last executing test programs:

1m37.599250885s ago: executing program 1 (id=199):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000280)={'\x00', 0x400})
ioctl$TUNSETCARRIER(r0, 0x400454e2, &(0x7f00000000c0)=0x1)

1m37.480013456s ago: executing program 1 (id=201):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x200000006, 0x0, 0x1}}, 0x40)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0xaf01, 0x0)
r2 = eventfd(0xfffffff9)
ioctl$VHOST_SET_LOG_FD(r1, 0x4004af07, &(0x7f0000000240)=r2)
ioctl$VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x1, r2})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/246, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/70, 0x100000})
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000680))
ioctl$VHOST_SET_VRING_ERR(r1, 0x4008af22, &(0x7f00000002c0)={0x1, r2})
ioctl$VHOST_VSOCK_SET_RUNNING(r1, 0x4004af61, &(0x7f0000000000)=0x1)

1m36.93828043s ago: executing program 1 (id=205):
r0 = userfaultfd(0x80001)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x91c6b000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
readv(r0, &(0x7f0000000600)=[{&(0x7f00000000c0)=""/114, 0x72}], 0x1)
syz_open_dev$evdev(&(0x7f0000002f80), 0x3, 0x484000)
syz_open_dev$loop(&(0x7f0000001580), 0x7, 0x30400)
ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000000000/0x800000)=nil, 0x800000})

1m36.649651065s ago: executing program 1 (id=206):
syz_mount_image$minix(&(0x7f0000000140), &(0x7f00000001c0)='./bus\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00e611ed6229b237ad2a184a94283e2b34c24caf7280c18475708140abe763dfb52cdb0ba0cdc8c572346d0a832984b36248c4fa844eda0af4b1652605421a7821dcfde12aa77458d811a84538a156b05b0ec3eaf24a8b49d41fbfa868653605702abe43d9c2c30aed4da0b8cc18c6b3f745176865442c1217f19a67a534064b7236a66600000000005e8d33d35615188d77fb93669ff6f9e9de7655d53422b29b3ae796fdefbc648f3c39979c02ca6082ca2de5"], 0x1, 0x190, &(0x7f0000000e40)="$eJzs2zuPElEYxvHnDAMi3lC8JMbCytjIACaoHX4UAiMhDkrABmKifg8L7fxwEmNnJRvmtsssxQbCHHb5/xrOw8vJvBMy8IaLABytjp7KyKi0Ck/K1S81Y7slADlZxrf/lwCOT+Gf7Q4A2LF4K40l/f77uadCKRkLHiWLVb2T1Mvn54fFN+mxG9dNWdez88VP6Vmy31Q27q+k9Rsb689VjerOTd3Sbd1RVXd1T7W43o/2S+bhbsMQAABHwqiezWt3OHo3DPxGmothbqriRrkU5lZaj/LLNF8Lc733Mejv8SwAbMNR/dfZnL3+C5nr342vfwCX33Q2f98NAn+S0yL6fMCxdPSdFvp6EG1EC6Poe9ottxd1EGcxmc7+XOjBP6x1WMz9oK6sPymrhcUXJQC58D6Nxt50Nn8xHHUH/sD/0G61228ar181vXDw99bHfwBXyOmbvu1OAAAAAAAAAAAAAADAtu7rge0WAAAAAORkj39Qk76LXxYDAAAAAAAAAAAAAAAAALAHJwEAAP//zigUWQ==")
chdir(&(0x7f0000000240)='./file0\x00')
creat(&(0x7f0000000000)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
mkdir(&(0x7f0000000180)='./file0\x00', 0x12a)

1m36.408381479s ago: executing program 1 (id=207):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}})

1m35.49769678s ago: executing program 1 (id=219):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x4e22, 0x800, @empty}, 0x0, {[0xfffffffe, 0x8000, 0x7ff]}}, 0x5c)

1m35.376592114s ago: executing program 32 (id=219):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f00000001c0)={{0xa, 0x0, 0x0, @local}, {0xa, 0x4e22, 0x800, @empty}, 0x0, {[0xfffffffe, 0x8000, 0x7ff]}}, 0x5c)

30.400228618s ago: executing program 0 (id=836):
r0 = add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
r1 = request_key(&(0x7f00000008c0)='user\x00', &(0x7f0000000900)={'syz', 0x0}, &(0x7f0000000940)='\xf8', r0)
request_key(&(0x7f00000005c0)='user\x00', &(0x7f0000000680)={'syz', 0x0}, 0x0, r1)

30.400001093s ago: executing program 0 (id=837):
syz_usb_connect(0x0, 0x24, &(0x7f0000000580)={{0x12, 0x1, 0x300, 0xfb, 0xf8, 0x8a, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0xe, 0xb, 0x40, 0x4, [{{0x9, 0x4, 0x20, 0x2, 0x0, 0x94, 0x39, 0x80, 0x80}}]}}]}}, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0})

29.063788176s ago: executing program 0 (id=849):
r0 = syz_open_dev$vim2m(&(0x7f0000000300), 0x61, 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='fd/3\x00')
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}})
ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405610, &(0x7f00000000c0)={0x0, 0x100, 0x1})

28.969853845s ago: executing program 0 (id=851):
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="00af268263b121dc03d7d9b98b9cdb76841d31005b31fdfd141b652968fbeae7aac982a517703dc5950f6728aecf5ec337b119ffd66d0a02970718ba573db352906385cece74366e628b6a775c9a6f6fff046416c6240e39a647186c4cf0b360bd17d4cdbd912dc61fd24e6f17d8"], 0x1, 0x152, &(0x7f00000007c0)="$eJzs0E1LKnEUx/Hf3Bnlcq/eBzKwFia0aEjMacRatdBIEtKBwk0rwSYKFCOhXBrRrkXQ1oXlVnwLlrWxRgh7E23cBS0n/o7Rw67977MZ5nsOh2FWlnoqgoAMx3KpuLdvlsvmVnDdSCc3ntrtuOhuAD8/zZ39qziwI54KMDgCRL7xAtu7BXMuXyqI90EcUAEkfjtdg7P7SzSf0+YhSaKp00Bn3Gn6aO9ji47apAIk/r7fsy+AGXHv/9s94BlApRZquZCxbNu2xfeepEJTY5LTm3cZq5sKzwbMUz050fD4ZWTN20skhvPHSDf8EGk1+z0rvWakjV5U1xeimqJpsb5xb6Vi1TMoq54DYPPLPTf8ASULHEvA+XA2uJa8ADr1F6P4Z7E++tfVQzkISJVaPud3NXK+fz8gq5BARERERERERERERERERET0Xa8BAAD//wFeZcY=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000001c0)='./file0\x00')
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), &(0x7f0000000240)=ANY=[], 0x25, 0x2)

28.833338975s ago: executing program 0 (id=855):
syz_mount_image$bcachefs(&(0x7f0000005b00), &(0x7f0000005b40)='./file0\x00', 0x0, &(0x7f0000005b80)=ANY=[], 0x1, 0x5b30, &(0x7f0000005b80)="$eJzs3Q+MXXWdKPBz7p1pZzptmaJALX86QOkrPIEpxQc0GAZeBHxaRNCigrSVTstg/0CntVDFFhLRII/X5L0oz0RCiCa8EIJvybr+WVPMImZljU1ctri7LgY0K7vBGgTtUmI3M/ecO/eeOb977tx7p7Tw+YTOmXPmd7+/7/fc35w553cP90YAAAC8LTz9hdE/XrXgfT+5e/i1nVd+b+NdUV95fHtP2qA/Wd7+ZmXI4TSza/74Mjsudg/NePqS+z743Nc/+c0XXpy3ZOk3brn84G2zV9x779DPLzj40z/fWRQ3HU9nTqzHL8dRdPLPlnzlnh89c8LYtjiKonLcvyuK5sWlH86LMyEGX4+iaG01z/ofPvHasnVjy11fnlm3/ZhMEOP97W12Ms6++IPNJ/32nMuf2/OLy14b7Hl9y66JJnFPzXiKormrax/fHUVRb/JvTDra5qcPTpZX1/xszIUFeZ3WZP5nB9YXJMsZybKvIE7681Mz691N5tGVWfY0+bhWlaY5fip9/mZPc//Zg1u2n3nJ8tvJ8swpxi+n/+KoFEdd1e42xBNjJKp53uIoHh/Tc6rrpbqxEGfGRhxFcWa9lFkvd2fqGu83GWjluJLSJVF9PqVke9p+INnelWw/tWCsXRvY/q603uQX9UCm/mzQvknfVOsal+b1qwa5HA6lzHEmuz3Ntyd5MvqSbX3xsZMecyhH+rOVL97/+As7HlzUH8gj/lacxI9biv/sxov2Ld7xy/3zQ/FXl5L4pZbij57zymMvXfPjE4Lxd6fxyy3Ff/78xV/9/s7tB4L75/fp/ulqKX55+VkHl949uDKY/0Np/J6W4j982aNfm/uepx4L5j+Y7p/e1vbPyLY3rn/kuP3B+FEaf1ZL8S999fgzlm9+dH0w/pPp/ulrKf4zoyMr7rl54faBUPy9afw5LcU/7dc3XL9n3/DzwfyH0v3T31L89y669OoV+zfdFzp2xrsO119YgLemdyTnWF9K1lu9zmxXzfXCA/1x5ZxvdvJvTic7yhjrZ+40xgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7enh/rXDf/7uKW90Jeszk29OKVeW6fYZURT3RlE0unXNlq0jm9YP3LJ525ZNazYMrNk6MLxp65Y7Bs5/98CW4Vs3rLlj7KeDZy+rPO7YKK4s45Mn9X3o0KFDpf76bWl/n77gfz8xcMq+f4yiweN+fkpXMP8P3bngv8/L+ZoRDx3a8L/OuPGl2X+7rbKhP8mrP5BXFMjr4kdeXv7b7/X+zygaPL5RXv+65Iof1SU0vmEiTqI0MyqNfzMznpWbRzXrJJ90f3WtG9kwPFi8f8uBOn5z4C8+un30pl2V/dsTrKPJ/ds7dOhPm77z5E0X77i6suFIfd6L9ndaRZpfuv96kv09N6lrbqCurkBd95xx6r/8w//d+PKuaLDrDwsn911UV3cyALrjdzXVb9rDrLh+n/Qk7dNnPH3cuVs33nru6B07zh7ZuGb98PrhTcuWLbvw/GXnXXDefzt3vPTK147Vn/b/X5qs//CMp80XDI2kX5sbT0V5Fe2PsbyK90dtRqHfv3d+5Ip/uusvd19T2VA0ztPW1eNJspw19jQvjWrG2+R9lVdX0X7oDuyH9df2/b9XBzb/R9FxqPaZqf2aEQ8d+sPI310ye8/pN1Y2HJbjfG1CLR7nq1kn+XTXHneWHrn7d2ZUTurqy83r9Ltf+djffzceqOY3Y0Z0+5qtW7csrXw9THW989rPdbauCxf/+207Vt81b1Jd51W+zk4ynR2fmJtXdmta18Lxr+Uo2S3pIuop5dfXHVXyy/5dSB+X3at9yc/64mNz68pKf7byxfsff2HHg4tCezr+VqXH3mhOZRmfFGi5IfPAcjXhvP6LxkcURatrt6X78cnv/J+BPT+Zt7FwfFRGxqSv2fKGDn3+otm/Gb1u74rKhsNzXKlJqMXjSjXriXzG99f4ceW8I6eON+95rvvFiocO7Tnp3euX/fXW5Ne+aP9WW+ft32VRVHQcWJhZn67jQLafifb58QYy631RuaXjxvPnL/7q93duPxA8bvy+2ePG5+rWym0eN+LAeNr3+f//p8/ue/b9nTtuvH9x+RP/vHBZskOPlN+3nmRc9wTGdTXrJJ+4dlyfc9PmDWsr24/c899kGb7+ibtqzrNG79jx6TUbNgxvGW2urmbPS9K6snt5rKJSC+cl6W/fsQXXdenzNVHX9H3TzP5q9vctzX9tdn+1+PsGefqiuKW/Z89uvGjf4h2/3N8fiBuvLiXxSy3FHz3nlcdeuubHJwTj707jd7UUv7z8rINL7x5cGYz/UJzE72kp/sOXPfq1ue956rFg/ME0/97WzidGtr1x/SPHhfd/lMbvayn+M6MjK+65eeH2YPy9cdLP2LldFD3x2rJ1lfU46k6Ow2ke3XV5Rdn1OLNeyqyXa9dLlTn4agflOK7fnrZLtp9ak0ue6wLb07PHnvmV5YF0Pcp+03j7kaZUc06Qt73o/BoA3krS1//Tc4309f+FyR/Emtf/K8t4Rt3j5yfnU/MnNo1f5901UPlDOtV5vTSP7LxeGn/J6fUxWp3XK5qXOy2zXsmrN5lH66rm0+C8YXbUxLzc5H4az8tlyi+eNxv4UmZD1/jcXuh5605mKvJeZ87kO3ssQrvn2fPzs66eZ4fGXXa+I32dPm5y3GXvi0jHXfa+iDT+gswEWqv3RbQ27qLquEunNRqMu/HKiudTJ4+LqMF+nRgX+dGy42IK46i/Mo6m93Wpo/96f3rn380nBOInf0eO9Ov9dHt6fOhqch5gZWB7p+YB0sNFmtevcvqa0SC/TjMPAAAT1//p3+Cx6/+xv9UDmfP8ouuW7FVGGi94H0s5P5+i69/J97PNaum879JXjz9j+eZH1wfPi59s9r6UW+vWZhXcl1K0Hxdl1gv3Y+BWkKJ5h8WZ9n3RnJb242m/vuH6PfuGnw/ux6HKiVTxftxdtzanzf24JLNeuB+787Mq2o/ZforG75mZ9b7kjqCp7vf3Lrr06hX7N90X3O+7mt3vD9Wt9Rfs9+Q6PY5dp9fHd51+RFynT/d85Js2D5DMW0/XPMC1ge1TnQfom/RNta5xjeYBDqem5wECfxcA4GiWXv9X75dPrv//JtOu3evD4HnbUGfuZw2et1XPa9s7Lw/mXz0vb+/1y2D86nVRe9ctwf1TvW5p77orGL963dXePE1w/zyZ7p/2zvtD/7tAet5/9F8XTe88w9v0uqg7cl0EAMBRJL3+T09X0/v/n0rWs+fG03+dO93XodN9HT3d8wzTPU9ytF/nHu3zDNM9z2YewOujxcwDAAC8NbwvWd7YZPuu8XuIo+hTN9183qq1w59ZtW7L8PDorWtuGl41smlka7Vd9/iV1+T7pEP9Fd0nndd+VoP2q4Lx6/O5PNA+pN36Q/0V1Z/XvlH9q4Px6/O5ItA+pN36Q/0V1Z/XvlH9a4Lx6/O5MtA+pN36Q/0V1Z/XvlH9nwrGr8/n/YH2Ie3WH+qvqP689o3qvykYvz6f/xFoH9Ju/aH+iuofbz8jyomf3z77fpmh+j8QaB/Sbv2h/orqz2vfqP7hYPz6fD4YaB/Sbv2h/orqz2vfqP51wfj1+awItA/JqT/NoKn6Q/0V1Z/XvlH964Px6/O5KtA+pN3nP9RfUf157RvVf3Mwfn0+Hwq0D2m3/lB/RfXntW9U/0gwfn0+Vwfah7Rbf6i/ovrz2jeq/5Zg/Pp8PhxoH9Ju/aH+iurPa9+o/k8H49fnc02gfUi79Yf6K6o/r32j+jcE49fnc22gfUi79Yf6K6o/r32j+jcG49fn85FA+5B26w/1V1R/XvtG9W8Kxq/P56OB9iHt1h/qr6j+vPaN6t8cjF+fz8pA+5B26w/1V1R/XvtG9d8ajF+fz3WB9iHt1h/qr6j+vPaN6r8tGL8+n48F2oe0W3+ov6L689o3qn9LMH59Ph8PtA9pt/5Qf0X157VvVP9oMH59Pp8ItA9pt/5Qf0X157VvVP/WYPz6fK4PtA9pt/5Qf0X157VvVP+2YPz6fG4ItA9pt/5Qf0X157VvVP9ngvHr8/lkoH1Iu/WH+iuqP699o/q3B+PX53NjoP0kyY047dYf6q+o/rz2jeq/PRi/Pp9VgfYh1fq3bhkeXrXt1rVrtg6v2rR57fDoqu1bRrZuHU5O1Nq9LzF4X1lyX2J31NWw/gWZ9WOS9wc6JvD+QNn2adgTx7+Z/P5A2W67Ct4np+j5yvZf9D5DCzLvaB0ab6Hnt+h40Ox4yKr7/agMkpFNo8NbJh+/exvuj9oxEY3fNtdbWcbHN9U++3adgW4KNV9PT8N6sptnJjcCzoyPa6p9FPg8uKlqvp44WE9eHlP9HLs07JQ+xy7zZZKc92itq3fd6PhBemTNhpEdw5Pzn3UE5P/m7MfSpDyKnv84k8e8JJN5oc97C+S9/dv/9vDvfvdXH4iiwePKJ7W1/+KhQ6sPHP+pn10889yx/EsN86+2TD9XueDzD7Pt03q6Nmwe3fpf123etin/FbT0fudSdX2a7ndO6iw3ef9y6H6Pqd6/HE/65sjU7P3LAAAAbxfp//+fXq/OT6a+52WmCJqfB27v/48OzgPvbW4eODsbUTQPnG2flt3sPHBfm/PA2f5D87SlBu0bve7S7DzwJwLtp6r5cdLe+wAEx0myp4rGSfb/wy8aJ9n2Ux0nvW2Ok2z/ReMkr32j16ebHSfXBdqHND8e2nvfieB4GGxuPGQ/V7NoPGTbT3U89LQ5HrL9F42HvPaN7tdpdjx8JNC+Wc2Pj/beFyY4PlY3Nz6yn5dSND6y7ac6PuI2x0e2/6Lxkde+0f2MzY6PDwfap5p//tt7357g87+7uec/+7ktRc9/tv1Un/9Sm89/tv+i5z+vfaP7uZt9/q8KtE/VP/9jT/z48z68avvmLbX3QE/357aENJ/f9H5uTauaz3963/dp+vOf3veVmv7827tuCua/t71XuprPf3o/l6hVh+312OT/1Sx6/6mi12k/Htg+1ddpZ0z65sjkdVoAAACYfunr/+nH8afvD//lZBn4mP6WHf2f7+3zt3Pjd+jzt4vmMc3nNejsCGA+DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDNmds0fXz79hdE/XrXgfT+5e/i1nVd+b+Ndu4dmPH3JfR987uuf/OYLL85bsvQbt1x+8LbZK+69d+jnFxz86Z/vLAzcX1mcmaz2RFH8chxFJ/9syVfu+dEzJ4xti6MoKsf9u6JoXlz64bw4E2Hw9SiK1lbzrP/hE68tWze23PXlmXXbj8kEydYV9ZXTfOryjG4vrIijUE8yzr74g80n/facy5/b84vLXhvseX3LrokmcU/NeIqiuatrH98dRVFv8m9MOtrmpw9OlldHUTSr5nEXFuR1WpP5nx1YX5AsZyTLvoI46c9Pzax3N5lHV2bZ0+TjWlWa5vip9PmbPc39Zw9u2X7mJctvJ8szpxi/nP6Lo1IcdVW72xBPjJGo5nmLo3j8uZ9YL9WNhTgzNuIoijPrpcx6uTtT13i/yUArx3H99rRdZvtAsr0r2X5qwVi7NrD9XWm9yS/qgUz92aB9k76p1jUuzetXDXI5HEo1x6C87Wm+PcmT0Zds64uPnfSYQznSn6188f7HX9jx4KL+QB7xt+IkftxS/Gc3XrRv8Y5f7p8fir+6lMQvtRR/9JxXHnvpmh+fEIy/O41fbin+8+cv/ur3d24/ENw/v0/3T1dL8cvLzzq49O7BlcH8H0rj97QU/+HLHv3a3Pc89Vgw/8F0//S2tn9Gtr1x/SPH7Q/Gj9L4s1qKf+mrx5+xfPOj64Pxn0z3T19L8Z8ZHVlxz80Ltw+E4u9N489pKf5pv77h+j37hp8P5j+U7p/+luK/d9GlV6/Yv+m+0LEz3nW4/sICvDW9IznH+lKy3up1Zrtqrhce6I8r53yzk39zOtlRxlg/c6cxPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb03DVzyw84q9q67siqMoDrQ5lCP9WXnG0NBAC/2Wl591cOndgytrt81vIQ4AAABQLL0OL1W39ETzo+1xb3Ribvt0juDEdC2u356dQ+idaNmROKUOxSl3KE5Xh+J0dyjOjA7FmdmhOD0FcXqi5uL0NoxTajqfWR2K09ehOLPbjlMZyXM6lM/cDsU5pkNx+hvGaX4czutQnGM7FOcdHYrzzg7FOa5DcY7vUJwTOhQnO6c81XE4J2m5IBRn/JtyYZyuuFz9Qd58etrPyZkDZmmK/fQ12U92zn6q/fQ22c/pbfbT02Q/i9vsJ26ynzPb7KdU0E86bm/P5pf2k64Vj/8Dh6IouqP9OOPLHR2K89kOxflch+Lc2aE4n+9QnJ1txgFoVnr9P3Hd2B/N7Lo4mpUccbKzAOn17sLKoycdj3qyF+iJNN5Jme0ziuJlL9Qz8RZ2OL/TMtu76+J1Vc+bGsTrr423KPPDwnqzEwqZ/JZMNV52YgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAptHwFQ/svGLvqiujOBr7L9ehHOnPyjOGhgZa6Hfli/c//sKOBxfVbpvZ1UIgAAAAoFB6Hd5d3dIT/Se79hcjV1U/APzcndmZYVv4TX+BOpBCR0orRqSli/InNVz0YZYYlABGA6a7pQzrhu0ustsUVmStD8QHDSSauPpkeMIQHtSgqCTLg8agJGyi2ERQXiSKBkiAhJqYjNmde+dfZ3bWEe0Cn8/Dufee8z3ne89s0+R7ZvLZvSEX5driCsk5QCF5zhTr16g8tHYdibatG59N4vfOH7lr79y9Cx+eOnJosjpZnRkdHb3y8tH9V+z/6N47pqar++ptyPdZbzhZb+7ehTsPTU9X756rP3e+dymZV2p2Taw2x5P3/v8+eaIkvpnnv3fT/68FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnV7WytFhZGR8biUKIesTUukjHMrk4Lg+Q99o3t+++evbRyda+fHaAhQAAAIC+0jp8uNFTCPlsJmTCuWtPFzZDiyE0634AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC9p1pZWqysjI9tiUKIesTUukjHMrk4Lg+Q9zdzU9c/8IWdx1r7SuvE5wfIAQAAANSldfhQo6cQSmFXGI7ObYtLzwbO65jfGZeuc/4G4zrPDnrF7dpg3J4Nxn2wT9ynkus9AQAAAN750vo/2+gphnz2zJ71f7+6Po3b2RGXSa6D/FYAAAAA+M+k9X+u0VMK+WypUa9vtN6/sCMund/ve/t0fr/v7dO4i3vk6fw+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYvKqVpcXKyvhYJgoh6hFT6yIdy+TiuDxA3hcv3/Ptny8eO9nal88OsBAAAADQV1qHN0vvQshnR8Jw2LJW91+55+9fXJg4vm24mAzncuGeQ/Pzd++vt2ncrq++/rnf/TQqnxJ3Wb09LZsDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADeVtXK0mJlZXzsjCiEqEdMrYt0LJOL4/IAeV+cOvrPWx8557XWvtIA6wAAAAD9pXV4s/YvhFLIhVzYvvbUWuuvGuqY3+vMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHj3mLt34c5D09PVuzfTTSZsitdw4+a9e3O6/2cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2i2plabGyMj5WiEKIesTUukjHMrk4Lg+Q9+GPP/rdsz7yi8da+0oDrAMAAAD0l9bhzdq/EEphOAyHc9aeup0JrNX/xf/hSwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJtCtbK0WFkZHzszCiHqEVPrIh3L5OK4PEDeC//8+VuXT1RfbO3LZwdYCAAAAOgrrcNzjZ5CyGcvC/mwI3mebp8QZZJr93OB5ry72qaNbHjefW3zMhue97WOnWWT3dTnFdL1ivVrY1751HnlEEIpmVdqDky0zQsPtc06c8Pv+b22ecU+8wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABsQtXK0mJlZXwsikKIesTUukjHMrk4Lg+Q97kjV53Ys/DH11r7SgOsAwAAAPSX1uHN2r8QSuH8cFY4f63uD8X2+DTuwCOvXP3Xn53xjRD2bf/tBdme6//l4sovO5sQhtqDhkL4vyRf1CPfsR//7eFXX/3JJ0PYd05mxyn5suvna18yrk2c3H7bswfye/t8OAAAAPAukdb/w42eYshnZ3rW/2mh/W/V/7Nn33TftqRNKvKOGUPFJN9Qj3x3XvHNH5UvOPGH1fp/vXyf/vJ5n9gWZq+Ip9K23tMhimvTD+4++PLWp4+mu67nz3TkTz+Xl07+8DPH5g5/pZ6/EApJ/3nZbvlPbTucEdfemnniqcMHFm5oz5/tsf8Hdr//T7//zpFXVvO/sXOkkf8D6+x//fxn31x5/vjjD93Ynn+4R/7Jm7Z8/83y7D869z/SsXDyydf/4C1/hQ5RXHtj6plrti7vOtieP4Qw0RqYfv5PPfGt8vKvtx1J86e/Fbl4V0f+ln9qrW3HmVMU15Z3XDI5+uT8lvb8UUf+dP8n7v/BW1868dx1nfu/vXP/PfN37v+6PZlbXtg5OsiPZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3gGqlaXFysr4WMiEEPWIqXWRjmVycVweIO/HLrr2hutfm/l6a18+O8BCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNumWllarKyMjw1FIUQ9YmpdpGOZXByXB8g7d+nrj71846/e19pXGmAdAAAAoL+0Dm/W/oVQCrmQCyNrdf/Eye23PXsgvzcU66NRcs1Oz87Nf+iO2aMzt5+mNwcAAAA2Kq3/s42eYshnLwrDSf2/vOOSydEn57ek9X8IYWK1KdwxNV0dDY1zguv2ZG55YedouXFO0Bp36eHZ6eSYIF33/qu2vjT32ZXru667vxn3xtQz12xd3nUwjRtOrmtxlzXjph/cffDlrU8fTeOG0nOK1bh9zbi3Zp546vCBhRvS8Uzrei1xZ99cef744w/d2FgnuY4keQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+xQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX26yjEqiKOA/DMvbt69a7bblFuUqRiokGyUlEJ0SokPbQhBb5Y4ENWRia1hCGEm5CFSfhUERQRBYFIQdBDERaUQRIFEdpDGNpDPcRGtCFuVOzuzO7do6fdTq2CfB8cxplzz2/+Z8549l4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOr7ltPWPt4acHfr9z0W2f794yvOv297c9tb9vzuFb991x7JV73zxxsnvF6jceWj/yaEf/3r19X9848sWfT04b/MR4szJ1GyHEn2MIV3654oU9nx5ZODoWQwj12DUYQnesfdwdCwm9p0MI903UOfXku8PX3T/aDj43d8r4RYWQ4n2FZj3XM65rar1cWBppnz3z4fYrfly1/tihb9cN9zZOPzY4+ZHYaNlPIXRubr2+PYQwLx2j8m7ryRendkMIYX7LdTdNU9fSGdZ/bUl/UWrnpLY5TU4+v6TQb59hHW2FtjHD66qqzXJ+lp9fxyzPX3y5FefpTu17qV35L/Pr+YihFkPbxHQPx8k9ElqeWwxx7NlP9mtT9kIs7I0YQiz0a4V+vb1wX2Pzpo1Wj3HqeP5cYXxxGm9L40um2Wt3l4xfnu83/Uc9Vbj/YmjzjH9M3NeYXNf3/1DLuVBreQedbTzX20gPo5nGmvHiM6756yzyuY0nn3/7xM5Xl3WV1BHfiSk/Vsr/ZtvNR5fv/G6opyx/cy3l1yrlD6z69eBPd322sDR/f86vV8o/fv3yFz/YteNU6fr8ktenrVJ+fc01I6t3924srf+1nN+olP/6ugMvd97wycHS+nvz+syrtj5bH/9j01uXDpXmh5w/v1L+2t8uu3rN9gMPlOZ/lNenWSn/yMDW/j0PXrVjcVn+Vzl/QaX8pT/cs+nQ0S3HS+vvy+vTVSn/lmVrN/QPPbKv7N0ZB8/VX1iAC9Ml6TvWs6lf9Xfmf9Xye+Glrjj+na8jHQv+z4kKRufpnMV8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/2YEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAngoAAP//43FU8g==")

