last executing test programs:

1m26.868522264s ago: executing program 2 (id=1052):
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="b40200000000f21f611173000000000085000000ce0000009500000000000000"], &(0x7f0000000380)='GPL\x00', 0x7, 0xc3, &(0x7f00000003c0)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000100), 0x8, 0x10, &(0x7f0000000000), 0xffffffffffffff72}, 0x37)

1m26.868211293s ago: executing program 2 (id=1053):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newtaction={0x64, 0x30, 0x871a15abc695fb3d, 0x70bd2a, 0x25dfdbfd, {}, [{0x50, 0x1, [@m_vlan={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x81, 0xffffadf3, 0x4, 0x6, 0x90000}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x3}}}}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4000044}, 0x0)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x2018008, &(0x7f0000003b40)=ANY=[], 0x7, 0x2f4, &(0x7f0000000880)="$eJzs3U1PE1sYwPGnLxRaAsPi5t5cE8OJbnQzgepaaQwkxiYSpMaXxGSQqTYdWzLTYGqM6Mqt8UO4ICzZkShfgI073bhxx8bEhSyMYzqdodAOb6VQAv9fQubJnPNMz+kMyXMmzLB+792zYt7R80ZFon1KIiIiGyJDEpVAxN9GvTghW72Wy/0/v5y/c//BrUw2Oz6l1ERm+kpaKTU4/PH5y6TfbaVX1oYerf9If1/7d+3/9T/TTwuOKjiqVK4oQ82Uv1WMGctUswWnqCs1aZmGY6pCyTHtenu53p63ynNzVWWUZgdSc7bpOMooVVXRrKpKWVXsqoo9MQolpeu6GkgJ9pJbnJoyMm0m93V4MDgitp0xYiKSbGnJLXZlQAAAoKua6/+oqE7W/0sXViv9d5cH/fp/JRFW/1/9Wj/Wtvq/Vl2G1v/B54fW/8bB6v/WiuhsOVT9j5NhONGyK9IIa412xkj5v7+eNw+XRqTn2AYIAAAAAAAAAAAAAAAAAAAAAAAOZ8N1Ndd1tWDrxkXEdbVe/wFv198fkhoTketdGDI6qOX8+z/7OP84BRoP7sUHRay387n5XH3rd1gVEUtMGRFNfnvXg68WB08eqZoh+WQt+PkL87mY15LJS8HLHxWtR5rzXXfiZnZ8VNVtz++R1Nb8tGjyT3h+OjQ/IZcubsnXRZPPj6Uslsx642jkvxpV6sbtbFN+0usHAAAAAMBpoKtNoet3Xd+pvZ6/ub5uvj8Qa6yvR0LX53E5F+/u3AEAAAAAOCuc6ouiYVmmvUuQlL37tB/Ej+jIwQz3mxX8LcPRzXSXIPjwbU3BP9jo+NcSOcDXskMQlXayhmuzUYedRXDbaKc+Mjl2/GfQC/57/+FX5w54bblvj5m2H8R2vwB4OTAAAABwCjWK/mDPWHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGXQcb0fr9hwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAk+JvAAAA///+mQDw")
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1m26.768599642s ago: executing program 2 (id=1054):
syz_mount_image$jfs(&(0x7f0000000240), &(0x7f0000000040)='./file1\x00', 0x3010846, &(0x7f0000000340)={[{@iocharset={'iocharset', 0x3d, 'koi8-u'}}, {@discard_size={'discard', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'iso8859-9'}}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'koi8-ru'}}, {@errors_remount}, {}, {@errors_remount}, {@quota}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'iso8859-13'}}]}, 0x24, 0x62d7, &(0x7f0000021240)="$eJzs3c1vHGcdB/Df7JtfStuoh6pECLlteCmleS0hUKDtAQ5cOKBcUSLXrSJSQElAaRURV75w4I8AIXFEiCMn/oAeuHLjDyCSgwTqAXXQ2M/jjKe7XjuJd3Yzn4/kzPzmmfE+k++Od9cz4ycAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPjhD358roiIK79KC05EfC76Eb2Ilapei4iVtRP1bV6IneZ4PiKGSxHV9jv/PBvxekR8/EzE9v0769Xi84fsx/f//I8//OSpH/39T8Mz//3Lrf4bk9a7ffu3//nr3YffXwAAAOiisizLIn3MPxkRg/TZHgB48uXX/zLJy9VzV2/OWX/UarVavYB1XTne3XoREZv1bar3DE7HA8CC2YxP2u4CLZJ/pw0i4qm2OwHMtaLtDnAstu/fWS9SvkX99WBttz1fC7Iv/81i7/6OSdNpmteYzOr5tRX9eG5Cf1Zm1Id5kvPvNfO/sts+Susdd/6zMin/0e6tT52T8+838294cvLvjc2/q3L+gyPl35c/AAAAAADMsfz7/xMtn/9devRdOZSDzv+uzagPAAAAAAAAAPC4HXX8v0Fj/L89xv8DAACAuVV9Vq/87pkHyyb9LbZq+eUi4unG+kDHpJtlVtvuBwAAAAAAAAAAAAB0yWD3Gt7LRcQwIp5eXS3Lsvqqa9ZH9ajbL7qu7z90Wds/5AEAYNfHzzTu5S8iliPicvpbf8PV1dWyXF5ZLVfLlaX8fna0tFyu1D7X5mm1bGl0iDfEg1FZfbPl2nZ10z4vT2tvfr/qsUZl/xAdm40WAweAiNh9Ndqe9Ir0P69Xi6ksn42W3+SwIA44/llQjn8Oo+3nKQAAAHD8yrIsi/TnvE+mc/69tjsFAMxEfv1vnhdQq9VqtVr95NV15Xh360VEbNa3qd4zGI4fABbMZnzSdhdokfw7bRARL7TdCWCuFW13gGOxff/OepHyLeqvB2l893wtyL78N4ud7fL246bTNK8xmdXzayv68dyE/jw/oz7Mk5x/r5n/ld32UVrv0fMv9/2asK1rjCblX+3niRb607acf7+Zf8NxH/+zshW9sfl3Vc5/cKT8+/IHAAAAAIA5ln//f2Kuzv+OHnZ3pjro/O/a2C2Ory8AAAAAAAAA8Lhs37+znu97zef/vzBmPfd/Pply/oX8Oynn32vk/9XGev3a/L23H+T/7/t31v9461+fz9PD5r+UZ4r0zCrSM6JIj1QM0vRR9u6ztob9UfVIw6LXH6Rrfsrhu3EtrsdGnN23bi/9fzxoP7evverpcKe97O+2n9/XPthrz9tf2Nc+TFcXlSu5/XSsx8/jeryz0161LU3Z/+Up7eWU9px/3/HfSdtpOnjw9WxVr6blRWNaufdR7zPHfX067nHeuvbF35w91j05nK3o7+1bXbV/L7XQn53/k6dG8cubGzdO375669aNc5Em+5aejzR5zPLxP0xfez//X95tzz/368frvY9GR85/XmzFYGL+L9fmq/19ZcZ9a0POf5S+cv7vpPbxx/8i5z/5+H+1hf4AAAAAAAAAAAAAAADAQcqy3LlF9K2IuJju/2nr3kwAYLby63+Z5OWzqvszfjy1esHrYs76M9P603K++qNWL2JdV473Zr2IiL/Vt6neM/x63DcDAObZpxHxz7Y7QWvk32H57/1V01NtdwaYqZsffPjTq9evb9y42XZPAAAAAAAAAICHlcf/XKuN/3yqLMu7jfX2jf/6dqw96vifgzyzN8DohIGq+0ffp4Ns9Ub9Xm248Rdj0vjfw725g8b/Hkx5vOGU9tGU9qUp7ctT2sfe6FGT83+xNt75qYg42Rh+vQvjvzbHvO+CnP9Ltedzlf9XGuvV8y9/v8j59/blf+bW+784c/ODD1+79v7V9zbe2/jZhXPnzl64ePHSpUtn3r12fePs7r8t9vh45fzz2NeuA+2WnH/OXP7dkvP/Uqrl3y05/y+nWv7dkvPP7/fk3y05//zZR/7dkvN/JdXy75ac/9dSLf9uyfm/murp+U/7jSaLJOf/9VQ7/rsl5/9aquXfLTn/06mWf7fk/M+k+pD5rxx3v5iNnH8+w+X475acf76yQf7dkvM/n2r5d0vO/0Kq5d8tOf/XUy3/bsn5fyPV8u+WnP/FVMu/W3L+30y1/Lsl538p1fLvlpz/t1It/27J+X871fLvlpz/G6mWf7fk/L+Tavl3S87/u6mWf7fk/L+Xavl3S87/zVTLv1se/P1/M2bMmMkzbf9kAgAAAAAAAAAAAACaZnE5cdv7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyfHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVh7+5i5DrLO4Cf/fTaIYmBkDqpgY1jQkg22bWd+IM2xYTPhq8SCIV+YLvetVlwbOO1S6CRbBookTAqqmgbLtoCQm1uKnLBBa0A5QK1QmoF7QXtBQKhchFVAQWkSrQCtppz3vfdmdnZmV3vePfMOb+fZD+eM2fmvHPmnTPz7Po/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAZre8Zu4TQ1mWNf7kf23Psuc1/r11cnu+7JWbPUIAAABgvX6R//3c9WnB4VXcqGmdf37Jt768uLi4mL175M/HPrO4mK6YzLKxLVmWXxc99YP3DDWvEzyWTQwNN10e7rH5kR7Xj/a4fqzH9eM9rt/S4/qJHtcv2wHLbC1+HpPf2e78n9uLXZrdkI3l1+3ucKvHhrYMD8ef5eSG8tssjp3I5rNT2Vw207J+se5Qvv5Xb2ls641Z3NZw07Z2NmbITx49HscwFPbx7pZtLd1n9KNXZ5M//cmjx//2/LM3dao9d0PL/RXjvH1XY5wfC0uKsQ5lW9I+ieMcbhrnzg7PyUjLOIfy2zX+3T7O51Y5zpGlYW6o9ud8IhvO//3tfD+NNv9YL+2nnWHZz27NsuzS0rDb11m2rWw429ayZHjp+ZkoZmTjPhpT6QXZ6Jrm6S2rmKeNOru7dZ62vybi839LuN3oCmNofpp+9NHxpuf954tXMk+jxqNe6bXSPgf7/VopyxyM8+Lb+YN+vOMc3B0e/6O3rTwHO86dDnMwPe6mObir1xwcHh/Jx5yehKH8NktzcE/L+iP5loby+sxt3efg9PmHz04vfPgjd80/fOzk3Mm50/v27JnZt3//wYMHp0/Mn5qbKf6+wr1dftuy4fQa2BX2XXwNvLxt3eapuvj58WXH3yt9HU50eR1ub1u336/D0fYHN7QxL8jlc7p4bbyzsdMnLg9nK7zG8ufnjvW/DtPjbnodjja9Dju+p3R4HY6u4nXYWOfsHav7zDLa9KfTGFZ+L1jfHNzeNAfbP4+0z8F+fx4pyxycCPPiu3es/F6wM4z38am1fh4ZWTYH08MNx57GkvR5f+JgXjrNy5sbV1wznl1YmDt39yPHzp8/tycLZUO8sGmutM/XbU2PKVs2X4fXPF8Pz7/k8Zs7LN8e9tXEXY2/JlZ8rhrr3HN39+cqf3frvD9blu7NQumzjd6fnd7NG/tzPMs++42PPvi1Rz/7mhX3Z6Pf/Nj0+j+Lp7606fg7tsLxN/b9vyy2l+7qsZGx0eL1O5L2zljL8bj1qRrNj11D+bafm17d8Xgs/Nno4/ENXY7HO9rW7ffxeKz9wcXj8VCvn3asT/vzORHmyamZ7sfjxjo79q51To52PR7fGupQ2P+vCJ1C6oua5s5K8zZta3R0LDyu0biF1nm6r2X9sdCbNbb15N7woTCNcnXz9PZbi/VHmm4XbdQ8nWxbt9/zNP3sa6V5OtTrp29Xpv35nAjz4oZ93edpY52n71n/sXNr/GfTsXO81xwcGxlvjHksTcL8eJ8tbo1z8O7seHYmO5XN5teO5/NpKN/W1L2rO1aOhz8bfazc0WUO3t62br/nYHofW2nuDY0uf/B90P58ToR58cS93edgY53XHujvZ9fbiyVLP4pu+uza/vO1lX7mdXPbbrpac6UxksZj+caB7j+bbaxz6uBa+8zu++nOsOSaDvup/fW70mtqNtuY/bQjjPPZgyvvp8Z4Gut85tAq59PhLMsufvD+/Oe94fcrFy9858stv3fp9Dudix+8/8fXnvintYwfgMH3y6JsK97rmn4ztZrf/wMAAAADIfb9w6Em+n8AAACojNj3x/8Vnuj/AQAAoDJi3z8aalKF/v+Pe6+y47XPzv/yYpaS+YtBvD7thgeK9WLGdSZcnlxc0lh+/xfn/ucfL65ueMNZlv38gT/quP6OB+K4CpNhnE+9rnX5Ml++a1XbPvrQxbTd5vz658L9x8ez2mnQKYI7k2XZV6//VL6dyfdczuvTDxzN64OXHn+ssc5zh4rL8fbPvLBY/69C+PfwiWMtt38m7Icfhjrzps77I97uS5dfsfPAu5a2F283tOu6/GE/8d7ifuP35Hz6sWL9uJ9XGv/XPvnklxrrP/KyzuO/ONx5/E+G+/1iqP/74mL95uegcTne7uNh/HF78XZ3f+HrHcf/1CeK9c++vljvaKhx+7eHy7tf/+x88/56ZOhYy+PK3lCsF7c/850/za+P9xfvv338E0cut+yP9vnx9L8X9zPdtn5cHrcT/UPb9hv30zw/4/af/JOjLfu51/afevCZFzfut337d7atd/aDd+TbX7q/1m9s+uuPf6rj9uJ4Dv/92ZbHc/jt4XUctv/Ee8N8DNf/31PF/bV/u8LRt7cef+L6n9t+seXxRG/8abH9p151Mq9bJrZuu+Z511536aWNfZdl395S3F+v7Z/8mzMt4//8jcX+iNfHjH779lcSt3/uQ1OnzyxcmJ9Ne/XR6/PvznlzMZ443uvDsbX98pEz5983d25yZnImyyar+xV6V+wLof64KJe6r7247Ah6x0Ph+bz5L7+67bZ/+2Rc/h/vLJZfflPxvvXysN6nw/Lt4flb2/aXe+KWG/PX99DTYYSLy78veD127v7vg72+3zcXHn/754I438++6H35fmhcl79vxNf1Osf/vdnifr4S9uti+GbmXTcuba95/fjdCJffUbze173/wmEuPq9/F57vt/ywuP84rvh4vxc+x3x9R+vxLs6Pr1wcbr///Fs8LoXjSXapuD6uFff35edu7Di8+D0k2aWb8st/lu7npjU9zJUsfHhh+tT86QuPTJ+fWzg/vfDhjxx5+MyF0+eP5N/leeT9vW6/dHzalh+fZuf235PlR6szRbnKNnv8Zx86Pntg5rbZuRPHLpw4/9DZuXMnjy8sHJ+bXbjt2IkTcx/qdfv52fv27D2078DeqZPzs/cdPHRo36Gp+dNnGsMoBtXD/pkPTJ0+dyS/ycJ99xzac++998xMPXxmdu6+AzMzUxd63T5/b5pq3PoPp87NnTp2fv7huamF+Y/M3bfn0P79e3t+G+DDZ08sTE6fu3B6+sLC3Lnp4rFMns8XN977et2ealr4fvF5tt1Q8UV82dvu3J++n7Xhix9d8a6KVdq+QPTZ8F0033z+2YOruRz7/rFQkyr0/wAAAEAu9v3joSb6fwAAAKiM2PdvCTXR/wMAAEBlxL5/ItT0XwJq0v9XLv+/4+Kqti//L//fvL/k/2uW/39H2fL/xfFC/r8/1pu/r0P+f1Uryv/L/8v/y//L/9MHZcv/x75/a5b5/T8AAABUVOz7t4Wa6P8BAACgMmLff02oif4fAAAAKiP2/c8LNalJ/y//L/8v/y//L//fefvy/4NJ/r+7kuX/J9oXyP9vfv4/q1f+/1I/x78J+f+tzRfk/ymjsuX/Y99/bahJTfp/AAAAqIPY918XaqL/BwAAgMqIff/1oSb6fwAAAKiM2PdvDzWpSf8v/7+u/H/KXA1u/r/Ysvy//L/8v/x/Vcj/d1ey/P8y8v+bn/93/v+Byv+3kP+njMqW/499//NDTWrS/wMAAEAdxL7/BaEm+n8AAAAon9Eru1ns+18YarKs/7/CDQAAAACbLvb9N2RtQfCa/P5f/t/5/0t7/v8x+X/5/0L58/8jmfx/ecj/dyf/30M/8v+X5P/l/+X/5f+Jypb/z/v+bCJ7UahJTfp/AAAAqIPY998YaqL/BwAAgMqIff+vhJro/wEAAKAyYt+/I9SkJv2//H9l8v8/a37qKpH/d/5/+f+g/Pl/5/8vE/n/7uT/e3D+f/l/+X/5f/pqoWOntHn5/9j33xRqUpP+HwAAAOog9v03h5ro/wEAAKAyYt//q6Em+n8AAACojNj37ww1qUn/L/9f8vx/TI7W8fz/8v/y/0GZ8/8T8v+lI//fnfx/D/L/8v/y//L/9NXC94vPs+02K/8f+/4Xh5rUpP8HAACAOoh9/0tCTfT/AAAAUBmx739pqIn+HwAAACoj9v2ToSY16f/Xkv8fuiT/v5KrfP7/8VWc/7+F/P+m5P9H5f8Ldcr/Z/L/pSP/3538fw/y//L/8v/y//RV2fL/se+/JdSkJv0/AAAA1EHs+3eFmuj/AQAAoDJi339rqIn+HwAAACoj9v27Q01q0v87//9A5P8z+f+ByP87/38g/9+Z/P/GkP/vTv6/B/l/+X/5f/l/+qps+f/Y978s1KQm/T8AAADUQez7bws10f8DAABAZcS+/+WhJvp/AAAAqIzY998ealKT/l/+X/5f/l/+X/6/8/Y3PP9/Sf6/H+T/u5P/70H+X/5f/l/+n74qW/4/9v2vCDWpSf8PAAAAdRD7/jtCTfT/AAAAUBmx778z1ET/DwAAAJUR+/6pUJOa9P/y//L/1cz//6f8f5fty/+XNP/v/P99If/fnfx/D/L/8v/9yP+PhQXy//L/bHr+P35ei5dj339XqElN+n8AAACog9j33x1qov8HAACAyoh9/3Soif4fAAAAKiP2/TOhJjXp/+X/5f+rmf93/v9u219X/v+lS/cr/1+Q/y8X+f/u5P976Gf+f4v8f23z/+s6//+Y/D+Vstn5//bLse/fE2pSk/4fAAAA6iD2/XtDTfT/AAAAUBmx798XaqL/BwAAgMqIff89oSY16f/l/+X/5f/l/53/v/P25f8Hk/x/d/3P/8eHKP/v/P/y//3J/zv/P9VStvx/7PvvDTWpSf8PAAAAdRD7/v2hJvp/AAAAqIzY9x8INdH/AwAAQGXEvv9gqElN+n/5f/l/+X/5f/n/ztuX/x9M8v/dOf9/D/L/8v8DnP9vzC35f8qmbPn/2PcfCjWpSf8PAAAAdRD7/leGmuj/AQAAoDJi3/9roSb6fwAAACih8Su6Vez7fz3UpCb9v/y//L/8v/z/Juf/x3rl/8fl/+X/10D+vzv5/x7k/+X/Bzj/v8L5/68NV8v/synKlv+Pff99oSY16f8BAACgDmLf/xuhJvp/AAAAqIzY978q1ET/DwAAAJUR+/7DoSY16f/l/zco/x8Xljb/H5PM8v/5Avl/5/+X/x9Y8v/dyf/3IP8v/1+9/H+/z//f/jadyP/TSdny/7Hvf3WoSU36fwAAAKiD2PffH2qi/wcAAIDKiH3/a0JN9P8AAABQGbHvf22oSU36f/l/5//f/PP/j7WMXf5/6Xby/wX5f/n/tZD/707+vwf5f/l/+X/n/6evypb/j33/60JNatL/AwAAQB3Evv/1oSb6fwAAAKiM2Pe/IdRE/w8AAACVEfv+N4aa1KT/l/+X/9/8/L/z/8v/F+T/5f/7Qf6/O/n/HuT/5f/l/+X/6auy5f9j3/+boSY16f8BAACgDmLf/0Coif4fAAAAKiP2/W8KNdH/AwAAQGXEvv/NoSY16f/l/+X/5f/l/+X/O29f/n8wyf93N2D5/19cF5bL/xfk/8s9/rXm/0fbLl+V/P8PVsr/L25pv738P1dD2fL/se9/S6hJTfp/AAAAqIPY97811ET/DwAAAJUR+/63hZro/wEAAKAyYt//W6EmNen/5f8b41hKL8v/y//nC+T/5f/l/weW/H93Kf//XKd3riblyP87/38b+f9yj9/5/+X/Wa5s+f/Y97891KQm/T8AAADUQez7Hww10f8DAABAZcS+/x2hJvp/AAAAqIzY978z1KQm/b/8v/P/y//L/8v/d96+/P9gkv/vbsDO/y//30b+v9zjvyr5//+S/2ewlS3/H/v+h0JNatL/AwAAQB3Evv9doSb6fwAAAKiM2Pf/dqiJ/h8AAAAqI/b97w41qUn/L/8/KPn/Sfn/Neb/x8My+X/5f/n/epH/707+vwf5f/n/suX/nf+fAVe2/H/s+98TarL6/n9i1WsCAAAAV1P7r5OS2Pf/TqhJTX7/DwAAAHUQ+/7fDTXR/wMAAEBlxL7/90JNatL/y/8PSv7f+f8z5/+X/297PPL/8v+dbFz+Px551pT/39Jr+/L/8v/y/4M7fvl/+X+WK1v+P/b9vx9qUpP+HwAAAOog9v3vDTXR/wMAAMBA6PR/stvFvv9IqIn+HwAAACoj9v1HQ01q0v/L/8v/y/+XNP//F7v+5bvfeuvRPfL/8v/y/2uyoef/b7z4nf9f/l/+P5H/l/+X/6dd2fL/se8/Fmqy1Pi92Qn+AQAAYLDFvv8PQk1q8vt/AAAAqIPY9x8PNdH/AwAAQGXEvn821KQm/b/8/ybm/0ezLJP/l/+v4Pn/4/4YpPz/1JYByv/Hg678f0cbmv9/11JOXP5/rfn/8Y5L2/P/Q/L/LeT/1zz+b2ZZtmHjv/iv8v/y/7QrW/4/9v1zoSY16f8BAACgDkLfP3yiqEtX6P8BAACgMmLffzLURP8PAAAAlRH7/veFmtSk/5f/d/5/+X/5f+f/77z90ub/nf+/K/n/7sqT/+/M+f/l/wd5/M7/L//PcmXL/8e+fz7UpCb9PwAAANRB7PvfH2qi/wcAAIDKiH3/B0JN9P/w/+zdyZNlZZnH8ZuQRFUF0RG960Uvuve96k1vWDSrXnT/Ab1gw6YjulvFAeeJwnnEeR7QUBEHHEARUVGcBScUcUTFGcQJJ0SlDCqf56kcTp6bWXUz77nv+/ksfIqE5F4IrOJXybcOAABAM3L3Pzhu6WT/6//1/032/0f0/2Ovr//X/7dM/z9O/z+H/l//r//X/7NQU+v/c/c/JG7pZP8DAABAD3L3XxS32P8AAADQjNz9D41b7H8AAABoRu7+h8Utnex//b/+v8n+/z/u/r/7/13/v9vr6//1/y3T/4/T/8+h/9f/6//1/yzU1Pr/3P0Pj1s62f8AAADQg9z9j4hb7H8AAABoRu7+i+MW+x8AAACakbv/kXFLJ/t/W/+/Nuuz/8+MV//fUv/v+f+7vr7+X//fssPt/y994Hs+/b/+X/8f9P/6f/0/202t/8/d/6i4pZP9DwAAAD3I3f/ouMX+BwAAgGbk7n9M3GL/AwAAQDNy9z82bulk/3v+v+f/6//1//r/4dfX/68mz/8f11P/f/Gt5150z7X/eN1+Xl//r//X/+v/Wayp9f+5+x8Xt3Sy/wEAAKAHufsfH7fY/wAAANCM3P1PiFvsfwAAAFhBxwY/mrv/iXFLJ/tf/6//1/9H/39U/6//1/+3QP8/btn9/9CPl5t5/n/7/f+DFvJOl/f+x+j/9f/sNLX+P3f/k+KWTvY/AAAA9CB3/5PjFvsfAAAApmvef1i2Te7+S+IW+x8AAACakbv/eNzSyf7X/x98//9X/f9q9P+e/6//1/83Qf8/btn9/zz6//b7/4O07Pev/9f/s9PU+v/c/ZfGLZ3sfwAAAOhB7v6nxC32PwAAADQjd/9T4xb7HwAAAJqRu/9pcUsn+1//7/n/+n/9/+H3/xvf2er/T/1d1f8vjv5/nP5/Dv3/mfbz5+j/9f/6fzbbZ/9/38h32wvp/3P3Pz1u6WT/AwAAQA9y9z8jbrH/AQAAoBm5+58Zt9j/AAAA0Izc/c+KWzrZ//p//b/+X/9/2v3/zn/0TvL8/2H6/8Oh/x83mf5/bX3ww/r/le//Pf9f/6//Z4upPf8/d/+z45ZO9j8AAAD0IHf/c+KWkf2/75/MBwAAAJYqd/9z4xZf/wcAAICVl9VZ7v7nxS2d7H/9v/5f/6//P/zn/69+/3/dpven/58W/f+4yfT/u9D/6/9X+f3r//X/7DS1/j93//Pjlk72PwAAAPQgd/9lcYv9DwAAAM3I3f+CuMX+BwAAgGbk7n9h3NLJ/h/u/0/9/kn3/9sj4Zn+P+n/2+7/88+o/x/t/8/3/P8+6f/H6f/n0P/r//X/u/X/x+Z9vv6fIVPr/3P3vyhu6WT/AwAAQA9y9784brH/AQAAoBm5+18St9j/AAAA0Izc/S+NWzrZ/57/r//X/69e/+/5/xuW+fz/2aH3/+v6/z1abv+/dn/+CKr/P733r//X/6/y+2+y/z9ntvX5/yO/CoD+nyFT6/9z978sbulk/wMAAEAPcve/PG6x/wEAAGA1bP5vB4aeFTeb1e5/Rdxi/wMAAEAzcve/Mm5pZ/+PPqtT/6//1/+f/HT9v/5/oP9fn02n//f8/73y/P9x+v859P8H0c+vN9b/X77b50+h/7/k4J7//6/zPl//z5At/f8Npz6+rP4/d/+r4pZ29j8AAAB0L3f/q+MW+x8AAACakbv/NXGL/Q8AAADNyN3/2rilk/1/4P3/yK8+oP/X/0+k//f8f/3/4OtP6/n/+v+90v+P0//Pof/3/H/P/9f/c+Y2/Svjlv5/k2X1/7n7Xxe3dLL/AQAAoAe5+18ft9j/AAAA0Izc/ZfHLfY/AAAANCN3/xvilk72v+f/6//1//p//f/w6+v/V9MZ9fdn6f+L/l//r//X/+v/WYCp9f9bd39/+x8AAAB68MaT/3s0fr7e/gcAAIAW5e5/U9xi/wMAAEAzcve/OW7pZP/r/w+2/8+P6//1/zP9v/5f/38oun3+/9rQj0Q77dL/3/y/x/9r60f0//p//b/+X//PHv39yO+bRP9/4tS/Xebuf0vc0sn+BwAAgB7k7r8ibrH/AQAAoBm5+98at9j/AAAA0Izc/VfGLfvc/2PNw5Tp/z3/X/+v/9f/D7++/n81ddv/75Hn/8+h/9f/6//1/yzUJPr/Tb+du/9tcYuv/wMAAEAzcve/PW6x/wEAAKAZufvfEbfY/wAAANCM3P3vjFs62f/6f/2//l//r/8ffn39/2rS/4/T/8+xSv3/lWfQ/68Pf3jZ/fyZWvb71//r/9lpav1/7v6r4pZO9j8AAAD0IHf/u+IW+x8AAACakbv/3XGL/Q8AAADNyN3/nrilk/2v/9f/6//1//r/4dfX/68m/f84/f9sNrt65A0M9f8njkyz//f8/8m9f/2//p+dptb/5+5/b9zSyf4HAACAHuTuvzpusf8BAACgGbn7r4lb7H8AAABoRu7+98Utnex//b/+X/+v/9f/D7++/n816f/H6f/nWKXn/+v/J/f+9f/6f3aaWv+fu//9cUsn+x8AAAB6kLv/2rjF/gcAAIBm5O7/QNxi/wMAAEAzcvdfF7d0sv/1//p//b/+f6D/P/l/df2//n8VHVz/P9P/6//1/3Po//X/+n+2m1r/n7v/g3FLJ/sfAAAAepC7//q4xf4HAACAZuTu/1DcYv8DAABAM3L3fzhu6WT/6//1//p//b/n/w+/vv5/NXn+/zj9/xz6f/2//l//z0IN9/+XLK3/z93/kbilk/0PAAAAPcjdf0PcYv8DAABAM3L3fzRusf8BAACgGbn7Pxa3dLL/9f/6/639/2ym/9f/6/83DPT/t917xd/Vby+g/z860/8vnP5/nP5/Dv1/m/3/WbOG+v9ju36+/p8pmtrz/3P33xi3dLL/AQAAoAe5+z8et9j/AAAA0Izc/Z+IW+x/AAAAaEbu/k/GLZ3sf/2//n/Bz/+/68KB96H/36D/X/n+3/P/V4D+f5z+fw79f5v9v+f/6/9Zmqn1/7n7PxW3dLL/AQAAoAe5+z8dt9j/AAAA0Izc/Z+JW+x/AAAAaEbu/s/GLZ3sf/2//n/B/b/n/+v/9f+70P8fDv3/OP3/HPr/5vr//Ld7/b/+n+WYWv+fu/9zcUsn+x8AAAB6kLv/prjF/gcAAIBm5O6/OW6x/wEAAKAZufs/H7d0sv/1//p//f9q9v9Ht/T/Z8/0/6f+eP1/36bS/5933n/eov/X/+v/l9//e/6//p/lmlr/n7v/C3FLJ/sfAAAAepC7/4txi/0PAAAAzcjd/6W4xf4HAACAZuTu/3Lc0sn+39n/nzPbKFQ3DPX/0ajp/zfR/299//r/4X8+PP9f/6//P3hT6f89///03r/+X/+/yu9/X/3/P+/8fP0/LZpa/5+7/5a4pZP9DwAAAD3I3f+VuMX+BwAAgGbk7v9q3GL/AwAAQDNy998at3Sy/z3/X/+v/9f/L7z/v/7OjW/o/7fQ/x+O0+zv/+3G+Ib+P+j/9f/6/36f/3+2/p/FmVr/n7v/a3FLJ/sfAAAAepC7/7a4xf4HAACAZuTu/3rcYv8DAABAM3L3fyNu6WT/6//1//p//b/n/w+/vv5/NXn+/zj9f9n+l7ahn/7/6NAHl93Pn6llv/9m+n/P/2eBptb/5+7/ZtzSyf4HAACAHuTu/1bcYv8DAABAM3L3fztusf8BAACgGbn7vxO3dLL/9f/6//b7/wv1/9teX/+v/2+Z/j9/RB+m/5+jn/5/0LL7+VV///p//T87Ta3/z91/e9zSyf4HAACAHuTu/27cYv8DAABAM3L3fy9usf8BAACgGbn7vx+3dLL/9f999f9rsx77f8//1//r/3ui/x+n/59D/6//1//r/1moqfX/ufvvWFvvcv8DAADAqvrvf/n/2/f6x95x8n+Pzn4Qt5w/O7HHL2MDAAAAE/fA7l9bn81+ePK3fP0fAAAAWpS7/0dxSyf7X//fV//f5/P/9f/6f/1/T4b6+6Hvo3ej/w/6f/2//l//r/9nAabW/+fu/3Hcsmn4re/7rxIAAACYktz9P4lbOvn6PwAAAPQgd/9P45Yd+98vBwgAAACrKnf/z+KWTr7+r/+feP8/O6D+P/44/f8G/b/+f+j19f+ryfP/x51h/39iTf+v/x+h/9f/6//Zbmr9f+7+O+OWTvY/AAAANGrLzyjk7r8rbrH/AQAAoBm5+38et9j/AAAA0Izc/XfHLZ3sf/3/off/maof4PP/j9W3PP+/8/7/sqODr6//1/+3TP8/zvP/59D/t9L/H9H/6/+Zhqn1/7n7fxG3dLL/AQAAoAe5+38Zt9j/AAAA0Izc/b+KW+x/AAAAaEbu/l/HLZ3sf/3/xJ//f1r9/x6e/6//76P/3+X12+n//+Hc4zdd8D/XXKX/55TD7P/zn4VD7v+P7PfPuZn+fw79fyv9v+f/6/+ZiMX3/+tbPrjf/j93/2/ilk72PwAAAPQgd/89cYv9DwAAAM3I3f/buMX+BwAAgGbk7v9d3NLJ/tf/6/+n0v/n3+sl9P/HT7v/PzabzZbS/2dT3Hv/7/n/+v+dPP9/nP5/Dv2//l//r/9noRbf/2/94H77/9z9v49bOtn/AAAA0IPc/X+IW3L/r+37p+4BAACAicnd/8e4xdf/AQAAoBm5+++NWzrZ//p//f9U+v/k+f+nPq+t5/9fUHFqn/3/P9W39P8HS/8/Tv8/h/5f/6//1/+zUFPr/3P3/ylu6WT/AwAAQA9y998Xt9j/AAAA0Izc/X+OW+x/AAAAaEbu/r/ELZ3sf/1/q/1/FvH6f/3/VPp/z//3/P/Dof8fp/+fQ/+v/9f/6/9ZqKn1/7n7/xYAAP//2HxcCQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141142, 0x0)
pwrite64(r0, &(0x7f0000000000)='2', 0x1, 0x4fed0)

