last executing test programs:

25.1551981s ago: executing program 2 (id=69):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000000), 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x5, 0x7ab0715dca68fed7, 0xfffffff7, {}, {}, {}, 0x4, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "b8ee0816756b62187804752330b2b55830d7228ef1593c0639bd084bba0bfd8db72f70e5b2e7f90e11cbc6ec61a03fc316d5d47970907af5fc4a27f6cf718909"}}, 0x80}}, 0x0)

24.882092536s ago: executing program 2 (id=70):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000900)="5c00000011006bcc9e3be35c6e17aa31076b876c3d0000007ea60864160af36514001ac00400020208000200030001f703000200eab556a705251e618294ff00568621467a0dc31675c551f60a84c9f4d4938037e786a6d00010000087", 0x5d}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x300)

24.881927214s ago: executing program 2 (id=71):
r0 = syz_open_procfs(0x0, &(0x7f00000002c0)='gid_map\x00')
read$FUSE(r0, &(0x7f0000000b40)={0x2020}, 0x2020)
lseek(r0, 0x1000000, 0x0)

24.867749674s ago: executing program 2 (id=72):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(r1, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f00000001c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x220)

24.781953837s ago: executing program 2 (id=73):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$sock_inet_tcp_SIOCATMARK(r0, 0x8905, &(0x7f0000000040))

24.590569273s ago: executing program 2 (id=74):
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f020048017f4e32f61bcdf1e422000000000100800000000000001000aadc28da3457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1)

24.488323346s ago: executing program 32 (id=74):
r0 = socket$netlink(0x10, 0x3, 0x4)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)="580000001400192340834b80043f679a10ff3d425f020048017f4e32f61bcdf1e422000000000100800000000000001000aadc28da3457e792945f64009400050028925aaa000000c600000000000000feff2c707f8f00ff", 0x58}], 0x1)

3.950961861s ago: executing program 0 (id=269):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x4, 0x0, 0x1, 0x78}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

3.886246507s ago: executing program 0 (id=270):
r0 = socket$netlink(0x10, 0x3, 0x9)
r1 = epoll_create1(0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000001700)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000007c0)='sched_switch\x00', r2}, 0x18)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240))
socket$inet6_mptcp(0xa, 0x1, 0x106)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)
epoll_pwait(r1, &(0x7f0000000080)=[{}], 0x1, 0x81, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000040)={0xe000200d})

2.768008238s ago: executing program 0 (id=281):
syz_usb_connect(0x3, 0x7f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000044d6b2099042510f69c0000000109026d0001022440020904c20004a2f8ab000524060000052400f5ff0d240f01080000000700008036042402050524060000052400ec000d240f01030000000600050081052401000309050904100000050f09058203ff03060c0309050a0607"], 0x0)

1.526042206s ago: executing program 0 (id=296):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x2018008, &(0x7f0000003b40)=ANY=[], 0x7, 0x2f4, &(0x7f0000000880)="$eJzs3U1PE1sYwPGnLxRaAsPi5t5cE8OJbnQzgepaaQwkxiYSpMaXxGSQqTYdWzLTYGqM6Mqt8UO4ICzZkShfgI073bhxx8bEhSyMYzqdodAOb6VQAv9fQubJnPNMz+kMyXMmzLB+792zYt7R80ZFon1KIiIiGyJDEpVAxN9GvTghW72Wy/0/v5y/c//BrUw2Oz6l1ERm+kpaKTU4/PH5y6TfbaVX1oYerf9If1/7d+3/9T/TTwuOKjiqVK4oQ82Uv1WMGctUswWnqCs1aZmGY6pCyTHtenu53p63ynNzVWWUZgdSc7bpOMooVVXRrKpKWVXsqoo9MQolpeu6GkgJ9pJbnJoyMm0m93V4MDgitp0xYiKSbGnJLXZlQAAAoKua6/+oqE7W/0sXViv9d5cH/fp/JRFW/1/9Wj/Wtvq/Vl2G1v/B54fW/8bB6v/WiuhsOVT9j5NhONGyK9IIa412xkj5v7+eNw+XRqTn2AYIAAAAAAAAAAAAAAAAAAAAAAAOZ8N1Ndd1tWDrxkXEdbVe/wFv198fkhoTketdGDI6qOX8+z/7OP84BRoP7sUHRay387n5XH3rd1gVEUtMGRFNfnvXg68WB08eqZoh+WQt+PkL87mY15LJS8HLHxWtR5rzXXfiZnZ8VNVtz++R1Nb8tGjyT3h+OjQ/IZcubsnXRZPPj6Uslsx642jkvxpV6sbtbFN+0usHAAAAAMBpoKtNoet3Xd+pvZ6/ub5uvj8Qa6yvR0LX53E5F+/u3AEAAAAAOCuc6ouiYVmmvUuQlL37tB/Ej+jIwQz3mxX8LcPRzXSXIPjwbU3BP9jo+NcSOcDXskMQlXayhmuzUYedRXDbaKc+Mjl2/GfQC/57/+FX5w54bblvj5m2H8R2vwB4OTAAAABwCjWK/mDPWHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGXQcb0fr9hwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk+JvAAAA///+mQDw")
mount$nfs(&(0x7f0000000100)='...', 0x0, 0x0, 0x0, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
quotactl$Q_GETQUOTA(0xffffffff80000701, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc0)

1.421731753s ago: executing program 0 (id=300):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000001000010429bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="2b030000000000002000128008000100677470001400028008000100", @ANYRES32=r1, @ANYBLOB="080002"], 0x40}}, 0x8080)
setsockopt$inet_udp_encap(r1, 0x11, 0x64, &(0x7f0000000040)=0x3, 0x4)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

1.368683601s ago: executing program 0 (id=304):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x28de, 0x1102, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xd0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x1, 0xf9, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x50}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000004c0)={0x2c, &(0x7f0000000300)={0x20, 0x9, 0x2a, {0x2a, 0xe, "1ddd9f0c201f552328ec17f302e56115f8d35ef3d4a4cdc0f8232a65bd2d1ee56de5aafd0e130e3e"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

487.742088ms ago: executing program 1 (id=322):
r0 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000), 0x4)
listen(r0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x50)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={r1, &(0x7f0000000400), &(0x7f00000004c0)=@tcp=r0}, 0x20)

268.903371ms ago: executing program 3 (id=323):
madvise(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x13)

268.721546ms ago: executing program 1 (id=324):
r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x40000000000c1, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0xa, 0x8, 0x34324152, 0x9, 0xa, [{0x9e90, 0x1}, {0x10001, 0xd}, {0x800, 0x4}, {0xfffffffd, 0x5}, {0xfffffff7, 0x9}, {0x69d2, 0x3fc4}, {0xf, 0x8}, {0x0, 0xfffffd9e}], 0x8, 0xe, 0x1, 0x1, 0x5}})

188.615384ms ago: executing program 1 (id=325):
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000040)={0x1d, r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x2000001, {0x0, 0x0, 0x0, r3, {0x1}, {0x9, 0x1b}, {0xfff2, 0x6}}}, 0x24}}, 0x40044)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x5, 0x8, 0x8, {}, {0x77359400}, {0x4, 0x0, 0x0, 0x1}, 0x1, @can={{0x3, 0x1, 0x1, 0x1}, 0x4, 0x3, 0x0, 0x0, "000000001000"}}, 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x240400c6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
close(0x3)

188.43659ms ago: executing program 3 (id=326):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0)
unshare(0x28000600)
fcntl$lock(r0, 0x6, &(0x7f0000000080)={0x0, 0x1, 0x6bd60be1, 0x7})
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00')
read$FUSE(r1, &(0x7f0000000040)={0x2020}, 0x2020)

140.298715ms ago: executing program 3 (id=327):
syz_emit_ethernet(0x6e, &(0x7f0000000000)={@local, @random="e19d74de7dc1", @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0400", 0x38, 0x6, 0x0, @remote, @local, {[], {{0xfffc, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xe, 0x0, 0xffff, 0x0, 0x6, {[@md5sig={0x1d, 0x12, "fb6ba0cd8f4e22c7624e2ada29619d18"}, @md5sig={0x13, 0x12, "3fb3be65a54fd336b0e78572bf7b439c"}]}}}}}}}}, 0x0)

140.057778ms ago: executing program 3 (id=328):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c)
listen(r0, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000580)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x0, 0x2f, 0x0, "6248bc9c8095fdfb8d639d954a0649542709e9baf27860bd22292b501f2c28d45a71ec3fa8539e7223c278d70126314aca030d71da9dcb99d1d087f250685685db59cf6de9c2a0496da59a4fcf3d9ceb"}, 0xd8)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000440)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}}}, 0x0, 0x0, 0x27, 0x0, "a58fc096f80633b333145c32b45013f5547000229e90bfdd2cbb775085438751fa41b217c492169b0cb51256adc3e5baedfa65fd3c4429b247e9dc51c16f89c5a42145bb09f23ab88b0bd564fd44893a"}, 0xd8)
writev(r1, &(0x7f0000000080)=[{&(0x7f0000000200)="a10100001400add427323b470c45b45602067fffffff81004e22000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffffe7ee00000000000000000200000000", 0x1a1}], 0x1)

71.111888ms ago: executing program 3 (id=329):
r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
bind$bt_sco(r0, &(0x7f0000000180), 0x8)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0)

69.553952ms ago: executing program 1 (id=330):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@ipv6_newrule={0x1c, 0x20, 0x1, 0x0, 0x0, {0xa, 0x0, 0x20, 0x40, 0x0, 0x0, 0x0, 0x3}}, 0x1c}, 0x1, 0x0, 0x0, 0x24040804}, 0x0)

