sb_writers#27){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  250.981115][T11482]  #1: ffff888113b2b540 (&sb->s_type->i_mutex_key#36){+.+.}-{4:4}, at: vfs_setxattr+0x144/0x2f0
[  250.985015][T11482]  #2: ffff888113b2b278 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[  250.988835][T11482] 
[  250.988835][T11482] stack backtrace:
[  250.991263][T11482] CPU: 1 UID: 0 PID: 11482 Comm: syz.0.2081 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  250.991278][T11482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  250.991284][T11482] Call Trace:
[  250.991289][T11482]  <TASK>
[  250.991294][T11482]  dump_stack_lvl+0x189/0x250
[  250.991306][T11482]  ? __pfx_dump_stack_lvl+0x10/0x10
[  250.991313][T11482]  ? __pfx__printk+0x10/0x10
[  250.991324][T11482]  ? print_lock_name+0xde/0x100
[  250.991333][T11482]  print_circular_bug+0x2ee/0x310
[  250.991342][T11482]  check_noncircular+0x134/0x160
[  250.991351][T11482]  validate_chain+0xb9b/0x2140
[  250.991359][T11482]  ? look_up_lock_class+0x74/0x170
[  250.991368][T11482]  ? register_lock_class+0x51/0x320
[  250.991378][T11482]  __lock_acquire+0xab9/0xd20
[  250.991387][T11482]  ? ocfs2_xattr_set+0xadd/0x11f0
[  250.991395][T11482]  lock_acquire+0x120/0x360
[  250.991403][T11482]  ? ocfs2_xattr_set+0xadd/0x11f0
[  250.991411][T11482]  ? ocfs2_xattr_block_find+0x153/0x4c0
[  250.991420][T11482]  down_write+0x96/0x1f0
[  250.991426][T11482]  ? ocfs2_xattr_set+0xadd/0x11f0
[  250.991434][T11482]  ? __pfx_down_write+0x10/0x10
[  250.991443][T11482]  ? ocfs2_xattr_ibody_find+0xcb/0x7c0
[  250.991450][T11482]  ? ocfs2_xattr_set+0x334/0x11f0
[  250.991481][T11482]  ocfs2_xattr_set+0xadd/0x11f0
[  250.991492][T11482]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[  250.991499][T11482]  ? dput+0x37/0x2b0
[  250.991506][T11482]  ? dput+0x37/0x2b0
[  250.991512][T11482]  ? step_into+0x435/0xf30
[  250.991518][T11482]  ? step_into+0x435/0xf30
[  250.991527][T11482]  ? evm_protected_xattr_common+0x170/0x190
[  250.991536][T11482]  ? evm_protect_xattr+0x71d/0xa90
[  250.991543][T11482]  ? __pfx_ima_get_hash_algo+0x10/0x10
[  250.991550][T11482]  ? __pfx_evm_protect_xattr+0x10/0x10
[  250.991558][T11482]  ? __pfx_ocfs2_xattr_security_set+0x10/0x10
[  250.991566][T11482]  __vfs_setxattr+0x43c/0x480
[  250.991577][T11482]  __vfs_setxattr_noperm+0x12d/0x660
[  250.991589][T11482]  vfs_setxattr+0x16b/0x2f0
[  250.991599][T11482]  ? __pfx_vfs_setxattr+0x10/0x10
[  250.991607][T11482]  ? mnt_get_write_access+0x223/0x2a0
[  250.991616][T11482]  filename_setxattr+0x274/0x600
[  250.991626][T11482]  ? __pfx_filename_setxattr+0x10/0x10
[  250.991636][T11482]  ? getname_flags+0x1e5/0x540
[  250.991642][T11482]  path_setxattrat+0x364/0x3a0
[  250.991651][T11482]  ? __pfx_path_setxattrat+0x10/0x10
[  250.991657][T11482]  ? do_futex+0x395/0x420
[  250.991669][T11482]  ? rcu_is_watching+0x15/0xb0
[  250.991675][T11482]  __x64_sys_setxattr+0xbc/0xe0
[  250.991682][T11482]  do_syscall_64+0xfa/0x3b0
[  250.991691][T11482]  ? lockdep_hardirqs_on+0x9c/0x150
[  250.991698][T11482]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.991705][T11482]  ? exc_page_fault+0x9f/0xf0
[  250.991713][T11482]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  250.991720][T11482] RIP: 0033:0x7f12dcb8ebe9
[  250.991727][T11482] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  250.991734][T11482] RSP: 002b:00007f12dd971038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  250.991741][T11482] RAX: ffffffffffffffda RBX: 00007f12dcdb5fa0 RCX: 00007f12dcb8ebe9
[  250.991746][T11482] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100
[  250.991751][T11482] RBP: 00007f12dcc11e19 R08: 0000000000000000 R09: 0000000000000000
[  250.991755][T11482] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000
[  250.991759][T11482] R13: 00007f12dcdb6038 R14: 00007f12dcdb5fa0 R15: 00007ffc6cfd5aa8
[  250.991766][T11482]  </TASK>
[  250.992067][T11511] syz_tun: entered promiscuous mode
[  251.026147][   T33] audit: type=1800 audit(1755400756.925:54): pid=11513 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2081" name="file1" dev="loop0" ino=17058 res=0 errno=0
[  251.030449][T11511] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  251.039521][ T5848] ocfs2: Unmounting device (7,0) on (node local)
[  255.248686][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  255.251287][ T1365] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
03:19:16  Registers:
info registers vcpu 0

CPU#0
RAX=000000000000006e RBX=000000000000006e RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000001a1c7 RDI=000000000001a1c8 RBP=00000000000003f8 RSP=ffffc900048d67b0
R8 =ffff888107270237 R9 =1ffff11020e4e046 R10=dffffc0000000000 R11=ffffffff854efeb0
R12=dffffc0000000000 R13=ffffffff99af9909 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f02cbd466c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c37517a CR3=00000000279fc000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f02cb187498 00007f02cb187470 XMM03=00007f02cb1874a8 00007f02cb1874a0
XMM04=00007f02cbced100 00007f02cb187460 XMM05=00007f02cb187478 00007f02cb1874c0
XMM06=00007f02cb1874b8 00007f02cb1874b0 XMM07=00007f02cb1874a8 00007f02cb1874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f02cb012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81a023e5 RBX=ffffffff81a023a4 RCX=0000000000080000 RDX=ffffc90003d81000
RSI=000000000002550a RDI=000000000002550b RBP=ffffc9000490f130 RSP=ffffc9000490f020
R8 =0000000000000001 R9 =0000000000000000 R10=dffffc0000000000 R11=fffffbfff1c25c19
R12=dffffc0000000000 R13=1ffff92000921e08 R14=0000000000000000 R15=0000000000000020
RIP=ffffffff81a023d3 RFL=00000083 [--S---C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f12dd9716c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00002000000013c0 CR3=0000000028104000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ffffff0000000000 XMM01=0101010101010101 0101010000000000
XMM02=695f746e756f6d5f 7a79730032736667 XMM03=0000000000000000 ff00000000000000
XMM04=37b1e5855b06984c 002c6c63616f6e2c XMM05=0d3bdcbda93d0845 20402cc611223bd6
XMM06=8532f384721928d4 8852ba24cd4ed488 XMM07=3cf2d72011e9071e 6f64c7f29a34838b
XMM08=0000000000000000 00006df451d6fe61 XMM09=0000000000000000 00007f12dcc12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