1m26.44527004s ago: executing program 2 (id=1055):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f00000002c0)='./bus\x00', 0x4010, &(0x7f0000000a40)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000000c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e1e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b18c4b455ab222d7ae1be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b8663a339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b03790090198145dee533257bb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f7688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba064dfa60bd7fafb3c22dc057e6f9e2a5eb144290afe5369110a71d4b7fc5937a32e213c443f3b9e506b25cf9e2520999b330fc9e86bde8c8ec78f67c0c7f24db0000000", @ANYRES16], 0x1, 0x11ee, &(0x7f0000002480)="$eJzs3MGLG1UcB/Bf17Xdbt3NqrXagvjQi16GZg9e9BJkC9KA0jZCKwhTd6IhYxIyYSEiVk9e/TvEozdBvOllL/4N3vbisQdxxKS1jUSpSDdSPp9LfvDel997BAZmmDdHr3/5Ub9bZd18EmsnTsTaKCLdTpFiLe76LF557Ycfn796/cblVru9dyWlS61rzVdTStsvfPfuJ1+/+P3kzDvfbH97Kg533jv6Zffnw3OH549+u/Zhr0q9Kg2Gk5Snm8PhJL9ZFmm/V/WzlN4ui7wqUm9QFeOF8W45HI2mKR/sb22OxkVVpXwwTf1imibDNBlPU/5B3hukLMvS1mbwX3S+ul3XdURdPx4no67r+nRsxpl4IrZiOxqxE0/GU/F0nI1n4lw8G8/F+dmsVa8bAAAAAAAAAAAAAAAAAAAAHi3O/wMAAAAAAAAAAAAAAAAAAMDqXb1+43Kr3d67ktJGRPnFQeegM/+dj7e60YsyirgYjfg1Zqf/5+b1pTfbexfTzE58Xt66k7910HlsMd+cfU5gab45z6fF/KnYvD+/G404uzy/uzS/ES+/dF8+i0b89H4Mo4z9+CN7L/9pM6U33mr/JX9hNg8AAAAeBVn609L79yz7u/F5/kGeD6zdbbaQX48L6yvbNndU04/7eVkW44dWnIyH3uKfio2IWF33By/W43+xDIViXqz6ysRxuPenr3olAAAAAAAAAAAA/BvH8Trh0sanj32rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA7+zAsQAAAACAMH/rNDo2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYKgAA///20tEU")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x31)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x18)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
r1 = open(&(0x7f00000003c0)='.\x00', 0x100, 0x97)
getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8)

1m26.224309972s ago: executing program 2 (id=1056):
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0xeaf62b8d3744ce94, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@volatile}]})
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x0, 0x0, 0x8})
umount2(&(0x7f0000000000)='./file0\x00', 0x3)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

1m25.967659545s ago: executing program 2 (id=1057):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000740), 0x8202, 0x0)
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x8000000000000000)
sigaltstack(&(0x7f0000000040)={0x0, 0x3}, 0x0)

1m25.884510092s ago: executing program 32 (id=1057):
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000740), 0x8202, 0x0)
mmap$binder(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x11, r0, 0x8000000000000000)
sigaltstack(&(0x7f0000000040)={0x0, 0x3}, 0x0)

48.154203799s ago: executing program 0 (id=1441):
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000009780)={0x2020}, 0x2020)
write$FUSE_DIRENTPLUS(r0, &(0x7f0000000100)={0x10, 0x0, 0x3}, 0x10)

48.024377884s ago: executing program 0 (id=1443):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000100)=0xcf5)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0xfffffffd, 0x4000000, 0x1, 0x10, "0062ba7d8200000000f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x3)

47.965124927s ago: executing program 0 (id=1445):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, 0x0, &(0x7f0000000040))

47.911538993s ago: executing program 0 (id=1446):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x6)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x1480, 0x0)
mount$bind(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc01, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x84000, 0x0)

47.812541032s ago: executing program 0 (id=1447):
syz_usb_connect(0x3, 0x1b, &(0x7f0000000240)=ANY=[@ANYBLOB="12010002c2bae3108009fd068c14363697d40902090000060780ff"], 0xfffffffffffffffe)

47.722103575s ago: executing program 0 (id=1449):
rt_sigaction(0x40, &(0x7f0000000140)={&(0x7f0000000000)="24339e9e0f1c2bdfd5c4a2f10027c6c43b640febce41d3ca6566f00fc02c101c65d2150e000000dbf5", 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000380))
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='stat\x00')
read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020)

47.634549337s ago: executing program 33 (id=1449):
rt_sigaction(0x40, &(0x7f0000000140)={&(0x7f0000000000)="24339e9e0f1c2bdfd5c4a2f10027c6c43b640febce41d3ca6566f00fc02c101c65d2150e000000dbf5", 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000380))
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='stat\x00')
read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020)

2.333459038s ago: executing program 1 (id=1955):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000340)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r2, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r2, 0x0, <r3=>0xffffffffffffffff, 0x1})
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r4, 0x3ba0, &(0x7f0000000640)={0x48, 0x8, r3, 0x0, 0x9, 0x245fd5, 0x1, &(0x7f0000000080)="f4", 0x10001})

2.277724287s ago: executing program 3 (id=1956):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0)

2.277404433s ago: executing program 3 (id=1957):
r0 = gettid()
r1 = socket(0x10, 0x803, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x70bd2b, 0x25dfdbfc, {0x0, 0x0, 0x74, 0x0, 0x19c04, 0x55007}, [@IFLA_NET_NS_PID={0x8, 0x13, r0}, @IFLA_ALT_IFNAME={0x14, 0x35, 'veth1_vlan\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4802}, 0x0)

2.277084439s ago: executing program 1 (id=1958):
bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040), 0x10)
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11)

2.1705684s ago: executing program 3 (id=1959):
r0 = io_uring_setup(0x4822, &(0x7f0000000180))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r1, &(0x7f0000000140), &(0x7f0000000040)=@tcp6=r2}, 0x20)
recvmmsg(r2, &(0x7f0000000bc0)=[{{0x0, 0xfffffff2, 0x0}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000780)=""/71, 0x47}], 0x1}}], 0x2, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

2.039671606s ago: executing program 3 (id=1960):
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
r3 = dup2(r2, r0)
fallocate(r3, 0x10, 0x480000000, 0xe6e)

1.95055737s ago: executing program 3 (id=1961):
syz_usb_connect(0x3, 0x36, &(0x7f00000029c0)={{0x12, 0x1, 0x300, 0xe5, 0xd2, 0x24, 0x20, 0x4bb, 0x930, 0xcb5d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0xf8, 0x40, 0x1, [{{0x9, 0x4, 0x81, 0x6, 0x2, 0xff, 0xff, 0xff, 0x2, [], [{{0x9, 0x5, 0x2, 0x0, 0x20, 0x8, 0x7, 0x1}}, {{0x9, 0x5, 0xc, 0x3, 0x40, 0x1, 0x8, 0xe4}}]}}]}}]}}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0})