28.473235238s ago: executing program 0 (id=862):
syz_mount_image$vfat(&(0x7f0000000a40), &(0x7f0000000140)='./bus\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x35a, &(0x7f0000000b00)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlEyoRMTWk1fx5j8guOxxbwX1H+jFWwXx4q2XgqBFxJH51ebHJGnSlLTb7wdKnsn7PpP3TUJ43oF5e/DBN582ao5RMzuSzKokRESORIqSlEgifEz6cVp67cir1//cf/HOvfvvliuVm+uqt8p3Xyup6vLKj599kQu77WZkr/jRwWHpj71n954/+O/uJ3VH6442Wx019UHr9475wLZ0o+40DNXbtmU6ltabjtUO2ltBe81ubW521Wxu3Mhvti3HUbPZ1YbV1U5LO+2umh+b9aYahqE38nK1ZGfIqT5aXzfLM77gwxnzMG//uK47prndLptLIkZuqKX66FzHBQAALqSB+v+7qEYoSvK4oEz0rQWG6/8o9ut/b7FwUv8/funnzvX3nyyH9f9uOq7+f/3XIL+v/vdefe71/w8Dx8MV0aW3PU3nM9X/uBhW0kNPJfqOvPo/H67ffV99+HjVD6j/AQAAAAAAAAAAAAAAAAAAAAC4DI5ct+C6biF6jP5ObiEIj6OjcTca49IZ9flnwh0Fjr8PeCrduXdfsv6Ne6llEfvrrepWNXgM26OOq1KQf/3vQyjYcGLHb1RPUX6yt8P87a3qkt9SFlGxxZI1KUixL9+Pb71Tubmmgf78RCrv5dek7ueXpCDPxOeXYvPT8srLPfmGFOSXh9ISWzbC37Eo/8s11bffqwzk5/x+cd48/48FAAAAAIC5MlSz4fI5dv1uGKpx7d5aXnrX58PXB47X16ux6/NU4YXUYucOAAAAAMBV4aQ/b5i2bbWd7sggJ5P6ZMKzjT9PfJCaprMX7PvBtXF9lnpm2NsU7ZQal5UO/4PGFIMPziNHwQWP02T9lZHYNzN2YNkzvKumHc3/FJ2z034EbScZ+x5OCla88ehM0+kJostGo/rI7VnPPCqIds79bULn5779/u/ZXiIR7trb2/TGk+yEmfpBYuCZnQlf2kPXnTiea+f1ewMAAABgcaKiP+dEz7y12AEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAFzXWbtBHBoucIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXBT/BwAA//8L3Pjk")
writev(0xffffffffffffffff, &(0x7f0000001700)=[{&(0x7f0000000240)="92af69b7cbd72c2b", 0x8}], 0x1)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)

28.361585758s ago: executing program 33 (id=862):
syz_mount_image$vfat(&(0x7f0000000a40), &(0x7f0000000140)='./bus\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x1, 0x35a, &(0x7f0000000b00)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlEyoRMTWk1fx5j8guOxxbwX1H+jFWwXx4q2XgqBFxJH51ebHJGnSlLTb7wdKnsn7PpP3TUJ43oF5e/DBN582ao5RMzuSzKokRESORIqSlEgifEz6cVp67cir1//cf/HOvfvvliuVm+uqt8p3Xyup6vLKj599kQu77WZkr/jRwWHpj71n954/+O/uJ3VH6442Wx019UHr9475wLZ0o+40DNXbtmU6ltabjtUO2ltBe81ubW521Wxu3Mhvti3HUbPZ1YbV1U5LO+2umh+b9aYahqE38nK1ZGfIqT5aXzfLM77gwxnzMG//uK47prndLptLIkZuqKX66FzHBQAALqSB+v+7qEYoSvK4oEz0rQWG6/8o9ut/b7FwUv8/funnzvX3nyyH9f9uOq7+f/3XIL+v/vdefe71/w8Dx8MV0aW3PU3nM9X/uBhW0kNPJfqOvPo/H67ffV99+HjVD6j/AQAAAAAAAAAAAAAAAAAAAAC4DI5ct+C6biF6jP5ObiEIj6OjcTca49IZ9flnwh0Fjr8PeCrduXdfsv6Ne6llEfvrrepWNXgM26OOq1KQf/3vQyjYcGLHb1RPUX6yt8P87a3qkt9SFlGxxZI1KUixL9+Pb71Tubmmgf78RCrv5dek7ueXpCDPxOeXYvPT8srLPfmGFOSXh9ISWzbC37Eo/8s11bffqwzk5/x+cd48/48FAAAAAIC5MlSz4fI5dv1uGKpx7d5aXnrX58PXB47X16ux6/NU4YXUYucOAAAAAMBV4aQ/b5i2bbWd7sggJ5P6ZMKzjT9PfJCaprMX7PvBtXF9lnpm2NsU7ZQal5UO/4PGFIMPziNHwQWP02T9lZHYNzN2YNkzvKumHc3/FJ2z034EbScZ+x5OCla88ehM0+kJostGo/rI7VnPPCqIds79bULn5779/u/ZXiIR7trb2/TGk+yEmfpBYuCZnQlf2kPXnTiea+f1ewMAAABgcaKiP+dEz7y12AEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHAFzXWbtBHBoucIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXBT/BwAA//8L3Pjk")
writev(0xffffffffffffffff, &(0x7f0000001700)=[{&(0x7f0000000240)="92af69b7cbd72c2b", 0x8}], 0x1)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x42, 0x0)

1.161138689s ago: executing program 4 (id=1209):
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
socket(0x10, 0x80002, 0x0)
write$P9_RLERRORu(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1c00000007ffff"], 0x52)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}})

1.160143763s ago: executing program 4 (id=1211):
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xe, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="850000001900000016000000000000005c003f00000000009500000000000000a898e13a4950e4730c06fea5a759a5acc85c362e8cd0a9048702a0a79efd44f3359bbdb9be5a3941acf30fdc8059a0bb61e4aa81bdfef0429db774a3a57d1857746f00ee47b017e363f2e7d1b9e89eace8d970e7b24f9e42de3e799b4d5d45f6cc0c194b3f6918227b03a9a129476a22a1af67b57eb5e1554b862141a280"], &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, 0xffffffffffffffff, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffed8, 0x0, 0xffffffffffffffff, 0xfe8e}, 0x3f)

1.092250203s ago: executing program 4 (id=1212):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000140)={0x73622a85, 0x7cab6ced6415608, 0x3})
ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000002c0)={0x44, 0x0, &(0x7f0000000380)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x53, 0x0, &(0x7f0000000400)="8b0b4c404981a6ef39f577efb9c2c64f47b576cec3dab5adbd25d802c31aa20f47283d909cfc1520a8ebb223d441539406505ea001848d180490b7a70bc561639b136ecae6c156d04957009916c1b24ba79c86"})

1.091675637s ago: executing program 4 (id=1214):
r0 = socket(0x10, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'ip6gre0\x00', &(0x7f00000002c0)={'syztnl2\x00', 0x0, 0x29, 0x80, 0x0, 0x9, 0x0, @dev={0xfe, 0x80, '\x00', 0x35}, @mcast2={0xff, 0x3}, 0x20, 0x40, 0xfffffffe, 0x10004}})

953.067511ms ago: executing program 4 (id=1215):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xa040, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
fcntl$setlease(r0, 0x400, 0x1)

952.744818ms ago: executing program 4 (id=1216):
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x258a, 0x33, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}}}]}}]}}, 0x0)
r0 = timerfd_create(0x0, 0x800)
timerfd_settime(r0, 0x3, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec21, 0x1000, 0x400001, 0x40000333}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