69.34186ms ago: executing program 3 (id=331):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c6572726f72733d72656d6f756e742d726f2c61636c2c00a9b504852143b698d2e379891a0dde7f9adfca8cbec85bf8e749e04e"], 0x11, 0x443f, &(0x7f00000088c0)="$eJzs3c1PHOcdAOB3BlyD6w9wfXClSl2pllq1FQKf2mKpGGNjsKkrt7aqXtYLrG3ahbVgqXqwFHKzlFOkHKIcrETKjZPFIVfnT8glR+dsKTnkEimSFaLdnYWdYVds0C7EzvMcmJ33e/c3H+8chjdOVB4ureWW1nKFlVx54f7axdz/yqX15WKID0nL/o8dXv90phfHyVEfez9lt65c+8fdiyF8uvj5y+3t7e1Q1R9aGmv6/M3Xjxeatw1xpk613datdcu/Qwjn9oyrqi+E8K9PQohCCJeTtMlkOxhCOBXqeXcfv3Mv16XRPHtRvJR/Nfdka/zC7ObTrfbfPQrhg9Iv//hg+cvf9I1/8fsudQ8AAAAAAAAAAAAAAAAAwGtu+vatO38fHQvPo9C/Ge19X3c62bZ7P3a7a37d+y8LAAAAAAAAAAAAAAAAAAAAP1K77//norMt3v+fSrYTbepv/7VNxvHujpPemPnbramro2PJ+u/Rnvw/JUlfXe4Lwy3Wfc+u/345U7/1+u97+zmoxvga/Q6FKB7ZfmsnfyjE8chICB8lC7+fj07EpfJa5Q/3y+sri10bxmsrHf/66v2p6CQL+nca/8lM+71f//8Xe46m6v697h1ib7R0/Pvalvv47aij+F/J1DuM+HNw6fj319IGmwtM1C8A1fi/279//Kcy7fcq/qdDCLmoOtZc6gpQncNU09vNV0hLx/9YLS116Ux+yHbn/7eZ+F/NtN8u/me69g1aX/83sjciWkrH/2e1tIFUid3zfzje//y/lmn/KO7/1fFvuP93JB3/5KGtP1Wk9kt2ev2fzrTfq/jfiZNxno5SR8BmVE9v9//qSEvHf2BP/u7zX9zR/O96pv5hPf81+q09/zU9h/wuqj//0Vo6/oNty3V6/s9k6vX6+j9Rm/9xUOn4n6ilpefOQ7W/ncZ/NtN+r+Jfm5UMNOK/ez357ng9/UPzv46k4//zemLcXGKj9rc2/4v2n//fyLR/FPO/6vg34t72+qZIx/9k23LV+H/Wwf3/ZqZe7+Mfwqi5/oGl43+qbbna+T+wf/znMvV6Hf/f9rJxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNfAZLIdClE8ktqP45GREK4k++fDiWi+sJifL5UX/rsWwlSSngtnowel8nyhlF9aKS8W84VSqbwQwtUk/1wYiNZK5Up+ufDo2k5bg9HDYmG1Ml8sVEII00n6r8KpRlvzS5XlwqMQwvWdvDNxefXRw8JKfnFp9S+jo6OjYWZnDMNR8f+V4kql3ns9N4TZnbpDUdPgatk3dsZyMvpPeX11pVCqpd9sqlMqLxRKTXXmkrz3wnBUWV1fWShUivlS+UGjv6M0kWynZm7/8/bNsT3596L6dvJwhwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAD/R8/M/vhxD663txCGGi8SFqVf7Zi+Kl/Ku5J1vjF2Y3n269bFcOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB7duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBLxygRA1EYgN+Mhdp5DKuQdLYJimhhRPAEegwPE4/iJbyDhYWthQhmBjTuQprd6vuaB/l5eT8kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsc3k33t+2XUSKo6/DiJfH17ff+XWZ0zDPvNg/2FNPduPqZjy/aLvy3dO//Kw8eu/zT/r58fQQG2b1PPzdX/5Ps3rneGuvaVjXv/ard08i5SYi+pKfppybZt27AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhmBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86ir4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//78SIGU=")
setxattr$trusted_overlay_origin(&(0x7f0000000240)='.\x00', &(0x7f0000000000), 0x0, 0x0, 0x0)

651.669µs ago: executing program 1 (id=332):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=@ipv4_newrule={0x2c, 0x1e, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7}, [@FRA_DST={0x8, 0x1, @empty}, @FRA_GENERIC_POLICY=@FRA_SUPPRESS_IFGROUP={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2}, 0x0)