1.680428323s ago: executing program 1 (id=1962):
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$inet(0x2, 0x80000, 0xfffffffd)
bind$inet(r1, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x10a)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x16)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000000c000000b400000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000003f00000000000000850000000600000095"], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(0x0)
getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@private0, 0x0, 0x2, 0x2, 0xf}, 0x0)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
ioctl$FS_IOC_GETFSLABEL(r6, 0x400452c8, &(0x7f0000000100))

1.029065223s ago: executing program 4 (id=1965):
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x0, 0x10ffff, 0xfffffffd})
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000001c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x10, 0x2, 0x0, 0x1, 0x4, 0xe7}, 0x20)

978.532345ms ago: executing program 4 (id=1966):
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x3200c02, &(0x7f0000000140)=ANY=[], 0x3, 0xa9c, &(0x7f0000001340)="$eJzs3U2MW0cBAOCxd73JJilxSkKXJKQJP2356W6zWcJPBE3VXIiailulikuUpiUiDYhUglaV8nPiBK2qcIUiTkWiAoTUXlDUE5dKNBKXikPhwIEoSJU4QGlitN4Z7/OszbP3z97190mz43nz7Jn39vn5/c1MAEZWtfl3bm6qEsK1N1858Y/7/j45P+Xh1hz15t/xQqoWQqjE9Hj2ee+NLcS333/xTKe4Emabf1M6PH6r9d7tIYTL4WC4Huph77UbL789+9ipKyevHnrntWM312bpAQBgtHzz+rG5PX/9075dH7x+4HjY0pqejs/rMb0jHvcfjwf+6fi/GtrTlUIomsjmG4+hms031mG+Yjm1bL7xLuVPZJ9ba+Xva5tvS0n5Y4VpnZYbNrK0HddDpTrdlq5Wp6cXzslD87x+ojJ94dz5py8OqKLAqvvXvSGEg0K/odFoXGquwCGoy9qGHYsby8DrMszhw8bg69B/aOwc3L4HoCi/X7jE5fzKwsq0Pm28t/JvPVLt/H5YBeu9/ZeV/+O/DLb8JUa8/F9escdh9WzWrSktV/oepbPY/D5C/vxSv9//9Hn5/Yhaj/Xsdh9ho9xf6FbPsXWux3J1q3++XWxWX4txWg9fz/KL35/8f7pR/sdAZ/9er+v/r04O/FrnfDg4BHXY1KE2BHUQeg6NQe+AgKG1+NzcgkaU8vPn+vL8LSX5W0vyJ0vyt5Xkby/Jh1H2u+d+El6qLJ7n5+f0/V4PS9fZ7orxR/qsT349st/y8+d++7XS8vPniWGYvXH6ibNffurJGwvP/1da2/+duL0fjOl6/G5djzOk64X5dfXWs//19nKqXea7O6vPXUvmbyyUuLt9vsruxc8Jhf3MknpMtb9vZ7f59rfPV8/mm4xha1bf/PhkW/a+dPyR9qtpfY1ny1vLlmMiq0far+yKcV4PWI60PXZ7/j9tn1OhVnn63PmzD8V02k7/OFbbMj/9cPFDf7U+dQdWptf2P1Ohvf3Pjtb0WrWwX2gdfqf9xeHW57VPn11I1vL5j8R0+p379thkc/r0me+ef2q1Fx5G3MXnX/jO6fPnz37fi/Ri0mrxwouyPcdmfXIQRsfMc89+b+bi8y88eO7Z08+cfebshSNHjx6ZnT36lSNzM83j+pniWT+wmSz+6A+6JgAAAAAAAAAAAECvfnDyxI0/v/Wldxfa/y+2/0vt/9OTv6n9/4+y9v95O/nUKiC1s9/VIb857t4b7fWYyOarxfDRrL67s3L2ZO/7WIxb4/jF9v+pvX3er2uqzz3Z9Lz/3jRf1p3Akv5SJrI+SFrjBcYG+5+M6asx/kWAAapMdp4c47L+rdO23uyf4tJaVZK1lvoTSVtD6scktf/u1q9T2v/vWoc6svrWoznhoJcR6Oyfq9H/96VV7pe4WkwXjsSHoL/k/xMajcHXYeVh+NezsIqh0TCKBzAcBj3+Z7rumeILf/jG1vmQZrv1SPv+Mu+/FFZi2MefVP7mGv+zNf5dT/u/Dr2rt/Xz3PvoCv/52c13C8WGvb3uf/PlT/1A7y4vs+iDWH5a/vtDb+U3Xs3Kz28I9ei/Wfnbeix/yfLvX175H8by02p74FO9lr9Q40q1vR75deN0/y+/bpzczpY/9e3Z9/Ivc6DGO7F8GGXdx5ntdQTb4bRRxv/tJn8O44sxnXaE6TmH/Be53/qn5yvS78Ce7PMrJb9vG2Wc4m5Gffzfr8a47PuQxv9N22O9Q7paSNc6rNuNvq3AZvPeeo3/Oyrh8hDUQVizcODX8YuzrPcPxxjYxdBoNAbakbdexAdr0Ot/0HefB13+oNd/mXz83/wYPh//t5qdQOTj/+bvz8f/zfPz8fXy/Hz833x95uP/5vn3ZJ+bX8GeKsn/eEn+3pL8fYv5k53y95e8/xMl+YdK8g+U5N9bkn93Sf5YSf6nS/I/U5J/X0n+AyX5ny3J3+ya7VEKX6pRW34YZXn7PN9/GB3p/k+37//uknxg4/rp64cfffK336ovtP+faJ2vpft4x2O6Fs+dfxjT+X3vUEjP570V03/L8of9egeMkrz/jPz3/f6SfGDjSs95+X7DCKps7Tw5xmm/0K3fqm7H+Wwsn4vx52P8hRg/GOPpGM/E+HCMZ9epfqyNR3/z+2MvVRbP93dm+b0+T563B8r7iTrSY33y6wP9Ps+e9+PXr5WWv8zmYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANTbf6dm5uqhHDtzVdOPHHq3Mz8lIdbc9Sbf8cLqVrrfSE8FOOxGP88vrj9/otnivGdGFfCbKiESmt6ePxWq6TtIYTL4WC4Huph77UbL789+9ipKyevHnrntWM3124NAAAAwOb3vwAAAP//wT0fdA==")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40106e80, &(0x7f0000000040)={0x1, 0x1, 0x9, 0x0, 0x7, 0x4fe4, 0x2401})

900.520814ms ago: executing program 4 (id=1967):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@bridge_newneigh={0x28, 0x1c, 0x401, 0x70bd28, 0x25dfdbfd, {0x7, 0x0, 0x0, r1, 0x2, 0x0, 0x9}, [@NDA_LLADDR={0xa, 0x2, @local}]}, 0x28}, 0x1, 0x0, 0x0, 0x400c894}, 0x24040040)

840.48028ms ago: executing program 4 (id=1968):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r0, &(0x7f00000000c0)={0x1f, 0x0, @none}, 0xe)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r1, &(0x7f00000000c0)={0x1f, 0x0, @none}, 0xe)

783.003526ms ago: executing program 4 (id=1969):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x4008a, &(0x7f00000001c0)={[{@dioread_nolock}, {@usrjquota, 0x22}, {@nogrpid}, {@noload}, {@acl}, {@grpjquota, 0x22}, {@errors_continue}, {@nodelalloc}, {@usrjquota}]}, 0xfe, 0x44e, &(0x7f0000000d80)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000100)='.\x00', 0x80061, &(0x7f00000001c0)=ANY=[], 0xfe, 0x0, &(0x7f0000000000))

777.905958ms ago: executing program 1 (id=1970):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f000000ab80)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_route={{0x11}, {0x54, 0x2, [@TCA_ROUTE4_IIF={0x8, 0x4, r3}, @TCA_ROUTE4_TO={0x8, 0x2, 0xe0}, @TCA_ROUTE4_POLICE={0x40, 0x5, [@TCA_POLICE_TBF={0x3c, 0x1, {0x80000000, 0x8, 0x7, 0xb4, 0x0, {0x5, 0x0, 0xb5, 0x9, 0x4}, {0x2, 0x0, 0x2, 0x800, 0x3580, 0x8}, 0x5, 0x19e6, 0x6}}]}]}}]}, 0x84}}, 0x440c0)

616.15995ms ago: executing program 4 (id=1971):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)={0x4, 0x2, 0xffff, 0x3, 0x1, 0x6, 0x0, 0x36a, 0x1020003f})
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
rmdir(&(0x7f0000000040)='./control\x00')

539.509733ms ago: executing program 1 (id=1972):
sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)={0x14, 0x0, 0x1}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x5, 0x0, 0x111}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r2, 0x80184132, &(0x7f0000000240))

440.496057ms ago: executing program 3 (id=1973):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(&(0x7f0000000100)='.\x00', &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x201008, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, 0xffffffffffffffff)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{}, {0x77359400}}, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000001180)='./bus\x00')
rmdir(&(0x7f0000000440)='./file0\x00')
open(0x0, 0x0, 0x1)

0s ago: executing program 1 (id=1974):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000000c0)="98a591c63a6efdecc4194d99634ff4eb90c266e83fff7dfbd3568c030612b423a36d", 0x22}, {&(0x7f0000000200)="da467702e2520108dcebc5560e4f93142974b51221138c2cdf5b4d5781b800c423ace69c1eba8d0c505baa2acdddff4bc6e17bd735b3576550a4b33160cad82f3df56db53fbf5fbad6125c8b7932af43ba88cd499a6c421696d57ff38d5231dc712a114aaeae76812b1375a1b59f2b669bcf1f5a39f4241eef5d48ba4a16fb354031b55dd47512d0b1c6d02dce620d1cd5bad3ff8d69fe0a9e54a633953fea9e23fdf840a0b9270dfa4799e36a059f53656b65191a14e19c6330c4df5e04ca466ea0b14f3c3a7f72f0f93653f165bd687201ae5aef946d01c988d885", 0xdc}, {&(0x7f0000000100)="8d25ca2a98879e57578c3d652f5cf57f904b471f18c14b4d786c4ae155bee597b14455173e5580fb3f47c2e329b126d05465fb165f08", 0x36}], 0x3, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nfc_llcp(0xffffffffffffffff, &(0x7f0000000a00)={&(0x7f0000000740)={0x27, 0x0, 0xffffffffffffffff, 0x7, 0x5, 0x8, "dfd968a2cbc3ab81b62b8972f86e3ccdbddc4cdd0b2b40a6e5de3c9e4781e0e1ee236c736b8402fffed1909bf55135108947062cc005658128e0af2959a321", 0x35}, 0x60, &(0x7f0000000880)=[{&(0x7f00000007c0)="fd509685c5db69548f0871e0910401e9810cb9f20ff5edc9014d51247a9fb3a2dd3c789834fbd05f35b6c71bba04f2e9756a751f6063e6e482d259dd129492", 0x3f}, {&(0x7f0000000900)="31201b71e7e5a5d8385082ec35e66960a0a2143de56a4e46b07c445bcea39bc3494c19b1ba18a3de073f59a708dff50516f44108ef6b5b54b0bc9133ee2813542ca23009f813c1d682e0a14864486d684196da5d366d68723e721ae785fb7450b3623aef7d56", 0x66}], 0x2, 0x0, 0x0, 0x10}, 0x44880)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

kernel console output (not intermixed with test programs):

netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  173.808019][ T6281] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  173.827501][ T6281] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  173.879988][ T1088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  173.884785][ T1088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  173.927863][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  173.930328][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  173.973567][ T5235] Bluetooth: hci2: command tx timeout
[  173.983374][ T8791] loop1: detected capacity change from 0 to 2048
[  174.030091][ T8795] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  174.048405][ T8796] loop3: detected capacity change from 0 to 1024
[  174.050854][ T8791] syz.1.1080: attempt to access beyond end of device
[  174.050854][ T8791] loop1: rw=0, sector=281474976710722, nr_sectors = 2 limit=2048
[  174.070760][ T8791] NILFS (loop1): I/O error reading b-tree node block (ino=16, blocknr=15)
[  174.075797][ T8791] syz.1.1080: attempt to access beyond end of device
[  174.075797][ T8791] loop1: rw=0, sector=281474976710722, nr_sectors = 2 limit=2048
[  174.083171][ T8791] NILFS (loop1): I/O error reading b-tree node block (ino=16, blocknr=15)
[  174.085795][ T8791] NILFS (loop1): error -5 truncating bmap (ino=16)
[  174.152765][ T8794] hfsplus: can't free extent
[  174.204351][ T8802] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1082'.
[  174.211438][   T40] hfsplus: b-tree write err: -5, ino 4
[  174.219859][ T8802] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1082'.
[  174.239784][ T8802] netlink: 52 bytes leftover after parsing attributes in process `syz.1.1082'.
[  174.361384][ T5988] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  174.392483][ T8809] netlink: 'syz.1.1085': attribute type 4 has an invalid length.
[  174.551285][   T33] audit: type=1326 audit(1755068649.271:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8817 comm="syz.0.1088" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f452cb8ebe9 code=0x0
[  174.890081][ T8845] smc: net device bond0 applied user defined pnetid SYZ2
[  174.895533][ T8847] loop3: detected capacity change from 0 to 512
[  174.910699][ T8847] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  174.925230][ T8847] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1098: iget: bad extended attribute block 851968
[  174.943737][ T8847] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1098: couldn't read orphan inode 15 (err -117)
[  174.952926][ T8847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  175.020145][ T8853] loop1: detected capacity change from 0 to 16
[  175.044068][ T8853] erofs (device loop1): mounted with root inode @ nid 36.
[  175.083320][ T7234] erofs (device loop1): failed to decompress 6887 in[4096, 0] out[9000]
[  175.088907][ T8690] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.089949][ T8853] erofs (device loop1): failed to decompress 6887 in[4096, 0] out[8192]
[  175.113968][ T8853] erofs (device loop1): read error -117 @ 1 of nid 89
[  175.126339][   T33] audit: type=1800 audit(1755068649.851:29): pid=8853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1099" name="file3" dev="loop1" ino=89 res=0 errno=0
[  175.474030][   T33] audit: type=1326 audit(1755068650.191:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8869 comm="syz.1.1106" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4010b8ebe9 code=0x0
[  175.681763][ T8861] loop3: detected capacity change from 0 to 32768
[  175.960819][    C1] Unknown status report in ack skb
[  176.040657][ T8890] loop3: detected capacity change from 0 to 1024
[  176.049972][ T8890] EXT4-fs: Ignoring removed mblk_io_submit option
[  176.051661][ T5235] Bluetooth: hci2: command tx timeout
[  176.053480][ T8890] EXT4-fs: Ignoring removed nomblk_io_submit option
[  176.098918][ T8890] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.182377][ T8690] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.343906][ T6281] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0x9
[  176.385476][ T8906] loop1: detected capacity change from 0 to 1764
[  177.197402][ T8922] netlink: 'syz.0.1122': attribute type 9 has an invalid length.
[  177.202864][ T8922] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1122'.
[  177.479376][ T8935] loop0: detected capacity change from 0 to 4096
[  177.485175][ T8935] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  177.507672][ T8935] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  177.510874][ T8935] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[  177.515736][ T8935] ntfs3(loop0): ino=5, mi_enum_attr
[  177.606760][ T8942] loop0: detected capacity change from 0 to 128
[  177.651413][ T8942] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  177.674792][ T8944] loop3: detected capacity change from 0 to 1024
[  177.716464][ T8944] hfsplus: bad catalog entry type
[  177.728050][ T8942] hpfs: hpfs_map_sector(): read error
[  177.749162][ T4264] hfsplus: b-tree write err: -5, ino 4
[  177.821557][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  177.838662][ T8948] loop3: detected capacity change from 0 to 1764
[  177.861879][ T8948] iso9660: Corrupted directory entry in block 2 of inode 1920
[  177.928592][ T8952] gretap0: entered promiscuous mode
[  177.931647][ T5909] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  178.082102][ T5909] usb 2-1: Using ep0 maxpacket: 8
[  178.093571][ T5909] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  178.096915][ T5909] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2
[  178.100416][ T5909] usb 2-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6
[  178.135159][ T5235] Bluetooth: hci2: command tx timeout
[  178.147211][ T5909] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10
[  178.161138][ T5909] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024
[  178.165634][ T5909] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  178.169202][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.231473][ T5909] hub 2-1:1.0: bad descriptor, ignoring hub
[  178.235958][ T5909] hub 2-1:1.0: probe with driver hub failed with error -5
[  178.238927][ T8978] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1149'.
[  178.239263][ T5909] cdc_wdm 2-1:1.0: skipping garbage
[  178.251624][ T5909] cdc_wdm 2-1:1.0: skipping garbage
[  178.253840][ T5909] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22
[  178.469090][ T8991] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1155'.
[  178.537641][ T8997] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1158'.
[  178.609957][ T9001] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1159'.
[  178.712667][ T5909] usb 2-1: reset high-speed USB device number 21 using dummy_hcd
[  179.184489][ T5909] usb 2-1: USB disconnect, device number 21
[  179.702520][   T47] usb 4-1: new full-speed USB device number 2 using dummy_hcd
[  179.879909][  T791] kernel write not supported for file /register (pid: 791 comm: kworker/1:2)
[  179.885112][   T47] usb 4-1: config 4 has an invalid interface number: 231 but max is 0
[  179.888105][   T47] usb 4-1: config 4 has no interface number 0
[  179.900237][   T47] usb 4-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d
[  179.909899][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.913518][   T47] usb 4-1: Product: syz
[  179.915157][   T47] usb 4-1: Manufacturer: syz
[  179.916880][   T47] usb 4-1: SerialNumber: syz
[  179.934621][   T47] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state.
[  180.141174][   T47] vp7045: USB control message 'out' went wrong.
[  180.143921][   T47] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  180.150126][   T47] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19)
[  180.150550][ T9031] loop1: detected capacity change from 0 to 32768
[  180.156918][   T47] usb 4-1: USB disconnect, device number 2
[  180.166074][ T9031] ERROR: (device loop1): diAllocAG: nfreeinos = 0, but iag on freelist
[  180.166074][ T9031] 
[  180.175332][ T9031] ialloc: diAlloc returned -5!
[  180.232392][ T5909] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  180.387856][ T5909] usb 1-1: Using ep0 maxpacket: 8
[  180.394962][ T5909] usb 1-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  180.398682][ T5909] usb 1-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  180.403755][ T5909] usb 1-1: Product: syz
[  180.405555][ T5909] usb 1-1: Manufacturer: syz
[  180.407367][ T5909] usb 1-1: SerialNumber: syz
[  180.416259][ T5909] usb 1-1: config 0 descriptor??
[  180.424558][ T5909] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  180.759509][ T9050] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1183'.
[  180.816350][ T9052] loop3: detected capacity change from 0 to 16
[  180.822041][ T9052] erofs (device loop3): rootino(nid 36) is not a directory(i_mode 23300)
[  181.029055][ T5909] gspca_zc3xx: reg_w_i err -71
[  181.034984][ T5909] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  181.041425][ T5909] usb 1-1: USB disconnect, device number 15
[  181.112082][ T5847] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  181.137036][ T9063] loop1: detected capacity change from 0 to 4096
[  181.157379][ T9065] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  181.240123][ T9067] loop1: detected capacity change from 0 to 4096
[  181.259001][ T9067] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  181.264352][ T5847] usb 4-1: config 0 interface 0 has no altsetting 0
[  181.268065][ T5847] usb 4-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00
[  181.274023][ T5847] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  181.279430][ T5847] usb 4-1: config 0 descriptor??
[  181.305825][ T9067] ntfs3(loop1): ino=1d, mi_enum_attr
[  181.307836][ T9067] ntfs3(loop1): ino=1d, mi_enum_attr
[  181.309755][ T9067] ntfs3(loop1): ino=1d, mi_enum_attr
[  181.312808][ T9067] ntfs3(loop1): ino=1b, "file0" ntfs_readdir
[  181.409967][ T9070] loop1: detected capacity change from 0 to 1024
[  181.428422][ T9070] hfsplus: invalid btree flag
[  181.430312][ T9070] hfsplus: failed to load extents file
[  181.666279][ T9086] bridge0: entered promiscuous mode
[  181.668318][ T9086] vlan2: entered promiscuous mode
[  181.695074][ T5847] logitech 0003:046D:C294.000B: unknown main item tag 0x6
[  181.697443][ T5847] logitech 0003:046D:C294.000B: item fetching failed at offset 5/7
[  181.700277][ T5847] logitech 0003:046D:C294.000B: parse failed
[  181.708024][ T5847] logitech 0003:046D:C294.000B: probe with driver logitech failed with error -22
[  181.907672][ T5847] usb 4-1: USB disconnect, device number 3
[  181.912912][ T9103] loop1: detected capacity change from 0 to 1024
[  181.944685][ T9103] hfsplus: xattr searching failed
[  181.948178][ T9105] 8021q: adding VLAN 0 to HW filter on device bond1
[  181.964303][ T9105] bond0: (slave bond1): Enslaving as an active interface with an up link
[  182.060194][ T9114] loop0: detected capacity change from 0 to 256
[  182.104214][ T9116] loop1: detected capacity change from 0 to 1024
[  182.123190][ T9116] EXT4-fs: inline encryption not supported
[  182.170239][ T9116] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.201466][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  182.399967][ T9118] loop0: detected capacity change from 0 to 32768
[  182.404082][ T9118] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1213 (9118)
[  182.427537][ T9118] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  182.438342][ T9118] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  182.595359][ T9118] BTRFS error (device loop0): nologreplay must be used with ro mount option
[  182.615875][ T9118] BTRFS info (device loop0): using free-space-tree
[  182.629850][ T9118] BTRFS error (device loop0): open_ctree failed: -22
[  183.428000][ T9146] loop0: detected capacity change from 0 to 1024
[  183.466699][ T9146] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  183.488422][   T33] audit: type=1800 audit(1755068658.211:31): pid=9146 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1223" name="file2" dev="loop0" ino=16 res=0 errno=0
[  183.591272][ T5847] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  183.666112][ T5851] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.753687][ T5847] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  183.773430][ T5847] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  183.777199][ T5847] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.807787][ T5847] usb 2-1: config 0 descriptor??
[  183.883731][ T9155] Illegal XDP return value 4294967274 on prog  (id 90) dev N/A, expect packet loss!
[  184.137052][ T9166] loop3: detected capacity change from 0 to 1024
[  184.197416][ T9166] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  184.245279][ T5847] lenovo 0003:17EF:6047.000C: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0
[  184.293503][ T8690] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  184.358035][ T5235] Bluetooth: hci1: unexpected event for opcode 0x041b
[  184.622650][ T5880] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  184.801846][ T5880] usb 4-1: Using ep0 maxpacket: 8
[  184.873511][ T5880] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  184.895673][ T5880] usb 4-1: New USB device found, idVendor=1345, idProduct=3008, bcdDevice= 0.00
[  184.908549][ T5880] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.027769][ T5880] usb 4-1: config 0 descriptor??
[  185.446258][ T5909] usb 2-1: USB disconnect, device number 22
[  185.471832][ T5880] sony 0003:1345:3008.000D: hiddev0,hidraw0: USB HID v80.07 Device [HID 1345:3008] on usb-dummy_hcd.3-1/input0
[  185.476636][ T5880] sony 0003:1345:3008.000D: failed to claim input
[  185.561186][   T47] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  185.662686][ T5880] usb 4-1: USB disconnect, device number 4
[  185.712099][   T47] usb 1-1: Using ep0 maxpacket: 32
[  185.718782][   T47] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  185.724484][   T47] usb 1-1: config 0 has no interface number 0
[  185.726553][   T47] usb 1-1: config 0 interface 12 has no altsetting 0
[  185.733467][   T47] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  185.736458][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.739406][   T47] usb 1-1: Product: syz
[  185.741465][   T47] usb 1-1: Manufacturer: syz
[  185.743900][   T47] usb 1-1: SerialNumber: syz
[  185.749905][   T47] usb 1-1: config 0 descriptor??
[  186.211800][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  186.805394][ T9259] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1252'.
[  186.812259][ T9259] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1252'.
[  186.821333][ T9259] netlink: 'syz.1.1252': attribute type 18 has an invalid length.
[  186.974972][   T47] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  186.990879][   T47] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[  186.996996][   T47] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  187.005178][   T47] f81534 1-1:0.12: probe with driver f81534 failed with error -71
[  187.033709][   T47] usb 1-1: USB disconnect, device number 16
[  187.178316][ T9274] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1257'.
[  187.266520][ T9263] loop1: detected capacity change from 0 to 32768
[  187.781168][   T47] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  187.811218][ T5880] usb 1-1: new low-speed USB device number 17 using dummy_hcd
[  187.931675][   T47] usb 2-1: Using ep0 maxpacket: 32
[  187.935352][   T47] usb 2-1: config 0 has an invalid interface number: 51 but max is 0
[  187.938401][   T47] usb 2-1: config 0 has no interface number 0
[  187.940731][   T47] usb 2-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  187.944712][   T47] usb 2-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  187.950891][   T47] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  187.954153][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.956744][   T47] usb 2-1: Product: syz
[  187.958391][   T47] usb 2-1: Manufacturer: syz
[  187.960149][   T47] usb 2-1: SerialNumber: syz
[  187.964928][ T5880] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  187.968027][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.971568][   T47] usb 2-1: config 0 descriptor??
[  187.976268][ T5880] usb 1-1: config 0 descriptor??
[  187.981441][   T47] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  188.179024][   T47] usb 2-1: qt2_setup_urbs - submit read urb failed -90
[  188.185619][ T5880] asix 1-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random
[  188.188941][   T47] quatech2 2-1:0.51: probe with driver quatech2 failed with error -90
[  188.383832][ T5847] usb 2-1: USB disconnect, device number 23
[  188.390595][ T5880] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  188.394651][ T5880] asix 1-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  188.399245][ T5880] asix 1-1:0.0: probe with driver asix failed with error -71
[  188.409077][ T5880] usb 1-1: USB disconnect, device number 17
[  189.085918][ T9299] netlink: 'syz.3.1268': attribute type 4 has an invalid length.
[  189.098761][ T9299] netlink: 'syz.3.1268': attribute type 4 has an invalid length.
[  189.914346][   T33] audit: type=1326 audit(1755068664.641:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9300 comm="syz.1.1270" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4010b8ebe9 code=0x7fc00000
[  190.201303][   T47] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  190.353247][   T47] usb 2-1: config 0 has an invalid interface number: 237 but max is 0
[  190.361162][   T47] usb 2-1: config 0 has no interface number 0
[  190.363799][   T47] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  190.368097][   T47] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  190.373819][   T47] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  190.378164][   T47] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  190.385809][   T47] usb 2-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.b6
[  190.389157][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.392219][   T47] usb 2-1: Product: syz
[  190.393628][   T47] usb 2-1: Manufacturer: syz
[  190.395265][   T47] usb 2-1: SerialNumber: syz
[  190.399335][   T47] usb 2-1: config 0 descriptor??
[  190.410232][   T47] xpad 2-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90
[  190.415689][   T47] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.237/input/input17
[  190.629239][ T5909] usb 2-1: USB disconnect, device number 24
[  191.300383][ T9353] loop1: detected capacity change from 0 to 1024
[  191.317313][ T9353] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.949456][ T9361] loop3: detected capacity change from 0 to 4096
[  192.050512][ T9363] netlink: 6 bytes leftover after parsing attributes in process `syz.3.1293'.
[  192.192009][ T9367] wireguard0: entered promiscuous mode
[  192.193787][ T9367] wireguard0: entered allmulticast mode
[  192.203132][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.523341][ T5847] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  192.604223][ T9384] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  192.685701][ T5847] usb 2-1: Using ep0 maxpacket: 16
[  192.689517][ T5847] usb 2-1: unable to get BOS descriptor or descriptor too short
[  192.695470][ T5847] usb 2-1: config 117 has an invalid interface number: 106 but max is 0
[  192.698307][ T5847] usb 2-1: config 117 has no interface number 0
[  192.700604][ T5847] usb 2-1: config 117 interface 106 has no altsetting 0
[  192.715824][ T5847] usb 2-1: New USB device found, idVendor=110a, idProduct=1451, bcdDevice=6d.26
[  192.718928][ T5847] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  192.721934][ T5847] usb 2-1: Product: syz
[  192.723288][ T5847] usb 2-1: Manufacturer: syz
[  192.724706][ T5847] usb 2-1: SerialNumber: syz
[  192.777132][ T9392] loop0: detected capacity change from 0 to 4096
[  192.827026][ T9398] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  192.970604][ T5847] mxuport 2-1:117.106: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  192.981491][ T5847] mxuport 2-1:117.106: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  192.985726][ T5847] mxuport 2-1:117.106: probe with driver mxuport failed with error -71
[  192.995436][ T5847] usb 2-1: USB disconnect, device number 25
[  193.311598][ T9414] loop0: detected capacity change from 0 to 32768
[  193.335630][ T9414] ocfs2: Slot 0 on device (7,0) was already allocated to this node!
[  193.347633][ T9414] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  193.364128][ T9414] (syz.0.1317,9414,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[  193.407671][ T5851] ocfs2: Unmounting device (7,0) on (node local)
[  193.827048][ T9448] netlink: 'syz.0.1331': attribute type 13 has an invalid length.
[  193.838671][ T9446] loop1: detected capacity change from 0 to 512
[  193.867586][ T9446] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.881567][ T9446] ext4 filesystem being mounted at /409/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.886911][ T6258] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  193.898744][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  193.912022][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  193.952647][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.057208][ T6258] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  194.057233][ T6258] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  194.057249][ T6258] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  194.057289][ T6258] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  194.057309][ T6258] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  194.065693][ T6258] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  194.065717][ T6258] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  194.065734][ T6258] usb 4-1: Product: syz
[  194.065746][ T6258] usb 4-1: Manufacturer: syz
[  194.082333][ T6258] cdc_wdm 4-1:1.0: skipping garbage
[  194.082388][ T6258] cdc_wdm 4-1:1.0: skipping garbage
[  194.091795][ T6258] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  194.091815][ T6258] cdc_wdm 4-1:1.0: Unknown control protocol
[  194.124245][ T9458] sctp: [Deprecated]: syz.1.1335 (pid 9458) Use of struct sctp_assoc_value in delayed_ack socket option.
[  194.124245][ T9458] Use struct sctp_sack_info instead
[  194.256163][ T9462] loop0: detected capacity change from 0 to 4096
[  194.265106][ T9462] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  194.270101][ T9462] ntfs3(loop0): ino=0, mi_enum_attr
[  194.281490][ T9462] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  194.300914][ T9462] ntfs3(loop0): failed to replay log file. Can't mount rw!
[  194.414754][ T9472] netlink: 'syz.1.1342': attribute type 6 has an invalid length.
[  194.486403][ T9478] loop0: detected capacity change from 0 to 16
[  194.495570][ T9478] erofs (device loop0): mounted with root inode @ nid 36.
[  194.637091][    C0] cdc_wdm 4-1:1.0: nonzero urb status received: -EPIPE
[  194.821224][ T5909] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  194.843794][ T5847] usb 4-1: USB disconnect, device number 5
[  194.971124][ T5909] usb 1-1: Using ep0 maxpacket: 32
[  194.975297][ T5909] usb 1-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  194.978577][ T5909] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.984237][ T5909] usb 1-1: config 0 descriptor??
[  194.989450][ T5909] gspca_main: sq930x-2.14.0 probing 041e:403c
[  195.381775][ T9493] loop3: detected capacity change from 0 to 64
[  195.390987][ T5909] gspca_sq930x: ucbus_write failed -71
[  195.393143][ T5909] sq930x 1-1:0.0: probe with driver sq930x failed with error -71
[  195.397292][ T5909] usb 1-1: USB disconnect, device number 18
[  195.505699][ T9497] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1354'.
[  195.697120][ T9502] netlink: 'syz.1.1356': attribute type 6 has an invalid length.
[  195.701883][ T9502] netlink: 'syz.1.1356': attribute type 6 has an invalid length.
[  195.894330][ T9508] loop1: detected capacity change from 0 to 512
[  195.909337][ T9508] EXT4-fs: Ignoring removed i_version option
[  195.934018][ T9508] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  195.977507][ T9508] EXT4-fs (loop1): 1 truncate cleaned up
[  195.980036][ T9508] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  196.093733][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.354648][ T9512] loop0: detected capacity change from 0 to 32768
[  196.364453][ T9512] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1360 (9512)
[  196.412693][ T9512] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  196.416726][ T9512] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  196.420100][ T9512] BTRFS info (device loop0): using free-space-tree
[  196.556296][ T9512] BTRFS info (device loop0): rebuilding free space tree
[  196.608436][ T9538] loop1: detected capacity change from 0 to 736
[  196.934068][ T9541] loop1: detected capacity change from 0 to 4096
[  196.985322][ T9541] NILFS (loop1): invalid segment: Checksum error in segment payload
[  196.988399][ T9541] NILFS (loop1): trying rollback from an earlier position
[  197.072199][ T9541] NILFS (loop1): recovery complete
[  197.080836][ T9543] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  197.398594][ T5851] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  198.080568][ T9549] loop3: detected capacity change from 0 to 32768
[  198.096516][ T9549] find_entry called with index >= next_index
[  198.262666][ T9555] loop0: detected capacity change from 0 to 64
[  198.654154][ T9563] loop0: detected capacity change from 0 to 32768
[  198.671129][ T9563] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  198.769422][ T9560] loop3: detected capacity change from 0 to 40427
[  198.781621][ T5851] ocfs2: Unmounting device (7,0) on (node local)
[  198.785353][ T9560] F2FS-fs (loop3): Image doesn't support compression
[  198.787364][ T9560] F2FS-fs (loop3): build fault injection rate: 690
[  198.804543][ T9560] F2FS-fs (loop3): invalid crc value
[  198.876256][ T9560] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  198.880064][ T9560] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  199.127707][ T9577] loop0: detected capacity change from 0 to 4096
[  199.169651][ T9577] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  199.184014][ T9577] ntfs3(loop0): Failed to load $Extend (-22).
[  199.186473][ T9577] ntfs3(loop0): Failed to initialize $Extend.
[  199.421276][ T5988] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  199.581346][ T5988] usb 4-1: Using ep0 maxpacket: 32
[  199.585033][ T5988] usb 4-1: config 0 has an invalid interface number: 50 but max is 0
[  199.587556][ T5988] usb 4-1: config 0 has no interface number 0
[  199.589405][ T5988] usb 4-1: config 0 interface 50 has no altsetting 0
[  199.594189][ T5988] usb 4-1: New USB device found, idVendor=067b, idProduct=0307, bcdDevice=13.70
[  199.597299][ T5988] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.600118][ T5988] usb 4-1: Product: syz
[  199.601801][ T5988] usb 4-1: Manufacturer: syz
[  199.603517][ T5988] usb 4-1: SerialNumber: syz
[  199.606715][ T5988] usb 4-1: config 0 descriptor??
[  199.611338][  T791] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  199.616010][ T5988] pl2303 4-1:0.50: required interrupt-in endpoint missing
[  199.771260][  T791] usb 1-1: Using ep0 maxpacket: 16
[  199.775718][  T791] usb 1-1: config 0 has an invalid interface number: 79 but max is 0
[  199.778183][  T791] usb 1-1: config 0 has no interface number 0
[  199.783631][  T791] usb 1-1: New USB device found, idVendor=0402, idProduct=5632, bcdDevice=c3.6f
[  199.786545][  T791] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.788959][  T791] usb 1-1: Product: syz
[  199.790361][  T791] usb 1-1: Manufacturer: syz
[  199.792100][  T791] usb 1-1: SerialNumber: syz
[  199.796380][  T791] usb 1-1: config 0 descriptor??
[  199.827758][ T5909] usb 4-1: USB disconnect, device number 6
[  200.006667][  T791] cdc_subset 1-1:0.79: probe with driver cdc_subset failed with error -71
[  200.014832][  T791] usb 1-1: USB disconnect, device number 19
[  200.757272][ T9593] loop3: detected capacity change from 0 to 32768
[  200.994321][ T9593] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  201.020513][ T9593] XFS (loop3): Ending clean mount
[  201.072586][ T8690] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  201.274902][ T9605] loop3: detected capacity change from 0 to 1024
[  201.278451][ T9605] EXT4-fs: Ignoring removed orlov option
[  201.280830][ T9605] EXT4-fs: Ignoring removed mblk_io_submit option
[  201.290610][ T9605] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  201.310585][ T9605] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.351538][ T8690] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.964639][ T9621] loop3: detected capacity change from 0 to 40427
[  201.976204][ T9621] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  201.979258][ T9621] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  202.115512][ T9621] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  202.121742][ T9621] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  202.124491][ T9621] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  202.271968][ T9627] loop0: detected capacity change from 0 to 32768
[  202.276316][ T9627] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1396 (9627)
[  202.296148][ T9627] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  202.307345][ T9627] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  202.321237][ T9627] BTRFS info (device loop0): using free-space-tree
[  202.535968][ T5851] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  202.683999][ T9668] pim6reg1: entered allmulticast mode
[  202.851871][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  202.942786][ T9672] fuse: Bad value for 'fd'
[  203.044596][ T9674] nfs: Deprecated parameter 'nointr'
[  203.338233][ T9669] loop3: detected capacity change from 0 to 32768
[  204.593124][ T9686] loop0: detected capacity change from 0 to 32768
[  204.595908][ T9696] loop1: detected capacity change from 0 to 32768
[  204.608914][ T9686] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1412 (9686)
[  204.621293][ T9696] JBD2: Ignoring recovery information on journal
[  204.653585][ T9696] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  204.674222][ T9686] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  204.679422][ T9686] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  204.683785][ T9686] BTRFS info (device loop0): disk space caching is enabled
[  204.686041][ T9686] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  204.737842][ T9686] BTRFS info (device loop0): rebuilding free space tree