780.885913ms ago: executing program 3 (id=1219):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
statx(r0, 0x0, 0x1000, 0x20, &(0x7f0000000540))

780.638058ms ago: executing program 3 (id=1220):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0xd0f, 0x0, 0x25dfdbfb, {0x60, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="9f"], 0x0, 0x6e, 0x0, 0x1, 0x20}, 0x28)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001400b59500000000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fe8000000000000000000000000000aa0800093f3f0c0000140001"], 0x48}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x4, '\x00', r2, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0)

690.512088ms ago: executing program 3 (id=1221):
syz_mount_image$squashfs(&(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00815fcb6c17c68f239cbc53c40972fb43da14f217bd93e6ebfde5585f63f1c1d8473fe39327852107a2489fc75846dd58657945c3ce4bed7d1452c74577e678a02e6b62c48846f9fea8ff6fd7f9a819961a1a6e18917f75cf633eaefe0f029d5d4b697ca0de784bd4fd4ee47740fafc2d46c7aa1279d7172ac4ec4b9cbe890200000075117934859797825acb3e8e4a67ae59d5e366af500cea3eee7b6bf3bfe9c4ae7b0f7fb33d5f1f72070000000e72da1075d5b83f93f03711b9e9ae0621abdf15468f20abaff376fd6ddaa87651396da731adf6214f92888f896d3f3d60f5fb009d365da32dd89b8589c3a08956a8ff185ef14e956b950f801b511c6d876127757678102f7b8851a569c0f6bc340fe0dbc1b5b828d9401d0ea1e86a43ececf69580430a29ade4f88535749e90b4d3391e03934cae898a63dad6cacaf559a55ab4b7810337d89efda43d160065705aec490f6ba91096230e5d45f2e74ed77d83f616047a6c6bfad569119396123ec0b842342c7494412ed535df4dcb2d18873b2df25b5fe02a5b29da44b90b2d52726e6886ac84ed4d6d164fd23d9525b8898ad3031c496ccb69d0f06bc00c5b3f19269c81f34c480b5cedce8125337c5aa57ae15d525b9dcc4edce1327f2d3d3eda95cbcf1bd1b362b7b6de289c8380a70035aac04f2641fd37e02c0bde93087f0c42d287d33387b200f3976a9fba9dddeba00ba4b561b767cfc5c9bb1b1572055f052e2f7694e39e1fca3719374528800e"], 0x1, 0x1a4, &(0x7f0000000540)="$eJzsVb1OG0EQ/vZufWeniFJHkVLESuwi9vmcROmSCvkBqBGWfRiLMz8+S2DLhan8HjR+Ed6BAkRjCoREYWrQod2dO9YdSIdk0H7S+vtmZmf/rJvZjg4iF8DDYtzCf0jY+IhzxsABfGXKt+YqvnEUV8i+5orL5D8hviCOhqOdZhgGfSHyIJF6MhHZr7iSYuPFWQXgdV6cREH9x1iN98lc8EzWsVflOu9E3McKz5n8ZP47tnAra9nZYtwSYhOAWEf42mowfY4N4FSb85nLwWzE6RxR/ITxA0B10NuvRsPRz26v2Qk6wa7v1/94vzzvt1/d6oaBp36ZtoVF34/gMgBRUwtaPAfgkgrsByyDaUejONNzHa04l74t51qMp7kJ5ykmcqm2W+IJ1vFdxg4n1AkgvEU6tbxSAww2uDRqXDsfEMNCXgYqrb2wPQWD6CuxC3gzcFhJ2hy5xBCpqRHU/06SY0+Ji8QN4hnxnDjpWUkv4nKFK7JKE8DBUXMw6NeES6nU56c+/1O6s0W73jn65YAvLgwMDAwMDAwM3hgeAwAA//9bsl4t")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
lseek(r0, 0x7ff, 0x1)
getdents64(r0, 0x0, 0x10)

678.136195ms ago: executing program 3 (id=1222):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x5c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_BUCKETSIZE={0x5}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0x1}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x5c}}, 0x8000)

581.921984ms ago: executing program 3 (id=1224):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffffffe}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, <r2=>r0})
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0xc0086202, 0x0)

581.617515ms ago: executing program 3 (id=1225):
socket$nl_netfilter(0x10, 0x3, 0xc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000600)={0x1, &(0x7f00000005c0)=[{0x6, 0x6, 0x8}]})
socket$alg(0x26, 0x5, 0x0)
r0 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x4000000, 0x0, 0x1, 0x10d}, &(0x7f00000006c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = syz_io_uring_setup(0x499, &(0x7f0000000400)={0x0, 0x707b, 0x0, 0xc, 0x288}, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000140)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffd, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r3, 0x3516, 0x0, 0x4, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x47ba, 0x0, 0x2, 0x0, 0x0)

392.060309ms ago: executing program 2 (id=1227):
r0 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000140))

391.845714ms ago: executing program 2 (id=1228):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x1}, 0xc)
r1 = socket$qrtr(0x2a, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000ac0)=[{{0x0, 0xff2c, 0x0}, 0x1}], 0x40, 0x2, 0x0)
connect$qrtr(r1, &(0x7f0000000040)={0x2a, 0x1, 0x4000}, 0xc)
writev(r1, &(0x7f0000000340)=[{&(0x7f0000000080)='~', 0x1}], 0x1)
writev(r0, &(0x7f0000000540)=[{&(0x7f0000000140)='Q', 0x1}], 0x1)

242.22894ms ago: executing program 2 (id=1229):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc)

209.121142ms ago: executing program 2 (id=1230):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x108)

81.856578ms ago: executing program 2 (id=1231):
keyctl$set_reqkey_keyring(0xe, 0x0)

0s ago: executing program 2 (id=1232):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c6572726f72733d72656d6f756e742d726f2c61636c2c00a9b504852143b698d2e379891a0dde7f9adfca8cbec85bf8e749e04e"], 0x11, 0x443f, &(0x7f00000088c0)="$eJzs3c1PHOcdAOB3BlyD6w9wfXClSl2pllq1FQKf2mKpGGNjsKkrt7aqXtYLrG3ahbVgqXqwFHKzlFOkHKIcrETKjZPFIVfnT8glR+dsKTnkEimSFaLdnYWdYVds0C7EzvMcmJ33e/c3H+8chjdOVB4ureWW1nKFlVx54f7axdz/yqX15WKID0nL/o8dXv90phfHyVEfez9lt65c+8fdiyF8uvj5y+3t7e1Q1R9aGmv6/M3Xjxeatw1xpk613datdcu/Qwjn9oyrqi+E8K9PQohCCJeTtMlkOxhCOBXqeXcfv3Mv16XRPHtRvJR/Nfdka/zC7ObTrfbfPQrhg9Iv//hg+cvf9I1/8fsudQ8AAAAAAAAAAAAAAAAAwGtu+vatO38fHQvPo9C/Ge19X3c62bZ7P3a7a37d+y8LAAAAAAAAAAAAAAAAAAAAP1K77//norMt3v+fSrYTbepv/7VNxvHujpPemPnbramro2PJ+u/Rnvw/JUlfXe4Lwy3Wfc+u/345U7/1+u97+zmoxvga/Q6FKB7ZfmsnfyjE8chICB8lC7+fj07EpfJa5Q/3y+sri10bxmsrHf/66v2p6CQL+nca/8lM+71f//8Xe46m6v697h1ib7R0/Pvalvv47aij+F/J1DuM+HNw6fj319IGmwtM1C8A1fi/279//Kcy7fcq/qdDCLmoOtZc6gpQncNU09vNV0hLx/9YLS116Ux+yHbn/7eZ+F/NtN8u/me69g1aX/83sjciWkrH/2e1tIFUid3zfzje//y/lmn/KO7/1fFvuP93JB3/5KGtP1Wk9kt2ev2fzrTfq/jfiZNxno5SR8BmVE9v9//qSEvHf2BP/u7zX9zR/O96pv5hPf81+q09/zU9h/wuqj//0Vo6/oNty3V6/s9k6vX6+j9Rm/9xUOn4n6ilpefOQ7W/ncZ/NtN+r+Jfm5UMNOK/ez357ng9/UPzv46k4//zemLcXGKj9rc2/4v2n//fyLR/FPO/6vg34t72+qZIx/9k23LV+H/Wwf3/ZqZe7+Mfwqi5/oGl43+qbbna+T+wf/znMvV6Hf/f9rJxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNfAZLIdClE8ktqP45GREK4k++fDiWi+sJifL5UX/rsWwlSSngtnowel8nyhlF9aKS8W84VSqbwQwtUk/1wYiNZK5Up+ufDo2k5bg9HDYmG1Ml8sVEII00n6r8KpRlvzS5XlwqMQwvWdvDNxefXRw8JKfnFp9S+jo6OjYWZnDMNR8f+V4kql3ns9N4TZnbpDUdPgatk3dsZyMvpPeX11pVCqpd9sqlMqLxRKTXXmkrz3wnBUWV1fWShUivlS+UGjv6M0kWynZm7/8/bNsT3596L6dvJwhwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAD/R8/M/vhxD663txCGGi8SFqVf7Zi+Kl/Ku5J1vjF2Y3n269bFcOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB7duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBLxygRA1EYgN+Mhdp5DKuQdLYJimhhRPAEegwPE4/iJbyDhYWthQhmBjTuQprd6vuaB/l5eT8kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACsc3k33t+2XUSKo6/DiJfH17ff+XWZ0zDPvNg/2FNPduPqZjy/aLvy3dO//Kw8eu/zT/r58fQQG2b1PPzdX/5Ps3rneGuvaVjXv/ard08i5SYi+pKfppybZt27AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhmBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86ir4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//78SIGU=")
setxattr$trusted_overlay_origin(&(0x7f0000000240)='.\x00', &(0x7f0000000000), 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