0s ago: executing program 1 (id=333):
r0 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$inet(r0, &(0x7f0000000b00)={&(0x7f0000000340)={0x2, 0x4e20, @private=0xa010100}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000740)='!', 0x1}], 0x1}, 0x54)
sendmsg$inet(r0, &(0x7f0000000280)={&(0x7f0000000140)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000200)=[{&(0x7f0000000180)='W', 0x1}], 0x1}, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d0002847ea622fb564500004e23e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:49439' (ED25519) to the list of known hosts.
syzkaller login: [   47.590933][ T5772] cgroup: Unknown subsys name 'net'
[   47.740004][ T5772] cgroup: Unknown subsys name 'cpuset'
[   47.748687][ T5772] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   49.229843][ T5772] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.613031][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.617152][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.619750][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.622558][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.625668][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.733390][ T5234] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.737012][ T5234] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.740288][ T5234] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.743127][ T5234] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.746427][ T5234] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.758576][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.766020][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.769548][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.772424][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.777229][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.785000][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   53.895713][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   53.898546][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   53.902057][ T5840] bridge_slave_0: entered allmulticast mode
[   53.906288][ T5840] bridge_slave_0: entered promiscuous mode
[   53.913059][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   53.916295][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   53.919390][ T5840] bridge_slave_1: entered allmulticast mode
[   53.923076][ T5840] bridge_slave_1: entered promiscuous mode
[   53.973728][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   53.983974][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.014470][ T5840] team0: Port device team_slave_0 added
[   54.019418][ T5840] team0: Port device team_slave_1 added
[   54.046918][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.049185][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.058219][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.072140][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.074698][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.083898][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.184740][ T5840] hsr_slave_0: entered promiscuous mode
[   54.187451][ T5840] hsr_slave_1: entered promiscuous mode
[   54.190027][ T5848] chnl_net:caif_netlink_parms(): no params data found
[   54.226245][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   54.355041][ T5848] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.358394][ T5848] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.361487][ T5848] bridge_slave_0: entered allmulticast mode
[   54.365399][ T5848] bridge_slave_0: entered promiscuous mode
[   54.400371][ T5848] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.402821][ T5848] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.405203][ T5848] bridge_slave_1: entered allmulticast mode
[   54.409364][ T5848] bridge_slave_1: entered promiscuous mode
[   54.420825][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.423822][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.429367][ T5850] bridge_slave_0: entered allmulticast mode
[   54.433232][ T5850] bridge_slave_0: entered promiscuous mode
[   54.437849][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.440862][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.443837][ T5850] bridge_slave_1: entered allmulticast mode
[   54.447486][ T5850] bridge_slave_1: entered promiscuous mode
[   54.504280][ T5848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.513201][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.518572][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.530941][ T5848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.578310][ T5848] team0: Port device team_slave_0 added
[   54.581799][ T5850] team0: Port device team_slave_0 added
[   54.585309][ T5848] team0: Port device team_slave_1 added
[   54.599013][ T5850] team0: Port device team_slave_1 added
[   54.648402][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.653761][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.664719][ T5848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.671698][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.674015][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.683578][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.689855][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.692724][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.703489][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.707837][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   54.713968][ T5848] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.716709][ T5848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.725950][ T5848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.730782][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   54.750560][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   54.756390][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   54.798364][ T5850] hsr_slave_0: entered promiscuous mode
[   54.800882][ T5850] hsr_slave_1: entered promiscuous mode
[   54.803066][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   54.805011][ T5850] Cannot create hsr debugfs directory
[   54.828244][ T5848] hsr_slave_0: entered promiscuous mode
[   54.831470][ T5848] hsr_slave_1: entered promiscuous mode
[   54.834366][ T5848] debugfs: 'hsr0' already exists in 'hsr'
[   54.837094][ T5848] Cannot create hsr debugfs directory
[   55.041646][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.054562][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.064159][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.080261][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.087871][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.133161][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   55.151863][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.154877][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.160980][ T5848] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   55.174217][ T5848] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   55.183065][ T1088] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.186059][ T1088] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.191945][ T5848] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   55.209907][ T5848] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   55.301972][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.332640][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   55.359039][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.361798][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.375100][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.378148][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.407523][ T5850] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   55.411604][ T5850] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   55.427777][ T5848] 8021q: adding VLAN 0 to HW filter on device bond0
[   55.461267][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.467518][ T5848] 8021q: adding VLAN 0 to HW filter on device team0
[   55.481717][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.483994][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   55.489496][   T27] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.491894][   T27] bridge0: port 2(bridge_slave_1) entered forwarding state
[   55.529648][ T5840] veth0_vlan: entered promiscuous mode
[   55.544709][ T5840] veth1_vlan: entered promiscuous mode
[   55.570508][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.590793][ T5840] veth0_macvtap: entered promiscuous mode
[   55.596980][ T5840] veth1_macvtap: entered promiscuous mode
[   55.612129][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.624884][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.634394][ T5850] veth0_vlan: entered promiscuous mode
[   55.641257][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.653171][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.657390][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.660294][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.665295][ T5850] veth1_vlan: entered promiscuous mode
[   55.676990][   T55] Bluetooth: hci0: command tx timeout
[   55.695247][ T5848] 8021q: adding VLAN 0 to HW filter on device batadv0
[   55.731468][ T5850] veth0_macvtap: entered promiscuous mode
[   55.735370][ T5850] veth1_macvtap: entered promiscuous mode
[   55.743837][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.750841][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.756142][   T55] Bluetooth: hci1: command tx timeout
[   55.790805][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   55.804580][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   55.807148][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   55.808914][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   55.832001][ T5848] veth0_vlan: entered promiscuous mode
[   55.835784][   T55] Bluetooth: hci2: command tx timeout
[   55.838547][ T5859] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   55.851510][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   55.860855][ T5840] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   55.869217][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   55.876882][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   55.883465][ T5848] veth1_vlan: entered promiscuous mode
[   55.978287][ T5848] veth0_macvtap: entered promiscuous mode
[   55.995093][   T27] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.001240][   T27] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.011363][ T5848] veth1_macvtap: entered promiscuous mode
[   56.050707][   T27] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.062785][   T27] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.069721][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.093365][ T5848] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.112008][ T5859] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.120060][ T5859] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.141632][ T5859] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.155287][ T5859] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.217253][   T33] audit: type=1326 audit(1755270749.409:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5912 comm="syz.1.5" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   56.249595][   T33] audit: type=1326 audit(1755270749.429:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5912 comm="syz.1.5" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   56.282926][   T33] audit: type=1326 audit(1755270749.449:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5912 comm="syz.1.5" exe="/syz-executor" sig=0 arch=c000003e syscall=68 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   56.309908][   T33] audit: type=1326 audit(1755270749.449:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5912 comm="syz.1.5" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   56.326231][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.329826][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.341078][   T33] audit: type=1326 audit(1755270749.449:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5912 comm="syz.1.5" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   56.373412][   T33] audit: type=1326 audit(1755270749.449:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5912 comm="syz.1.5" exe="/syz-executor" sig=0 arch=c000003e syscall=69 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   56.377008][ T5909] loop0: detected capacity change from 0 to 32768
[   56.393402][ T5909] =======================================================
[   56.393402][ T5909] WARNING: The mand mount option has been deprecated and
[   56.393402][ T5909]          and is ignored by this kernel. Remove the mand
[   56.393402][ T5909]          option from the mount to silence this warning.
[   56.393402][ T5909] =======================================================
[   56.396571][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.413753][   T33] audit: type=1326 audit(1755270749.449:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5912 comm="syz.1.5" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   56.435298][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.440328][   T33] audit: type=1326 audit(1755270749.449:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5912 comm="syz.1.5" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   56.463505][   T33] audit: type=1326 audit(1755270749.459:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5912 comm="syz.1.5" exe="/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   56.480123][   T33] audit: type=1326 audit(1755270749.459:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5912 comm="syz.1.5" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   56.501554][ T5909] XFS (loop0): invalid log iosize: 1 [not 12-30]
[   57.122191][ T5943] loop2: detected capacity change from 0 to 4096