[  204.738300][ T9696] OCFS2: ERROR (device loop1): int ocfs2_reserve_local_alloc_bits(struct ocfs2_super *, u32, struct ocfs2_alloc_context *): local alloc inode 76 says it has 2 used bits, but a count shows 1
[  204.748047][ T9696] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  204.751239][ T9696] OCFS2: File system is now read-only.
[  204.752965][ T9696] (syz.1.1417,9696,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30
[  204.756751][ T9696] (syz.1.1417,9696,0):ocfs2_reserve_clusters_with_limit:1172 ERROR: status = -30
[  204.759838][ T9696] (syz.1.1417,9696,0):ocfs2_reserve_clusters_with_limit:1221 ERROR: status = -30
[  204.762605][ T9686] BTRFS info (device loop0): disabling free space tree
[  204.763089][ T9696] (syz.1.1417,9696,0):ocfs2_lock_allocators:2775 ERROR: status = -30
[  204.765979][ T9686] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  204.767747][ T9696] (syz.1.1417,9696,0):ocfs2_write_begin_nolock:1723 ERROR: status = -30
[  204.767781][ T9696] (syz.1.1417,9696,0):ocfs2_write_begin:1887 ERROR: status = -30
[  204.811414][ T9686] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  204.848943][ T5845] ocfs2: Unmounting device (7,1) on (node local)
[  204.945274][ T5851] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  205.132272][ T9699] loop3: detected capacity change from 0 to 32768
[  205.429827][ T9699] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  205.429851][ T9699]   allowing incompatible features above 0.0: (unknown version)
[  205.429861][ T9699]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  205.486652][ T9699] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  205.501187][ T9699] bcachefs (loop3): initializing new filesystem
[  205.516574][ T9699] bcachefs (loop3): going read-write
[  205.541207][ T9699] bcachefs (loop3): marking superblocks
[  205.574524][ T9699] bcachefs (loop3): initializing freespace
[  205.588702][ T9699] bcachefs (loop3): done initializing freespace
[  205.594857][ T9699] bcachefs (loop3): reading snapshots table
[  205.596688][ T9699] bcachefs (loop3): reading snapshots done
[  205.624997][ T9699] bcachefs (loop3): done starting filesystem
[  205.686644][ T9699] syz.3.1418 (9699) used greatest stack depth: 15688 bytes left
[  205.699068][ T9750] openvswitch: netlink: VXLAN extension message has 4 unknown bytes.
[  205.721198][ T5909] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  205.738870][ T8690] bcachefs (loop3): shutting down
[  205.740667][ T8690] bcachefs (loop3): going read-only
[  205.744420][ T8690] bcachefs (loop3): finished waiting for writes to stop
[  205.747980][ T8690] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[  205.794636][ T9752] loop1: detected capacity change from 0 to 736
[  205.796517][ T8690] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  205.806971][ T8690] bcachefs (loop3): clean shutdown complete, journal seq 4
[  205.810376][ T8690] bcachefs (loop3): marking filesystem clean
[  205.842115][ T8690] bcachefs (loop3): shutdown complete
[  205.882959][ T5909] usb 1-1: config 2 has an invalid interface number: 181 but max is 0
[  205.886257][ T5909] usb 1-1: config 2 has no interface number 0
[  205.891180][ T5909] usb 1-1: config 2 interface 181 has no altsetting 0
[  205.900856][ T5909] usb 1-1: New USB device found, idVendor=1776, idProduct=501c, bcdDevice=7e.08
[  205.905901][ T5909] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.908935][ T5909] usb 1-1: Product: syz
[  205.918948][ T5909] usb 1-1: Manufacturer: syz
[  205.920781][ T5909] usb 1-1: SerialNumber: syz
[  205.943356][ T5909] gspca_main: spca501-2.14.0 probing 1776:501c
[  206.150135][ T5909] gspca_spca501: reg write: error -71
[  206.153660][ T5909] spca501 1-1:2.181: Reg write failed for 0x02,0x07,0x05
[  206.157619][ T5909] spca501 1-1:2.181: probe with driver spca501 failed with error -22
[  206.162752][ T5909] usb 1-1: USB disconnect, device number 20
[  206.231240][ T5988] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  206.381421][ T5988] usb 2-1: Using ep0 maxpacket: 16
[  206.385492][ T5988] usb 2-1: config 254 has an invalid descriptor of length 0, skipping remainder of the config
[  206.390852][ T5988] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1
[  206.393942][ T5988] usb 2-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3
[  206.396962][ T5988] usb 2-1: Product: syz
[  206.398430][ T5988] usb 2-1: Manufacturer: syz
[  206.399831][ T5988] usb 2-1: SerialNumber: syz
[  206.412144][ T5988] usbtest 2-1:254.0: couldn't get endpoints, -22
[  206.414465][ T5988] usbtest 2-1:254.0: probe with driver usbtest failed with error -22
[  206.618442][ T5988] usb 2-1: USB disconnect, device number 26
[  207.008416][ T9767] loop0: detected capacity change from 0 to 8
[  207.030054][ T9767] squashfs image failed sanity check
[  207.134575][ T9771] loop0: detected capacity change from 0 to 1024
[  207.155731][ T9763] loop3: detected capacity change from 0 to 32768
[  207.171655][ T9763] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.186871][ T9771] hfsplus: hfsplus: Invalid key length: 29235
[  207.234390][ T9763] XFS (loop3): Ending clean mount
[  207.240373][ T9763] XFS (loop3): Quotacheck needed: Please wait.
[  207.293694][ T9763] XFS (loop3): Quotacheck: Done.
[  207.319139][ T9785] loop1: detected capacity change from 0 to 512
[  207.361906][ T8690] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.367598][ T9785] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.373910][ T9785] ext4 filesystem being mounted at /465/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  208.017863][ T5849] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  208.023865][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  208.027307][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  208.039139][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  208.040961][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.045904][ T5849] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  208.138856][ T9815] loop1: detected capacity change from 0 to 256
[  208.243719][ T5988] IPVS: starting estimator thread 0...
[  208.260054][ T9820] tipc: Enabled bearer <udp:s>, priority 10
[  208.326034][ T9808] chnl_net:caif_netlink_parms(): no params data found
[  208.331946][ T9822] IPVS: using max 48 ests per chain, 115200 per kthread
[  208.396263][ T9808] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.398628][ T9808] bridge0: port 1(bridge_slave_0) entered disabled state
[  208.403562][ T9808] bridge_slave_0: entered allmulticast mode
[  208.406525][ T9808] bridge_slave_0: entered promiscuous mode
[  208.410176][ T9808] bridge0: port 2(bridge_slave_1) entered blocking state
[  208.412760][ T9808] bridge0: port 2(bridge_slave_1) entered disabled state
[  208.415130][ T9808] bridge_slave_1: entered allmulticast mode
[  208.418051][ T9808] bridge_slave_1: entered promiscuous mode
[  208.440369][ T9808] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  208.442820][ T6258] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  208.447883][ T9808] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.482807][ T9808] team0: Port device team_slave_0 added
[  208.487582][ T9808] team0: Port device team_slave_1 added
[  208.555242][ T9808] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.557938][ T9808] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.569246][ T9808] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.583359][ T9808] batman_adv: batadv0: Adding interface: batadv_slave_1
[  208.591390][ T6258] usb 4-1: Using ep0 maxpacket: 32
[  208.596219][ T9808] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.619823][ T6258] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  208.634818][ T9808] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.641471][ T6258] usb 4-1: New USB device found, idVendor=0c72, idProduct=0011, bcdDevice= 9.75
[  208.654215][ T6258] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.661139][ T6258] usb 4-1: Product: syz
[  208.662821][ T6258] usb 4-1: Manufacturer: syz
[  208.664690][ T6258] usb 4-1: SerialNumber: syz
[  208.678265][ T6258] usb 4-1: config 0 descriptor??
[  208.765478][ T9808] hsr_slave_0: entered promiscuous mode
[  208.769194][ T9808] hsr_slave_1: entered promiscuous mode
[  208.777169][ T9808] debugfs: 'hsr0' already exists in 'hsr'
[  208.779571][ T9808] Cannot create hsr debugfs directory
[  208.786642][ T9836] loop1: detected capacity change from 0 to 32768
[  208.797983][ T9836] find_entry called with index >= next_index
[  208.799963][ T9836] find_entry called with index >= next_index
[  208.802171][ T9836] find_entry called with index >= next_index
[  208.808741][ T9836] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=48, index = 1
[  208.808741][ T9836] 
[  208.815902][ T9836] ERROR: (device loop1): remounting filesystem as read-only
[  208.818144][ T9836] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=48, index = 3
[  208.818144][ T9836] 
[  208.822136][ T9836] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=48, index = 4
[  208.822136][ T9836] 
[  208.890298][ T6258] peak_usb 4-1:0.0 can0: unable to request usb[type=0 value=1] err=-71
[  208.899865][ T6258] peak_usb 4-1:0.0: unable to read PCAN-USB Pro FD firmware info (err -71)
[  208.980965][ T9842] loop1: detected capacity change from 0 to 1024
[  208.996298][ T9842] EXT4-fs: Ignoring removed bh option
[  209.002849][ T9842] EXT4-fs: Conflicting test_dummy_encryption options
[  209.006495][ T6258] peak_usb 4-1:0.0: probe with driver peak_usb failed with error -71
[  209.034555][ T6258] usb 4-1: USB disconnect, device number 7
[  209.257432][ T9808] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  209.261975][  T791] tipc: Node number set to 588303738
[  209.270624][ T9808] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  209.278217][ T9808] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  209.286991][ T9808] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  209.327439][ T9808] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.330600][ T9808] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.334994][ T9808] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.337822][ T9808] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.346726][ T1016] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.352468][ T1016] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.362961][ T5988] usb 2-1: new low-speed USB device number 27 using dummy_hcd
[  209.417219][ T9808] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.438269][ T9808] 8021q: adding VLAN 0 to HW filter on device team0
[  209.446185][   T53] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.449145][   T53] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.464117][   T53] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.466864][   T53] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.543922][ T5988] usb 2-1: unable to get BOS descriptor or descriptor too short
[  209.549392][ T5988] usb 2-1: config 7 has an invalid interface number: 83 but max is 0
[  209.558634][ T5988] usb 2-1: config 7 has no interface number 0
[  209.568791][ T5988] usb 2-1: config 7 interface 83 altsetting 254 endpoint 0x7 has invalid maxpacket 16, setting to 0
[  209.574309][ T5988] usb 2-1: No eUSB2 isoc ep 7 companion for config 7 interface 83 altsetting 254
[  209.577818][ T5988] usb 2-1: config 7 interface 83 has no altsetting 0
[  209.586804][ T5988] usb 2-1: string descriptor 0 read error: -22
[  209.589363][ T5988] usb 2-1: New USB device found, idVendor=19d2, idProduct=0145, bcdDevice=44.f5
[  209.598937][ T5988] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  209.603438][ T9860] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1472'.
[  209.624595][ T5988] option 2-1:7.83: GSM modem (1-port) converter detected
[  209.673953][ T9860] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1472'.
[  209.691603][ T9808] 8021q: adding VLAN 0 to HW filter on device batadv0
[  209.824007][ T6258] usb 2-1: USB disconnect, device number 27
[  209.827151][ T6258] option 2-1:7.83: device disconnected
[  209.867209][ T9877] loop3: detected capacity change from 0 to 2048
[  209.870271][ T9877] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  209.884717][ T9878] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  209.949304][ T9808] veth0_vlan: entered promiscuous mode
[  209.962648][ T9808] veth1_vlan: entered promiscuous mode
[  209.990573][ T9808] veth0_macvtap: entered promiscuous mode
[  209.997217][ T9808] veth1_macvtap: entered promiscuous mode
[  210.036464][ T9808] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.055039][ T9808] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.097062][ T5741] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.100571][ T5741] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.128698][ T5741] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.133007][ T5849] Bluetooth: hci1: command tx timeout
[  210.138446][ T5741] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  210.219678][   T33] audit: type=1326 audit(1755068684.941:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.3.1482" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb0b8ebe9 code=0x7ffc0000
[  210.222784][ T9890] netlink: 'syz.3.1482': attribute type 6 has an invalid length.
[  210.229545][ T9890] netlink: 168 bytes leftover after parsing attributes in process `syz.3.1482'.
[  210.233181][ T4264] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.238770][ T4264] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.244396][   T33] audit: type=1326 audit(1755068684.941:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.3.1482" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb0b8ebe9 code=0x7ffc0000
[  210.261522][   T33] audit: type=1326 audit(1755068684.941:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.3.1482" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5bb0b8ebe9 code=0x7ffc0000
[  210.280049][   T33] audit: type=1326 audit(1755068684.941:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.3.1482" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb0b8ebe9 code=0x7ffc0000
[  210.293019][   T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  210.295701][   T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  210.305204][   T33] audit: type=1326 audit(1755068684.941:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.3.1482" exe="/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f5bb0b8ebe9 code=0x7ffc0000
[  210.313473][   T33] audit: type=1326 audit(1755068684.961:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.3.1482" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb0b8ebe9 code=0x7ffc0000
[  210.325850][   T33] audit: type=1326 audit(1755068684.961:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.3.1482" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5bb0b8ebe9 code=0x7ffc0000
[  210.632588][ T9907] netlink: 'syz.3.1489': attribute type 10 has an invalid length.
[  210.636110][ T9907] netlink: 1948 bytes leftover after parsing attributes in process `syz.3.1489'.
[  210.638913][ T9907] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1489'.
[  210.678353][ T9904] loop1: detected capacity change from 0 to 32768
[  210.694500][ T9904] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1488 (9904)
[  210.710328][ T9904] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  210.717538][ T9904] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  210.722898][ T9904] BTRFS info (device loop1): using free-space-tree
[  210.741473][ T5988] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  210.812572][   T33] audit: type=1800 audit(1755068685.541:40): pid=9904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1488" name="file0" dev="loop1" ino=258 res=0 errno=0
[  210.894613][ T5988] usb 5-1: config 255 has an invalid interface number: 91 but max is 0
[  210.903569][ T5988] usb 5-1: config 255 has no interface number 0
[  210.908795][ T5988] usb 5-1: config 255 interface 91 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  210.917415][ T5988] usb 5-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice=a8.6a
[  210.922287][ T5988] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.937578][ T5988] usb 5-1: Product: syz
[  210.943963][ T5988] usb 5-1: Manufacturer: syz
[  210.945981][ T5988] usb 5-1: SerialNumber: syz
[  210.962323][ T5988] usbtouchscreen 5-1:255.91: probe with driver usbtouchscreen failed with error -12
[  210.969831][ T5845] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  211.159784][ T5988] usb 5-1: USB disconnect, device number 2
[  211.510778][ T9936] loop3: detected capacity change from 0 to 1024
[  211.545356][ T5880] usb 2-1: new low-speed USB device number 28 using dummy_hcd
[  211.587731][ T9938] loop3: detected capacity change from 0 to 512
[  211.593469][ T9938] EXT4-fs (loop3): Test dummy encryption mode enabled
[  211.596252][ T9938] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  211.605083][ T9938] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.1495: bad orphan inode 131083
[  211.617395][ T9938] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  211.700244][ T9938] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  211.718621][ T9944] mmap: syz.4.1496 (9944): VmData 37400576 exceed data ulimit 4. Update limits or use boot option ignore_rlimit_data.
[  211.726830][ T5880] usb 2-1: config index 0 descriptor too short (expected 1307, got 27)
[  211.730069][ T5880] usb 2-1: config 0 has an invalid interface number: 0 but max is -1
[  211.737295][ T5880] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  211.743785][ T5880] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0
[  211.752214][ T5880] usb 2-1: string descriptor 0 read error: -22
[  211.754774][ T5880] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de
[  211.758198][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  211.775861][ T5880] usb 2-1: config 0 descriptor??
[  211.787168][ T5880] hub 2-1:0.0: bad descriptor, ignoring hub
[  211.789626][ T5880] hub 2-1:0.0: probe with driver hub failed with error -5
[  211.802437][ T8690] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  211.893962][ T9952] loop4: detected capacity change from 0 to 512
[  211.903771][ T9952] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  211.917772][ T9952] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  211.939059][ T9952] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.1500: corrupted in-inode xattr: e_value size too large
[  211.949502][ T9952] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1500: couldn't read orphan inode 15 (err -117)
[  211.960304][ T9952] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  211.983734][   T33] audit: type=1800 audit(1755068686.711:41): pid=9952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1500" name="file1" dev="loop4" ino=18 res=0 errno=0
[  212.011427][   T33] audit: type=1804 audit(1755068686.721:42): pid=9952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1500" name="/newroot/5/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0/file1" dev="loop4" ino=18 res=1 errno=0
[  212.043908][ T9808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.092169][ T5880] usb 2-1: USB disconnect, device number 28
[  212.104010][ T9961] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  212.211413][ T5849] Bluetooth: hci1: command tx timeout
[  213.613736][T10002] netlink: 'syz.4.1521': attribute type 2 has an invalid length.
[  213.616719][T10002] netlink: 244 bytes leftover after parsing attributes in process `syz.4.1521'.
[  213.708897][T10009] loop1: detected capacity change from 0 to 512
[  213.722887][T10009] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  213.734967][T10009] EXT4-fs (loop1): 1 truncate cleaned up
[  213.738690][T10009] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.756432][T10009] EXT4-fs error (device loop1): ext4_iget_extra_inode:5104: inode #12: comm syz.1.1524: corrupted in-inode xattr: bad e_name length
[  213.818978][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.868128][T10015] loop4: detected capacity change from 0 to 16
[  213.895788][T10015] erofs (device loop4): mounted with root inode @ nid 36.
[  213.922992][T10015] erofs (device loop4): readahead error at folio 2 @ nid 89
[  213.931815][T10015] erofs (device loop4): readahead error at folio 1 @ nid 89
[  213.934098][T10015] erofs (device loop4): readahead error at folio 0 @ nid 89
[  213.947590][T10015] erofs (device loop4): read error -117 @ 0 of nid 89
[  214.037572][T10023] loop4: detected capacity change from 0 to 2048
[  214.145549][T10017] loop1: detected capacity change from 0 to 32768
[  214.153088][T10017] XFS: attr2 mount option is deprecated.
[  214.154959][T10017] XFS: attr2 mount option is deprecated.
[  214.185265][T10017] XFS (loop1): Mounting V5 filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 in no-recovery mode. Filesystem will be inconsistent.
[  214.237287][T10039] loop3: detected capacity change from 0 to 1024
[  214.248341][ T5845] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  214.291786][ T5849] Bluetooth: hci1: command tx timeout
[  214.307284][T10039] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  214.318645][T10039] EXT4-fs error (device loop3): ext4_generic_delete_entry:2668: inode #12: block 7: comm syz.3.1533: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0
[  214.355189][T10039] EXT4-fs error (device loop3) in ext4_delete_inline_entry:1687: Corrupt filesystem
[  214.415385][ T8690] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.580948][T10048] capability: warning: `syz.1.1535' uses 32-bit capabilities (legacy support in use)
[  214.725719][T10056] fuse: Unknown parameter 'fd0xffffffffffffffff'
[  214.756592][T10058] loop1: detected capacity change from 0 to 128
[  214.766060][T10058] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  214.778432][T10058] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  214.784910][T10058] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  214.790559][T10058] UDF-fs: Scanning with blocksize 512 failed
[  214.794680][T10058] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  214.799507][T10058] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  214.808687][T10058] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  214.812971][T10058] UDF-fs: Scanning with blocksize 1024 failed
[  214.816691][T10058] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  214.820561][T10058] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  214.825048][T10058] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  214.828151][T10058] UDF-fs: Scanning with blocksize 2048 failed
[  214.836845][T10058] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  214.841450][T10058] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=512, location=512
[  214.844175][T10058] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  214.846864][T10058] UDF-fs: Scanning with blocksize 4096 failed
[  214.848905][T10058] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1)
[  216.375379][ T5849] Bluetooth: hci1: command tx timeout
[  216.641136][ T5880] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  216.791137][ T5880] usb 2-1: Using ep0 maxpacket: 16
[  216.795880][ T5880] usb 2-1: unable to get BOS descriptor or descriptor too short
[  216.800383][ T5880] usb 2-1: config 9 has an invalid interface number: 212 but max is 0
[  216.806665][ T5880] usb 2-1: config 9 has no interface number 0
[  216.809323][ T5880] usb 2-1: config 9 interface 212 has no altsetting 0
[  216.816060][ T5880] usb 2-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice=f3.5f
[  216.819890][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.829082][ T5880] usb 2-1: Product: syz
[  216.832294][ T5880] usb 2-1: Manufacturer: syz
[  216.834204][ T5880] usb 2-1: SerialNumber: syz
[  217.055220][T10098] loop3: detected capacity change from 0 to 131072
[  217.063177][T10098] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0)
[  217.065980][T10098] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  217.070235][T10098] F2FS-fs (loop3): invalid crc value
[  217.097486][ T5880] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:9.212/input/input19
[  217.106320][T10098] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  217.114656][T10098] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  217.116965][T10098] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  217.123508][ T5280] bcm5974 2-1:9.212: could not read from device
[  217.149499][ T5280] bcm5974 2-1:9.212: could not read from device
[  217.176965][ T5880] usb 2-1: USB disconnect, device number 29
[  217.196041][ T5983] bcm5974 2-1:9.212: could not read from device
[  217.213380][ T5280] bcm5974 2-1:9.212: could not read from device
[  217.233909][ T5983] udevd[5983]: Error opening device "/dev/input/event3": No such device
[  217.246736][ T5983] udevd[5983]: Unable to EVIOCGABS device "/dev/input/event3"
[  217.256332][ T5983] udevd[5983]: Unable to EVIOCGABS device "/dev/input/event3"
[  217.263465][ T5983] udevd[5983]: Unable to EVIOCGABS device "/dev/input/event3"
[  217.266701][ T5983] udevd[5983]: Unable to EVIOCGABS device "/dev/input/event3"
[  217.828188][T10119] loop1: detected capacity change from 0 to 4096
[  217.847424][T10119] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  217.856951][T10119] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  217.869251][T10119] ntfs3(loop1): volume is dirty and "force" flag is not set!
[  218.111794][T10135] loop4: detected capacity change from 0 to 4096
[  218.120198][T10135] ntfs3(loop4): Failed to load $LogFile (-22).
[  218.253770][T10141] random: crng reseeded on system resumption
[  218.311274][ T5880] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  218.360826][T10133] loop3: detected capacity change from 0 to 32768
[  218.414230][T10133] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  218.435812][T10133] XFS (loop3): Ending clean mount
[  218.485561][ T5880] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  218.490793][ T5880] usb 2-1: New USB device found, idVendor=0565, idProduct=0001, bcdDevice=57.66
[  218.494731][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.497976][ T5880] usb 2-1: Product: syz
[  218.504661][ T8690] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  218.508282][ T5880] usb 2-1: Manufacturer: syz
[  218.509837][ T5880] usb 2-1: SerialNumber: syz
[  218.529498][ T5880] usb 2-1: config 0 descriptor??
[  218.547484][ T5880] belkin_sa 2-1:0.0: Belkin / Peracom / GoHubs USB Serial Adapter converter detected
[  218.551503][ T5880] usb 2-1: bcdDevice: 5766, bfc: 0
[  218.554225][ T5880] usb 2-1: Belkin / Peracom / GoHubs USB Serial Adapter converter now attached to ttyUSB0
[  218.730183][T10159] loop3: detected capacity change from 0 to 4096
[  218.732180][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  218.741227][T10159] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  218.755670][ T5847] usb 2-1: USB disconnect, device number 30
[  218.763794][ T5847] belkin ttyUSB0: Belkin / Peracom / GoHubs USB Serial Adapter converter now disconnected from ttyUSB0
[  218.776752][ T5847] belkin_sa 2-1:0.0: device disconnected
[  218.813806][T10159] ntfs3(loop3): ino=19, mi_enum_attr
[  218.816056][T10159] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  218.892000][    T9] usb 5-1: Using ep0 maxpacket: 32
[  218.898298][    T9] usb 5-1: config index 0 descriptor too short (expected 29220, got 36)
[  218.904409][    T9] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  218.908199][    T9] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81
[  218.918581][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  218.924646][    T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  218.934845][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  218.948948][    T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  218.954550][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  218.965628][    T9] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  218.969127][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.976458][    T9] usb 5-1: config 0 descriptor??
[  219.190115][    T9] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  219.317512][  T791] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  219.347127][T10171] netlink: 'syz.1.1589': attribute type 1 has an invalid length.
[  219.349616][T10171] netlink: 'syz.1.1589': attribute type 2 has an invalid length.
[  219.352527][T10171] netlink: 1172 bytes leftover after parsing attributes in process `syz.1.1589'.
[  219.402441][   T47] usb 5-1: USB disconnect, device number 3
[  219.411772][   T47] usblp0: removed
[  219.473753][  T791] usb 4-1: Using ep0 maxpacket: 16
[  219.478175][  T791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  219.483688][  T791] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  219.487659][  T791] usb 4-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  219.498063][  T791] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.513417][  T791] usb 4-1: config 0 descriptor??
[  219.516388][T10173] loop1: detected capacity change from 0 to 32768
[  219.520323][T10173] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1590 (10173)
[  219.529427][T10173] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  219.537893][T10173] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  219.540642][T10173] BTRFS info (device loop1): using free-space-tree
[  219.597474][ T5845] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  219.934712][  T791] hid-multitouch 0003:1FD2:6007.000E: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.3-1/input0
[  220.141757][ T5847] usb 4-1: USB disconnect, device number 8
[  220.431238][   T95] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  220.581235][   T95] usb 5-1: Using ep0 maxpacket: 16
[  220.585368][   T95] usb 5-1: config 0 has an invalid interface number: 217 but max is 0
[  220.588543][   T95] usb 5-1: config 0 has no interface number 0
[  220.595965][   T95] usb 5-1: New USB device found, idVendor=0b48, idProduct=1008, bcdDevice=32.5e
[  220.599554][   T95] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  220.606909][   T95] usb 5-1: Product: syz
[  220.608900][   T95] usb 5-1: Manufacturer: syz
[  220.611595][   T95] usb 5-1: SerialNumber: syz
[  220.620153][   T95] usb 5-1: config 0 descriptor??
[  220.625508][   T95] ttusb_dec_send_command: command bulk message failed: error -22
[  220.628294][   T95] ttusb-dec 5-1:0.217: probe with driver ttusb-dec failed with error -22
[  220.710952][T10220] evm: overlay not supported
[  220.900524][ T5880] usb 5-1: USB disconnect, device number 4