? __pfx_f2fs_write_data_pages+0x10/0x10
[   98.168684][ T6981]  ? check_path+0x21/0x40
[   98.168710][ T6981]  ? check_noncircular+0xe0/0x160
[   98.168743][ T6981]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   98.168755][ T6981]  do_writepages+0x32e/0x550
[   98.168774][ T6981]  ? do_raw_spin_unlock+0x4d/0x240
[   98.168791][ T6981]  filemap_fdatawrite+0x199/0x240
[   98.168811][ T6981]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   98.168870][ T6981]  ? do_raw_spin_unlock+0x4d/0x240
[   98.168892][ T6981]  f2fs_sync_dirty_inodes+0x31f/0x830
[   98.168928][ T6981]  f2fs_write_checkpoint+0x95a/0x1df0
[   98.168966][ T6981]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   98.169017][ T6981]  ? down_write+0x162/0x1f0
[   98.169037][ T6981]  ? __pfx_down_write+0x10/0x10
[   98.169060][ T6981]  f2fs_issue_checkpoint+0x3ac/0x570
[   98.169083][ T6981]  ? __pfx_f2fs_issue_checkpoint+0x10/0x10
[   98.169136][ T6981]  ? do_raw_spin_lock+0x121/0x290
[   98.169160][ T6981]  ? __pfx_wake_up_var+0x10/0x10
[   98.169187][ T6981]  ? f2fs_sync_fs+0x200/0x3d0
[   98.169207][ T6981]  f2fs_create+0x44b/0x5c0
[   98.169233][ T6981]  vfs_create+0x24e/0x400
[   98.169260][ T6981]  do_mknodat+0x3c6/0x4d0
[   98.169280][ T6981]  ? __pfx_do_mknodat+0x10/0x10
[   98.169292][ T6981]  ? getname_flags+0x1e5/0x540
[   98.169309][ T6981]  __x64_sys_mknodat+0xa7/0xc0
[   98.169330][ T6981]  do_syscall_64+0xfa/0x3b0
[   98.169348][ T6981]  ? lockdep_hardirqs_on+0x9c/0x150
[   98.169367][ T6981]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.169382][ T6981]  ? exc_page_fault+0x9f/0xf0
[   98.169399][ T6981]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   98.169408][ T6981] RIP: 0033:0x7f8ad4d8ebe9
[   98.169445][ T6981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   98.169487][ T6981] RSP: 002b:00007f8ad5b2d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000103
[   98.169498][ T6981] RAX: ffffffffffffffda RBX: 00007f8ad4fb5fa0 RCX: 00007f8ad4d8ebe9
[   98.169509][ T6981] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005
[   98.169517][ T6981] RBP: 00007f8ad4e11e19 R08: 0000000000000000 R09: 0000000000000000
[   98.169526][ T6981] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000
[   98.169534][ T6981] R13: 00007f8ad4fb6038 R14: 00007f8ad4fb5fa0 R15: 00007ffc5ff72ea8
[   98.169562][ T6981]  </TASK>
[   98.171047][ T6977] 
[   98.171047][ T6977]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   98.171047][ T6977] 
[   98.174166][ T6981] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   98.280265][ T6987] trusted_key: syz.2.320 sent an empty control message without MSG_MORE.
[   98.301651][ T6606] 
[   98.301651][ T6606]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   98.301651][ T6606] 
[   98.309050][ T6606] 
[   98.309050][ T6606]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   98.309050][ T6606] 
[   98.822008][ T7001] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   98.929204][ T5985] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   98.947562][ T7003] loop0: detected capacity change from 0 to 4096
[   98.951740][ T7003] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[   98.962587][ T7003] ntfs3(loop0): $Secure::$SDH is corrupted.
[   98.964468][ T7003] ntfs3(loop0): Failed to initialize $Secure (-22).
[   99.079178][ T5985] usb 3-1: Using ep0 maxpacket: 8
[   99.083169][ T5985] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[   99.086249][ T5985] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[   99.093225][ T5985] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[   99.096796][ T5985] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.101943][ T5985] usb 3-1: Product: syz
[   99.103529][ T5985] usb 3-1: Manufacturer: syz
[   99.105027][ T5985] usb 3-1: SerialNumber: syz
[   99.117047][ T5985] usb 3-1: config 0 descriptor??
[   99.279262][   T51] usb 1-1: new full-speed USB device number 9 using dummy_hcd
[   99.347379][ T5985] usb 3-1: USB disconnect, device number 7
[   99.441923][   T51] usb 1-1: config 11 has an invalid interface number: 62 but max is 0
[   99.450914][   T51] usb 1-1: config 11 has no interface number 0
[   99.461388][   T51] usb 1-1: New USB device found, idVendor=22b8, idProduct=2d9a, bcdDevice=bf.dc
[   99.464479][   T51] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.470909][   T51] usb 1-1: Product: syz
[   99.472265][   T51] usb 1-1: Manufacturer: syz
[   99.473681][   T51] usb 1-1: SerialNumber: syz
[   99.585556][ T7012] Zero length message leads to an empty skb
[   99.693039][   T51] hub 1-1:11.62: bad descriptor, ignoring hub
[   99.695026][   T51] hub 1-1:11.62: probe with driver hub failed with error -5
[   99.731791][   T51] usb 1-1: USB disconnect, device number 9
[   99.764422][ T7014] loop3: detected capacity change from 0 to 40427
[   99.775140][ T7014] F2FS-fs (loop3): invalid crc value
[   99.811757][ T7014] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   99.816714][ T7014] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  100.251426][ T7033] binder: 7032:7033 ioctl c0306201 0 returned -14
[  100.254350][ T7033] binder: 7032:7033 ioctl 3b81 0 returned -22
[  100.359340][ T6689] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  100.450466][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  100.494847][ T7045] netlink: 72 bytes leftover after parsing attributes in process `syz.0.346'.
[  100.497820][ T7045] netlink: 72 bytes leftover after parsing attributes in process `syz.0.346'.
[  100.509370][ T6689] usb 4-1: Using ep0 maxpacket: 32
[  100.514930][ T6689] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.518809][ T6689] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.523861][ T6689] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  100.528621][ T6689] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.545190][ T6689] usb 4-1: config 0 descriptor??
[  100.609450][    T9] usb 3-1: Using ep0 maxpacket: 8
[  100.618477][    T9] usb 3-1: config 0 has an invalid interface number: 122 but max is 0
[  100.621743][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  100.625444][    T9] usb 3-1: config 0 has no interface number 0
[  100.627802][    T9] usb 3-1: config 0 interface 122 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 8
[  100.639639][    T9] usb 3-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice= 5.b7
[  100.642973][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  100.645975][    T9] usb 3-1: Product: syz
[  100.647641][    T9] usb 3-1: Manufacturer: syz
[  100.651931][    T9] usb 3-1: SerialNumber: syz
[  100.658418][    T9] usb 3-1: config 0 descriptor??
[  100.747213][ T7047] loop0: detected capacity change from 0 to 32768
[  100.755138][ T7047] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section replicas_v0: duplicate replicas entry journal: 1/1 [0]
[  100.755138][ T7047] replicas_v0 (size 24):
[  100.755138][ T7047] journal: 1 [0] journal: 1 [0] user: 1 [0]
[  100.755138][ T7047] 
[  100.778209][ T7047] bcachefs: bch2_fs_get_tree() error: invalid_sb_replicas
[  100.879546][    T9] usb 3-1: NFC: intf ffff8880278dc000 id ffffffff8eb509a0
[  100.898907][    T9] usb 3-1: USB disconnect, device number 8
[  101.011004][ T6689] savu 0003:1E7D:2D5A.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  101.176638][ T7057] loop0: detected capacity change from 0 to 32768
[  101.188681][ T7057] bcachefs (/dev/loop0): error validating superblock: Invalid superblock: optional field extends past end of superblock (type 1)
[  101.199307][ T7057] bcachefs: bch2_fs_get_tree() error: invalid_sb_field_size
[  101.257722][ T6689] usb 4-1: USB disconnect, device number 3
[  101.725319][ T7085] loop2: detected capacity change from 0 to 512
[  101.748975][ T7085] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  101.754455][ T7085] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 not in group (block 2)!
[  101.759003][ T7085] EXT4-fs (loop2): group descriptors corrupted!
[  102.019303][ T7080] loop0: detected capacity change from 0 to 32768
[  102.132382][ T7080] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  102.463349][ T5849] ocfs2: Unmounting device (7,0) on (node local)
[  102.513958][ T7090] loop3: detected capacity change from 0 to 32768
[  103.215036][ T7112] loop0: detected capacity change from 0 to 32768
[  103.222854][ T7112] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section journal_seq_blacklist: entry 1 out of order with next entry (56 > 0)
[  103.222854][ T7112] journal_seq_blacklist (size 640):
[  103.222854][ T7112] 0-56 0-0 0-34 0-0 0-0 45-0 45-26 6-11 0-0 0-11 33-11 5-0 0-0 0-4 4-8 0-0 0-0 0-0 0-0 0-0 0-2 0-0 0-0 0-0 0-0 0-0 0-0 1-12 0-2 0-0 0-0 0-0 0-0 0-1 0-0 2-17 182-41 0-0 0-0
[  103.222854][ T7112] 
[  103.255676][ T7112] bcachefs: bch2_fs_get_tree() error: invalid_sb_journal_seq_blacklist
[  103.309277][ T5873] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  103.371843][ T7131] netlink: 'syz.0.363': attribute type 2 has an invalid length.
[  103.459417][ T5873] usb 4-1: Using ep0 maxpacket: 32
[  103.465418][ T5873] usb 4-1: config 1 has an invalid interface number: 3 but max is 0
[  103.468519][ T5873] usb 4-1: config 1 has no interface number 0
[  103.472725][ T5873] usb 4-1: config 1 interface 3 has no altsetting 0
[  103.483050][ T5873] usb 4-1: New USB device found, idVendor=d084, idProduct=c487, bcdDevice=f4.ce
[  103.486000][ T5873] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.488990][ T5873] usb 4-1: Product: syz
[  103.491380][ T5873] usb 4-1: Manufacturer: syz
[  103.499218][ T5873] usb 4-1: SerialNumber: syz
[  103.727970][ T5873] usb 4-1: USB disconnect, device number 4
[  103.808631][ T7149] loop0: detected capacity change from 0 to 512
[  103.836744][ T7149] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.843731][ T7149] ext4 filesystem being mounted at /130/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.083674][ T7152] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters
[  104.101848][ T7152] EXT4-fs (loop0): Remounting filesystem read-only
[  104.445990][ T7160] netlink: 'syz.3.372': attribute type 10 has an invalid length.
[  104.500315][ T7160] team0: Port device geneve1 added
[  104.978759][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.983783][ T7166] loop2: detected capacity change from 0 to 8192
[  105.012503][ T7166] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  105.053652][ T7166] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  105.072777][ T7166] ntfs3(loop2): Failed to load root (-22).
[  105.339435][ T5873] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  105.499206][ T5873] usb 1-1: Using ep0 maxpacket: 8
[  105.502660][ T5873] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  105.505616][ T5873] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  105.513586][ T5873] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  105.523327][ T5873] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  105.534165][ T5873] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  105.546100][ T5873] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  105.556221][ T5873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.145438][ T5867] usb 1-1: USB disconnect, device number 10
[  106.546660][ T7194] loop2: detected capacity change from 0 to 32768
[  107.192326][ T7204] loop0: detected capacity change from 0 to 8
[  107.202360][ T7204] SQUASHFS error: lzo decompression failed, data probably corrupt
[  107.206169][ T7204] SQUASHFS error: Failed to read block 0x91: -5
[  107.210181][ T7204] SQUASHFS error: Unable to read metadata cache entry [8f]
[  107.215373][ T7204] SQUASHFS error: Unable to read inode 0x11f
[  107.272450][ T7206] sctp: [Deprecated]: syz.0.391 (pid 7206) Use of struct sctp_assoc_value in delayed_ack socket option.
[  107.272450][ T7206] Use struct sctp_sack_info instead
[  107.299253][ T5985] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  107.319551][ T5873] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  107.437869][ T7214] loop0: detected capacity change from 0 to 1024
[  107.449696][ T5985] usb 4-1: Using ep0 maxpacket: 16
[  107.456640][ T5985] usb 4-1: config 0 has an invalid interface number: 191 but max is 0
[  107.462153][ T5985] usb 4-1: config 0 has no interface number 0
[  107.464091][ T5985] usb 4-1: config 0 interface 191 has no altsetting 0
[  107.470742][ T5985] usb 4-1: New USB device found, idVendor=046d, idProduct=c281, bcdDevice=c2.08
[  107.473523][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.475957][ T5985] usb 4-1: Product: syz
[  107.478209][ T5985] usb 4-1: Manufacturer: syz
[  107.482794][ T7214] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.486567][ T7214] ext4 filesystem being mounted at /137/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  107.489820][ T5985] usb 4-1: SerialNumber: syz
[  107.497294][ T5985] usb 4-1: config 0 descriptor??
[  107.505765][ T5873] usb 3-1: config 0 has an invalid interface number: 156 but max is 0
[  107.507033][ T7214] EXT4-fs error (device loop0): ext4_map_blocks:814: inode #15: block 3: comm syz.0.395: lblock 3 mapped to illegal pblock 3 (length 13)
[  107.512467][ T5873] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.518166][ T5873] usb 3-1: config 0 has no interface number 0
[  107.520974][ T7214] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[  107.522676][ T5873] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  107.524912][ T7214] EXT4-fs (loop0): This should not happen!! Data will be lost
[  107.524912][ T7214] 
[  107.531747][ T5873] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  107.536663][ T7214] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.395: lblock 3 mapped to illegal pblock 3 (length 1)
[  107.538628][ T7214] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.395: lblock 3 mapped to illegal pblock 3 (length 1)
[  107.544880][ T5873] usb 3-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  107.548709][ T7214] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.395: lblock 3 mapped to illegal pblock 3 (length 1)
[  107.556888][ T7214] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.395: lblock 3 mapped to illegal pblock 3 (length 1)
[  107.559383][ T5873] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  107.562942][ T7214] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.395: lblock 3 mapped to illegal pblock 3 (length 1)
[  107.565101][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.569758][ T7214] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.395: lblock 3 mapped to illegal pblock 3 (length 1)
[  107.575289][ T5873] usb 3-1: config 0 descriptor??
[  107.577680][ T7214] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.395: lblock 3 mapped to illegal pblock 3 (length 1)
[  107.585896][ T7214] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 3: comm syz.0.395: lblock 3 mapped to illegal pblock 3 (length 1)
[  107.587024][ T5873] gspca_main: spca561-2.14.0 probing abcd:cdee
[  107.591534][ T7218] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #15: block 4: comm syz.0.395: lblock 4 mapped to illegal pblock 4 (length 4)
[  107.721324][ T6689] usb 4-1: USB disconnect, device number 5
[  107.793329][ T5873] spca561 3-1:0.156: probe with driver spca561 failed with error -22
[  107.797597][ T5873] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  107.801504][ T5873] usb 3-1: MIDIStreaming interface descriptor not found
[  107.878987][ T5873] usb 3-1: USB disconnect, device number 9
[  108.307084][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.374109][ T7225] loop0: detected capacity change from 0 to 64
[  108.387442][ T7225] BFS-fs: bfs_fill_super(): loop0 is unclean, continuing
[  108.503319][ T7233] loop2: detected capacity change from 0 to 256
[  108.514065][ T7233] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  108.537708][ T7233] exFAT-fs (loop2): IO charset iso8859- not found
[  108.681443][ T7242] loop0: detected capacity change from 0 to 4096
[  108.684533][ T7242] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  108.699430][ T5873] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  108.783333][ T7246] loop0: detected capacity change from 0 to 1764
[  108.879218][ T5873] usb 4-1: Using ep0 maxpacket: 8
[  108.883250][ T5873] usb 4-1: config index 0 descriptor too short (expected 74, got 45)
[  108.886296][ T5873] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  108.890487][ T5873] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  108.894061][ T5873] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  108.898126][ T5873] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  108.902388][ T5873] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  108.907092][ T5873] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  108.910793][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.016248][ T7254] loop0: detected capacity change from 0 to 1024
[  109.129516][ T5873] usb 4-1: GET_CAPABILITIES returned 0
[  109.131286][ T5873] usbtmc 4-1:16.0: can't read capabilities
[  109.193051][ T7259] loop0: detected capacity change from 0 to 512
[  109.215063][ T7259] fscrypt (loop0, inode 2): Error -61 getting encryption context
[  109.219025][ T7259] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -61
[  109.224256][ T7259] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #13: comm syz.0.414: iget: bad i_size value: 12154757448730
[  109.231499][ T7259] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.414: couldn't read orphan inode 13 (err -117)
[  109.237908][ T7259] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  109.247087][ T7259] fscrypt (loop0, inode 2): Error -61 getting encryption context
[  109.276741][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.333344][ T5873] usb 4-1: USB disconnect, device number 6
[  112.116973][ T7311] mmap: syz.0.435 (7311) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  112.344856][ T7304] loop2: detected capacity change from 0 to 32768
[  112.543522][ T7304] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  112.639783][ T7304] XFS (loop2): Ending clean mount
[  112.726165][   T33] audit: type=1800 audit(1755037568.590:32): pid=7304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.432" name="file1" dev="loop2" ino=6150 res=0 errno=0
[  112.968000][ T5847] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  113.324973][ T7332] syz.3.442 uses obsolete (PF_INET,SOCK_PACKET)
[  113.620831][ T7336] loop2: detected capacity change from 0 to 1024
[  113.627865][ T7336] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  113.659982][ T7336] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.678614][ T7338] loop0: detected capacity change from 0 to 1024
[  113.687537][ T7338] EXT4-fs: inline encryption not supported
[  113.708598][ T7338] EXT4-fs: Ignoring removed bh option
[  113.734929][ T7338] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  113.743618][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.802123][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.989583][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  115.177066][ T7383] loop3: detected capacity change from 0 to 32768
[  115.181508][    T9] usb 3-1: Using ep0 maxpacket: 32
[  115.192370][    T9] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe
[  115.204462][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.208037][    T9] usb 3-1: Product: syz
[  115.212459][ T7383] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  115.217198][    T9] usb 3-1: Manufacturer: syz
[  115.219792][    T9] usb 3-1: SerialNumber: syz
[  115.225510][    T9] usb 3-1: config 0 descriptor??
[  115.257196][ T7383] XFS (loop3): Ending clean mount
[  115.324599][ T6606] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  115.441026][    T9] snd-usb-6fire 3-1:0.0: unknown device firmware state received from device:
[  115.444502][    T9] eb 9a 47 80 9b f8 7a f0 
[  115.446436][    T9] snd-usb-6fire 3-1:0.0: probe with driver snd-usb-6fire failed with error -5
[  115.710615][    T9] usb 3-1: USB disconnect, device number 10
[  115.997184][ T7412] netlink: 188 bytes leftover after parsing attributes in process `syz.3.472'.
[  116.330601][ T7426] QAT: failed to copy from user cfg_data.
[  117.422274][   T33] audit: type=1326 audit(1755037573.290:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7445 comm="syz.0.487" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ad4d8ebe9 code=0x0
[  117.781483][ T7449] loop0: detected capacity change from 0 to 32768
[  117.852518][ T7449] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  117.852536][ T7449]   allowing incompatible features above 0.0: (unknown version)
[  117.852541][ T7449]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  117.867291][ T7449] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[  117.871058][ T7449] bcachefs (loop0): initializing new filesystem
[  117.880511][ T7449] bcachefs (loop0): going read-write
[  117.887871][ T7449] bcachefs (loop0): marking superblocks
[  117.905511][ T7449] bcachefs (loop0): initializing freespace
[  117.914587][ T7449] bcachefs (loop0): done initializing freespace
[  117.919586][ T7449] bcachefs (loop0): reading snapshots table
[  117.921530][ T7449] bcachefs (loop0): reading snapshots done
[  117.939391][ T7449] bcachefs (loop0): done starting filesystem
[  117.983201][    T9] bcachefs (loop0): going read-only
[  117.985097][    T9] bcachefs (loop0): finished waiting for writes to stop
[  117.988893][ T7449] bcachefs (loop0): shutdown by ioctl type 1emergency read only at seq 2
[  117.993485][    T9] bcachefs (loop0): flushing journal and stopping allocators, journal seq 2
[  117.993543][    T9] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 2
[  117.993779][    T9] bcachefs (loop0): unclean shutdown complete, journal seq 2
[  118.004179][    T9] bcachefs (loop0): done going read-only, filesystem not clean
[  118.033065][ T5849] bcachefs (loop0): shutting down
[  118.060455][ T5849] bcachefs (loop0): shutdown complete
[  118.110374][ T7451] loop3: detected capacity change from 0 to 65536
[  118.154290][ T7451] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  118.157338][ T7451] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  118.184801][ T7451] XFS (loop3): Ending clean mount
[  118.334104][ T7472] evm: overlay not supported
[  118.365892][   T33] audit: type=1804 audit(1755037574.230:34): pid=7451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.490" name="/newroot/73/bus/bus/file0" dev="overlay" ino=36 res=1 errno=0
[  118.486494][ T6606] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  118.506280][ T7485] netlink: 32 bytes leftover after parsing attributes in process `syz.2.497'.