[   57.127464][ T5943] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[   57.145727][  T971] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   57.150491][ T5943] ntfs3(loop2): ino=1a, mi_enum_attr
[   57.152899][ T5943] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[   57.174587][ T5935] loop0: detected capacity change from 0 to 32768
[   57.185102][ T5935] (syz.0.13,5935,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   57.193213][ T5935] (syz.0.13,5935,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   57.204272][ T5943] ntfs3(loop2): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ntfs_sync_inode failed, -22.
[   57.221935][ T5935] JBD2: Ignoring recovery information on journal
[   57.249665][ T1088] ntfs3(loop2): ino=1e, ntfs3_write_inode failed, -22.
[   57.279778][ T5935] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   57.314339][ T5947] loop2: detected capacity change from 0 to 16
[   57.325850][  T971] usb 2-1: Using ep0 maxpacket: 16
[   57.330398][  T971] usb 2-1: config 0 has an invalid interface number: 63 but max is 0
[   57.333471][  T971] usb 2-1: config 0 has no interface number 0
[   57.338176][ T5947] erofs (device loop2): mounted with root inode @ nid 36.
[   57.341690][  T971] usb 2-1: config 0 interface 63 altsetting 150 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   57.345263][  T971] usb 2-1: config 0 interface 63 altsetting 150 endpoint 0x81 has invalid wMaxPacketSize 0
[   57.359737][  T971] usb 2-1: config 0 interface 63 altsetting 150 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   57.389459][  T971] usb 2-1: config 0 interface 63 has no altsetting 0
[   57.391745][  T971] usb 2-1: New USB device found, idVendor=28bd, idProduct=0909, bcdDevice= 0.00
[   57.394663][  T971] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   57.412826][ T5840] ocfs2: Unmounting device (7,0) on (node local)
[   57.416968][  T971] usb 2-1: config 0 descriptor??
[   57.531182][ T5949] io-wq is not configured for unbound workers
[   57.636992][ T5957] loop2: detected capacity change from 0 to 4096
[   57.647096][ T5957] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[   57.669946][ T5957] ntfs3(loop2): ino=1a, mi_enum_attr
[   57.672128][ T5957] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[   57.755692][   T55] Bluetooth: hci0: command tx timeout
[   57.834340][  T971] uclogic 0003:28BD:0909.0001: interface is invalid, ignoring
[   57.835668][   T55] Bluetooth: hci1: command tx timeout
[   57.906123][ T5904] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   57.916006][   T55] Bluetooth: hci2: command tx timeout
[   58.044852][ T5894] usb 2-1: USB disconnect, device number 2
[   58.055810][ T5904] usb 1-1: Using ep0 maxpacket: 16
[   58.062235][ T5904] usb 1-1: unable to get BOS descriptor or descriptor too short
[   58.067090][ T5904] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   58.071500][ T5904] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[   58.075388][ T5904] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   58.082153][ T5904] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   58.088110][ T5904] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[   58.092090][ T5904] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   58.098464][ T5904] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   58.102749][ T5904] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[   58.106694][ T5904] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   58.115577][ T5904] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   58.119313][ T5904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.122545][ T5904] usb 1-1: Product: syz
[   58.124037][ T5904] usb 1-1: Manufacturer: syz
[   58.125851][ T5904] usb 1-1: SerialNumber: syz
[   58.340491][ T5904] usb 1-1: USB disconnect, device number 2
[   58.622846][ T5973] loop1: detected capacity change from 0 to 2048
[   58.639152][ T5844] udevd[5844]: incorrect nilfs2 checksum on /dev/loop1
[   58.647863][ T5973] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[   58.657419][ T5973] NILFS (loop1): too large checkpoint size: 1741 bytes
[   58.660536][ T5973] NILFS (loop1): error -22 while loading super root
[   59.274503][ T5984] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   59.846643][   T55] Bluetooth: hci0: command tx timeout
[   59.889571][ T6016] netlink: 4 bytes leftover after parsing attributes in process `syz.1.48'.
[   59.898776][ T6016] Zero length message leads to an empty skb
[   59.915597][   T55] Bluetooth: hci1: command tx timeout
[   59.988265][ T6018] process 'syz.2.47' launched './file0' with NULL argv: empty string added
[   60.065505][   T55] Bluetooth: hci2: command tx timeout
[   60.445905][ T6034] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   60.547110][ T6036] loop1: detected capacity change from 0 to 8192
[   60.619953][ T6030] loop0: detected capacity change from 0 to 32768
[   60.637034][ T6030] XFS (loop0): Mounting V5 Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b
[   60.664645][ T6046] loop1: detected capacity change from 0 to 64
[   60.674566][ T6030] XFS (loop0): Ending clean mount
[   60.767211][ T5840] XFS (loop0): Unmounting Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b
[   60.893059][ T6055] loop2: detected capacity change from 0 to 512
[   60.909720][ T6055] EXT4-fs: EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31
[   61.261079][ T6073] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci2/hci2:200/input4
[   61.639461][ T5858] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.712809][ T5858] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.798990][ T5858] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.898065][ T5858] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   61.915753][   T55] Bluetooth: hci0: command tx timeout
[   61.937110][ T6081] loop1: detected capacity change from 0 to 1024
[   61.941240][ T6081] EXT4-fs: Ignoring removed i_version option
[   61.943793][ T6081] EXT4-fs: inline encryption not supported
[   61.950605][ T6081] EXT4-fs (loop1): Test dummy encryption mode enabled
[   61.953654][ T6081] EXT4-fs (loop1): stripe (8) is not aligned with cluster size (16), stripe is disabled
[   61.972438][ T6081] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #4: comm syz.1.76: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[   61.981154][ T6081] EXT4-fs error (device loop1): ext4_quota_enable:7127: comm syz.1.76: Bad quota inode: 4, type: 1
[   61.986679][ T6081] EXT4-fs warning (device loop1): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   61.993586][ T6081] EXT4-fs (loop1): mount failed
[   62.028189][ T6085] netlink: 12 bytes leftover after parsing attributes in process `syz.0.77'.
[   62.077402][   T55] Bluetooth: hci2: command tx timeout
[   62.183459][ T5858] bridge_slave_1: left allmulticast mode
[   62.207601][ T5858] bridge_slave_1: left promiscuous mode
[   62.210513][ T5858] bridge0: port 2(bridge_slave_1) entered disabled state
[   62.249749][ T5858] bridge_slave_0: left allmulticast mode
[   62.252084][ T5858] bridge_slave_0: left promiscuous mode
[   62.254503][ T5858] bridge0: port 1(bridge_slave_0) entered disabled state
[   62.271485][ T5234] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   62.276996][ T5234] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   62.280508][ T5234] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   62.284928][ T5234] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   62.290157][ T5234] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   62.474538][ T6089] loop0: detected capacity change from 0 to 32768
[   62.486563][ T6089] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   62.520689][ T6089] XFS (loop0): Ending clean mount
[   62.548232][ T6089] XFS (loop0): Quotacheck needed: Please wait.
[   62.551198][ T5858] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   62.560333][ T5858] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   62.565233][ T5858] bond0 (unregistering): Released all slaves
[   62.574170][ T6089] XFS (loop0): Quotacheck: Done.
[   62.579814][ T6092] netlink: 10 bytes leftover after parsing attributes in process `syz.1.80'.
[   62.617536][   T33] kauditd_printk_skb: 1 callbacks suppressed
[   62.617548][   T33] audit: type=1800 audit(1755270755.799:13): pid=6089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.79" name="file2" dev="loop0" ino=9287 res=0 errno=0
[   62.793367][ T5840] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   63.058426][ T6120] geneve2: entered promiscuous mode
[   63.078579][ T6124] loop1: detected capacity change from 0 to 512
[   63.161417][ T6126] loop0: detected capacity change from 0 to 2048
[   63.167759][ T5858] hsr_slave_0: left promiscuous mode
[   63.170348][ T5858] hsr_slave_1: left promiscuous mode
[   63.172817][ T5858] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   63.180542][ T5858] batman_adv: batadv0: Removing interface: batadv_slave_0
[   63.184312][ T5858] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   63.189882][ T5858] batman_adv: batadv0: Removing interface: batadv_slave_1
[   63.197681][ T5844]  loop0: p3 < > p4 < >
[   63.199361][ T5844] loop0: partition table partially beyond EOD, truncated
[   63.202231][ T5844] loop0: p3 start 4284289 is beyond EOD, truncated
[   63.213357][ T5858] veth1_macvtap: left promiscuous mode
[   63.218160][ T5858] veth0_macvtap: left promiscuous mode
[   63.220100][ T6126]  loop0: p3 < > p4 < >
[   63.220378][ T5858] veth1_vlan: left promiscuous mode
[   63.221596][ T6126] loop0: partition table partially beyond EOD, truncated
[   63.223602][ T5858] veth0_vlan: left promiscuous mode
[   63.233109][ T6126] loop0: p3 start 4284289 is beyond EOD, truncated
[   63.805313][ T6137] loop1: detected capacity change from 0 to 2048
[   63.822047][ T6137] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[   63.848390][ T6138] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   64.213385][ T5858] team0 (unregistering): Port device team_slave_1 removed
[   64.239633][ T5858] team0 (unregistering): Port device team_slave_0 removed
[   64.355546][   T55] Bluetooth: hci1: command tx timeout
[   64.359746][ T6148] loop1: detected capacity change from 0 to 32768
[   64.365979][ T6148] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.93 (6148)
[   64.382146][ T6148] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   64.385379][ T6148] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[   64.388159][ T6148] BTRFS info (device loop1): disk space caching is enabled
[   64.390884][ T6148] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   64.514307][ T6148] BTRFS info (device loop1): rebuilding free space tree
[   64.558185][ T6148] BTRFS info (device loop1): disabling free space tree
[   64.561115][ T6148] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   64.565808][ T6148] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   64.619927][ T6148] Bluetooth: MGMT ver 1.23
[   64.631889][ T6093] chnl_net:caif_netlink_parms(): no params data found
[   64.738068][ T6168] btrfs: Unknown parameter '18446744073709551615@LqE: 艞t}0$'
[   64.961403][ T6093] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.975034][ T6093] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.993583][ T6093] bridge_slave_0: entered allmulticast mode
[   65.009566][ T6093] bridge_slave_0: entered promiscuous mode
[   65.033087][ T6093] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.096500][ T6093] bridge0: port 2(bridge_slave_1) entered disabled state
[   65.102319][ T6093] bridge_slave_1: entered allmulticast mode
[   65.113537][ T6093] bridge_slave_1: entered promiscuous mode
[   65.211943][ T6093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   65.222584][ T6093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   65.239121][ T5850] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   65.280056][ T6093] team0: Port device team_slave_0 added
[   65.298377][ T6093] team0: Port device team_slave_1 added
[   65.430187][ T6093] batman_adv: batadv0: Adding interface: batadv_slave_0
[   65.441138][ T6093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.475508][ T6093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   65.486172][ T6093] batman_adv: batadv0: Adding interface: batadv_slave_1
[   65.489066][ T6093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   65.510716][ T6093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   65.592670][ T6093] hsr_slave_0: entered promiscuous mode
[   65.600404][ T6093] hsr_slave_1: entered promiscuous mode
[   65.603421][ T6093] debugfs: 'hsr0' already exists in 'hsr'
[   65.610753][ T6093] Cannot create hsr debugfs directory
[   65.736070][ T5905] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   65.763044][ T6190] loop1: detected capacity change from 0 to 32768
[   65.792006][ T6190] syz.1.98: attempt to access beyond end of device
[   65.792006][ T6190] loop1: rw=2049, sector=4680032, nr_sectors = 8 limit=32768
[   65.852166][  T115] blkno = 8ed2c, nblocks = 1
[   65.853986][  T115] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[   65.853986][  T115] 
[   65.863433][  T115] ERROR: (device loop1): remounting filesystem as read-only
[   65.885945][ T5905] usb 1-1: Using ep0 maxpacket: 8
[   65.891923][ T5905] usb 1-1: config 0 has an invalid interface number: 176 but max is 2
[   65.896353][ T5905] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   65.911523][ T5905] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[   65.916734][ T5905] usb 1-1: config 0 has no interface number 0
[   65.919303][ T5905] usb 1-1: config 0 has no interface number 1
[   65.921890][ T5905] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[   65.934339][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.952863][ T5905] usb 1-1: config 0 descriptor??
[   65.968898][ T5905] usb 1-1: unknown number of interfaces: 2