[  221.433121][T10218] loop1: detected capacity change from 0 to 131072
[  221.438410][T10218] F2FS-fs (loop1): Test dummy encryption mode enabled
[  221.445532][T10218] F2FS-fs (loop1): invalid crc value
[  221.502871][T10218] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  221.509617][T10218] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  221.767263][T10240] loop3: detected capacity change from 0 to 512
[  221.775356][T10240] EXT4-fs (loop3): Test dummy encryption mode enabled
[  221.789277][T10240] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  221.808271][T10240] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.1610: bad orphan inode 131083
[  221.814039][T10218] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  221.822934][T10240] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  221.870955][ T8690] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.978226][T10249] loop3: detected capacity change from 0 to 64
[  221.991907][    T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  222.141252][    T9] usb 5-1: Using ep0 maxpacket: 32
[  222.146049][    T9] usb 5-1: config 4 has an invalid interface number: 8 but max is 0
[  222.159557][    T9] usb 5-1: config 4 has no interface number 0
[  222.163609][    T9] usb 5-1: config 4 interface 8 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0
[  222.167446][    T9] usb 5-1: config 4 interface 8 altsetting 1 bulk endpoint 0x8A has invalid maxpacket 0
[  222.183466][    T9] usb 5-1: config 4 interface 8 has no altsetting 0
[  222.188452][    T9] usb 5-1: New USB device found, idVendor=065a, idProduct=0009, bcdDevice=60.65
[  222.190436][T10251] loop3: detected capacity change from 0 to 32768
[  222.207042][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.210223][    T9] usb 5-1: Product: syz
[  222.223886][T10251] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  222.224064][    T9] usb 5-1: Manufacturer: syz
[  222.231504][    T9] usb 5-1: SerialNumber: syz
[  222.344965][ T8690] ocfs2: Unmounting device (7,3) on (node local)
[  222.478158][    T9] opticon 5-1:4.8: opticon converter detected
[  222.493821][    T9] usb 5-1: opticon converter now attached to ttyUSB0
[  222.507705][    T9] usb 5-1: USB disconnect, device number 5
[  222.526317][    T9] opticon ttyUSB0: opticon converter now disconnected from ttyUSB0
[  222.535749][    T9] opticon 5-1:4.8: device disconnected
[  222.962753][T10259] loop3: detected capacity change from 0 to 32768
[  222.991597][T10259] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  223.021961][T10259] XFS (loop3): Ending clean mount
[  223.025327][T10259] XFS (loop3): Quotacheck needed: Please wait.
[  223.057423][T10259] XFS (loop3): Quotacheck: Done.
[  223.085026][ T8690] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  223.313011][T10278] loop4: detected capacity change from 0 to 4096
[  223.317679][T10278] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  223.552197][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  223.701139][    T9] usb 4-1: Using ep0 maxpacket: 16
[  223.705862][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  223.709305][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  223.738059][    T9] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  223.740920][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  223.743747][    T9] usb 4-1: Product: syz
[  223.745072][    T9] usb 4-1: Manufacturer: syz
[  223.746542][    T9] usb 4-1: SerialNumber: syz
[  223.754845][    T9] usb 4-1: config 0 descriptor??
[  223.763440][    T9] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  223.767319][    T9] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  223.888163][T10313] loop4: detected capacity change from 0 to 256
[  223.896830][T10313] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  223.990213][T10317] loop4: detected capacity change from 0 to 1024
[  223.995245][T10317] EXT4-fs: Ignoring removed oldalloc option
[  223.997542][T10317] EXT4-fs: Ignoring removed bh option
[  224.016530][T10317] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.047400][   T33] kauditd_printk_skb: 1 callbacks suppressed
[  224.047412][   T33] audit: type=1804 audit(1755068698.771:44): pid=10317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1640" name="/newroot/55/file1/bus" dev="loop4" ino=18 res=1 errno=0
[  224.221581][T10321] loop1: detected capacity change from 0 to 32768
[  224.368234][    T9] em28xx 4-1:0.0: chip ID is em2750
[  224.569670][    T9] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  224.580376][    T9] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  224.584996][    T9] em28xx 4-1:0.0: No AC97 audio processor
[  224.600520][    T9] usb 4-1: USB disconnect, device number 9
[  224.606372][    T9] em28xx 4-1:0.0: Disconnecting em28xx
[  224.633238][    T9] em28xx 4-1:0.0: Freeing device
[  224.922034][ T9808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.037832][T10330] loop4: detected capacity change from 0 to 512
[  225.047037][T10330] EXT4-fs: Ignoring removed bh option
[  225.065424][T10330] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  225.072966][T10330] EXT4-fs (loop4): 1 truncate cleaned up
[  225.082328][T10330] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.149242][ T9808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.911286][ T5880] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  226.071465][ T5880] usb 2-1: Using ep0 maxpacket: 16
[  226.078505][ T5880] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  226.085640][ T5880] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  226.089858][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  226.097818][ T5880] usb 2-1: SerialNumber: syz
[  226.133228][T10339] loop3: detected capacity change from 0 to 131072
[  226.137934][T10339] F2FS-fs (loop3): Test dummy encryption mode enabled
[  226.157976][T10339] F2FS-fs (loop3): invalid crc value
[  226.165612][ T5880] cdc_acm 2-1:1.0: Control and data interfaces are not separated!
[  226.181094][ T5880] cdc_acm 2-1:1.0: This needs exactly 3 endpoints
[  226.189877][ T5880] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22
[  226.229285][T10339] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  226.237107][T10339] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  226.366970][    T9] usb 2-1: USB disconnect, device number 31
[  226.789946][T10357] netlink: 'syz.4.1656': attribute type 5 has an invalid length.
[  227.162695][T10373] loop3: detected capacity change from 0 to 32768
[  227.168112][  T791] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  227.243222][T10373] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc,no_data_io
[  227.243238][T10373]   allowing incompatible features above 0.0: (unknown version)
[  227.243243][T10373]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  227.257211][T10373] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  227.260032][T10373] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  227.263509][T10373] bcachefs (loop3): Version upgrade required:
[  227.263509][T10373] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  227.263509][T10373] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  227.263509][T10373]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  227.288237][T10373] bcachefs (loop3): dropping and reconstructing all alloc info
[  227.313590][T10373] bcachefs (loop3): accounting_read... done
[  227.318228][T10373] bcachefs (loop3): alloc_read... done
[  227.320752][T10373] bcachefs (loop3): snapshots_read... done
[  227.323989][T10373] bcachefs (loop3): check_allocations... done
[  227.348439][T10373] bcachefs (loop3): going read-write
[  227.350142][T10373] bcachefs (loop3): insufficient writeable journal devices available: have 0, need 1
[  227.350142][T10373] rw journal devs:
[  227.357559][ T5880] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  227.367753][T10373] bcachefs (loop3): done starting filesystem
[  227.398496][  T791] usb 5-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=b8.51
[  227.401388][  T791] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  227.403746][  T791] usb 5-1: Product: syz
[  227.404991][  T791] usb 5-1: Manufacturer: syz
[  227.406403][  T791] usb 5-1: SerialNumber: syz
[  227.410176][  T791] usb 5-1: config 0 descriptor??
[  227.414784][  T791] rndis_host 5-1:0.0: skipping garbage
[  227.416656][  T791] rndis_host 5-1:0.0: More than one union descriptor, skipping ...
[  227.419092][  T791] usb 5-1: bad CDC descriptors
[  227.420986][  T791] cdc_acm 5-1:0.0: skipping garbage
[  227.422945][  T791] cdc_acm 5-1:0.0: More than one union descriptor, skipping ...
[  227.449723][ T8690] bcachefs (loop3): shutting down
[  227.454981][ T8690] bcachefs (loop3): going read-only
[  227.457051][ T8690] bcachefs (loop3): finished waiting for writes to stop
[  227.463287][ T8690] bcachefs (loop3): flushing journal and stopping allocators, journal seq 10
[  227.467128][ T8690] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 10
[  227.473658][ T8690] bcachefs (loop3): unclean shutdown complete, journal seq 10
[  227.485091][ T8690] bcachefs (loop3): done going read-only, filesystem not clean
[  227.498949][ T8690] bcachefs (loop3): shutdown complete
[  227.523097][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  227.526513][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  227.529833][ T5880] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  227.538341][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  227.543298][ T5880] usb 2-1: config 0 descriptor??
[  227.626289][ T6258] usb 5-1: USB disconnect, device number 6
[  227.960811][ T5880] cp2112 0003:10C4:EA90.000F: unknown main item tag 0x0
[  227.966174][ T5880] cp2112 0003:10C4:EA90.000F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.1-1/input0
[  228.157978][ T5880] cp2112 0003:10C4:EA90.000F: Part Number: 0x00 Device Version: 0x00
[  228.474770][T10395] netlink: 'syz.3.1664': attribute type 1 has an invalid length.
[  228.541266][   T47] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  228.698324][   T47] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  228.711318][   T47] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  228.721328][   T47] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  228.724635][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.743127][T10393] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  228.749974][   T47] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  228.775780][ T5880] cp2112 0003:10C4:EA90.000F: error reading lock byte: -71
[  228.810450][ T5880] usb 2-1: USB disconnect, device number 32
[  228.968774][   T47] usb 5-1: USB disconnect, device number 7
[  229.156904][T10422] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  229.369826][T10431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1684'.
[  229.882531][   T33] audit: type=1326 audit(1755068704.601:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10439 comm="syz.4.1687" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa76fd8ebe9 code=0x7ffc0000
[  229.906993][   T33] audit: type=1326 audit(1755068704.601:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10439 comm="syz.4.1687" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa76fd8ebe9 code=0x7ffc0000
[  229.928120][   T33] audit: type=1326 audit(1755068704.601:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10439 comm="syz.4.1687" exe="/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7fa76fd8ebe9 code=0x7ffc0000
[  229.945116][   T33] audit: type=1326 audit(1755068704.601:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10439 comm="syz.4.1687" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa76fd8ebe9 code=0x7ffc0000
[  229.962531][   T33] audit: type=1326 audit(1755068704.601:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10439 comm="syz.4.1687" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa76fd8ebe9 code=0x7ffc0000
[  230.168764][T10442] loop4: detected capacity change from 0 to 32768
[  230.184506][T10442] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  230.206613][T10442] (syz.4.1688,10442,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is smaller than minimal - offset=16, inode=65, rec_len=12, name_len=0
[  230.248624][ T9808] ocfs2: Unmounting device (7,4) on (node local)
[  230.365837][T10462] loop1: detected capacity change from 0 to 1764
[  231.109035][T10465] loop3: detected capacity change from 0 to 40427
[  231.115730][T10465] F2FS-fs (loop3): Image doesn't support compression
[  231.125951][T10465] F2FS-fs (loop3): invalid crc value
[  231.183232][T10465] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  231.186987][T10465] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  231.913527][T10504] max out of range
[  232.117169][T10517] loop1: detected capacity change from 0 to 512
[  232.119818][T10517] EXT4-fs: Ignoring removed mblk_io_submit option
[  232.122173][T10517] EXT4-fs: Ignoring removed mblk_io_submit option
[  232.124607][T10517] EXT4-fs (loop1): Test dummy encryption mode enabled
[  232.126678][T10517] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  232.164146][T10517] EXT4-fs (loop1): 1 truncate cleaned up
[  232.167168][T10517] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  232.202772][T10523] loop3: detected capacity change from 0 to 128
[  232.206325][T10523] FAT-fs (loop3): Directory bread(block 414) failed
[  232.208547][T10523] FAT-fs (loop3): Directory bread(block 415) failed
[  232.209293][T10521] loop4: detected capacity change from 0 to 1024
[  232.210568][T10523] FAT-fs (loop3): Directory bread(block 416) failed
[  232.210581][T10523] FAT-fs (loop3): Directory bread(block 417) failed
[  232.210592][T10523] FAT-fs (loop3): Directory bread(block 418) failed
[  232.210602][T10523] FAT-fs (loop3): Directory bread(block 419) failed
[  232.210613][T10523] FAT-fs (loop3): Directory bread(block 420) failed
[  232.210623][T10523] FAT-fs (loop3): Directory bread(block 421) failed
[  232.244438][T10521] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  232.341453][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  232.721225][ T5847] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  232.729422][T10533] loop3: detected capacity change from 0 to 128
[  232.747104][T10533] befs: (loop3): No write support. Marking filesystem read-only
[  232.761289][T10533] befs: (loop3): invalid magic header
[  232.884938][ T5847] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  232.889381][ T5847] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  232.899157][ T5847] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  232.904321][ T5847] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.914556][T10531] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  232.937380][ T5847] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  233.761889][ T5847] usb 2-1: USB disconnect, device number 33
[  234.099386][ T9808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  234.213957][T10546] trusted_key: encrypted_key: keyword 'new' not recognized
[  234.319590][T10551] libceph: resolve '400' (ret=-3): failed
[  234.370829][   T33] audit: type=1326 audit(1755068709.091:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10553 comm="syz.3.1731" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5bb0b8ebe9 code=0x0
[  234.586447][T10564] loop1: detected capacity change from 0 to 256
[  234.607199][T10564] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  234.610480][T10564] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  234.640271][T10564] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  234.655665][   T33] audit: type=1800 audit(1755068709.381:51): pid=10564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1737" name="file1" dev="loop1" ino=1048659 res=0 errno=0
[  234.707355][T10573] netlink: 'syz.4.1739': attribute type 4 has an invalid length.
[  234.709161][   T33] audit: type=1804 audit(1755068709.421:52): pid=10564 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1737" name="/newroot/560/file1/file1" dev="loop1" ino=1048659 res=1 errno=0
[  234.719795][T10573] netlink: 'syz.4.1739': attribute type 4 has an invalid length.
[  234.774541][T10575] loop3: detected capacity change from 0 to 512
[  234.780366][T10575] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  234.806818][T10575] EXT4-fs (loop3): 1 truncate cleaned up
[  234.821746][T10575] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  234.895606][ T8690] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.021639][ T5847] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  235.141878][T10587] tunl0: entered promiscuous mode
[  235.146535][T10587] netlink: 'syz.1.1746': attribute type 4 has an invalid length.
[  235.149317][T10587] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1746'.
[  235.175230][ T5847] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  235.179586][ T5847] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  235.193448][ T5847] usb 5-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[  235.197135][ T5847] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.204913][ T5847] usb 5-1: config 0 descriptor??
[  235.617941][T10598] Bluetooth: hci0: Opcode 0x0c1a failed: -22
[  235.625729][ T5847] bigben 0003:146B:0902.0010: unexpected rdesc, please submit for review
[  235.630054][ T5847] bigben 0003:146B:0902.0010: unbalanced collection at end of report description
[  235.634747][ T5847] bigben 0003:146B:0902.0010: parse failed
[  235.641614][ T5847] bigben 0003:146B:0902.0010: probe with driver bigben failed with error -22
[  235.829154][ T5988] usb 5-1: USB disconnect, device number 8
[  236.011176][   T47] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  236.131365][    C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured!
[  236.163387][   T47] usb 4-1: unable to get BOS descriptor or descriptor too short
[  236.167083][   T47] usb 4-1: not running at top speed; connect to a high speed hub
[  236.171546][   T47] usb 4-1: config 129 has an invalid interface number: 28 but max is 0
[  236.174695][   T47] usb 4-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config
[  236.178882][   T47] usb 4-1: config 129 has no interface number 0
[  236.183247][   T47] usb 4-1: config 129 interface 28 altsetting 250 has an endpoint descriptor with address 0xFD, changing to 0x8D
[  236.188968][   T47] usb 4-1: config 129 interface 28 altsetting 250 endpoint 0x8D has invalid wMaxPacketSize 0
[  236.193109][   T47] usb 4-1: config 129 interface 28 has no altsetting 0
[  236.209070][   T47] usb 4-1: New USB device found, idVendor=108c, idProduct=0159, bcdDevice=db.57
[  236.224774][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.227970][   T47] usb 4-1: Product: syz
[  236.229616][   T47] usb 4-1: Manufacturer: syz
[  236.231621][   T47] usb 4-1: SerialNumber: syz
[  236.456734][   T47] etas_es58x 4-1:129.28: Starting syz syz (Serial Number syz)
[  236.465865][   T47] etas_es58x 4-1:129.28: could not retrieve the product info string
[  236.531436][   T47] usb 4-1: USB disconnect, device number 10
[  236.535442][   T47] etas_es58x 4-1:129.28: Disconnecting syz syz
[  236.674161][T10629] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1763'.
[  236.677823][T10629] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1763'.
[  236.863107][T10635] loop1: detected capacity change from 0 to 512
[  236.866465][T10635] EXT4-fs: Ignoring removed orlov option
[  236.869023][T10635] journal_path: Lookup failure for './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
[  236.890530][T10635] EXT4-fs: error: could not find journal device path
[  237.241291][ T5988] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  237.283514][T10661] bond0: option packets_per_slave: invalid value (70683304)
[  237.285948][T10661] bond0: option packets_per_slave: allowed values 0 - 65535
[  237.391559][ T5988] usb 2-1: Using ep0 maxpacket: 8
[  237.395843][ T5988] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  237.399101][ T5988] usb 2-1: config 179 has no interface number 0
[  237.404067][ T5988] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  237.408306][ T5988] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  237.418037][ T5988] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  237.422704][ T5988] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  237.428054][ T5988] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  237.432327][ T5988] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.438542][T10640] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  237.591157][ T5847] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  237.652949][ T5849] Bluetooth: hci0: command tx timeout
[  237.743492][ T5847] usb 5-1: Using ep0 maxpacket: 8
[  237.860294][ T5847] usb 5-1: config 0 has an invalid interface number: 94 but max is 0
[  237.967685][ T5847] usb 5-1: config 0 has an invalid descriptor of length 36, skipping remainder of the config
[  238.065439][ T5847] usb 5-1: config 0 has no interface number 0
[  238.130694][ T5847] usb 5-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice= e.fd
[  238.262075][ T5847] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  238.567618][ T5847] usb 5-1: config 0 descriptor??
[  238.594359][ T5847] bfusb 5-1:0.94: probe with driver bfusb failed with error -5
[  238.596537][ T5988] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input20
[  238.770876][ T5988] usb 2-1: USB disconnect, device number 34
[  238.773503][    C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  238.773544][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  238.812509][   T47] usb 5-1: USB disconnect, device number 9
[  239.823715][T10702] loop4: detected capacity change from 0 to 32768
[  239.830941][T10702] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1798 (10702)
[  239.844732][T10702] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  239.848112][T10702] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  239.851683][T10702] BTRFS info (device loop4): using free-space-tree
[  239.951123][ T5847] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  240.125257][ T5847] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  240.129327][ T5847] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.135711][ T5847] usb 4-1: config 0 descriptor??
[  240.142181][ T5847] cp210x 4-1:0.0: cp210x converter detected
[  240.163032][ T9808] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  240.549171][ T5847] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  240.563242][ T5847] usb 4-1: cp210x converter now attached to ttyUSB0
[  240.699630][T10741] loop1: detected capacity change from 0 to 2048
[  240.709116][T10741] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  240.726802][T10742] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  240.767657][ T5988] usb 4-1: USB disconnect, device number 11
[  240.782959][ T5988] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  240.799617][T10746] syzkaller1: entered promiscuous mode
[  240.803146][T10746] syzkaller1: entered allmulticast mode
[  240.805323][ T5988] cp210x 4-1:0.0: device disconnected
[  241.721302][ T5988] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  241.803336][T10768] loop4: detected capacity change from 0 to 32768
[  241.807203][T10768] BTRFS error: invalid value 0 for thread_pool
[  241.885632][ T5988] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.903391][ T5988] usb 4-1: config 0 interface 0 has no altsetting 0
[  241.910347][ T5988] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00
[  241.930822][ T5988] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.948147][ T5988] usb 4-1: config 0 descriptor??
[  241.953168][T10781] loop4: detected capacity change from 0 to 8
[  241.978826][T10781] SQUASHFS error: zlib decompression failed, data probably corrupt
[  241.983431][T10781] SQUASHFS error: Failed to read block 0x4e8: -5
[  241.986226][T10781] SQUASHFS error: zlib decompression failed, data probably corrupt
[  241.992284][T10781] SQUASHFS error: Failed to read block 0x4ee: -5
[  241.994928][T10781] SQUASHFS error: zlib decompression failed, data probably corrupt
[  241.998011][T10781] SQUASHFS error: Failed to read block 0x4ef: -5
[  242.008601][   T33] audit: type=1800 audit(1755068716.731:53): pid=10781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1825" name="file1" dev="loop4" ino=5 res=0 errno=0
[  242.802115][ T5988] koneplus 0003:1E7D:2E22.0011: unknown main item tag 0x0
[  242.804807][ T5988] koneplus 0003:1E7D:2E22.0011: unknown main item tag 0x0
[  242.807451][ T5988] koneplus 0003:1E7D:2E22.0011: unknown main item tag 0x0
[  242.810022][ T5988] koneplus 0003:1E7D:2E22.0011: unknown main item tag 0x0
[  242.814862][ T5988] koneplus 0003:1E7D:2E22.0011: unknown main item tag 0x0
[  242.819842][ T5988] koneplus 0003:1E7D:2E22.0011: hidraw0: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.3-1/input0
[  242.827355][ T5988] usb 4-1: USB disconnect, device number 12
[  243.167274][T10794] loop4: detected capacity change from 0 to 2048
[  243.186810][T10794] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  243.805236][T10811] loop4: detected capacity change from 0 to 40427
[  243.843390][T10811] F2FS-fs (loop4): invalid crc value
[  243.888120][T10824] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1842'.
[  244.023697][T10830] bond0: option fail_over_mac: unable to set because the bond device has slaves
[  244.026922][T10811] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  244.032162][T10811] F2FS-fs (loop4): Start checkpoint disabled!
[  244.036417][T10811] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  244.110175][T10833] syzkaller1: entered promiscuous mode
[  244.115161][T10833] syzkaller1: entered allmulticast mode
[  244.300483][T10839] netlink: 'syz.3.1850': attribute type 10 has an invalid length.
[  244.318793][T10839] bond0: (slave bond_slave_0): Releasing backup interface
[  244.385281][   T47] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[  244.402326][   T47] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  244.458328][T10849] sp0: Synchronizing with TNC
[  244.725165][T10861] loop4: detected capacity change from 0 to 2048
[  244.755384][T10852] loop3: detected capacity change from 0 to 32768
[  244.764036][T10859] loop1: detected capacity change from 0 to 8192
[  244.772834][T10861] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  244.805851][T10852] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  244.809092][ T6961] Dev loop1 Sun disklabel: Csum bad, label corrupted
[  244.839174][T10859] Dev loop1 Sun disklabel: Csum bad, label corrupted
[  244.855219][ T9808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.035311][ T8690] ocfs2: Unmounting device (7,3) on (node local)
[  245.080714][T10874] loop4: detected capacity change from 0 to 512
[  245.117968][T10874] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  245.144175][T10874] EXT4-fs error (device loop4): xattr_find_entry:333: inode #15: comm syz.4.1863: corrupted xattr entries
[  245.155516][T10874] EXT4-fs (loop4): 1 truncate cleaned up
[  245.159093][T10874] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.173388][   T33] audit: type=1800 audit(1755068719.901:54): pid=10874 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1863" name="bus" dev="loop4" ino=18 res=0 errno=0
[  245.235736][T10882] blkio.reset_stats is deprecated
[  245.300705][ T9808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.681249][   T47] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  245.701120][T10895] loop4: detected capacity change from 0 to 128
[  245.775038][T10895] syz.4.1870: attempt to access beyond end of device
[  245.775038][T10895] loop4: rw=2049, sector=153, nr_sectors = 8 limit=128
[  245.780283][T10895] syz.4.1870: attempt to access beyond end of device
[  245.780283][T10895] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[  245.785488][T10895] syz.4.1870: attempt to access beyond end of device
[  245.785488][T10895] loop4: rw=2049, sector=185, nr_sectors = 8 limit=128
[  245.790489][T10895] syz.4.1870: attempt to access beyond end of device
[  245.790489][T10895] loop4: rw=2049, sector=201, nr_sectors = 8 limit=128
[  245.795585][T10895] syz.4.1870: attempt to access beyond end of device
[  245.795585][T10895] loop4: rw=2049, sector=217, nr_sectors = 8 limit=128
[  245.800593][T10895] syz.4.1870: attempt to access beyond end of device
[  245.800593][T10895] loop4: rw=2049, sector=233, nr_sectors = 8 limit=128
[  245.806556][T10895] syz.4.1870: attempt to access beyond end of device
[  245.806556][T10895] loop4: rw=2049, sector=249, nr_sectors = 8 limit=128
[  245.812352][T10895] syz.4.1870: attempt to access beyond end of device
[  245.812352][T10895] loop4: rw=2049, sector=265, nr_sectors = 8 limit=128
[  245.817422][T10895] syz.4.1870: attempt to access beyond end of device
[  245.817422][T10895] loop4: rw=2049, sector=281, nr_sectors = 8 limit=128
[  245.822673][T10895] syz.4.1870: attempt to access beyond end of device
[  245.822673][T10895] loop4: rw=2049, sector=297, nr_sectors = 8 limit=128
[  245.831164][   T47] usb 2-1: Using ep0 maxpacket: 32
[  245.836159][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  245.839997][   T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  245.843885][   T47] usb 2-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[  245.847167][   T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.852317][   T47] usb 2-1: config 0 descriptor??
[  246.262893][ T6258] kernel write not supported for file /554/loginuid (pid: 6258 comm: kworker/0:6)
[  246.276108][   T47] nintendo 0003:057E:200E.0013: unknown main item tag 0x0
[  246.285128][   T47] nintendo 0003:057E:200E.0013: hidraw0: USB HID v80.00 Device [HID 057e:200e] on usb-dummy_hcd.1-1/input0
[  246.329780][T10909] loop4: detected capacity change from 0 to 1764
[  246.346915][   T47] nintendo 0003:057E:200E.0013: Failed charging grip handshake
[  246.357892][   T47] nintendo 0003:057E:200E.0013: Failed to initialize controller; ret=-110
[  246.369452][   T47] nintendo 0003:057E:200E.0013: probe - fail = -110
[  246.382495][   T47] nintendo 0003:057E:200E.0013: probe with driver nintendo failed with error -110
[  246.484922][ T6258] usb 2-1: USB disconnect, device number 35
[  246.587219][T10923] loop4: detected capacity change from 0 to 1024
[  246.646299][   T26] hfsplus: b-tree write err: -5, ino 8
[  246.876180][T10937] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1888'.
[  247.401788][T10949] loop1: detected capacity change from 0 to 32768
[  247.428832][T10949] JBD2: Ignoring recovery information on journal
[  247.445596][T10949] JBD2: Journal too short (blocks 2-2).
[  247.453059][T10949] JBD2: journal reset failed