[  118.799329][   T10] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  118.964761][   T10] usb 3-1: config 0 interface 0 altsetting 218 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  118.969659][   T10] usb 3-1: config 0 interface 0 altsetting 218 endpoint 0x81 has invalid wMaxPacketSize 0
[  118.973144][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  118.976558][   T10] usb 3-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00
[  118.982561][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.987933][   T10] usb 3-1: config 0 descriptor??
[  119.545334][   T10] kye 0003:0458:0087.0004: unknown main item tag 0x0
[  119.547453][   T10] kye 0003:0458:0087.0004: item fetching failed at offset 3/5
[  119.550883][   T10] kye 0003:0458:0087.0004: parse failed
[  119.552593][   T10] kye 0003:0458:0087.0004: probe with driver kye failed with error -22
[  119.670869][   T10] usb 3-1: USB disconnect, device number 11
[  119.737376][ T7511] dlm: non-version read from control device 36
[  119.985473][ T7521] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 1, id = 0
[  120.309234][ T5985] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  120.479241][ T5985] usb 4-1: Using ep0 maxpacket: 8
[  120.486646][ T5985] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  120.490208][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.493083][ T5985] usb 4-1: Product: syz
[  120.494628][ T5985] usb 4-1: Manufacturer: syz
[  120.496326][ T5985] usb 4-1: SerialNumber: syz
[  120.500615][ T5985] usb 4-1: config 0 descriptor??
[  120.505153][ T5985] gspca_main: se401-2.14.0 probing 047d:5003
[  120.698500][ T7534] loop7: detected capacity change from 0 to 7
[  120.908117][ T5985] gspca_se401: Too many frame sizes
[  121.055070][    C1] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 0
[  121.058940][    C1] Buffer I/O error on dev loop7, logical block 0, lost async page write
[  121.115506][ T5985] usb 4-1: USB disconnect, device number 7
[  121.282141][ T7545] loop2: detected capacity change from 0 to 1024
[  121.302803][ T7547] loop0: detected capacity change from 0 to 512
[  121.306981][ T7547] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  121.317057][ T7547] EXT4-fs (loop0): 1 truncate cleaned up
[  121.324473][ T7547] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.330916][   T29] hfsplus: b-tree write err: -5, ino 4
[  121.353507][ T7547] fscrypt (loop0, inode 18): Mutually exclusive encryption flags (0x1c)
[  121.384152][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.458767][ T7556] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  121.500366][ T7556] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  121.666089][ T7567] loop2: detected capacity change from 0 to 4096
[  121.853157][   T33] audit: type=1326 audit(1755037577.720:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7579 comm="syz.2.532" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fea8b98ebe9 code=0x0
[  121.934628][ T7589] loop3: detected capacity change from 0 to 1024
[  121.988502][ T7591] netlink: 24 bytes leftover after parsing attributes in process `syz.0.537'.
[  122.006461][ T6352] hfsplus: b-tree write err: -5, ino 4
[  122.194266][ T7605] loop3: detected capacity change from 0 to 1024
[  122.197703][ T7605] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (29950!=20869)
[  122.201060][ T7605] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  122.206984][ T7605] EXT4-fs (loop3): invalid journal inode
[  122.208883][ T7605] EXT4-fs (loop3): can't get journal size
[  122.215687][ T7605] EXT4-fs error (device loop3): ext4_protect_reserved_inode:182: inode #2: comm syz.3.544: blocks 48-48 from inode overlap system zone
[  122.220335][ T7605] EXT4-fs (loop3): failed to initialize system zone (-117)
[  122.222738][ T7605] EXT4-fs (loop3): mount failed
[  122.482232][ T7614] loop3: detected capacity change from 0 to 40427
[  122.484958][ T7614] F2FS-fs: inline encryption not supported
[  122.487342][ T7614] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  122.489567][ T7614] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  122.492378][ T7614] F2FS-fs (loop3): build fault injection rate: 17008
[  122.494484][ T7614] F2FS-fs (loop3): build fault injection type: 0x427
[  122.498104][ T7614] F2FS-fs (loop3): invalid crc value
[  122.534774][ T7614] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  122.539955][ T7614] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  122.542229][ T7614] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  122.573814][ T6606] syz-executor: attempt to access beyond end of device
[  122.573814][ T6606] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  122.581872][ T6606] CPU: 0 UID: 0 PID: 6606 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  122.581893][ T6606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  122.581903][ T6606] Call Trace:
[  122.581910][ T6606]  <TASK>
[  122.581917][ T6606]  dump_stack_lvl+0x189/0x250
[  122.581940][ T6606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  122.581956][ T6606]  ? __pfx_queue_work_on+0x10/0x10
[  122.581970][ T6606]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  122.581987][ T6606]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  122.582011][ T6606]  f2fs_handle_critical_error+0x37c/0x540
[  122.582036][ T6606]  f2fs_write_end_io+0x886/0xb60
[  122.582071][ T6606]  __submit_merged_bio+0x27a/0x6a0
[  122.582094][ T6606]  __submit_merged_write_cond+0x255/0x530
[  122.582117][ T6606]  f2fs_write_data_pages+0x261d/0x3000
[  122.582158][ T6606]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  122.582237][ T6606]  ? check_path+0x21/0x40
[  122.582250][ T6606]  ? check_noncircular+0xe0/0x160
[  122.582316][ T6606]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  122.582336][ T6606]  do_writepages+0x32e/0x550
[  122.582364][ T6606]  ? do_raw_spin_unlock+0x4d/0x240
[  122.582381][ T6606]  filemap_fdatawrite+0x199/0x240
[  122.582398][ T6606]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  122.582444][ T6606]  ? do_raw_spin_unlock+0x4d/0x240
[  122.582462][ T6606]  f2fs_sync_dirty_inodes+0x31f/0x830
[  122.582485][ T6606]  f2fs_write_checkpoint+0x95a/0x1df0
[  122.582507][ T6606]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  122.582539][ T6606]  ? kill_f2fs_super+0x298/0x6c0
[  122.582553][ T6606]  kill_f2fs_super+0x2c3/0x6c0
[  122.582574][ T6606]  ? __pfx_kill_f2fs_super+0x10/0x10
[  122.582584][ T6606]  ? radix_tree_delete_item+0x2b6/0x400
[  122.582597][ T6606]  ? shrinker_free+0x2ce/0x3e0
[  122.582607][ T6606]  deactivate_locked_super+0xbc/0x130
[  122.582619][ T6606]  cleanup_mnt+0x425/0x4c0
[  122.582629][ T6606]  ? lockdep_hardirqs_on+0x9c/0x150
[  122.582640][ T6606]  task_work_run+0x1d4/0x260
[  122.582653][ T6606]  ? __pfx_task_work_run+0x10/0x10
[  122.582662][ T6606]  ? __x64_sys_umount+0x122/0x160
[  122.582675][ T6606]  ? exit_to_user_mode_loop+0x40/0x110
[  122.582689][ T6606]  exit_to_user_mode_loop+0xec/0x110
[  122.582700][ T6606]  do_syscall_64+0x2bd/0x3b0
[  122.582710][ T6606]  ? lockdep_hardirqs_on+0x9c/0x150
[  122.582718][ T6606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.582727][ T6606]  ? exc_page_fault+0x9f/0xf0
[  122.582737][ T6606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  122.582745][ T6606] RIP: 0033:0x7ff8f318ff17
[  122.582754][ T6606] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  122.582761][ T6606] RSP: 002b:00007ffd31d44da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  122.582771][ T6606] RAX: 0000000000000000 RBX: 00007ff8f3211c05 RCX: 00007ff8f318ff17
[  122.582776][ T6606] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd31d44e60
[  122.582781][ T6606] RBP: 00007ffd31d44e60 R08: 0000000000000000 R09: 0000000000000000
[  122.582785][ T6606] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd31d45ef0
[  122.582790][ T6606] R13: 00007ff8f3211c05 R14: 000000000001de55 R15: 00007ffd31d45f30
[  122.582804][ T6606]  </TASK>
[  122.583553][ T6606] F2FS-fs (loop3): Remounting filesystem read-only
[  122.765611][ T7624] loop2: detected capacity change from 0 to 256
[  122.773069][ T7624] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xf059ff26, utbl_chksum : 0xe619d30d)
[  123.071788][ T7631] loop3: detected capacity change from 0 to 2048
[  123.078999][ T7631] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  123.508084][ T7634] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  123.523656][ T7636] loop0: detected capacity change from 0 to 128
[  123.527099][ T7636] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  123.532607][ T7636] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  123.682437][   T33] audit: type=1326 audit(1755037579.550:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7643 comm="syz.0.559" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad4d8ebe9 code=0x7ffc0000
[  123.718289][   T33] audit: type=1326 audit(1755037579.550:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7643 comm="syz.0.559" exe="/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7f8ad4d8ebe9 code=0x7ffc0000
[  123.739212][   T33] audit: type=1326 audit(1755037579.550:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7643 comm="syz.0.559" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad4d8ebe9 code=0x7ffc0000
[  123.745949][   T33] audit: type=1326 audit(1755037579.550:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7643 comm="syz.0.559" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad4d8ebe9 code=0x7ffc0000
[  123.870522][ T7639] loop3: detected capacity change from 0 to 32768
[  123.906878][ T7639] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  123.933416][ T7639] XFS (loop3): Ending clean mount
[  123.943577][ T7639] XFS (loop3): Quotacheck needed: Please wait.
[  123.964660][ T7639] XFS (loop3): Quotacheck: Done.
[  124.020995][ T6606] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  124.139556][   T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  124.272452][    T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  124.537403][   T10] usb 3-1: Using ep0 maxpacket: 32
[  124.541566][   T10] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  124.543948][   T10] usb 3-1: config 0 has no interface number 0
[  124.545797][   T10] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  124.549262][   T10] usb 3-1: config 0 interface 85 has no altsetting 0
[  124.553292][   T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  124.555966][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.558326][   T10] usb 3-1: Product: syz
[  124.559711][   T10] usb 3-1: Manufacturer: syz
[  124.561125][   T10] usb 3-1: SerialNumber: syz
[  124.563377][    T9] usb 1-1: Using ep0 maxpacket: 16
[  124.569912][   T10] usb 3-1: config 0 descriptor??
[  124.572258][    T9] usb 1-1: config 1 has an invalid descriptor of length 97, skipping remainder of the config
[  124.576601][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  124.583531][    T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  124.586237][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.588712][    T9] usb 1-1: Product: syz
[  124.590112][    T9] usb 1-1: Manufacturer: syz
[  124.591571][    T9] usb 1-1: SerialNumber: syz
[  124.999686][    T9] usb 1-1: 0:2 : does not exist
[  125.161879][ T7668] netlink: 16 bytes leftover after parsing attributes in process `syz.3.566'.
[  125.183274][   T10] appletouch 3-1:0.85: Geyser mode initialized.
[  125.187219][   T10] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input7
[  125.241569][ T7670] loop3: detected capacity change from 0 to 2048
[  125.255043][ T7670] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  125.387610][   T10] usb 3-1: USB disconnect, device number 12
[  125.404002][   T10] appletouch 3-1:0.85: input: appletouch disconnected
[  125.439987][    T9] usb 1-1: 5:0: failed to get current value for ch 0 (-22)
[  125.457342][    T9] usb 1-1: USB disconnect, device number 11
[  125.570458][   T33] audit: type=1800 audit(1755037581.420:40): pid=7672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.567" name="bus" dev="loop3" ino=1367 res=0 errno=0
[  126.035285][ T7676] loop2: detected capacity change from 0 to 64
[  126.244014][ T7684] loop2: detected capacity change from 0 to 8
[  126.270450][ T7684] SQUASHFS error: Failed to read block 0x1ec: -5
[  126.279586][ T7684] SQUASHFS error: Unable to read metadata cache entry [1ea]
[  126.492860][ T7706] loop0: detected capacity change from 0 to 512
[  126.526653][ T7706] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.531556][ T7706] ext4 filesystem being mounted at /207/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  126.566161][   T33] audit: type=1800 audit(1755037582.430:41): pid=7706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.582" name="file2" dev="loop0" ino=16 res=0 errno=0
[  126.637149][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.700629][ T7723] team0: Caught tx_queue_len zero misconfig
[  126.797582][ T7731] 9pnet: p9_errstr2errno: server reported unknown error 6G)Do')=0O]|[
[  126.924200][ T7737] loop2: detected capacity change from 0 to 1024
[  126.941009][ T5867] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  127.109217][ T5867] usb 4-1: Using ep0 maxpacket: 8
[  127.116502][ T5867] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  127.123558][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.126558][ T5867] usb 4-1: Product: syz
[  127.128109][ T5867] usb 4-1: Manufacturer: syz
[  127.131657][ T5867] usb 4-1: SerialNumber: syz
[  127.270819][ T5867] usb 4-1: config 0 descriptor??
[  127.767322][ T5867] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  127.895736][ T7749] loop2: detected capacity change from 0 to 32768
[  127.904960][ T7749] 
[  127.904960][ T7749]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  127.904960][ T7749] 
[  128.021262][ T7749] read_mapping_page failed!
[  128.023400][ T7749] ERROR: (device loop2): txCommit: 
[  128.023400][ T7749] 
[  128.031048][ T7752] read_mapping_page failed!
[  128.032818][ T7752] ERROR: (device loop2): txCommit: 
[  128.032818][ T7752] 
[  128.037529][ T7753] read_mapping_page failed!
[  128.039427][ T7753] ERROR: (device loop2): txCommit: 
[  128.039427][ T7753] 
[  128.074109][ T5847] 
[  128.074109][ T5847]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.074109][ T5847] 
[  128.087863][ T5847] 
[  128.087863][ T5847]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  128.087863][ T5847] 
[  128.188646][   T33] audit: type=1326 audit(1755037584.050:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7758 comm="syz.2.605" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8b98ebe9 code=0x7ffc0000
[  128.197834][   T33] audit: type=1326 audit(1755037584.050:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7758 comm="syz.2.605" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea8b98ebe9 code=0x7ffc0000
[  128.207765][   T33] audit: type=1326 audit(1755037584.070:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7758 comm="syz.2.605" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fea8b98d550 code=0x7ffc0000
[  128.216909][   T33] audit: type=1326 audit(1755037584.070:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7758 comm="syz.2.605" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fea8b98d550 code=0x7ffc0000
[  128.379374][ T5985] usb 1-1: new low-speed USB device number 12 using dummy_hcd
[  128.457172][   T54] Bluetooth: hci1: command tx timeout
[  128.556644][ T5985] usb 1-1: config 0 has an invalid interface number: 55 but max is 0
[  128.559887][ T5985] usb 1-1: config 0 has no interface number 0
[  128.562201][ T5985] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  128.566272][ T5985] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  128.574974][ T5985] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  128.579312][ T5985] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  128.583400][ T5985] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  128.587331][ T5985] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  128.595413][ T5985] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  128.598700][ T5985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  128.608143][ T5985] usb 1-1: config 0 descriptor??
[  128.620976][ T7757] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  128.623781][ T7757] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  128.631746][ T5985] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  128.737689][ T7763] loop2: detected capacity change from 0 to 65536
[  128.787270][ T7763] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  128.796610][ T7763] XFS (loop2): Ending clean mount
[  128.818530][ T7763] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  128.822284][ T7763] XFS (loop2): Unmount and run xfs_repair
[  128.823997][ T7763] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  128.826332][ T7763] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  128.828961][ T7763] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  128.831883][ T7763] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  128.834469][ T7763] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  128.837162][ T7763] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  128.839906][ T7763] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  128.842543][ T7763] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  128.845184][ T7763] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  128.848160][ T7763] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  128.850501][ T5985] usb 1-1: USB disconnect, device number 12
[  128.851724][ T7763] XFS (loop2): page discard on page ffffea0000d0dc80, inode 0x26, pos 1024.
[  128.857941][ T7763] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  128.859044][ T5985] ldusb 1-1:0.55: LD USB Device #0 now disconnected
[  128.861173][ T7763] XFS (loop2): Unmount and run xfs_repair
[  128.861203][ T7763] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  128.861212][ T7763] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  128.861219][ T7763] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  128.861226][ T7763] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  128.861233][ T7763] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  128.861239][ T7763] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  128.861245][ T7763] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  128.861252][ T7763] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  128.861258][ T7763] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  128.861265][ T7763] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  128.861344][ T7763] XFS (loop2): page discard on page ffffea0000d0dd40, inode 0x26, pos 4096.
[  128.898438][ T7763] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  128.902683][ T7763] XFS (loop2): Unmount and run xfs_repair
[  128.904926][ T7763] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  128.907706][ T7763] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  128.911322][ T7763] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  128.914761][ T7763] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  128.918885][ T7763] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  128.922391][ T7763] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  128.925717][ T7763] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  128.929225][ T7763] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  128.932111][ T7763] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  128.934953][ T7763] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  128.938030][ T7763] XFS (loop2): page discard on page ffffea0000d1f280, inode 0x26, pos 8192.
[  128.942375][ T7763] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  128.946001][ T7763] XFS (loop2): Unmount and run xfs_repair
[  128.947806][ T7763] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  128.950158][ T7763] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  128.953135][ T7763] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  128.956574][ T7763] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  128.960496][ T7763] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  128.964055][ T7763] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  128.967510][ T7763] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  128.970842][ T7763] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  128.973517][ T7763] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  128.976158][ T7763] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  128.979338][ T7763] XFS (loop2): page discard on page ffffea0000eb6e00, inode 0x26, pos 16384.
[  128.984882][    T9] loop2: writeback error on inode 38, offset 0, sector 22
[  129.013667][   T29] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  129.022915][   T29] XFS (loop2): Unmount and run xfs_repair
[  129.025080][   T29] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  129.027645][   T29] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  129.030928][   T29] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  129.033828][   T29] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  129.036955][   T29] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  129.039980][   T29] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  129.043352][   T29] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  129.047932][   T29] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.054552][   T29] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.060256][   T29] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  129.060830][ T5867] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  129.064056][   T29] XFS (loop2): page discard on page ffffea0000eb6000, inode 0x29, pos 0.
[  129.070789][   T29] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  129.071210][ T5867] usb 4-1: USB disconnect, device number 8
[  129.074157][   T29] XFS (loop2): Unmount and run xfs_repair
[  129.078096][   T29] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  129.080664][   T29] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  129.083764][   T29] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  129.086731][   T29] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  129.091675][   T29] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  129.094476][   T29] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  129.097316][   T29] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  129.100304][   T29] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.103295][   T29] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.106305][   T29] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  129.110251][   T29] XFS (loop2): page discard on page ffffea0000eb6f00, inode 0x26, pos 32768.