[   65.970062][ T6093] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   65.983999][ T6093] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   65.998825][ T6093] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   66.008652][ T6093] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   66.168201][ T6093] 8021q: adding VLAN 0 to HW filter on device bond0
[   66.177701][   T10] usb 1-1: USB disconnect, device number 3
[   66.194619][ T6093] 8021q: adding VLAN 0 to HW filter on device team0
[   66.206576][ T1096] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.209592][ T1096] bridge0: port 1(bridge_slave_0) entered forwarding state
[   66.224156][ T1096] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.227315][ T1096] bridge0: port 2(bridge_slave_1) entered forwarding state
[   66.361213][  T971] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   66.395632][   T55] Bluetooth: hci1: command tx timeout
[   66.424997][ T6093] 8021q: adding VLAN 0 to HW filter on device batadv0
[   66.463114][ T6093] veth0_vlan: entered promiscuous mode
[   66.471735][ T6093] veth1_vlan: entered promiscuous mode
[   66.500098][ T6093] veth0_macvtap: entered promiscuous mode
[   66.506736][ T6093] veth1_macvtap: entered promiscuous mode
[   66.521040][  T971] usb 2-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.05
[   66.524603][  T971] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   66.534442][ T6093] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.539590][  T971] usb 2-1: Product: syz
[   66.541401][  T971] usb 2-1: Manufacturer: syz
[   66.543243][  T971] usb 2-1: SerialNumber: syz
[   66.550121][ T6093] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.560903][  T971] usb 2-1: config 0 descriptor??
[   66.571810][  T971] go7007 2-1:0.0: probe with driver go7007 failed with error -12
[   66.581290][ T6116] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.584776][ T6116] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.602117][ T6116] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.610458][ T6116] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.666450][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.670633][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.686110][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.688753][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.792745][  T971] usb 2-1: USB disconnect, device number 3
[   67.583081][ T6268] loop3: detected capacity change from 0 to 2048
[   67.591687][ T6268] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   67.610273][ T6268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.114'.
[   67.614270][ T6268] netlink: 8 bytes leftover after parsing attributes in process `syz.3.114'.
[   67.663395][ T6272] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[   67.893739][   T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   68.044524][ T6290] loop0: detected capacity change from 0 to 256
[   68.063836][   T10] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[   68.075882][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   68.079958][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   68.083426][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[   68.090883][   T10] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[   68.094371][   T10] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[   68.097947][   T10] usb 2-1: Manufacturer: syz
[   68.101598][   T10] usb 2-1: config 0 descriptor??
[   68.486043][   T55] Bluetooth: hci1: command tx timeout
[   68.488721][ T5905] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   68.521608][   T10] appleir 0003:05AC:8243.0002: unknown main item tag 0x0
[   68.545942][   T10] appleir 0003:05AC:8243.0002: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[   68.665485][ T5905] usb 1-1: Using ep0 maxpacket: 8
[   68.675370][ T5905] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   68.681768][ T5905] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   68.684783][ T5905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.700352][ T5905] usb 1-1: config 0 descriptor??
[   68.708121][ T5905] iowarrior 1-1:0.0: no interrupt-in endpoint found
[   69.045625][ T5905] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   69.217997][ T5905] usb 4-1: Using ep0 maxpacket: 32
[   69.224155][ T5905] usb 4-1: unable to get BOS descriptor or descriptor too short
[   69.230283][ T5905] usb 4-1: config 6 has an invalid interface number: 115 but max is 0
[   69.233799][ T5905] usb 4-1: config 6 has no interface number 0
[   69.241897][ T5905] usb 4-1: config 6 interface 115 has no altsetting 0
[   69.246484][ T5905] usb 4-1: language id specifier not provided by device, defaulting to English
[   69.253123][ T5905] usb 4-1: New USB device found, idVendor=12d1, idProduct=c256, bcdDevice=35.82
[   69.258965][ T5905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   69.262364][ T5905] usb 4-1: Product: syz
[   69.264149][ T5905] usb 4-1: SerialNumber: syz
[   69.495363][ T5905] option 4-1:6.115: GSM modem (1-port) converter detected
[   69.511749][ T5905] usb 4-1: USB disconnect, device number 2
[   69.523528][ T5905] option 4-1:6.115: device disconnected
[   70.280866][ T6335] loop3: detected capacity change from 0 to 32768
[   70.416134][ T6335] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   70.416154][ T6335]   allowing incompatible features above 0.0: (unknown version)
[   70.416161][ T6335]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   70.434376][ T6335] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[   70.438365][ T6335] bcachefs (loop3): initializing new filesystem
[   70.449035][ T6335] bcachefs (loop3): going read-write
[   70.466613][ T6335] bcachefs (loop3): marking superblocks
[   70.479424][ T6335] bcachefs (loop3): initializing freespace
[   70.485078][ T6335] bcachefs (loop3): done initializing freespace
[   70.490628][ T6335] bcachefs (loop3): reading snapshots table
[   70.493057][ T6335] bcachefs (loop3): reading snapshots done
[   70.520693][ T6335] bcachefs (loop3): done starting filesystem
[   70.565877][   T55] Bluetooth: hci1: command tx timeout
[   70.640254][ T6335] syz.3.138 (6335) used greatest stack depth: 16824 bytes left
[   70.712118][ T1273] usb 2-1: USB disconnect, device number 4
[   71.121350][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[   71.124263][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[   71.158253][  T971] usb 1-1: USB disconnect, device number 4
[   71.366713][ T6093] bcachefs (loop3): shutting down
[   71.369159][ T6093] bcachefs (loop3): going read-only
[   71.371564][ T6093] bcachefs (loop3): finished waiting for writes to stop
[   71.397340][ T6093] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[   71.439371][ T6355] netlink: 52 bytes leftover after parsing attributes in process `syz.1.142'.
[   71.460963][ T6093] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[   71.466937][ T6093] bcachefs (loop3): clean shutdown complete, journal seq 4
[   71.470541][ T6093] bcachefs (loop3): marking filesystem clean
[   71.536550][ T6093] bcachefs (loop3): shutdown complete
[   71.621389][ T6363] capability: warning: `syz.1.148' uses deprecated v2 capabilities in a way that may be insecure
[   71.677313][ T6365] binder: BINDER_SET_CONTEXT_MGR already set
[   71.680054][ T6365] binder: 6364:6365 ioctl 4018620d 200000000040 returned -16
[   71.937591][ T6379] block nbd0: server does not support multiple connections per device.
[   71.944241][ T6379] block nbd0: shutting down sockets
[   71.971657][ T6375] loop0: detected capacity change from 0 to 40427
[   71.983749][ T6375] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   71.994938][ T6375] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   72.001745][ T6375] F2FS-fs (loop0): invalid crc value
[   72.039098][ T6375] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   72.046296][ T6375] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   72.048696][ T6375] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   72.264862][ T6389] loop1: detected capacity change from 0 to 32768
[   72.289438][ T6389] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section journal: journal bucket 128 past end of device (nbuckets 128)
[   72.289438][ T6389] journal (size 32):
[   72.289438][ T6389] Buckets:  9 7 128
[   72.289438][ T6389] 
[   72.320509][ T6389] bcachefs: bch2_fs_get_tree() error: invalid_sb_journal
[   72.538576][ T6395] loop0: detected capacity change from 0 to 128
[   72.902363][ T6402] delete_channel: no stack
[   73.754522][ T6427] loop1: detected capacity change from 0 to 4096
[   73.788469][ T6427] NILFS (loop1): mounting unchecked fs
[   73.808367][ T6427] NILFS (loop1): recovery required for readonly filesystem
[   73.826905][ T6427] NILFS (loop1): write access will be enabled during recovery
[   73.858649][ T6427] NILFS (loop1): invalid segment: Checksum error in super root
[   73.871770][ T6427] NILFS (loop1): error -22 while loading super root
[   74.176780][ T6441] netlink: 2048 bytes leftover after parsing attributes in process `syz.1.176'.
[   74.189323][ T6441] netlink: 4 bytes leftover after parsing attributes in process `syz.1.176'.
[   74.625539][ T5883] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   74.775531][ T5883] usb 4-1: Using ep0 maxpacket: 8
[   74.779570][ T5883] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[   74.782448][ T5883] usb 4-1: config 179 has no interface number 0
[   74.784949][ T5883] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[   74.788630][ T5883] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[   74.792724][ T5883] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   74.798297][ T5883] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[   74.802635][ T5883] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[   74.807421][ T5883] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[   74.810496][ T5883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.816202][ T6457] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   74.905546][  T971] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[   75.034077][ T5883] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input5
[   75.060679][  T971] usb 1-1: unable to read config index 0 descriptor/start: -71
[   75.066466][  T971] usb 1-1: can't read configurations, error -71
[   75.225263][ T5894] usb 4-1: USB disconnect, device number 3
[   75.225272][    C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   75.231359][    C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[   75.345654][ T5883] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   75.498504][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[   75.502422][ T5883] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[   75.508989][ T5883] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[   75.512668][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.516524][ T5883] usb 2-1: Product: syz
[   75.518328][ T5883] usb 2-1: Manufacturer: syz
[   75.520208][ T5883] usb 2-1: SerialNumber: syz
[   75.524322][ T5883] usb 2-1: config 0 descriptor??
[   75.529606][ T5883] iguanair 2-1:0.0: probe with driver iguanair failed with error -12
[   75.592693][ T6470] netlink: 44 bytes leftover after parsing attributes in process `syz.0.190'.
[   75.752888][ T5894] usb 2-1: USB disconnect, device number 5
[   76.257627][ T5883] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   76.319142][  T971] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[   76.425734][ T5883] usb 4-1: Using ep0 maxpacket: 32
[   76.431766][ T5883] usb 4-1: unable to get BOS descriptor or descriptor too short
[   76.436112][ T5883] usb 4-1: config 117 has an invalid interface number: 249 but max is 0
[   76.439416][ T5883] usb 4-1: config 117 has no interface number 0
[   76.441962][ T5883] usb 4-1: config 117 interface 249 altsetting 99 endpoint 0xF has an invalid bInterval 0, changing to 7
[   76.447872][ T5883] usb 4-1: config 117 interface 249 altsetting 99 endpoint 0xF has invalid maxpacket 42073, setting to 1024
[   76.452381][ T5883] usb 4-1: config 117 interface 249 has no altsetting 0
[   76.457241][ T5883] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=d5.d1
[   76.460945][ T5883] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   76.464792][ T5883] usb 4-1: Product: syz
[   76.468226][ T5883] usb 4-1: Manufacturer: syz
[   76.470017][ T5883] usb 4-1: SerialNumber: syz
[   76.479722][ T6493] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   76.563761][  T971] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[   76.571432][  T971] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.723061][  T971] usb 1-1: config 0 descriptor??
[   76.752665][  T971] gspca_main: cpia1-2.14.0 probing 0813:0001
[   76.900975][ T5883] ati_remote 4-1:117.249: ati_remote_probe: Unexpected endpoint_in
[   76.907395][ T5883] usb 4-1: USB disconnect, device number 4
[   76.937702][  T971] gspca_cpia1: usb_control_msg 05, error -71
[   76.941295][  T971] gspca_cpia1: usb_control_msg 01, error -71
[   76.945111][  T971] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0)
[   76.953187][  T971] usb 1-1: USB disconnect, device number 7
[   77.489567][ T6510] 8021q: adding VLAN 0 to HW filter on device bond1
[   77.501030][ T6514] loop3: detected capacity change from 0 to 512
[   77.508831][ T6514] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[   77.518867][ T6514] EXT4-fs (loop3): can't mount with commit=, fs mounted w/o journal
[   77.523870][ T6515] overlayfs: failed to clone upperpath
[   77.785532][ T5904] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   77.948340][ T5904] usb 4-1: Using ep0 maxpacket: 16
[   77.952851][ T5904] usb 4-1: config 1 has an invalid descriptor of length 189, skipping remainder of the config
[   77.956649][ T5904] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18
[   77.976051][ T5904] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice=f1.40