[  247.454928][T10949] (syz.1.1893,10949,1):ocfs2_journal_load:1167 ERROR: Failed to load journal!
[  247.470800][T10949] (syz.1.1893,10949,1):ocfs2_check_volume:2376 ERROR: ocfs2 journal load failed! -22
[  247.477982][T10949] (syz.1.1893,10949,1):ocfs2_check_volume:2432 ERROR: status = -22
[  247.487637][T10949] (syz.1.1893,10949,1):ocfs2_mount_volume:1764 ERROR: status = -22
[  247.509698][T10949] (syz.1.1893,10949,1):ocfs2_fill_super:1177 ERROR: status = -22
[  247.512916][T10969] netlink: 10 bytes leftover after parsing attributes in process `syz.4.1901'.
[  247.847860][T10983] skbuff: bad partial csum: csum=65506/2 headroom=178 headlen=65526
[  248.105363][T10977] loop1: detected capacity change from 0 to 65536
[  248.143362][T10977] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  248.151328][   T47] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  248.155876][T10977] XFS (loop1): Ending clean mount
[  248.159804][T10977] XFS (loop1): Quotacheck needed: Please wait.
[  248.176143][ T4264] XFS (loop1): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  248.180297][ T4264] XFS (loop1): Unmount and run xfs_repair
[  248.186025][ T4264] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  248.188971][ T4264] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  248.197048][ T4264] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  248.200111][ T4264] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  248.205068][ T4264] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  248.208670][ T4264] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  248.213057][ T4264] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  248.216398][ T4264] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  248.219986][ T4264] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  248.226026][ T4264] XFS (loop1): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  248.232067][T10977] XFS (loop1): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  248.280302][ T5845] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  248.288937][ T5845] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair.
[  248.313249][   T47] usb 5-1: config 0 has an invalid interface number: 152 but max is 0
[  248.316533][   T47] usb 5-1: config 0 has no interface number 0
[  248.318916][   T47] usb 5-1: config 0 interface 152 altsetting 7 endpoint 0xA has invalid maxpacket 1024, setting to 64
[  248.338686][   T47] usb 5-1: config 0 interface 152 has no altsetting 0
[  248.347741][   T47] usb 5-1: New USB device found, idVendor=0e7e, idProduct=1001, bcdDevice=a3.17
[  248.365957][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.369982][   T47] usb 5-1: Product: syz
[  248.381603][   T47] usb 5-1: Manufacturer: syz
[  248.383651][   T47] usb 5-1: SerialNumber: syz
[  248.393654][ T6258] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  248.394915][   T47] usb 5-1: config 0 descriptor??
[  248.412267][T10985] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  248.541158][ T6258] usb 4-1: Using ep0 maxpacket: 8
[  248.544804][ T6258] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.548917][ T6258] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.561177][ T6258] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  248.571409][ T6258] usb 4-1: New USB device found, idVendor=045e, idProduct=008e, bcdDevice= 0.00
[  248.575306][ T6258] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.590832][ T6258] usb 4-1: config 0 descriptor??
[  248.622615][T10985] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  248.636698][   T47] cdc_subset 5-1:0.152 usb0: register 'cdc_subset' at usb-dummy_hcd.4-1, Yopy, f6:8d:b8:2d:e1:72
[  248.855544][   T95] usb 5-1: USB disconnect, device number 10
[  248.873651][   T95] cdc_subset 5-1:0.152 usb0: unregister 'cdc_subset' usb-dummy_hcd.4-1, Yopy
[  248.939332][T10999] loop1: detected capacity change from 0 to 32768
[  249.010022][ T6258] hid-generic 0003:045E:008E.0014: unbalanced collection at end of report description
[  249.015914][ T6258] hid-generic 0003:045E:008E.0014: probe with driver hid-generic failed with error -22
[  249.056194][T10999] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,background_target=invalid device 79,nojournal_transaction_names
[  249.056217][T10999]   allowing incompatible features above 0.0: (unknown version)
[  249.056226][T10999]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  249.075431][T10999] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  249.078721][T10999] bcachefs (loop1): initializing new filesystem
[  249.090688][T10999] bcachefs (loop1): going read-write
[  249.102845][T10999] bcachefs (loop1): marking superblocks
[  249.129864][T10999] bcachefs (loop1): initializing freespace
[  249.139184][T10999] bcachefs (loop1): done initializing freespace
[  249.147872][T10999] bcachefs (loop1): reading snapshots table
[  249.152942][T10999] bcachefs (loop1): reading snapshots done
[  249.176793][T10999] bcachefs (loop1): done starting filesystem
[  249.207763][   T95] usb 4-1: USB disconnect, device number 13
[  249.219483][   T33] audit: type=1800 audit(1755068723.941:55): pid=10999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1912" name="file1" dev="loop1" ino=4098 res=0 errno=0
[  249.881340][ T6258] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  250.033200][T11043] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1923'.
[  250.036373][ T6258] usb 5-1: unable to get BOS descriptor or descriptor too short
[  250.036810][T11043] netlink: 'syz.3.1923': attribute type 2 has an invalid length.
[  250.040880][ T6258] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  250.046243][ T6258] usb 5-1: config 1 has an invalid descriptor of length 5, skipping remainder of the config
[  250.050225][ T6258] usb 5-1: config 1 interface 1 has no altsetting 0
[  250.059012][ T6258] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  250.076930][ T6258] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.080021][ T6258] usb 5-1: Product: syz
[  250.084678][ T6258] usb 5-1: Manufacturer: syz
[  250.086540][ T6258] usb 5-1: SerialNumber: syz
[  250.284630][   T33] audit: type=1800 audit(1755068725.011:56): pid=11052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1927" name="bus" dev="overlay" ino=1484 res=0 errno=0
[  250.315367][ T6258] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor
[  250.318344][ T6258] usb 5-1: found format II with max.bitrate = 2418, frame size=7
[  250.331933][ T6258] usb 5-1: 2:1: All rates were zero
[  250.364671][ T6258] usb 5-1: USB disconnect, device number 11
[  250.584700][T10999] syz.1.1912 (10999) used greatest stack depth: 15176 bytes left
[  250.607671][ T5845] bcachefs (loop1): shutting down
[  250.610011][ T5845] bcachefs (loop1): going read-only
[  250.613168][ T5845] bcachefs (loop1): finished waiting for writes to stop
[  250.630166][ T5845] bcachefs (loop1): flushing journal and stopping allocators, journal seq 75
[  250.669737][ T5845] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 76
[  250.675164][ T5845] bcachefs (loop1): clean shutdown complete, journal seq 77
[  250.678767][ T5845] bcachefs (loop1): marking filesystem clean
[  250.699167][ T5845] bcachefs (loop1): shutdown complete
[  250.731370][   T95] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  250.881193][   T95] usb 4-1: Using ep0 maxpacket: 8
[  250.886023][   T95] usb 4-1: unable to get BOS descriptor or descriptor too short
[  250.891649][   T95] usb 4-1: config 8 has an invalid interface number: 154 but max is 0
[  250.895073][   T95] usb 4-1: config 8 has no interface number 0
[  250.897465][   T95] usb 4-1: config 8 interface 154 has no altsetting 0
[  250.918875][   T95] usb 4-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=4f.f6
[  250.923098][   T95] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.926210][   T95] usb 4-1: Product: syz
[  250.928444][   T95] usb 4-1: Manufacturer: syz
[  250.930318][   T95] usb 4-1: SerialNumber: syz
[  251.055261][T11065] loop4: detected capacity change from 0 to 512
[  251.075087][T11065] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  251.084711][T11065] ext4 filesystem being mounted at /162/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.097375][T11065] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.1934: corrupted inode contents
[  251.109442][T11065] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #2: comm syz.4.1934: mark_inode_dirty error
[  251.120783][T11065] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.1934: corrupted inode contents
[  251.127238][T11065] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.1934: mark_inode_dirty error
[  251.150900][   T95] mdc800 4-1:8.154: probe fails -> wrong Interface
[  251.166949][   T95] usb 4-1: USB disconnect, device number 14
[  251.193046][ T9808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.264683][T11070] syz.4.1935 (11070) used obsolete PPPIOCDETACH ioctl
[  251.681153][   T95] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  251.858784][T11085] loop3: detected capacity change from 0 to 4096
[  251.862733][   T95] usb 5-1: config 1 interface 0 has no altsetting 0
[  251.874394][   T95] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  251.877308][   T95] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  251.879664][   T95] usb 5-1: Product: syz
[  251.897012][   T95] usb 5-1: Manufacturer: syz
[  251.898919][   T95] usb 5-1: SerialNumber: syz
[  252.133528][   T95] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  252.145758][T11092] syz.3.1943: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  252.175215][   T95] usb 5-1: USB disconnect, device number 12
[  252.181323][T11092] CPU: 0 UID: 0 PID: 11092 Comm: syz.3.1943 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  252.181345][T11092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  252.181354][T11092] Call Trace:
[  252.181361][T11092]  <TASK>
[  252.181368][T11092]  dump_stack_lvl+0x189/0x250
[  252.181393][T11092]  ? __pfx_dump_stack_lvl+0x10/0x10
[  252.181412][T11092]  ? __pfx__printk+0x10/0x10
[  252.181432][T11092]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  252.181449][T11092]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  252.181467][T11092]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  252.181486][T11092]  warn_alloc+0x214/0x310
[  252.181509][T11092]  ? stack_depot_save_flags+0x41b/0x860
[  252.181528][T11092]  ? __pfx_warn_alloc+0x10/0x10
[  252.181549][T11092]  ? kasan_save_track+0x4f/0x80
[  252.181569][T11092]  ? xskq_create+0x56/0x170
[  252.181585][T11092]  ? xsk_init_queue+0xb0/0x110
[  252.181599][T11092]  ? xsk_setsockopt+0x4dc/0x8d0
[  252.181612][T11092]  ? do_sock_setsockopt+0x17c/0x1b0
[  252.181630][T11092]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  252.181648][T11092]  ? do_syscall_64+0xfa/0x3b0
[  252.181665][T11092]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.181685][T11092]  __vmalloc_node_range_noprof+0x125/0x12f0
[  252.181729][T11092]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  252.181755][T11092]  ? __kasan_kmalloc+0x93/0xb0
[  252.181809][T11092]  vmalloc_user_noprof+0xad/0xf0
[  252.181832][T11092]  ? xskq_create+0xbf/0x170
[  252.181849][T11092]  xskq_create+0xbf/0x170
[  252.181869][T11092]  xsk_init_queue+0xb0/0x110
[  252.181887][T11092]  xsk_setsockopt+0x4dc/0x8d0
[  252.181905][T11092]  ? __pfx_xsk_setsockopt+0x10/0x10
[  252.181921][T11092]  ? __pfx_aa_sk_perm+0x10/0x10
[  252.181942][T11092]  ? aa_sock_opt_perm+0xff/0x1b0
[  252.181964][T11092]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  252.181980][T11092]  ? __pfx_xsk_setsockopt+0x10/0x10
[  252.181996][T11092]  do_sock_setsockopt+0x17c/0x1b0
[  252.182019][T11092]  __x64_sys_setsockopt+0x13f/0x1b0
[  252.182043][T11092]  do_syscall_64+0xfa/0x3b0
[  252.182060][T11092]  ? lockdep_hardirqs_on+0x9c/0x150
[  252.182076][T11092]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.182090][T11092]  ? exc_page_fault+0x9f/0xf0
[  252.182108][T11092]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  252.182121][T11092] RIP: 0033:0x7f5bb0b8ebe9
[  252.182135][T11092] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  252.182149][T11092] RSP: 002b:00007f5bb1a64038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  252.182165][T11092] RAX: ffffffffffffffda RBX: 00007f5bb0db6090 RCX: 00007f5bb0b8ebe9
[  252.182176][T11092] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000006
[  252.182184][T11092] RBP: 00007f5bb0c11e19 R08: 0000000000000004 R09: 0000000000000000
[  252.182194][T11092] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  252.182224][T11092] R13: 00007f5bb0db6128 R14: 00007f5bb0db6090 R15: 00007ffef1de4c18
[  252.182249][T11092]  </TASK>
[  252.183504][T11092] Mem-Info:
[  252.333081][   T95] usblp0: removed
[  252.486795][T11092] active_anon:8149 inactive_anon:26 isolated_anon:0
[  252.486795][T11092]  active_file:11306 inactive_file:38359 isolated_file:0
[  252.486795][T11092]  unevictable:1768 dirty:514 writeback:0
[  252.486795][T11092]  slab_reclaimable:10481 slab_unreclaimable:57050
[  252.486795][T11092]  mapped:19324 shmem:3486 pagetables:1104
[  252.486795][T11092]  sec_pagetables:0 bounce:0
[  252.486795][T11092]  kernel_misc_reclaimable:0
[  252.486795][T11092]  free:270978 free_pcp:21997 free_cma:0
[  252.508488][T11092] Node 0 active_anon:18040kB inactive_anon:0kB active_file:43112kB inactive_file:125540kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:30912kB dirty:1888kB writeback:0kB shmem:9044kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5112kB pagetables:2152kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  252.525042][T11092] Node 1 active_anon:14556kB inactive_anon:104kB active_file:2112kB inactive_file:27896kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:46384kB dirty:168kB writeback:0kB shmem:4900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7520kB pagetables:2264kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  252.540683][T11092] Node 0 DMA free:15360kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  252.556671][T11092] lowmem_reserve[]: 0 811 811 811 811
[  252.560813][T11092] Node 0 DMA32 free:219400kB boost:51200kB min:84860kB low:93272kB high:101684kB reserved_highatomic:0KB free_highatomic:0KB active_anon:18104kB inactive_anon:0kB active_file:43112kB inactive_file:125576kB unevictable:3536kB writepending:1888kB present:1556484kB managed:831004kB mlocked:0kB bounce:0kB free_pcp:43424kB local_pcp:23976kB free_cma:0kB
[  252.584192][T11092] lowmem_reserve[]: 0 0 0 0 0
[  252.586559][T11092] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  252.657224][T11092] lowmem_reserve[]: 0 0 854 854 854
[  252.664883][T11092] Node 1 Normal free:390472kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14520kB inactive_anon:104kB active_file:2112kB inactive_file:27832kB unevictable:3536kB writepending:168kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:44756kB local_pcp:20628kB free_cma:0kB
[  252.684844][T11102] loop1: detected capacity change from 0 to 128
[  252.713632][T11102] FAT-fs (loop1): Directory bread(block 11554) failed
[  252.716504][T11102] FAT-fs (loop1): Directory bread(block 11555) failed
[  252.720598][T11092] lowmem_reserve[]: 0 0 0 0 0
[  252.725962][T11092] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  252.740901][T11102] FAT-fs (loop1): Directory bread(block 11556) failed
[  252.751428][T11092] Node 0 DMA32: 472*4kB (ME) 405*8kB (ME) 370*16kB (UME) 195*32kB (UME) 169*64kB (UME) 187*128kB (UM) 70*256kB (UME) 49*512kB (UM) 49*1024kB (UME) 18*2048kB (ME) 9*4096kB (UM) = 218952kB
[  252.757959][T11102] FAT-fs (loop1): Directory bread(block 11557) failed
[  252.760619][T11102] FAT-fs (loop1): Directory bread(block 11558) failed
[  252.777068][T11102] FAT-fs (loop1): Directory bread(block 11559) failed
[  252.779824][T11102] FAT-fs (loop1): Directory bread(block 11560) failed
[  252.792544][T11092] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  252.802422][T11102] FAT-fs (loop1): Directory bread(block 11561) failed
[  252.808424][T11092] Node 1 Normal: 342*4kB (UM) 228*8kB (UME) 97*16kB (UM) 122*32kB (UM) 116*64kB (UM) 41*128kB (UME) 22*256kB (UME) 8*512kB (UM) 21*1024kB (UME) 9*2048kB (UME) 78*4096kB (M) = 390472kB
[  252.818360][T11102] FAT-fs (loop1): Directory bread(block 11562) failed
[  252.820790][T11102] FAT-fs (loop1): Directory bread(block 11563) failed
[  252.826938][T11092] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB
[  252.834290][T11092] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  252.851088][T11092] 53147 total pagecache pages
[  252.857631][T11092] 26 pages in swap cache
[  252.859221][T11092] Free swap  = 124892kB
[  252.860617][T11092] Total swap = 124996kB
[  252.879385][T11092] 786301 pages RAM
[  252.897531][T11092] 0 pages HighMem/MovableOnly
[  252.899104][T11092] 241318 pages reserved
[  252.900360][T11092] 0 pages cma reserved
[  252.982446][T11112] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1951'.
[  253.171608][   T95] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  253.324489][   T95] usb 5-1: config 39 has an invalid interface number: 2 but max is 0
[  253.330476][   T95] usb 5-1: config 39 has no interface number 0
[  253.337565][   T95] usb 5-1: config 39 interface 2 has no altsetting 0
[  253.348376][   T95] usb 5-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=c4.36
[  253.354391][   T95] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.356910][   T95] usb 5-1: Product: syz
[  253.358346][   T95] usb 5-1: Manufacturer: syz
[  253.359816][   T95] usb 5-1: SerialNumber: syz
[  253.578311][   T95] mdc800 5-1:39.2: probe fails -> wrong Interface
[  253.585903][   T95] usb 5-1: USB disconnect, device number 13
[  253.683558][ T5880] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  253.921216][ T5880] usb 4-1: Using ep0 maxpacket: 32
[  253.999672][T11139] overlayfs: failed to resolve './file1': -2
[  254.031295][ T5880] usb 4-1: unable to get BOS descriptor or descriptor too short
[  254.040551][ T5880] usb 4-1: config 0 has an invalid interface number: 129 but max is 0
[  254.090454][ T5880] usb 4-1: config 0 has no interface number 0
[  254.096829][ T5880] usb 4-1: config 0 interface 129 has no altsetting 0
[  254.137795][ T5880] usb 4-1: New USB device found, idVendor=04bb, idProduct=0930, bcdDevice=cb.5d
[  254.140681][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.143187][ T5880] usb 4-1: Product: syz
[  254.144710][ T5880] usb 4-1: Manufacturer: syz
[  254.146218][ T5880] usb 4-1: SerialNumber: syz
[  254.149170][ T5880] usb 4-1: config 0 descriptor??
[  254.239949][T11142] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1963'.
[  254.363912][ T5880] asix 4-1:0.129 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  254.368515][ T5880] asix 4-1:0.129: probe with driver asix failed with error -71
[  254.381811][ T5880] usb 4-1: USB disconnect, device number 15
[  254.426298][T11148] loop4: detected capacity change from 0 to 2048
[  254.445932][T11149] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  254.678290][T11155] loop4: detected capacity change from 0 to 512
[  254.710890][T11155] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.1969: bg 0: block 393: padding at end of block bitmap is not set
[  254.727935][T11158] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1970'.
[  254.729737][T11155] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  254.738597][T11155] EXT4-fs (loop4): 2 truncates cleaned up
[  254.745367][T11155] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  254.765090][T11155] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  254.769398][T11155] EXT4-fs (loop4): can't disable delalloc during remount
[  254.788234][ T9808] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.039587][T11163] loop4: detected capacity change from 0 to 32768
[  255.062884][T11163] (syz.4.1971,11163,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  255.069341][T11163] (syz.4.1971,11163,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  255.078494][T11163] JBD2: Ignoring recovery information on journal
[  255.100204][T11163] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  255.334446][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  255.336631][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  255.441456][T11163] 
[  255.442384][T11163] ======================================================
[  255.444899][T11163] WARNING: possible circular locking dependency detected
[  255.447453][T11163] 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 Not tainted
[  255.450259][T11163] ------------------------------------------------------
[  255.453007][T11163] syz.4.1971/11163 is trying to acquire lock:
[  255.454898][T11163] ffff888039873278 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_init_acl+0x2f9/0x720
[  255.457965][T11163] 
[  255.457965][T11163] but task is already holding lock:
[  255.460389][T11163] ffff88811e13c950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0
[  255.463085][T11163] 
[  255.463085][T11163] which lock already depends on the new lock.
[  255.463085][T11163] 
[  255.466198][T11163] 
[  255.466198][T11163] the existing dependency chain (in reverse order) is:
[  255.468824][T11163] 
[  255.468824][T11163] -> #4 (jbd2_handle){++++}-{0:0}:
[  255.471002][T11163]        lock_acquire+0x120/0x360
[  255.472560][T11163]        start_this_handle+0x1fa7/0x21c0
[  255.474246][T11163]        jbd2__journal_start+0x2c1/0x5b0
[  255.475983][T11163]        jbd2_journal_start+0x2a/0x40
[  255.477620][T11163]        ocfs2_start_trans+0x376/0x6d0
[  255.479193][T11163]        ocfs2_shutdown_local_alloc+0x200/0xa10
[  255.481008][T11163]        ocfs2_dismount_volume+0x201/0x8d0
[  255.482792][T11163]        generic_shutdown_super+0x135/0x2c0
[  255.484632][T11163]        kill_block_super+0x44/0x90
[  255.486151][T11163]        deactivate_locked_super+0xbc/0x130
[  255.488082][T11163]        cleanup_mnt+0x425/0x4c0
[  255.489658][T11163]        task_work_run+0x1d4/0x260
[  255.491642][T11163]        exit_to_user_mode_loop+0xec/0x110
[  255.493889][T11163]        do_syscall_64+0x2bd/0x3b0
[  255.495860][T11163]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.498289][T11163] 
[  255.498289][T11163] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  255.501553][T11163]        lock_acquire+0x120/0x360
[  255.503492][T11163]        down_read+0x46/0x2e0
[  255.505353][T11163]        ocfs2_start_trans+0x36a/0x6d0
[  255.507411][T11163]        ocfs2_shutdown_local_alloc+0x200/0xa10
[  255.509480][T11163]        ocfs2_dismount_volume+0x201/0x8d0
[  255.511316][T11163]        generic_shutdown_super+0x135/0x2c0
[  255.513564][T11163]        kill_block_super+0x44/0x90
[  255.515241][T11163]        deactivate_locked_super+0xbc/0x130
[  255.517608][T11163]        cleanup_mnt+0x425/0x4c0
[  255.519585][T11163]        task_work_run+0x1d4/0x260
[  255.521590][T11163]        exit_to_user_mode_loop+0xec/0x110
[  255.523870][T11163]        do_syscall_64+0x2bd/0x3b0
[  255.525693][T11163]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.527956][T11163] 
[  255.527956][T11163] -> #2 (sb_internal#3){.+.+}-{0:0}:
[  255.530541][T11163]        lock_acquire+0x120/0x360
[  255.532154][T11163]        ocfs2_start_trans+0x26b/0x6d0
[  255.534206][T11163]        ocfs2_setattr+0x969/0x1b40
[  255.536287][T11163]        notify_change+0xb36/0xe40
[  255.538235][T11163]        chmod_common+0x248/0x400
[  255.540200][T11163]        do_fchmodat+0x12d/0x200
[  255.542134][T11163]        __x64_sys_fchmodat+0x7d/0x90
[  255.544206][T11163]        do_syscall_64+0xfa/0x3b0
[  255.546124][T11163]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.548444][T11163] 
[  255.548444][T11163] -> #1 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[  255.551530][T11163]        lock_acquire+0x120/0x360
[  255.553477][T11163]        down_write+0x96/0x1f0
[  255.555081][T11163]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[  255.557135][T11163]        ocfs2_xattr_set+0x595/0x11f0
[  255.558749][T11163]        ocfs2_set_acl+0x701/0x7b0
[  255.560288][T11163]        ocfs2_iop_set_acl+0x1aa/0x2a0
[  255.562203][T11163]        vfs_set_acl+0x887/0xb00
[  255.563902][T11163]        filename_setxattr+0x2e0/0x600
[  255.565605][T11163]        path_setxattrat+0x364/0x3a0
[  255.567244][T11163]        __x64_sys_setxattr+0xbc/0xe0
[  255.568874][T11163]        do_syscall_64+0xfa/0x3b0
[  255.570397][T11163]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.572527][T11163] 
[  255.572527][T11163] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}:
[  255.575586][T11163]        validate_chain+0xb9b/0x2140
[  255.577598][T11163]        __lock_acquire+0xab9/0xd20
[  255.579648][T11163]        lock_acquire+0x120/0x360
[  255.581645][T11163]        down_read+0x46/0x2e0
[  255.583527][T11163]        ocfs2_init_acl+0x2f9/0x720
[  255.585198][T11163]        ocfs2_mknod+0x1321/0x2050
[  255.586801][T11163]        ocfs2_mkdir+0x191/0x440
[  255.588339][T11163]        vfs_mkdir+0x306/0x510
[  255.589984][T11163]        do_mkdirat+0x247/0x590
[  255.591525][T11163]        __x64_sys_mkdir+0x6c/0x80
[  255.593402][T11163]        do_syscall_64+0xfa/0x3b0
[  255.595410][T11163]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.597821][T11163] 
[  255.597821][T11163] other info that might help us debug this:
[  255.597821][T11163] 
[  255.601520][T11163] Chain exists of:
[  255.601520][T11163]   &oi->ip_xattr_sem --> &journal->j_trans_barrier --> jbd2_handle
[  255.601520][T11163] 
[  255.606511][T11163]  Possible unsafe locking scenario:
[  255.606511][T11163] 
[  255.608871][T11163]        CPU0                    CPU1
[  255.610585][T11163]        ----                    ----
[  255.612687][T11163]   rlock(jbd2_handle);
[  255.614307][T11163]                                lock(&journal->j_trans_barrier);
[  255.616766][T11163]                                lock(jbd2_handle);
[  255.618830][T11163]   rlock(&oi->ip_xattr_sem);
[  255.620296][T11163] 
[  255.620296][T11163]  *** DEADLOCK ***
[  255.620296][T11163] 
[  255.622828][T11163] 8 locks held by syz.4.1971/11163:
[  255.624484][T11163]  #0: ffff88811a3b4428 (sb_writers#24){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  255.627538][T11163]  #1: ffff888039873540 (&type->i_mutex_dir_key#19/1){+.+.}-{4:4}, at: filename_create+0x1f8/0x3c0
[  255.631383][T11163]  #2: ffff88803987c3c0 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  255.636022][T11163]  #3: ffff88803987a6c0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  255.640569][T11163]  #4: ffff88803987b540 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  255.644832][T11163]  #5: ffff88811a3b4618 (sb_internal#3){.+.+}-{0:0}, at: ocfs2_mknod+0xe93/0x2050
[  255.647698][T11163]  #6: ffff8880327824e8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x36a/0x6d0
[  255.650937][T11163]  #7: ffff88811e13c950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0
[  255.654395][T11163] 
[  255.654395][T11163] stack backtrace:
[  255.656596][T11163] CPU: 1 UID: 0 PID: 11163 Comm: syz.4.1971 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  255.656609][T11163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  255.656615][T11163] Call Trace:
[  255.656621][T11163]  <TASK>
[  255.656626][T11163]  dump_stack_lvl+0x189/0x250
[  255.656640][T11163]  ? __pfx_dump_stack_lvl+0x10/0x10
[  255.656649][T11163]  ? __pfx__printk+0x10/0x10
[  255.656661][T11163]  ? stack_trace_save+0x9c/0xe0
[  255.656674][T11163]  print_circular_bug+0x2ee/0x310
[  255.656684][T11163]  check_noncircular+0x134/0x160
[  255.656694][T11163]  validate_chain+0xb9b/0x2140
[  255.656701][T11163]  ? __pfx_find_get_block_common+0x10/0x10
[  255.656714][T11163]  __lock_acquire+0xab9/0xd20
[  255.656726][T11163]  ? ocfs2_init_acl+0x2f9/0x720
[  255.656734][T11163]  lock_acquire+0x120/0x360
[  255.656745][T11163]  ? ocfs2_init_acl+0x2f9/0x720
[  255.656753][T11163]  ? do_raw_spin_unlock+0x4d/0x240
[  255.656763][T11163]  down_read+0x46/0x2e0
[  255.656775][T11163]  ? ocfs2_init_acl+0x2f9/0x720
[  255.656783][T11163]  ocfs2_init_acl+0x2f9/0x720
[  255.656793][T11163]  ? __pfx_ocfs2_init_acl+0x10/0x10
[  255.656801][T11163]  ? dquot_alloc_inode+0x8ba/0xa50
[  255.656810][T11163]  ? __pfx_ocfs2_journal_dirty+0x10/0x10
[  255.656819][T11163]  ? ocfs2_block_signals+0x94/0xe0
[  255.656830][T11163]  ? ocfs2_metadata_cache_get_super+0x43/0x80
[  255.656841][T11163]  ? ocfs2_inode_cache_get_super+0xd/0x40
[  255.656849][T11163]  ocfs2_mknod+0x1321/0x2050
[  255.656863][T11163]  ? __pfx_ocfs2_mknod+0x10/0x10
[  255.656874][T11163]  ? do_raw_spin_unlock+0x4d/0x240
[  255.656883][T11163]  ? ocfs2_inode_lock_full_nested+0xabe/0x1b40
[  255.656899][T11163]  ? __lock_acquire+0xab9/0xd20
[  255.656914][T11163]  ? __lock_acquire+0xab9/0xd20
[  255.656926][T11163]  ? do_raw_spin_lock+0x121/0x290
[  255.656937][T11163]  ? do_raw_spin_unlock+0x4d/0x240
[  255.656947][T11163]  ? put_pid+0xe9/0x130
[  255.656956][T11163]  ocfs2_mkdir+0x191/0x440
[  255.656966][T11163]  ? __pfx_from_kgid+0x10/0x10
[  255.656976][T11163]  ? apparmor_path_mkdir+0x1a7/0x220
[  255.656985][T11163]  ? __pfx_ocfs2_mkdir+0x10/0x10
[  255.656995][T11163]  ? HAS_UNMAPPED_ID+0x11a/0x180
[  255.657003][T11163]  ? inode_permission+0x149/0x470
[  255.657010][T11163]  ? __pfx_ocfs2_permission+0x10/0x10
[  255.657020][T11163]  ? bpf_lsm_inode_mkdir+0x9/0x20
[  255.657028][T11163]  vfs_mkdir+0x306/0x510
[  255.657039][T11163]  do_mkdirat+0x247/0x590
[  255.657048][T11163]  ? __pfx_do_mkdirat+0x10/0x10
[  255.657057][T11163]  ? strncpy_from_user+0x150/0x290
[  255.657066][T11163]  ? getname_flags+0x1e5/0x540
[  255.657073][T11163]  __x64_sys_mkdir+0x6c/0x80
[  255.657082][T11163]  do_syscall_64+0xfa/0x3b0
[  255.657092][T11163]  ? lockdep_hardirqs_on+0x9c/0x150
[  255.657101][T11163]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.657109][T11163]  ? exc_page_fault+0x9f/0xf0
[  255.657118][T11163]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.657126][T11163] RIP: 0033:0x7fa76fd8ebe9
[  255.657135][T11163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  255.657143][T11163] RSP: 002b:00007fa770c49038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[  255.657152][T11163] RAX: ffffffffffffffda RBX: 00007fa76ffb5fa0 RCX: 00007fa76fd8ebe9
[  255.657159][T11163] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000
[  255.657165][T11163] RBP: 00007fa76fe11e19 R08: 0000000000000000 R09: 0000000000000000
[  255.657170][T11163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  255.657175][T11163] R13: 00007fa76ffb6038 R14: 00007fa76ffb5fa0 R15: 00007ffeabb042d8
[  255.657185][T11163]  </TASK>
[  255.892927][ T9808] ocfs2: Unmounting device (7,4) on (node local)