[  129.117123][   T29] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  129.121666][   T29] XFS (loop2): Unmount and run xfs_repair
[  129.123819][   T29] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  129.126126][   T29] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  129.128791][   T29] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  129.131639][   T29] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  129.134386][   T29] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  129.137147][   T29] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  129.139962][   T29] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  129.142896][   T29] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.145867][   T29] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.148560][   T29] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  129.151931][   T29] XFS (loop2): page discard on page ffffea0000eb5f00, inode 0x29, pos 32768.
[  129.155051][   T29] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  129.158353][   T29] XFS (loop2): Unmount and run xfs_repair
[  129.160806][   T29] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  129.163417][   T29] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  129.166179][   T29] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  129.168888][   T29] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  129.171558][   T29] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  129.174612][   T29] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  129.177304][   T29] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  129.180028][   T29] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.182900][   T29] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.185924][   T29] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  129.190373][   T29] XFS (loop2): page discard on page ffffea0000d1f200, inode 0x29, pos 49152.
[  129.194274][   T29] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  129.197679][   T29] XFS (loop2): Unmount and run xfs_repair
[  129.199648][   T29] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  129.201842][   T29] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  129.205115][   T29] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  129.207965][   T29] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  129.210912][   T29] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  129.213762][   T29] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  129.216445][   T29] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  129.219232][   T29] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.221935][   T29] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.225904][   T29] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  129.229035][   T29] XFS (loop2): page discard on page ffffea0000d0dcc0, inode 0x29, pos 57344.
[  129.232711][   T29] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  129.236035][   T29] XFS (loop2): Unmount and run xfs_repair
[  129.237762][   T29] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  129.240131][   T29] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  129.243013][   T29] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  129.245962][   T29] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  129.248705][   T29] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  129.251435][   T29] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  129.254120][   T29] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  129.256853][   T29] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.259619][   T29] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.262348][   T29] XFS (loop2): metadata I/O error in "xfs_read_agf+0x281/0x5c0" at daddr 0x1 len 1 error 74
[  129.266188][   T29] XFS (loop2): page discard on page ffffea0000d0dd00, inode 0x29, pos 61440.
[  129.271698][   T29] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  129.275342][   T29] XFS (loop2): Unmount and run xfs_repair
[  129.277105][   T29] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  129.279448][   T29] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  129.282247][   T29] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  129.285249][   T29] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  129.287920][   T29] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  129.290636][   T29] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  129.293422][   T29] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  129.296106][   T29] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.298814][   T29] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.302155][   T29] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  129.305783][   T29] XFS (loop2): Unmount and run xfs_repair
[  129.307508][   T29] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  129.310003][   T29] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  129.312747][   T29] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  129.315411][   T29] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  129.318066][   T29] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  129.320864][   T29] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  129.323557][   T29] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  129.327208][   T29] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.332803][   T29] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.336716][   T29] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x12f/0x1f0, xfs_agf block 0x1 
[  129.340448][   T29] XFS (loop2): Unmount and run xfs_repair
[  129.342155][   T29] XFS (loop2): First 128 bytes of corrupted metadata buffer:
[  129.344488][   T29] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  129.347689][   T29] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  129.350872][   T29] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  129.353967][   T29] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  129.357311][   T29] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  129.360126][   T29] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  129.362745][   T29] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.365561][   T29] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  129.373360][ T5847] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  129.377712][ T5847] XFS (loop2): Uncorrected metadata errors detected; please run xfs_repair.
[  129.489344][   T54] Bluetooth: hci0: command 0x0405 tx timeout
[  129.524753][ T7777] netlink: 'syz.0.612': attribute type 1 has an invalid length.
[  129.563911][ T7779] loop2: detected capacity change from 0 to 4096
[  129.566681][ T7779] ntfs3: Unknown parameter 'noshowmeta'
[  129.599786][   T33] kauditd_printk_skb: 3 callbacks suppressed
[  129.599797][   T33] audit: type=1326 audit(1755037585.460:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7780 comm="syz.0.613" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8ad4d8ebe9 code=0x0
[  129.707521][  T793] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0
[  129.718287][  T793] hid-generic 0000:0000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  129.869444][ T5867] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  130.021152][ T5867] usb 4-1: config 0 has an invalid interface number: 71 but max is 0
[  130.024339][ T5867] usb 4-1: config 0 has no interface number 0
[  130.031736][ T5867] usb 4-1: config 0 interface 71 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 1024
[  130.035575][ T5867] usb 4-1: config 0 interface 71 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1023
[  130.044908][ T5867] usb 4-1: New USB device found, idVendor=0bfd, idProduct=0012, bcdDevice=cc.c0
[  130.048427][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.052009][ T5867] usb 4-1: Product: syz
[  130.057125][ T5867] usb 4-1: Manufacturer: syz
[  130.062623][ T5867] usb 4-1: SerialNumber: syz
[  130.069810][ T5867] usb 4-1: config 0 descriptor??
[  130.072601][ T7783] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  130.075354][ T7783] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  130.079567][ T5867] kvaser_usb 4-1:0.71: error -ENODEV: Cannot get usb endpoint(s)
[  130.216347][ T7808] netlink: 'syz.2.625': attribute type 4 has an invalid length.
[  130.291228][ T7783] loop3: detected capacity change from 0 to 1024
[  130.296141][ T7783] EXT4-fs (loop3): stripe (3) is not aligned with cluster size (16), stripe is disabled
[  130.326078][ T7783] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  130.421827][ T7810] loop2: detected capacity change from 0 to 32768
[  130.425415][ T7810] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.626 (7810)
[  130.435913][ T7810] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  130.439706][ T7810] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  130.442818][ T7810] BTRFS info (device loop2): using free-space-tree
[  131.278849][ T5847] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  131.414607][ T7848] netlink: 4 bytes leftover after parsing attributes in process `syz.2.633'.
[  131.425765][ T7849] netlink: 4 bytes leftover after parsing attributes in process `syz.0.635'.
[  131.472040][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.0.636'.
[  132.011028][ T5985] usb 4-1: USB disconnect, device number 9
[  132.029795][ T5867] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  132.032921][ T7853] loop0: detected capacity change from 0 to 32768
[  132.036304][ T7853] XFS: attr2 mount option is deprecated.
[  132.044089][ T7853] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  132.048239][ T7853] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  132.065830][ T7853] XFS (loop0): Ending clean mount
[  132.070564][ T7853] XFS (loop0): Quotacheck needed: Please wait.
[  132.098008][ T7853] XFS (loop0): Quotacheck: Done.
[  132.131298][ T5849] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  132.196405][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.202592][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.206631][ T5867] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  132.223923][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.231876][ T5867] usb 3-1: config 0 descriptor??
[  132.466876][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.470933][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  132.676418][ T6606] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.737038][ T5867] hid-thrustmaster 0003:044F:B65D.0006: unknown main item tag 0x0
[  132.744347][ T5867] hid-thrustmaster 0003:044F:B65D.0006: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.2-1/input0
[  132.748108][ T5867] hid-thrustmaster 0003:044F:B65D.0006: Wrong number of endpoints?
[  133.011702][    C1] hid-thrustmaster 0003:044F:B65D.0006: URB to get model id failed with error -71
[  133.012031][    T9] usb 3-1: USB disconnect, device number 13
[  133.397646][ T7882] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  133.400223][ T7882] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  133.406591][ T7882] vhci_hcd vhci_hcd.0: Device attached
[  133.589222][ T6182] vhci_hcd: vhci_device speed not set
[  133.649331][ T6182] usb 33-1: new full-speed USB device number 2 using vhci_hcd
[  133.659370][ T5867] usb 1-1: new low-speed USB device number 13 using dummy_hcd
[  133.812449][ T5867] usb 1-1: config 0 has no interfaces?
[  133.814708][ T5867] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  133.818267][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.825985][ T5867] usb 1-1: config 0 descriptor??
[  133.965139][ T7886] loop3: detected capacity change from 0 to 32768
[  133.968748][ T7886] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.646 (7886)
[  133.975295][ T7886] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  133.978653][ T7886] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  133.983212][ T7886] BTRFS info (device loop3): using free-space-tree
[  134.009777][ T7886] BTRFS info (device loop3): rebuilding free space tree
[  134.035991][ T7883] vhci_hcd: unknown pdu 2
[  134.042941][    T9] usb 1-1: USB disconnect, device number 13
[  134.064439][   T12] vhci_hcd: stop threads
[  134.071167][   T12] vhci_hcd: release socket
[  134.080212][   T12] vhci_hcd: disconnect device
[  134.109676][ T6182] vhci_hcd: vhci_device speed not set
[  134.136571][ T6606] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  134.683181][   T33] audit: type=1326 audit(1755037590.550:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7930 comm="syz.3.658" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8f318ebe9 code=0x7ffc0000
[  134.694866][   T33] audit: type=1326 audit(1755037590.550:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7930 comm="syz.3.658" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8f318ebe9 code=0x7ffc0000
[  134.703641][   T33] audit: type=1326 audit(1755037590.560:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7930 comm="syz.3.658" exe="/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7ff8f318ebe9 code=0x7ffc0000
[  134.711825][   T33] audit: type=1326 audit(1755037590.560:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7930 comm="syz.3.658" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8f318ebe9 code=0x7ffc0000
[  134.721669][   T33] audit: type=1326 audit(1755037590.560:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7930 comm="syz.3.658" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8f318ebe9 code=0x7ffc0000
[  134.821305][ T7938] loop3: detected capacity change from 0 to 256
[  134.934535][ T7944] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  135.528676][ T7968] loop3: detected capacity change from 0 to 32768
[  135.533262][ T7968] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.675 (7968)
[  135.543712][ T7968] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  135.547578][ T7968] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  135.550973][ T7968] BTRFS info (device loop3): using free-space-tree
[  135.600600][ T6182] usb 3-1: new full-speed USB device number 14 using dummy_hcd
[  135.666475][ T6606] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  135.693510][ T7992] netlink: 8 bytes leftover after parsing attributes in process `syz.0.680'.
[  135.768916][ T6182] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  135.782489][ T6182] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  135.787907][ T6182] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  135.799047][ T6182] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.803191][ T6182] usb 3-1: Product: syz
[  135.804867][ T6182] usb 3-1: Manufacturer: syz
[  135.806608][ T6182] usb 3-1: SerialNumber: syz
[  136.037469][ T6182] usb 3-1: 0:2 : does not exist
[  136.046508][ T6182] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  136.062147][ T6182] usb 3-1: USB disconnect, device number 14
[  136.828706][ T8020] loop2: detected capacity change from 0 to 512
[  136.853638][   T33] audit: type=1326 audit(1755037592.720:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8021 comm="syz.0.693" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad4d8ebe9 code=0x7ffc0000
[  136.862953][   T33] audit: type=1326 audit(1755037592.720:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8021 comm="syz.0.693" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad4d8ebe9 code=0x7ffc0000
[  136.871391][   T33] audit: type=1326 audit(1755037592.730:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8021 comm="syz.0.693" exe="/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7f8ad4d8ebe9 code=0x7ffc0000
[  136.879035][   T33] audit: type=1326 audit(1755037592.730:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8021 comm="syz.0.693" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad4d8ebe9 code=0x7ffc0000
[  136.889384][   T33] audit: type=1326 audit(1755037592.730:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8021 comm="syz.0.693" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ad4d8ebe9 code=0x7ffc0000
[  136.893757][ T8020] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[  136.905069][ T8020] System zones: 0-2, 18-18, 34-35
[  136.911401][ T8020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  136.922811][ T8020] ext4 filesystem being mounted at /254/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  136.981436][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  137.055692][ T8033] netlink: 104 bytes leftover after parsing attributes in process `syz.0.697'.
[  137.389226][ T6689] usb 1-1: new full-speed USB device number 14 using dummy_hcd
[  137.401887][ T8045] loop2: detected capacity change from 0 to 32768
[  137.408496][ T8045] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  137.414804][ T8045] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  137.431478][ T8045] XFS (loop2): Ending clean mount
[  137.438117][ T8045] XFS (loop2): Quotacheck needed: Please wait.
[  137.465740][ T8045] XFS (loop2): Quotacheck: Done.
[  137.534676][ T5847] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  137.550372][ T6689] usb 1-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  137.554387][ T6689] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  137.558618][ T6689] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  137.564030][ T6689] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 232, setting to 64
[  137.568588][ T6689] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  137.584332][ T6689] usb 1-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  137.588036][ T6689] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.600216][ T6689] usb 1-1: Product: syz
[  137.601889][ T6689] usb 1-1: Manufacturer: syz
[  137.603642][ T6689] usb 1-1: SerialNumber: syz
[  137.615173][ T6689] usb 1-1: config 0 descriptor??
[  137.629491][ T8041] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  137.644618][ T6689] input: KB Gear Tablet as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input9
[  137.866662][ T6689] usb 1-1: USB disconnect, device number 14
[  138.019296][ T5985] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  138.169819][ T5985] usb 3-1: Using ep0 maxpacket: 8
[  138.175921][ T5985] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52
[  138.181265][ T5985] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  138.184487][ T5985] usb 3-1: Product: syz
[  138.186133][ T5985] usb 3-1: Manufacturer: syz
[  138.187956][ T5985] usb 3-1: SerialNumber: syz
[  138.195258][ T5985] usb 3-1: config 0 descriptor??
[  138.409225][ T6689] usb 3-1: USB disconnect, device number 15
[  140.173367][ T8123] loop2: detected capacity change from 0 to 2048
[  140.206893][ T8123] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  140.214893][ T8123] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  140.229480][    T9] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  140.252152][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.382440][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.387343][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  140.390594][    T9] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  140.393707][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.399802][    T9] usb 1-1: config 0 descriptor??
[  140.802500][ T8143] loop2: detected capacity change from 0 to 2048
[  140.807726][ T8143] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  140.825826][    T9] hid-steam 0003:28DE:1142.0007: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  140.910406][    T9] hid-steam 0003:28DE:1142.0007: Steam wireless receiver connected
[  140.935129][    T9] hid-steam 0003:28DE:1142.0008: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0
[  140.965466][ T8151] netlink: 28 bytes leftover after parsing attributes in process `syz.2.748'.
[  140.968370][ T8151] netlink: 28 bytes leftover after parsing attributes in process `syz.2.748'.
[  140.980953][ T8153] loop3: detected capacity change from 0 to 256
[  140.984252][ T8153] exfat: Deprecated parameter 'namecase'
[  140.994658][ T8153] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36decf98, utbl_chksum : 0xe619d30d)
[  142.451126][ T8174] loop2: detected capacity change from 0 to 16
[  142.457672][ T8174] erofs (device loop2): mounted with root inode @ nid 36.
[  142.490942][ T8176] warning: `syz.3.758' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  142.529441][ T8178] can0: slcan on ptm0.
[  142.536896][ T8180] Bluetooth: (null): Invalid header checksum
[  142.606136][ T8177] can0 (unregistered): slcan off ptm0.
[  143.472835][ T8197] netlink: 40 bytes leftover after parsing attributes in process `syz.3.767'.
[  143.531644][ T8199] sctp: [Deprecated]: syz.3.768 (pid 8199) Use of struct sctp_assoc_value in delayed_ack socket option.
[  143.531644][ T8199] Use struct sctp_sack_info instead
[  143.651075][   T54] Bluetooth: hci0: command 0x0405 tx timeout
[  143.726350][    T9] usb 1-1: USB disconnect, device number 15
[  143.738270][    T9] hid-steam 0003:28DE:1142.0007: Steam wireless receiver disconnected
[  143.760946][ T8207] netlink: 8 bytes leftover after parsing attributes in process `syz.0.772'.
[  143.776064][ T8209] loop3: detected capacity change from 0 to 1024
[  143.792886][ T8209] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  143.830058][ T6606] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.001335][ T8228] loop0: detected capacity change from 0 to 1024
[  144.004054][ T8228] EXT4-fs: Ignoring removed bh option
[  144.006755][ T8228] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  144.016781][ T8228] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  144.340822][ T6689] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  144.492398][ T6689] usb 3-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36
[  144.496233][ T6689] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.503608][ T6689] usb 3-1: config 0 descriptor??
[  144.722192][ T6689] kaweth 3-1:0.0: Firmware present in device.
[  144.848785][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.912693][ T6689] kaweth 3-1:0.0: Statistics collection: 0
[  144.919972][ T6689] kaweth 3-1:0.0: Multicast filter limit: 0
[  144.922329][ T6689] kaweth 3-1:0.0: MTU: 0
[  144.924004][ T6689] kaweth 3-1:0.0: Read MAC address 00:00:00:00:00:00
[  145.044550][ T8251] veth1_to_bond: entered promiscuous mode
[  145.047210][ T8251] macsec1: entered allmulticast mode
[  145.052101][ T8251] veth1_to_bond: entered allmulticast mode
[  145.057755][ T8251] veth1_to_bond: left allmulticast mode
[  145.062602][ T8251] veth1_to_bond: left promiscuous mode