[   77.979645][ T5904] usb 4-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[   77.983498][ T5904] usb 4-1: Product: syz
[   77.984900][ T5904] usb 4-1: Manufacturer: syz
[   77.997478][ T5904] cdc_ether 4-1:1.0: skipping garbage
[   78.005728][ T5904] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[   78.063844][ T6533] loop0: detected capacity change from 0 to 32768
[   78.163640][ T6533] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[   78.163653][ T6533]   allowing incompatible features above 0.0: (unknown version)
[   78.163657][ T6533]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   78.198658][ T6533] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[   78.202168][ T6533] bcachefs (loop0): initializing new filesystem
[   78.211980][ T6533] bcachefs (loop0): going read-write
[   78.217850][ T1273] usb 4-1: USB disconnect, device number 5
[   78.222262][ T6533] bcachefs (loop0): marking superblocks
[   78.261643][ T6533] bcachefs (loop0): initializing freespace
[   78.287404][ T6533] bcachefs (loop0): done initializing freespace
[   78.298805][ T6533] bcachefs (loop0): reading snapshots table
[   78.301337][ T6533] bcachefs (loop0): reading snapshots done
[   78.327600][ T6533] bcachefs (loop0): done starting filesystem
[   78.356459][ T5840] bcachefs (loop0): shutting down
[   78.358654][ T5840] bcachefs (loop0): going read-only
[   78.360884][ T5840] bcachefs (loop0): finished waiting for writes to stop
[   78.376454][ T5840] bcachefs (loop0): flushing journal and stopping allocators, journal seq 4
[   78.405756][ T5840] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 6
[   78.411375][ T5840] bcachefs (loop0): clean shutdown complete, journal seq 7
[   78.412407][ T6572] mmap: syz.1.224 (6572) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   78.414996][ T5840] bcachefs (loop0): marking filesystem clean
[   78.442256][ T5840] bcachefs (loop0): shutdown complete
[   78.783302][ T6587] vivid-002: disconnect
[   78.797079][ T6586] vivid-002: reconnect
[   78.964289][ T6599] loop3: detected capacity change from 0 to 1024
[   79.044048][ T1208] hfsplus: b-tree write err: -5, ino 3
[   79.113475][ T6607] netlink: 44 bytes leftover after parsing attributes in process `syz.3.236'.
[   79.173581][ T6611] loop3: detected capacity change from 0 to 512
[   79.194261][ T6611] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.237: corrupted in-inode xattr: overlapping e_value 
[   79.209220][ T6611] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.237: couldn't read orphan inode 15 (err -117)
[   79.229233][ T6611] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   79.263466][ T6611] evm: overlay not supported
[   79.318118][   T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   79.349686][ T6093] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.475490][   T10] usb 2-1: Using ep0 maxpacket: 8
[   79.479443][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   79.483410][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   79.487059][   T10] usb 2-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00
[   79.490383][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.505925][   T10] usb 2-1: config 0 descriptor??
[   79.563728][ T6620] loop3: detected capacity change from 0 to 40427
[   79.570531][ T6620] F2FS-fs (loop3): invalid crc value
[   79.620316][ T6620] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   79.649395][ T6620] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   79.703028][ T6093] syz-executor: attempt to access beyond end of device
[   79.703028][ T6093] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   79.725789][ T6093] CPU: 1 UID: 0 PID: 6093 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[   79.725801][ T6093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   79.725805][ T6093] Call Trace:
[   79.725808][ T6093]  <TASK>
[   79.725811][ T6093]  dump_stack_lvl+0x189/0x250
[   79.725826][ T6093]  ? __pfx_dump_stack_lvl+0x10/0x10
[   79.725834][ T6093]  ? __pfx_queue_work_on+0x10/0x10
[   79.725841][ T6093]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   79.725850][ T6093]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   79.725862][ T6093]  f2fs_handle_critical_error+0x37c/0x540
[   79.725874][ T6093]  f2fs_write_end_io+0x886/0xb60
[   79.725888][ T6093]  __submit_merged_bio+0x27a/0x6a0
[   79.725899][ T6093]  __submit_merged_write_cond+0x255/0x530
[   79.725911][ T6093]  f2fs_write_data_pages+0x261d/0x3000
[   79.725932][ T6093]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   79.725962][ T6093]  ? folios_put_refs+0x559/0x640
[   79.725973][ T6093]  ? __pfx_folios_put_refs+0x10/0x10
[   79.725979][ T6093]  ? rcu_is_watching+0x15/0xb0
[   79.725989][ T6093]  ? __lock_acquire+0xab9/0xd20
[   79.726004][ T6093]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   79.726014][ T6093]  do_writepages+0x32e/0x550
[   79.726026][ T6093]  ? do_raw_spin_unlock+0x4d/0x240
[   79.726036][ T6093]  filemap_fdatawrite+0x199/0x240
[   79.726045][ T6093]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   79.726071][ T6093]  ? do_raw_spin_unlock+0x4d/0x240
[   79.726080][ T6093]  f2fs_sync_dirty_inodes+0x31f/0x830
[   79.726092][ T6093]  f2fs_write_checkpoint+0x95a/0x1df0
[   79.726108][ T6093]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   79.726153][ T6093]  ? kill_f2fs_super+0x298/0x6c0
[   79.726165][ T6093]  kill_f2fs_super+0x2c3/0x6c0
[   79.726174][ T6093]  ? __pfx_kill_f2fs_super+0x10/0x10
[   79.726179][ T6093]  ? radix_tree_delete_item+0x2b6/0x400
[   79.726191][ T6093]  ? shrinker_free+0x2ce/0x3e0
[   79.726199][ T6093]  deactivate_locked_super+0xbc/0x130
[   79.726208][ T6093]  cleanup_mnt+0x425/0x4c0
[   79.726216][ T6093]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.726226][ T6093]  task_work_run+0x1d4/0x260
[   79.726236][ T6093]  ? __pfx_task_work_run+0x10/0x10
[   79.726243][ T6093]  ? __x64_sys_umount+0x122/0x160
[   79.726254][ T6093]  ? exit_to_user_mode_loop+0x40/0x110
[   79.726264][ T6093]  exit_to_user_mode_loop+0xec/0x110
[   79.726273][ T6093]  do_syscall_64+0x2bd/0x3b0
[   79.726285][ T6093]  ? lockdep_hardirqs_on+0x9c/0x150
[   79.726297][ T6093]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.726307][ T6093]  ? exc_page_fault+0x9f/0xf0
[   79.726320][ T6093]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.726330][ T6093] RIP: 0033:0x7fe873f8ff17
[   79.726343][ T6093] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   79.726350][ T6093] RSP: 002b:00007fff1b9189e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   79.726362][ T6093] RAX: 0000000000000000 RBX: 00007fe874011c05 RCX: 00007fe873f8ff17
[   79.726369][ T6093] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff1b918aa0
[   79.726377][ T6093] RBP: 00007fff1b918aa0 R08: 0000000000000000 R09: 0000000000000000
[   79.726383][ T6093] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff1b919b30
[   79.726389][ T6093] R13: 00007fe874011c05 R14: 00000000000136e0 R15: 00007fff1b919b70
[   79.726408][ T6093]  </TASK>
[   79.726414][ T6093] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[   79.928013][   T10] lenovo 0003:17EF:6009.0003: hidraw0: USB HID v0.00 Device [HID 17ef:6009] on usb-dummy_hcd.1-1/input0
[   80.120717][ T5883] usb 2-1: USB disconnect, device number 6
[   80.257761][ T6662] netlink: 'syz.3.244': attribute type 21 has an invalid length.
[   80.260885][ T6662] netlink: 128 bytes leftover after parsing attributes in process `syz.3.244'.
[   80.264516][ T6662] netlink: 'syz.3.244': attribute type 5 has an invalid length.
[   80.267234][ T6662] netlink: 'syz.3.244': attribute type 6 has an invalid length.
[   80.269722][ T6662] netlink: 3 bytes leftover after parsing attributes in process `syz.3.244'.
[   80.316059][ T1273] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[   80.369258][ T6668] loop3: detected capacity change from 0 to 128
[   80.378209][ T6668] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[   80.414044][ T6668] UDF-fs: error (device loop3): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[   80.476627][ T1273] usb 1-1: Using ep0 maxpacket: 16
[   80.489547][ T1273] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[   80.494871][ T1273] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   80.504993][ T1273] usb 1-1: Product: syz
[   80.506861][ T1273] usb 1-1: Manufacturer: syz
[   80.508790][ T1273] usb 1-1: SerialNumber: syz
[   80.515216][ T1273] usb 1-1: config 0 descriptor??
[   80.523350][ T1273] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[   80.528275][ T6672] [U] v
[   80.610526][ T6677] loop3: detected capacity change from 0 to 128
[   80.866841][ T6684] loop1: detected capacity change from 0 to 8
[   80.889647][ T6684] SQUASHFS error: Failed to read block 0xdfa: -5
[   80.892322][ T6684] SQUASHFS error: Unable to read metadata cache entry [dfa]
[   81.430094][   T24] cfg80211: failed to load regulatory.db
[   81.584228][ T1273] ssu100 1-1:0.0: probe with driver ssu100 failed with error -71
[   81.589928][ T1273] usb 1-1: USB disconnect, device number 8
[   81.883374][ T6699] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   81.915321][ T6701] loop1: detected capacity change from 0 to 1024
[   81.921808][ T6701] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[   81.932825][ T6701] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  leaving read-only.
[   82.175027][ T6715] loop0: detected capacity change from 0 to 1024
[   82.183049][ T6715] EXT4-fs: Ignoring removed bh option
[   82.185363][ T6715] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[   82.203947][ T6717] loop1: detected capacity change from 0 to 512
[   82.213024][ T6715] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   82.230209][ T6715] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   82.238353][ T6717] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[   82.240961][ T6717] System zones: 0-2, 18-18, 34-34
[   82.260302][ T6717] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.268: bg 0: block 248: padding at end of block bitmap is not set
[   82.264782][ T5840] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.268980][ T6717] Quota error (device loop1): write_blk: dquota write failed
[   82.279677][ T6717] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[   82.284024][ T6717] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.268: Failed to acquire dquot type 1
[   82.294660][ T6717] EXT4-fs (loop1): 1 truncate cleaned up
[   82.308503][ T6717] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   82.314826][ T6717] ext4 filesystem being mounted at /93/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   82.375810][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   82.435985][   T33] audit: type=1326 audit(1755271031.622:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.1.271" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   82.445299][   T33] audit: type=1326 audit(1755271031.632:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.1.271" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   82.458835][   T33] audit: type=1326 audit(1755271031.632:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.1.271" exe="/syz-executor" sig=0 arch=c000003e syscall=453 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   82.476930][   T33] audit: type=1326 audit(1755271031.632:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.1.271" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   82.489562][   T33] audit: type=1326 audit(1755271031.632:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6726 comm="syz.1.271" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8730f8ebe9 code=0x7ffc0000
[   82.976613][ T6748] loop1: detected capacity change from 0 to 2048
[   82.980377][ T6748] udf: Bad value for 'lastblock'
[   83.408690][ T6748] Invalid option length (1048180) for dns_resolver key
[   83.512826][ T6753] netlink: 'syz.1.282': attribute type 3 has an invalid length.
[   83.520425][ T6753] netlink: 8 bytes leftover after parsing attributes in process `syz.1.282'.
[   83.524314][ T6753] netlink: 'syz.1.282': attribute type 1 has an invalid length.
[   83.589718][ T6755] loop1: detected capacity change from 0 to 512
[   83.633716][ T6755] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.678643][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.735550][ T5883] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[   83.885539][ T5883] usb 1-1: Using ep0 maxpacket: 32
[   83.889833][ T5883] usb 1-1: config 2 has an invalid interface number: 194 but max is 0
[   83.893393][ T5883] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[   83.899843][ T5883] usb 1-1: config 2 has no interface number 0
[   83.902462][ T5883] usb 1-1: config 2 interface 194 altsetting 0 bulk endpoint 0xA has invalid maxpacket 7
[   83.907380][ T5883] usb 1-1: config 2 interface 194 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4
[   83.912864][ T5883] usb 1-1: New USB device found, idVendor=0499, idProduct=1025, bcdDevice=9c.f6
[   83.920049][ T5883] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.929514][ T6751] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   84.092286][ T6758] loop1: detected capacity change from 0 to 24
[   84.138752][ T5883] usb 1-1: string descriptor 0 read error: -71
[   84.159887][ T5883] usb 1-1: Quirk or no altset; falling back to MIDI 1.0
[   84.255903][ T5883] usb 1-1: USB disconnect, device number 9
[   84.472677][ T6772] loop1: detected capacity change from 0 to 128
[   84.497587][ T6772] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   84.503466][ T6772] ext4 filesystem being mounted at /113/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   84.533935][ T5850] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   84.594259][ T6778] virtio-fs: tag </dev/md0> not found
[   84.637050][   T55] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[   84.643243][   T55] Bluetooth: hci1: Injecting HCI hardware error event
[   84.647423][ T5234] Bluetooth: hci1: hardware error 0x00