VM DIAGNOSIS:
07:05:30  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff3364901 RBX=ffffffffffffffff RCX=ffffffff822e46fb RDX=0000000000000000
RSI=0000000000000004 RDI=ffff88801c1056c8 RBP=ffff88801c105680 RSP=ffffc90007147558
R8 =ffff88801c1056cb R9 =1ffff11003820ad9 R10=dffffc0000000000 R11=ffffed1003820ad9
R12=0000000000000001 R13=0000000000000001 R14=ffffed1003820ada R15=1ffff11003820ad9
RIP=ffffffff8223021f RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 000055558b214500 ffffffff 00c00000
GS =0000 ffff8880b8621000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32519ff8 CR3=0000000109e22000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f5bb0d87498 00007f5bb0d87470 XMM03=00007f5bb0d874a8 00007f5bb0d874a0
XMM04=00007f5bb18ed100 00007f5bb0d87460 XMM05=00007f5bb0d87478 00007f5bb0d874c0
XMM06=00007f5bb0d874b8 00007f5bb0d874b0 XMM07=00007f5bb0d874a8 00007f5bb0d874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f5bb0c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000004c4f RDI=0000000000004c50 RBP=00000000000003f8 RSP=ffffc90006f56d10
R8 =ffff888020328237 R9 =1ffff11004065046 R10=dffffc0000000000 R11=ffffffff854e7aa0
R12=dffffc0000000000 R13=ffffffff99af48d9 R14=ffffffff99de94e0 R15=0000000000000000
RIP=ffffffff854e7b1c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fa770c496c0 ffffffff 00c00000
GS =0000 ffff8881a3c21000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b31918ff8 CR3=0000000112526000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f4010c12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