[  145.113435][ T6689] kaweth 3-1:0.0: probe with driver kaweth failed with error -5
[  145.124804][ T6689] usb 3-1: USB disconnect, device number 16
[  145.461407][ T8255] loop3: detected capacity change from 0 to 40427
[  145.465647][ T8255] F2FS-fs (loop3): build fault injection rate: 25
[  145.470307][ T8255] F2FS-fs (loop3): invalid crc value
[  145.529831][ T8255] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  145.534172][ T8255] F2FS-fs (loop3): Start checkpoint disabled!
[  145.536748][ T8259] netlink: 20 bytes leftover after parsing attributes in process `syz.0.792'.
[  145.544514][ T8259] netlink: 36 bytes leftover after parsing attributes in process `syz.0.792'.
[  145.549504][ T8255] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  145.584149][ T6352] kworker/u10:16: attempt to access beyond end of device
[  145.584149][ T6352] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  145.592727][ T6352] CPU: 0 UID: 0 PID: 6352 Comm: kworker/u10:16 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  145.592754][ T6352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  145.592773][ T6352] Workqueue: writeback wb_workfn (flush-7:3)
[  145.592802][ T6352] Call Trace:
[  145.592809][ T6352]  <TASK>
[  145.592818][ T6352]  dump_stack_lvl+0x189/0x250
[  145.592844][ T6352]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.592861][ T6352]  ? __pfx_queue_work_on+0x10/0x10
[  145.592876][ T6352]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  145.592894][ T6352]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  145.592921][ T6352]  f2fs_handle_critical_error+0x37c/0x540
[  145.592948][ T6352]  f2fs_write_end_io+0x886/0xb60
[  145.592987][ T6352]  __submit_merged_bio+0x27a/0x6a0
[  145.593010][ T6352]  __submit_merged_write_cond+0x255/0x530
[  145.593033][ T6352]  f2fs_write_data_pages+0x261d/0x3000
[  145.593106][ T6352]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  145.593139][ T6352]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  145.593193][ T6352]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  145.593223][ T6352]  ? trace_f2fs_writepages+0x7f/0x200
[  145.593242][ T6352]  ? f2fs_write_node_pages+0x478/0x6e0
[  145.593281][ T6352]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  145.593300][ T6352]  do_writepages+0x32e/0x550
[  145.593325][ T6352]  ? reacquire_held_locks+0x127/0x1d0
[  145.593340][ T6352]  ? writeback_sb_inodes+0x384/0x1010
[  145.593365][ T6352]  __writeback_single_inode+0x145/0xff0
[  145.593383][ T6352]  ? do_raw_spin_unlock+0x4d/0x240
[  145.593404][ T6352]  writeback_sb_inodes+0x6c7/0x1010
[  145.593421][ T6352]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.593461][ T6352]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  145.593517][ T6352]  ? rcu_is_watching+0x15/0xb0
[  145.593542][ T6352]  wb_writeback+0x43b/0xaf0
[  145.593566][ T6352]  ? queue_io+0x391/0x590
[  145.593588][ T6352]  ? __pfx_wb_writeback+0x10/0x10
[  145.593613][ T6352]  ? _raw_spin_unlock_irq+0x23/0x50
[  145.593634][ T6352]  wb_workfn+0x409/0xef0
[  145.593663][ T6352]  ? __pfx_wb_workfn+0x10/0x10
[  145.593683][ T6352]  ? __lock_acquire+0xab9/0xd20
[  145.593715][ T6352]  ? process_scheduled_works+0x9ef/0x17b0
[  145.593736][ T6352]  ? _raw_spin_unlock_irq+0x23/0x50
[  145.593750][ T6352]  ? process_scheduled_works+0x9ef/0x17b0
[  145.593767][ T6352]  ? process_scheduled_works+0x9ef/0x17b0
[  145.593782][ T6352]  process_scheduled_works+0xae1/0x17b0
[  145.593826][ T6352]  ? __pfx_process_scheduled_works+0x10/0x10
[  145.593864][ T6352]  worker_thread+0x8a0/0xda0
[  145.593903][ T6352]  kthread+0x711/0x8a0
[  145.593925][ T6352]  ? __pfx_worker_thread+0x10/0x10
[  145.593940][ T6352]  ? __pfx_kthread+0x10/0x10
[  145.593958][ T6352]  ? _raw_spin_unlock_irq+0x23/0x50
[  145.593973][ T6352]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.593987][ T6352]  ? __pfx_kthread+0x10/0x10
[  145.594006][ T6352]  ret_from_fork+0x3fc/0x770
[  145.594024][ T6352]  ? __pfx_ret_from_fork+0x10/0x10
[  145.594046][ T6352]  ? __switch_to_asm+0x39/0x70
[  145.594063][ T6352]  ? __switch_to_asm+0x33/0x70
[  145.594107][ T6352]  ? __pfx_kthread+0x10/0x10
[  145.594126][ T6352]  ret_from_fork_asm+0x1a/0x30
[  145.594158][ T6352]  </TASK>
[  145.594165][ T6352] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  146.050714][ T6689] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  146.210880][ T6689] usb 3-1: Using ep0 maxpacket: 16
[  146.215093][ T6689] usb 3-1: config 1 interface 0 altsetting 206 endpoint 0x81 has invalid maxpacket 1080, setting to 1024
[  146.219902][ T6689] usb 3-1: config 1 interface 0 has no altsetting 0
[  146.226288][ T6689] usb 3-1: New USB device found, idVendor=046d, idProduct=c53a, bcdDevice= 0.40
[  146.230171][ T6689] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.233292][ T6689] usb 3-1: Product: syz
[  146.234998][ T6689] usb 3-1: Manufacturer: syz
[  146.236883][ T6689] usb 3-1: SerialNumber: syz
[  146.252578][ T8267] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  146.470432][ T6689] usbhid 3-1:1.0: can't add hid device: -71
[  146.472443][ T6689] usbhid 3-1:1.0: probe with driver usbhid failed with error -71
[  146.476433][ T6689] usb 3-1: USB disconnect, device number 17
[  146.559262][    T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  146.719303][    T9] usb 1-1: Using ep0 maxpacket: 16
[  146.725619][    T9] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 63, changing to 7
[  146.729766][    T9] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  146.733356][    T9] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  146.741863][    T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  146.746167][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.749156][    T9] usb 1-1: Product: syz
[  146.750861][    T9] usb 1-1: Manufacturer: syz
[  146.752654][    T9] usb 1-1: SerialNumber: syz
[  146.965398][    T9] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  146.971404][    T9] usb 1-1: unit 1 not found!
[  147.003412][    T9] usb 1-1: USB disconnect, device number 16
[  147.052697][ T8296] loop3: detected capacity change from 0 to 128
[  147.055562][ T8296] EXT4-fs (loop3): Test dummy encryption mode enabled
[  147.082020][ T8296] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  147.092413][ T8296] ext4 filesystem being mounted at /177/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  147.136144][ T6606] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  147.176726][ T8304] netlink: 16 bytes leftover after parsing attributes in process `syz.2.810'.
[  147.703343][ T8323] loop2: detected capacity change from 0 to 32768
[  147.710329][ T8335] netlink: 'syz.0.825': attribute type 1 has an invalid length.
[  147.713488][ T8335] netlink: 12 bytes leftover after parsing attributes in process `syz.0.825'.
[  147.719289][ T5985] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  147.726383][ T8323] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  147.772732][ T5847] ocfs2: Unmounting device (7,2) on (node local)
[  148.193004][ T5985] usb 4-1: Using ep0 maxpacket: 8
[  148.197878][ T5985] usb 4-1: config 2 has an invalid interface number: 25 but max is 0
[  148.201761][ T5985] usb 4-1: config 2 has no interface number 0
[  148.203671][ T5985] usb 4-1: config 2 interface 25 has no altsetting 0
[  148.209365][ T5985] usb 4-1: New USB device found, idVendor=413c, idProduct=4004, bcdDevice=33.1b
[  148.212199][ T5985] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.217021][ T5985] usb 4-1: Product: syz
[  148.225967][ T5985] usb 4-1: Manufacturer: syz
[  148.227420][ T5985] usb 4-1: SerialNumber: syz
[  148.235497][ T5985] ipaq 4-1:2.25: PocketPC PDA converter detected
[  148.238128][ T5985] usb 4-1: active config #2 != 1 ??
[  148.470994][    T9] usb 4-1: USB disconnect, device number 10
[  149.351489][    T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  149.519276][    T9] usb 1-1: Using ep0 maxpacket: 32
[  149.523876][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  149.530640][    T9] usb 1-1: config 14 has an invalid interface number: 32 but max is 0
[  149.533948][    T9] usb 1-1: config 14 has no interface number 0
[  149.536431][    T9] usb 1-1: config 14 interface 32 has no altsetting 0
[  149.551552][    T9] usb 1-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  149.559221][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.565379][    T9] usb 1-1: Product: syz
[  149.566963][    T9] usb 1-1: Manufacturer: syz
[  149.568820][    T9] usb 1-1: SerialNumber: syz
[  149.653918][ T8370] loop3: detected capacity change from 0 to 40427
[  149.656617][ T8370] F2FS-fs: heap/no_heap options were deprecated
[  149.659459][ T8370] F2FS-fs (loop3): build fault injection rate: 19
[  149.661505][ T8370] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  149.664919][ T8370] F2FS-fs (loop3): invalid crc value
[  149.672194][ T8370] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  149.704618][ T8370] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  149.711544][ T8370] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  149.715155][ T8370] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  149.750138][ T8370] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  149.759022][ T8370] syz.3.839: attempt to access beyond end of device
[  149.759022][ T8370] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  149.763516][ T8370] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of f2fs_mpage_readpages+0x18df/0x1ac0
[  149.767171][ T8370] syz.3.839: attempt to access beyond end of device
[  149.767171][ T8370] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  149.776308][ T8375] loop2: detected capacity change from 0 to 32768
[  149.789797][    T9] ums-usbat 1-1:14.32: USB Mass Storage device detected
[  149.798899][    T9] ums-usbat 1-1:14.32: Quirks match for vid 0781 pid 0005: 1
[  149.802182][    T9] ums-usbat 1-1:14.32: This device (0781,0005,0005 S 39 P 80) has an unneeded Protocol entry in unusual_devs.h (kernel 6.16.0-syzkaller-11895-gcca7a0aae895-dirty)
[  149.802182][    T9]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[  149.810015][ T8375] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  149.823034][ T6606] syz-executor: attempt to access beyond end of device
[  149.823034][ T6606] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  149.829538][ T6606] CPU: 1 UID: 0 PID: 6606 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  149.829560][ T6606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  149.829570][ T6606] Call Trace:
[  149.829577][ T6606]  <TASK>
[  149.829583][ T6606]  dump_stack_lvl+0x189/0x250
[  149.829609][ T6606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  149.829625][ T6606]  ? __pfx_queue_work_on+0x10/0x10
[  149.829640][ T6606]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  149.829656][ T6606]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  149.829671][ T6606]  f2fs_handle_critical_error+0x37c/0x540
[  149.829719][ T6606]  f2fs_write_end_io+0x886/0xb60
[  149.829741][ T6606]  __submit_merged_bio+0x27a/0x6a0
[  149.829754][ T6606]  __submit_merged_write_cond+0x255/0x530
[  149.829768][ T6606]  f2fs_write_data_pages+0x261d/0x3000
[  149.829798][ T6606]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  149.829815][ T6606]  ? arch_stack_walk+0xfc/0x150
[  149.829840][ T6606]  ? __mod_zone_page_state+0xd7/0x140
[  149.829857][ T6606]  ? folios_put_refs+0x560/0x640
[  149.829874][ T6606]  ? __lock_acquire+0xab9/0xd20
[  149.829901][ T6606]  ? do_raw_spin_lock+0x121/0x290
[  149.829926][ T6606]  ? do_raw_spin_unlock+0x4d/0x240
[  149.829944][ T6606]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  149.829962][ T6606]  do_writepages+0x32e/0x550
[  149.829992][ T6606]  ? do_raw_spin_unlock+0x4d/0x240
[  149.830012][ T6606]  filemap_fdatawrite+0x199/0x240
[  149.830031][ T6606]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  149.830077][ T6606]  ? do_raw_spin_unlock+0x4d/0x240
[  149.830090][ T6606]  f2fs_sync_dirty_inodes+0x31f/0x830
[  149.830122][ T6606]  f2fs_write_checkpoint+0x95a/0x1df0
[  149.830147][ T6606]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  149.830183][ T6606]  ? kill_f2fs_super+0x298/0x6c0
[  149.830199][ T6606]  kill_f2fs_super+0x2c3/0x6c0
[  149.830214][ T6606]  ? __pfx_kill_f2fs_super+0x10/0x10
[  149.830223][ T6606]  ? radix_tree_delete_item+0x2b6/0x400
[  149.830237][ T6606]  ? shrinker_free+0x2ce/0x3e0
[  149.830248][ T6606]  deactivate_locked_super+0xbc/0x130
[  149.830260][ T6606]  cleanup_mnt+0x425/0x4c0
[  149.830271][ T6606]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.830283][ T6606]  task_work_run+0x1d4/0x260
[  149.830296][ T6606]  ? __pfx_task_work_run+0x10/0x10
[  149.830305][ T6606]  ? __x64_sys_umount+0x122/0x160
[  149.830319][ T6606]  ? exit_to_user_mode_loop+0x40/0x110
[  149.830334][ T6606]  exit_to_user_mode_loop+0xec/0x110
[  149.830345][ T6606]  do_syscall_64+0x2bd/0x3b0
[  149.830356][ T6606]  ? lockdep_hardirqs_on+0x9c/0x150
[  149.830366][ T6606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.830375][ T6606]  ? exc_page_fault+0x9f/0xf0
[  149.830385][ T6606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  149.830393][ T6606] RIP: 0033:0x7ff8f318ff17
[  149.830402][ T6606] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  149.830410][ T6606] RSP: 002b:00007ffd31d44da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  149.830420][ T6606] RAX: 0000000000000000 RBX: 00007ff8f3211c05 RCX: 00007ff8f318ff17
[  149.830426][ T6606] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd31d44e60
[  149.830431][ T6606] RBP: 00007ffd31d44e60 R08: 0000000000000000 R09: 0000000000000000
[  149.830436][ T6606] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd31d45ef0
[  149.830441][ T6606] R13: 00007ff8f3211c05 R14: 00000000000248a8 R15: 00007ffd31d45f30
[  149.830456][ T6606]  </TASK>
[  149.830460][ T6606] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  149.836904][   T12] (kworker/u8:0,12,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[  149.975793][ T5847] ocfs2: Unmounting device (7,2) on (node local)
[  149.993144][    T9] usb 1-1: USB disconnect, device number 17
[  150.473752][ T8391] loop2: detected capacity change from 0 to 32768
[  150.484115][ T8391] JBD2: Ignoring recovery information on journal
[  150.526090][ T8405] loop0: detected capacity change from 0 to 16
[  150.535662][ T8391] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  150.540318][ T8405] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  150.557419][ T8408] loop3: detected capacity change from 0 to 256
[  150.572830][ T8408] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d)
[  150.595919][ T5847] ocfs2: Unmounting device (7,2) on (node local)
[  150.614511][ T8405] cramfs: Error -3 while decompressing!
[  150.616966][ T8405] cramfs: ffffffff99be35d8(42)->ffff88803793b000(4096)
[  151.156194][ T8428] netlink: 27 bytes leftover after parsing attributes in process `syz.3.864'.
[  151.263612][ T5852] Bluetooth: hci0: unexpected event for opcode 0x2060
[  151.421301][ T8437] [U] .
[  151.472331][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  151.477692][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  151.482272][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  151.485870][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  151.489373][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  151.612151][ T8451] netlink: 36 bytes leftover after parsing attributes in process `syz.2.870'.
[  151.693628][ T8440] chnl_net:caif_netlink_parms(): no params data found
[  151.717246][ T8459] loop2: detected capacity change from 0 to 1024
[  151.734677][ T8459] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  151.749161][   T33] audit: type=1800 audit(1755037607.610:60): pid=8459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.872" name="file1" dev="loop2" ino=15 res=0 errno=0
[  151.772588][ T8440] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.774998][ T8440] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.778835][ T8440] bridge_slave_0: entered allmulticast mode
[  151.781905][ T8440] bridge_slave_0: entered promiscuous mode
[  151.786337][ T8440] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.789241][ T8440] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.791485][ T8440] bridge_slave_1: entered allmulticast mode
[  151.794424][ T8440] bridge_slave_1: entered promiscuous mode
[  151.795752][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.832784][ T8440] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  151.837576][ T8440] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  151.866352][ T8440] team0: Port device team_slave_0 added
[  151.870658][ T8440] team0: Port device team_slave_1 added
[  151.893272][ T8440] batman_adv: batadv0: Adding interface: batadv_slave_0
[  151.895548][ T8440] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.904427][ T8440] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  151.908965][ T8440] batman_adv: batadv0: Adding interface: batadv_slave_1
[  151.911928][ T8440] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  151.920517][ T8440] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  151.951900][ T8440] hsr_slave_0: entered promiscuous mode
[  151.954406][ T8440] hsr_slave_1: entered promiscuous mode
[  151.957449][ T8440] debugfs: 'hsr0' already exists in 'hsr'
[  151.959946][ T8440] Cannot create hsr debugfs directory
[  152.094084][ T8440] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  152.099002][ T8469] loop2: detected capacity change from 0 to 32768
[  152.101731][ T8440] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  152.102610][ T8469] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.874 (8469)
[  152.112117][ T8440] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  152.114136][ T8469] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  152.119080][ T8469] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  152.123910][ T8440] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  152.162173][ T8469] BTRFS info (device loop2): rebuilding free space tree
[  152.175396][ T8469] BTRFS info (device loop2): disabling free space tree
[  152.177971][ T8469] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  152.182110][ T8469] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  152.232488][ T8440] 8021q: adding VLAN 0 to HW filter on device bond0
[  152.274548][ T8440] 8021q: adding VLAN 0 to HW filter on device team0
[  152.299926][ T6859] bridge0: port 1(bridge_slave_0) entered blocking state
[  152.302837][ T6859] bridge0: port 1(bridge_slave_0) entered forwarding state
[  152.317937][ T6859] bridge0: port 2(bridge_slave_1) entered blocking state
[  152.321158][ T6859] bridge0: port 2(bridge_slave_1) entered forwarding state
[  152.382680][ T5847] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  152.596493][ T8440] 8021q: adding VLAN 0 to HW filter on device batadv0
[  152.674487][ T8501] random: crng reseeded on system resumption
[  152.875087][ T8440] veth0_vlan: entered promiscuous mode
[  152.889836][ T8440] veth1_vlan: entered promiscuous mode
[  152.928152][ T8440] veth0_macvtap: entered promiscuous mode
[  152.940489][ T8440] veth1_macvtap: entered promiscuous mode
[  152.965472][ T8440] batman_adv: batadv0: Interface activated: batadv_slave_0
[  152.977960][ T8440] batman_adv: batadv0: Interface activated: batadv_slave_1
[  152.991713][ T5737] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  153.005968][ T5737] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  153.031859][ T5737] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  153.058497][ T5737] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  153.134956][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.142067][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.196133][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  153.200637][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  153.570193][ T5852] Bluetooth: hci2: command tx timeout
[  154.662184][ T8546] netlink: 8 bytes leftover after parsing attributes in process `syz.2.893'.
[  155.649475][ T5852] Bluetooth: hci2: command tx timeout
[  155.910615][    C0] IPv4: Oversized IP packet from 172.20.20.24
[  156.152124][ T8581] loop4: detected capacity change from 0 to 2048
[  156.248354][ T8582] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  156.973735][ T8584] loop4: detected capacity change from 0 to 32768
[  156.978839][ T8584] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.909 (8584)
[  156.986410][ T8584] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  156.990120][ T8584] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  156.992751][ T8584] BTRFS info (device loop4): using free-space-tree
[  157.085113][   T33] audit: type=1800 audit(1755037612.950:61): pid=8584 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.909" name="file0" dev="loop4" ino=258 res=0 errno=0
[  157.122537][ T8440] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  157.126183][ T8607] loop2: detected capacity change from 0 to 2048
[  157.159951][ T8607] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.182079][   T51] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  157.185778][ T8607] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  157.209884][ T8607] EXT4-fs (loop2): Remounting filesystem read-only
[  157.239954][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.282152][ T8612] loop2: detected capacity change from 0 to 1024
[  157.315780][ T8612] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.319505][ T8612] ext4 filesystem being mounted at /330/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.341163][   T51] usb 4-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30
[  157.345212][ T8612] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm syz.2.915: lblock 1 mapped to illegal pblock 1 (length 3)
[  157.347936][ T8612] EXT4-fs (loop2): Remounting filesystem read-only
[  157.357401][   T51] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  157.363814][   T51] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255
[  157.371847][   T51] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  157.382591][   T51] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  157.383255][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.386035][   T51] usb 4-1: SerialNumber: syz
[  157.601079][   T51] cdc_acm 4-1:1.0: ttyACM0: USB ACM device
[  157.611771][   T51] usb 4-1: USB disconnect, device number 11
[  157.714881][ T8641] loop4: detected capacity change from 0 to 16
[  157.718702][ T8641] erofs (device loop4): invalid checksum 0x7ae79e26, 0xf8c4b9bf expected