[   84.725292][ T6784] loop0: detected capacity change from 0 to 128
[   85.115718][ T1273] usb 1-1: new full-speed USB device number 10 using dummy_hcd
[   85.278251][ T1273] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[   85.281873][ T6825] 9pnet: p9_errstr2errno: server reported unknown error FF2
[   85.282998][ T1273] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[   85.305782][ T1273] usb 1-1: config 0 interface 0 has no altsetting 0
[   85.308681][ T1273] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[   85.313029][ T1273] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   85.367933][ T1273] usb 1-1: config 0 descriptor??
[   85.979909][ T1273] hid-steam 0003:28DE:1102.0004: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.0-1/input0
[   86.057498][ T6847] netlink: 4 bytes leftover after parsing attributes in process `syz.1.325'.
[   86.073320][ T5894] usb 1-1: USB disconnect, device number 10
[   86.330129][ T6858] loop3: detected capacity change from 0 to 32768
[   86.343173][ T6858] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   86.358327][ T6858] 
[   86.359328][ T6858] ======================================================
[   86.361865][ T6858] WARNING: possible circular locking dependency detected
[   86.364605][ T6858] 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 Not tainted
[   86.368023][ T6858] ------------------------------------------------------
[   86.370394][ T6858] syz.3.331/6858 is trying to acquire lock:
[   86.372472][ T6858] ffff88811a1209c0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[   86.377034][ T6858] 
[   86.377034][ T6858] but task is already holding lock:
[   86.379531][ T6858] ffff88811a123278 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[   86.382548][ T6858] 
[   86.382548][ T6858] which lock already depends on the new lock.
[   86.382548][ T6858] 
[   86.385850][ T6858] 
[   86.385850][ T6858] the existing dependency chain (in reverse order) is:
[   86.389485][ T6858] 
[   86.389485][ T6858] -> #5 (&oi->ip_xattr_sem){++++}-{4:4}:
[   86.392097][ T6858]        lock_acquire+0x120/0x360
[   86.393808][ T6858]        down_read+0x46/0x2e0
[   86.395377][ T6858]        ocfs2_init_acl+0x2f9/0x720
[   86.397210][ T6858]        ocfs2_mknod+0x1321/0x2050
[   86.399384][ T6858]        ocfs2_mkdir+0x191/0x440
[   86.400989][ T6858]        vfs_mkdir+0x306/0x510
[   86.402550][ T6858]        do_mkdirat+0x247/0x590
[   86.404312][ T6858]        __x64_sys_mkdirat+0x87/0xa0
[   86.406176][ T6858]        do_syscall_64+0xfa/0x3b0
[   86.408150][ T6858]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.410346][ T6858] 
[   86.410346][ T6858] -> #4 (jbd2_handle){++++}-{0:0}:
[   86.412850][ T6858]        lock_acquire+0x120/0x360
[   86.414696][ T6858]        start_this_handle+0x1fa7/0x21c0
[   86.416596][ T6858]        jbd2__journal_start+0x2c1/0x5b0
[   86.418890][ T6858]        jbd2_journal_start+0x2a/0x40
[   86.420684][ T6858]        ocfs2_start_trans+0x376/0x6d0
[   86.422750][ T6858]        ocfs2_modify_bh+0xe8/0x470
[   86.424515][ T6858]        ocfs2_local_read_info+0x1465/0x17e0
[   86.426755][ T6858]        dquot_load_quota_sb+0x791/0xbd0
[   86.428930][ T6858]        dquot_load_quota_inode+0x2e1/0x5d0
[   86.431028][ T6858]        ocfs2_enable_quotas+0x1c6/0x450
[   86.432861][ T6858]        ocfs2_fill_super+0x50fe/0x63c0
[   86.434700][ T6858]        get_tree_bdev_flags+0x40e/0x4d0
[   86.436571][ T6858]        vfs_get_tree+0x92/0x2b0
[   86.438551][ T6858]        do_new_mount+0x2a2/0x9e0
[   86.440349][ T6858]        __se_sys_mount+0x317/0x410
[   86.442157][ T6858]        do_syscall_64+0xfa/0x3b0
[   86.443955][ T6858]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.446240][ T6858] 
[   86.446240][ T6858] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}:
[   86.449162][ T6858]        lock_acquire+0x120/0x360
[   86.450817][ T6858]        down_read+0x46/0x2e0
[   86.452368][ T6858]        ocfs2_start_trans+0x36a/0x6d0
[   86.454146][ T6858]        ocfs2_modify_bh+0xe8/0x470
[   86.455892][ T6858]        ocfs2_local_read_info+0x1465/0x17e0
[   86.458041][ T6858]        dquot_load_quota_sb+0x791/0xbd0
[   86.460056][ T6858]        dquot_load_quota_inode+0x2e1/0x5d0
[   86.462464][ T6858]        ocfs2_enable_quotas+0x1c6/0x450
[   86.464739][ T6858]        ocfs2_fill_super+0x50fe/0x63c0
[   86.466981][ T6858]        get_tree_bdev_flags+0x40e/0x4d0
[   86.469267][ T6858]        vfs_get_tree+0x92/0x2b0
[   86.471277][ T6858]        do_new_mount+0x2a2/0x9e0
[   86.473323][ T6858]        __se_sys_mount+0x317/0x410
[   86.475430][ T6858]        do_syscall_64+0xfa/0x3b0
[   86.477475][ T6858]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.480056][ T6858] 
[   86.480056][ T6858] -> #2 (sb_internal#2){.+.+}-{0:0}:
[   86.483062][ T6858]        lock_acquire+0x120/0x360
[   86.485121][ T6858]        ocfs2_start_trans+0x26b/0x6d0
[   86.487323][ T6858]        ocfs2_mknod+0xe93/0x2050
[   86.489359][ T6858]        ocfs2_mkdir+0x191/0x440
[   86.491372][ T6858]        vfs_mkdir+0x306/0x510
[   86.493306][ T6858]        do_mkdirat+0x247/0x590
[   86.495289][ T6858]        __x64_sys_mkdirat+0x87/0xa0
[   86.497061][ T6858]        do_syscall_64+0xfa/0x3b0
[   86.499149][ T6858]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.501739][ T6858] 
[   86.501739][ T6858] -> #1 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[   86.505968][ T6858]        lock_acquire+0x120/0x360
[   86.508031][ T6858]        down_write+0x96/0x1f0
[   86.509745][ T6858]        ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[   86.512200][ T6858]        ocfs2_reserve_clusters_with_limit+0x1be/0xba0
[   86.514402][ T6858]        ocfs2_mknod+0xe32/0x2050
[   86.516053][ T6858]        ocfs2_mkdir+0x191/0x440
[   86.517694][ T6858]        vfs_mkdir+0x306/0x510
[   86.519296][ T6858]        do_mkdirat+0x247/0x590
[   86.521265][ T6858]        __x64_sys_mkdirat+0x87/0xa0
[   86.523427][ T6858]        do_syscall_64+0xfa/0x3b0
[   86.525484][ T6858]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.528043][ T6858] 
[   86.528043][ T6858] -> #0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[   86.532328][ T6858]        validate_chain+0xb9b/0x2140
[   86.534106][ T6858]        __lock_acquire+0xab9/0xd20
[   86.535816][ T6858]        lock_acquire+0x120/0x360
[   86.537538][ T6858]        down_write+0x96/0x1f0
[   86.539492][ T6858]        ocfs2_reserve_suballoc_bits+0x15e/0x4640
[   86.541957][ T6858]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[   86.544696][ T6858]        ocfs2_init_xattr_set_ctxt+0x307/0x700
[   86.547210][ T6858]        ocfs2_xattr_set+0xb70/0x11f0
[   86.549424][ T6858]        __vfs_setxattr+0x43c/0x480
[   86.551586][ T6858]        __vfs_setxattr_noperm+0x12d/0x660
[   86.553877][ T6858]        vfs_setxattr+0x16b/0x2f0
[   86.555729][ T6858]        filename_setxattr+0x274/0x600
[   86.557551][ T6858]        path_setxattrat+0x364/0x3a0
[   86.559660][ T6858]        __x64_sys_setxattr+0xbc/0xe0
[   86.561343][ T6858]        do_syscall_64+0xfa/0x3b0
[   86.563449][ T6858]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.566095][ T6858] 
[   86.566095][ T6858] other info that might help us debug this:
[   86.566095][ T6858] 
[   86.569630][ T6858] Chain exists of:
[   86.569630][ T6858]   &ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE] --> jbd2_handle --> &oi->ip_xattr_sem
[   86.569630][ T6858] 
[   86.575016][ T6858]  Possible unsafe locking scenario:
[   86.575016][ T6858] 
[   86.577570][ T6858]        CPU0                    CPU1
[   86.579384][ T6858]        ----                    ----
[   86.581313][ T6858]   lock(&oi->ip_xattr_sem);
[   86.582970][ T6858]                                lock(jbd2_handle);
[   86.585292][ T6858]                                lock(&oi->ip_xattr_sem);
[   86.587712][ T6858]   lock(&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]);
[   86.590139][ T6858] 
[   86.590139][ T6858]  *** DEADLOCK ***
[   86.590139][ T6858] 
[   86.592692][ T6858] 3 locks held by syz.3.331/6858:
[   86.594348][ T6858]  #0: ffff88803b2fe428 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   86.597361][ T6858]  #1: ffff88811a123540 (&type->i_mutex_dir_key#21){+.+.}-{4:4}, at: vfs_setxattr+0x144/0x2f0
[   86.600739][ T6858]  #2: ffff88811a123278 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[   86.603971][ T6858] 
[   86.603971][ T6858] stack backtrace:
[   86.605945][ T6858] CPU: 0 UID: 0 PID: 6858 Comm: syz.3.331 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[   86.605955][ T6858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   86.605960][ T6858] Call Trace:
[   86.605964][ T6858]  <TASK>
[   86.605968][ T6858]  dump_stack_lvl+0x189/0x250
[   86.605978][ T6858]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.605986][ T6858]  ? __pfx__printk+0x10/0x10
[   86.605996][ T6858]  ? print_lock_name+0xde/0x100
[   86.606005][ T6858]  print_circular_bug+0x2ee/0x310
[   86.606014][ T6858]  check_noncircular+0x134/0x160
[   86.606022][ T6858]  validate_chain+0xb9b/0x2140
[   86.606030][ T6858]  ? __mutex_unlock_slowpath+0x1a1/0x760
[   86.606040][ T6858]  ? look_up_lock_class+0x74/0x170
[   86.606050][ T6858]  ? register_lock_class+0x51/0x320
[   86.606059][ T6858]  __lock_acquire+0xab9/0xd20
[   86.606094][ T6858]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[   86.606103][ T6858]  lock_acquire+0x120/0x360
[   86.606112][ T6858]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[   86.606122][ T6858]  down_write+0x96/0x1f0
[   86.606128][ T6858]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[   86.606136][ T6858]  ? __pfx_down_write+0x10/0x10
[   86.606143][ T6858]  ocfs2_reserve_suballoc_bits+0x15e/0x4640
[   86.606155][ T6858]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   86.606163][ T6858]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.606172][ T6858]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   86.606180][ T6858]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   86.606189][ T6858]  ? __pfx_ocfs2_reserve_suballoc_bits+0x10/0x10
[   86.606197][ T6858]  ? stack_depot_save_flags+0x41b/0x860
[   86.606206][ T6858]  ? kasan_save_track+0x4f/0x80
[   86.606214][ T6858]  ? kasan_save_track+0x3e/0x80
[   86.606221][ T6858]  ? __kasan_kmalloc+0x93/0xb0
[   86.606229][ T6858]  ? __kmalloc_cache_noprof+0x230/0x3d0
[   86.606237][ T6858]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[   86.606244][ T6858]  ? ocfs2_init_xattr_set_ctxt+0x307/0x700
[   86.606252][ T6858]  ? ocfs2_xattr_set+0xb70/0x11f0
[   86.606259][ T6858]  ? __vfs_setxattr+0x43c/0x480
[   86.606267][ T6858]  ? __vfs_setxattr_noperm+0x12d/0x660
[   86.606276][ T6858]  ? vfs_setxattr+0x16b/0x2f0
[   86.606284][ T6858]  ? filename_setxattr+0x274/0x600
[   86.606289][ T6858]  ? path_setxattrat+0x364/0x3a0
[   86.606296][ T6858]  ? __x64_sys_setxattr+0xbc/0xe0
[   86.606301][ T6858]  ? do_syscall_64+0xfa/0x3b0
[   86.606309][ T6858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.606321][ T6858]  ? __kasan_kmalloc+0x93/0xb0
[   86.606329][ T6858]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[   86.606337][ T6858]  ocfs2_reserve_new_metadata_blocks+0x403/0x940
[   86.606345][ T6858]  ? __pfx_ocfs2_reserve_new_metadata_blocks+0x10/0x10
[   86.606352][ T6858]  ? __pfx_ocfs2_calc_xattr_set_need+0x10/0x10
[   86.606362][ T6858]  ? __lock_acquire+0xab9/0xd20
[   86.606371][ T6858]  ocfs2_init_xattr_set_ctxt+0x307/0x700
[   86.606381][ T6858]  ? __pfx_ocfs2_init_xattr_set_ctxt+0x10/0x10
[   86.606389][ T6858]  ? ocfs2_xattr_set+0xb36/0x11f0
[   86.606398][ T6858]  ? up_write+0x1c4/0x420
[   86.606404][ T6858]  ? ocfs2_xattr_set+0x334/0x11f0
[   86.606411][ T6858]  ocfs2_xattr_set+0xb70/0x11f0
[   86.606422][ T6858]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[   86.606430][ T6858]  ? check_path+0x21/0x40
[   86.606438][ T6858]  ? lockdep_unlock+0x89/0x120
[   86.606450][ T6858]  ? posix_xattr_acl+0x93/0xc0
[   86.606459][ T6858]  ? evm_protect_xattr+0x4d4/0xa90
[   86.606467][ T6858]  ? __pfx_evm_protect_xattr+0x10/0x10
[   86.606474][ T6858]  ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[   86.606482][ T6858]  __vfs_setxattr+0x43c/0x480
[   86.606495][ T6858]  __vfs_setxattr_noperm+0x12d/0x660
[   86.606509][ T6858]  vfs_setxattr+0x16b/0x2f0
[   86.606521][ T6858]  ? __pfx_vfs_setxattr+0x10/0x10
[   86.606533][ T6858]  ? mnt_get_write_access+0x223/0x2a0
[   86.606541][ T6858]  filename_setxattr+0x274/0x600
[   86.606548][ T6858]  ? __pfx_filename_setxattr+0x10/0x10
[   86.606554][ T6858]  ? getname_flags+0x1e5/0x540
[   86.606561][ T6858]  path_setxattrat+0x364/0x3a0
[   86.606569][ T6858]  ? __pfx_path_setxattrat+0x10/0x10
[   86.606575][ T6858]  ? do_futex+0x333/0x420
[   86.606587][ T6858]  ? rcu_is_watching+0x15/0xb0
[   86.606596][ T6858]  __x64_sys_setxattr+0xbc/0xe0
[   86.606606][ T6858]  do_syscall_64+0xfa/0x3b0
[   86.606618][ T6858]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.606631][ T6858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.606639][ T6858]  ? exc_page_fault+0x9f/0xf0
[   86.606647][ T6858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.606654][ T6858] RIP: 0033:0x7fe873f8ebe9
[   86.606661][ T6858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.606667][ T6858] RSP: 002b:00007fe8721f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[   86.606675][ T6858] RAX: ffffffffffffffda RBX: 00007fe8741b5fa0 RCX: 00007fe873f8ebe9
[   86.606681][ T6858] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000200000000240
[   86.606695][ T6858] RBP: 00007fe874011e19 R08: 0000000000000000 R09: 0000000000000000
[   86.606701][ T6858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.606707][ T6858] R13: 00007fe8741b6038 R14: 00007fe8741b5fa0 R15: 00007fff1b919758
[   86.606719][ T6858]  </TASK>
[   86.799149][ T5234] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[   86.814325][ T6093] ocfs2: Unmounting device (7,3) on (node local)

VM DIAGNOSIS:
15:12:59  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000037 RBX=0000000000000037 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000010e0 RDI=00000000000010e1 RBP=00000000000003f8 RSP=ffffc90002eee4b0
R8 =ffff888106640237 R9 =1ffff11020cc8046 R10=dffffc0000000000 R11=ffffffff854f1730
R12=dffffc0000000000 R13=ffffffff99afa8fb R14=ffffffff99def3a0 R15=0000000000000000
RIP=ffffffff854f17ac RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fe8721f66c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b30f23ffc CR3=0000000105340000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fe78d412e53
XMM06=0000000000000000 00007fe78d412e4d XMM07=0000000000000000 00007fe78d412e61
XMM08=0000000000000000 00007fe78d412ee7 XMM09=0000000000000000 00007fe78d412fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000000 RBX=ffffffff90333fd5 RCX=ffffffff8fb74e6c RDX=ffffffff90333fd0
RSI=0000000000000002 RDI=ffffffff8be333a0 RBP=dffffc0000000000 RSP=ffffc9000336f798
R8 =0000000000000009 R9 =0000000000000000 R10=ffffc9000336f8c8 R11=fffff5200066df25
R12=ffffc9000336f8c8 R13=ffffc9000336f918 R14=ffffc9000336f8c8 R15=1ffffffff20667fa
RIP=ffffffff8172cb9e RFL=00000297 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fabeed5dc80 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000561f7b8614e8 CR3=000000010b2a0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ffffff0000000000 XMM01=0101010101010101 010100ffffffffff
XMM02=4b5f5455504e495f 4449006b636f6c62 XMM03=0000000000000000 0000000000000000
XMM04=ffffffffffffffff ffffff0000000000 XMM05=0000561f7b7b67f0 0000561f7b7b0910
XMM06=0000561f7b7b4800 0000561f7b7b17e0 XMM07=0000561f7b7b4fa0 0000561f7b7ae170
XMM08=00000000ffffffff 0000000000000000 XMM09=6265396261613434 322d623333622d38
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