[  157.729284][ T5852] Bluetooth: hci2: command tx timeout
[  157.795075][ T8647] loop2: detected capacity change from 0 to 256
[  157.896719][ T8653] netlink: 'syz.2.933': attribute type 10 has an invalid length.
[  157.906584][ T8653] 8021q: adding VLAN 0 to HW filter on device batadv0
[  157.910721][ T8653] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  157.916563][ T8653] netlink: 'syz.2.933': attribute type 10 has an invalid length.
[  157.918860][ T8653] netlink: 40 bytes leftover after parsing attributes in process `syz.2.933'.
[  157.937910][ T8653] batadv0: entered promiscuous mode
[  157.939992][ T8653] batadv0: entered allmulticast mode
[  157.943063][ T8653] bond0: (slave batadv0): Releasing backup interface
[  157.946856][ T8653] bridge0: port 3(batadv0) entered blocking state
[  157.949015][ T8653] bridge0: port 3(batadv0) entered disabled state
[  158.227251][ T5737] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled
[  158.231268][ T5737] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled
[  158.492303][ T8667] loop3: detected capacity change from 0 to 4096
[  158.686548][ T8675] loop3: detected capacity change from 0 to 4096
[  158.698246][ T8676] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  158.713327][   T33] audit: type=1800 audit(1755037614.580:62): pid=8675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.942" name="file1" dev="loop3" ino=15 res=0 errno=0
[  158.796306][ T8678] netlink: 'syz.3.943': attribute type 10 has an invalid length.
[  158.809609][ T8678] bond0: (slave netdevsim0): Enslaving as an active interface with an up link
[  158.891188][ T8684] loop4: detected capacity change from 0 to 1764
[  158.988144][ T8691] loop4: detected capacity change from 0 to 512
[  158.991458][ T8691] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  158.996497][ T8691] EXT4-fs (loop4): fragment/cluster size (4096) != block size (2048)
[  159.084163][ T8702] netlink: 20 bytes leftover after parsing attributes in process `syz.4.954'.
[  159.114238][ T8704] loop3: detected capacity change from 0 to 256
[  159.137540][ T8706] loop2: detected capacity change from 0 to 4096
[  159.149889][ T8709] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  159.224692][ T8714] ucma_write: process 77 (syz.4.960) changed security contexts after opening file descriptor, this is not allowed.
[  159.519299][ T5985] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  159.542845][ T8723] loop2: detected capacity change from 0 to 32768
[  159.548630][ T8723] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  159.562975][ T8723] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  159.575010][ T8723] XFS (loop2): Starting recovery (logdev: internal)
[  159.590085][ T8723] XFS (loop2): Ending recovery (logdev: internal)
[  159.630886][ T5847] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  159.704976][ T8716] dummy0: entered promiscuous mode
[  159.714085][ T8716] vlan2: entered promiscuous mode
[  159.792607][ T5985] usb 5-1: unable to get BOS descriptor or descriptor too short
[  159.795861][ T5985] usb 5-1: no configurations
[  159.797355][ T5985] usb 5-1: can't read configurations, error -22
[  159.809347][ T5852] Bluetooth: hci2: command tx timeout
[  159.816104][ T8735] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  159.824548][ T8735] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  159.860682][ T8737] input: syz1 as /devices/virtual/input/input12
[  159.907859][ T8739] netlink: 16 bytes leftover after parsing attributes in process `syz.2.968'.
[  160.685764][ T8758] loop4: detected capacity change from 0 to 128
[  160.689077][ T8758] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  160.696976][ T8758] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  160.912554][    T9] IPVS: starting estimator thread 0...
[  160.914793][ T8770] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold
[  160.944297][ T8775] lo: Caught tx_queue_len zero misconfig
[  161.021108][ T8771] IPVS: using max 62 ests per chain, 148800 per kthread
[  162.269294][ T5985] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  162.439235][ T5985] usb 3-1: Using ep0 maxpacket: 8
[  162.443703][ T5985] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  162.450875][ T5985] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  162.454325][ T5985] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.456893][ T5985] usb 3-1: Product: syz
[  162.458257][ T5985] usb 3-1: Manufacturer: syz
[  162.460810][ T5985] usb 3-1: SerialNumber: syz
[  162.476192][ T5985] usb 3-1: config 0 descriptor??
[  162.480097][ T5985] streamzap 3-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0)
[  162.749448][    T9] usb 3-1: USB disconnect, device number 18
[  164.053187][ T8857] netlink: 3176 bytes leftover after parsing attributes in process `syz.2.1017'.
[  164.157849][ T8866] loop2: detected capacity change from 0 to 256
[  164.176055][ T8866] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x467a0815, utbl_chksum : 0xe619d30d)
[  164.183349][ T8866] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  164.198685][ T8866] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000006)
[  164.336299][ T8874] vxcan0: tx drop: invalid sa for name 0x0000001000000000
[  164.584012][ T8884] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1030'.
[  164.804824][ T8891] loop4: detected capacity change from 0 to 32768
[  164.973341][ T8915] openvswitch: netlink: Message has 16 unknown bytes.
[  165.046650][ T8919] netlink: 39 bytes leftover after parsing attributes in process `syz.2.1048'.
[  165.379803][ T6182] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  165.517882][   T33] audit: type=1326 audit(1755037621.380:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8929 comm="syz.4.1052" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f29a0d8ebe9 code=0x0
[  165.534722][   T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  165.565701][ T6182] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  165.572796][ T6182] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7
[  165.611452][ T6182] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  165.634400][ T6182] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  165.637067][ T6182] usb 3-1: Product: syz
[  165.638517][ T6182] usb 3-1: Manufacturer: syz
[  165.645279][ T6182] usb 3-1: SerialNumber: syz
[  165.649186][ T6182] usb 3-1: config 0 descriptor??
[  165.733803][   T10] usb 4-1: Using ep0 maxpacket: 16
[  165.755428][   T10] usb 4-1: config 0 has no interfaces?
[  165.759009][   T10] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  165.764751][   T10] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  165.768005][   T10] usb 4-1: Manufacturer: syz
[  165.775375][   T10] usb 4-1: config 0 descriptor??
[  165.886400][ T6182] usb 3-1: USB disconnect, device number 19
[  165.984272][    T9] usb 4-1: USB disconnect, device number 12
[  166.513925][ T8951] loop2: detected capacity change from 0 to 2048
[  166.521906][ T8951] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  166.529285][ T5867] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  166.680417][ T5852] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  166.683749][ T5852] CPU: 0 UID: 0 PID: 5852 Comm: kworker/u11:4 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  166.683763][ T5852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  166.683770][ T5852] Workqueue: hci1 hci_rx_work
[  166.683785][ T5852] Call Trace:
[  166.683790][ T5852]  <TASK>
[  166.683794][ T5852]  dump_stack_lvl+0x189/0x250
[  166.683810][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.683821][ T5852]  ? __pfx__printk+0x10/0x10
[  166.683836][ T5852]  ? kernfs_path_from_node+0x250/0x290
[  166.683845][ T5852]  ? kernfs_path_from_node+0x2f/0x290
[  166.683856][ T5852]  sysfs_create_dir_ns+0x259/0x280
[  166.683868][ T5852]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[  166.683877][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  166.683890][ T5852]  kobject_add_internal+0x59f/0xb40
[  166.683908][ T5852]  kobject_add+0x155/0x220
[  166.683921][ T5852]  ? __pfx_kobject_add+0x10/0x10
[  166.683932][ T5852]  ? _raw_spin_unlock+0x28/0x50
[  166.683943][ T5852]  ? get_device_parent+0x366/0x3a0
[  166.683957][ T5852]  device_add+0x408/0xb50
[  166.683970][ T5852]  hci_conn_add_sysfs+0xd5/0x1e0
[  166.683985][ T5852]  le_conn_complete_evt+0xc3a/0x1220
[  166.684002][ T5852]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  166.684012][ T5852]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  166.684021][ T5852]  ? __asan_memcpy+0x40/0x70
[  166.684034][ T5852]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  166.684043][ T5852]  ? skb_pull_data+0xfb/0x200
[  166.684054][ T5852]  hci_le_conn_complete_evt+0x187/0x450
[  166.684067][ T5852]  hci_event_packet+0x78f/0x1200
[  166.684081][ T5852]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  166.684091][ T5852]  ? __pfx_hci_event_packet+0x10/0x10
[  166.684105][ T5852]  ? kcov_remote_start+0x4d3/0x7f0
[  166.684116][ T5852]  ? lockdep_hardirqs_on+0x90/0x150
[  166.684150][ T5852]  ? hci_send_to_monitor+0xe2/0x570
[  166.684163][ T5852]  hci_rx_work+0x46a/0xe80
[  166.684176][ T5852]  ? process_scheduled_works+0x9ef/0x17b0
[  166.684186][ T5852]  process_scheduled_works+0xae1/0x17b0
[  166.684208][ T5852]  ? __pfx_process_scheduled_works+0x10/0x10
[  166.684232][ T5852]  worker_thread+0x8a0/0xda0
[  166.684242][ T5852]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  166.684255][ T5852]  ? __kthread_parkme+0x7b/0x200
[  166.684269][ T5852]  kthread+0x711/0x8a0
[  166.684280][ T5852]  ? __pfx_worker_thread+0x10/0x10
[  166.684288][ T5852]  ? __pfx_kthread+0x10/0x10
[  166.684298][ T5852]  ? _raw_spin_unlock_irq+0x23/0x50
[  166.684306][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  166.684314][ T5852]  ? __pfx_kthread+0x10/0x10
[  166.684324][ T5852]  ret_from_fork+0x3fc/0x770
[  166.684335][ T5852]  ? __pfx_ret_from_fork+0x10/0x10
[  166.684346][ T5852]  ? __switch_to_asm+0x39/0x70
[  166.684355][ T5852]  ? __switch_to_asm+0x33/0x70
[  166.684364][ T5852]  ? __pfx_kthread+0x10/0x10
[  166.684374][ T5852]  ret_from_fork_asm+0x1a/0x30
[  166.684392][ T5852]  </TASK>
[  166.684410][ T5852] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  166.684574][ T5867] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.688325][ T5852] Bluetooth: hci1: failed to register connection device
[  166.714158][ T8954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  166.736364][ T5867] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  166.802079][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.806455][ T5867] usb 5-1: config 0 descriptor??
[  166.841733][ T8962] loop3: detected capacity change from 0 to 1764
[  166.861505][ T8962] iso9660: Corrupted directory entry in block 2 of inode 1920
[  167.217729][ T5867] keytouch 0003:0926:3333.0009: fixing up Keytouch IEC report descriptor
[  167.226359][ T5867] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0009/input/input13
[  167.317611][ T5867] keytouch 0003:0926:3333.0009: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[  167.434561][    T9] usb 5-1: USB disconnect, device number 4
[  167.494773][ T8979] loop2: detected capacity change from 0 to 512
[  167.497703][ T8979] EXT4-fs (loop2): Test dummy encryption mode enabled
[  167.500553][ T8979] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  167.505306][ T8979] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.1074: bad orphan inode 131083
[  167.509991][ T8979] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  167.554764][ T8979] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  167.563798][ T8979] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  167.584450][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.777537][ T8993] loop2: detected capacity change from 0 to 16
[  167.783124][ T8993] erofs (device loop2): mounted with root inode @ nid 36.
[  167.826680][ T8997] loop2: detected capacity change from 0 to 1024
[  167.984381][ T9011] netlink: 224 bytes leftover after parsing attributes in process `syz.4.1086'.
[  168.268817][ T9022] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1090'.
[  168.314817][ T9024] netlink: 'syz.4.1091': attribute type 11 has an invalid length.
[  168.608684][ T9038] loop3: detected capacity change from 0 to 32768
[  169.209316][   T51] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  169.267655][ T9077] netlink: 268 bytes leftover after parsing attributes in process `syz.2.1116'.
[  169.272344][ T9077] unsupported nla_type 65024
[  169.364749][   T51] usb 4-1: Using ep0 maxpacket: 32
[  169.368203][   T51] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  169.373022][   T51] usb 4-1: config 0 has no interface number 0
[  169.378004][   T51] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  169.383029][   T51] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  169.386372][   T51] usb 4-1: Product: syz
[  169.388028][   T51] usb 4-1: Manufacturer: syz
[  169.392528][   T51] usb 4-1: SerialNumber: syz
[  169.395465][   T51] usb 4-1: config 0 descriptor??
[  169.398720][   T51] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  169.662874][   T51] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  169.673664][   T51] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  170.064688][    C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  170.065357][   T10] usb 4-1: USB disconnect, device number 13
[  170.074735][   T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  170.083569][   T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  170.088410][   T10] quatech2 4-1:0.51: device disconnected
[  170.636432][ T9103] loop3: detected capacity change from 0 to 4096
[  170.663784][   T33] audit: type=1800 audit(1755037626.530:64): pid=9103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1127" name="bus" dev="loop3" ino=33 res=0 errno=0
[  170.678671][   T33] audit: type=1804 audit(1755037626.540:65): pid=9103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.1127" name=2F6E6577726F6F742F3235382F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F627573 dev="loop3" ino=33 res=1 errno=0
[  170.914802][ T9109] dlm: plock device version mismatch: kernel (1.2.0), user (1.4.8)
[  171.109894][ T9115] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1133'.
[  172.775307][ T9141] TCP: tcp_parse_options: Illegal window scaling value 254 > 14 received
[  173.016054][ T9162] loop3: detected capacity change from 0 to 8
[  173.022286][ T9162] SQUASHFS error: Failed to read block 0x62: -5
[  173.024941][ T9162] squashfs image failed sanity check
[  173.253278][ T5867] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  173.433567][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  173.459775][ T5867] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  173.483351][ T5867] usb 3-1: New USB device found, idVendor=18d1, idProduct=9400, bcdDevice= 0.00
[  173.486213][ T5867] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  173.491890][ T5867] usb 3-1: config 0 descriptor??
[  173.503154][ T9166] loop4: detected capacity change from 0 to 4096
[  173.517822][ T9166] NILFS (loop4): invalid segment: Checksum error in segment payload
[  173.520714][ T9166] NILFS (loop4): trying rollback from an earlier position
[  173.534105][ T9166] NILFS (loop4): recovery complete
[  173.538063][ T9167] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  173.939082][ T5867] stadia 0003:18D1:9400.000A: item fetching failed at offset 2/5
[  173.953685][ T5867] stadia 0003:18D1:9400.000A: parse failed
[  173.955969][ T5867] stadia 0003:18D1:9400.000A: probe with driver stadia failed with error -22
[  173.985022][ T9181] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.
[  174.031579][ T9179] loop4: detected capacity change from 0 to 32768
[  174.042736][ T9179] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  174.076649][ T8440] ocfs2: Unmounting device (7,4) on (node local)
[  174.146724][    T9] usb 3-1: USB disconnect, device number 20
[  174.266879][ T9194] loop4: detected capacity change from 0 to 2048
[  174.275901][ T9194] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  174.410082][ T9196] IPv6: addrconf: prefix option has invalid lifetime
[  174.413220][ T9196] IPv6: addrconf: prefix option has invalid lifetime
[  174.854422][ T9214] loop2: detected capacity change from 0 to 512
[  174.862504][ T9214] EXT4-fs warning (device loop2): ext4_multi_mount_protect:329: MMP interval 2680 higher than expected, please wait.
[  174.862504][ T9214] 
[  174.868139][ T9214] EXT4-fs warning (device loop2): ext4_multi_mount_protect:332: MMP startup interrupted, failing mount
[  174.868139][ T9214] 
[  174.883395][ T9206] loop4: detected capacity change from 0 to 32768
[  174.896572][ T9206] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  174.924213][ T9206] OCFS2: ERROR (device loop4): int ocfs2_reserve_suballoc_bits(struct ocfs2_super *, struct ocfs2_alloc_context *, int, u32, u64 *, int): Invalid chain allocator 74
[  174.934047][ T9206] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  174.938035][ T9206] OCFS2: Returning error to the calling process.
[  174.942287][ T9206] (syz.4.1172,9206,0):ocfs2_reserve_suballoc_bits:856 ERROR: status = -5
[  174.946151][ T9206] (syz.4.1172,9206,0):ocfs2_reserve_new_inode:1097 ERROR: status = -5
[  174.951394][ T9206] (syz.4.1172,9206,0):ocfs2_reserve_new_inode:1120 ERROR: status = -5
[  174.956111][ T9206] (syz.4.1172,9206,0):ocfs2_mknod:309 ERROR: status = -5
[  174.958988][ T9206] (syz.4.1172,9206,0):ocfs2_mknod:505 ERROR: status = -5
[  174.962534][ T9206] (syz.4.1172,9206,0):ocfs2_mkdir:661 ERROR: status = -5
[  175.005746][ T8440] ocfs2: Unmounting device (7,4) on (node local)
[  175.044937][ T9220] vivid-000: disconnect
[  175.061579][ T9219] vivid-000: reconnect
[  175.129850][ T9218] loop2: detected capacity change from 0 to 32768
[  175.151502][ T9224] loop4: detected capacity change from 0 to 256
[  175.156075][ T9218] read_mapping_page failed!
[  175.160078][ T9224] exfat: Deprecated parameter 'utf8'
[  175.166824][ T9224] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xdd33351c, utbl_chksum : 0xe619d30d)
[  175.168750][ T9218] ERROR: (device loop2): txCommit: 
[  175.168750][ T9218] 
[  175.180788][ T9218] jfs_mkdir: dtSearch returned -17
[  175.760075][ T9233] loop2: detected capacity change from 0 to 4096
[  175.764931][ T9233] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  175.796321][ T9233] ntfs3(loop2): ino=1a, mi_enum_attr
[  175.800032][ T9233] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  175.810822][ T9233] ntfs3(loop2): ino=1a, mi_enum_attr
[  175.812891][ T9233] ntfs3(loop2): Failed to initialize $Extend/$Reparse.
[  176.585326][ T9257] loop4: detected capacity change from 0 to 1024
[  177.014941][ T9262] loop4: detected capacity change from 0 to 8
[  177.023763][ T9262] SQUASHFS error: Failed to read block 0x738: -5
[  177.026306][ T9262] SQUASHFS error: Unable to read metadata cache entry [736]
[  177.029831][ T9262] SQUASHFS error: Unable to read metadata cache entry [736]
[  177.083275][ T9266] futex_wake_op: syz.3.1197 tries to shift op by -1; fix this program
[  177.088900][ T9264] loop4: detected capacity change from 0 to 1024
[  177.092425][ T9264] EXT4-fs: Ignoring removed mblk_io_submit option
[  177.105951][ T9264] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.143658][ T8440] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.278374][ T9273] loop4: detected capacity change from 0 to 16
[  177.287140][ T9273] erofs (device loop4): mounted with root inode @ nid 36.
[  177.293118][ T9273] erofs (device loop4): bogus lookback distance 1388 @ lcn 42 of nid 36
[  177.476297][ T9273] erofs (device loop4): read error -117 @ 43 of nid 36
[  178.309444][ T9297] 9pnet: p9_errstr2errno: server reported unknown error 
[  178.376597][ T9303] binder: BINDER_SET_CONTEXT_MGR already set
[  178.378824][ T9303] binder: 9302:9303 ioctl 40046207 0 returned -16
[  178.629584][ T9312] loop3: detected capacity change from 0 to 8192
[  178.634344][ T9312] NILFS (loop3): unsupported revision (superblock rev.=0.0, current rev.=2.0). Please check the version of mkfs.nilfs(2).
[  178.765998][ T9315] loop2: detected capacity change from 0 to 32768
[  178.774676][ T9322] loop3: detected capacity change from 0 to 8
[  178.775404][ T9315] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  178.821407][ T5847] ocfs2: Unmounting device (7,2) on (node local)
[  178.831033][ T5867] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  178.934895][   T33] audit: type=1326 audit(1755037634.800:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9328 comm="syz.3.1225" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff8f318ebe9 code=0x0
[  178.989214][ T5867] usb 5-1: Using ep0 maxpacket: 32
[  178.992586][ T5867] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  178.992881][ T9333] loop2: detected capacity change from 0 to 4096
[  178.996537][ T5867] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  179.001978][ T5867] usb 5-1: New USB device found, idVendor=258a, idProduct=0033, bcdDevice= 0.00
[  179.002802][ T9333] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  179.005844][ T5867] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.012612][ T5867] usb 5-1: config 0 descriptor??
[  179.017036][ T9333] ntfs3(loop2): volume is dirty and "force" flag is not set!
[  179.428814][ T5867] usbhid 5-1:0.0: can't add hid device: -71
[  179.431290][ T5867] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  179.449403][ T5867] usb 5-1: USB disconnect, device number 5
[  179.613046][ T9349] loop2: detected capacity change from 0 to 32768
[  179.623102][ T9349] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  179.630696][ T9349] 
[  179.631751][ T9349] ======================================================
[  179.634524][ T9349] WARNING: possible circular locking dependency detected
[  179.637313][ T9349] 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 Not tainted
[  179.640909][ T9349] ------------------------------------------------------
[  179.644041][ T9349] syz.2.1232/9349 is trying to acquire lock:
[  179.646413][ T9349] ffff888032adc3c0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  179.651681][ T9349] 
[  179.651681][ T9349] but task is already holding lock:
[  179.654605][ T9349] ffff888032ad4f78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[  179.658184][ T9349] 
[  179.658184][ T9349] which lock already depends on the new lock.
[  179.658184][ T9349] 
[  179.662244][ T9349] 
[  179.662244][ T9349] the existing dependency chain (in reverse order) is:
[  179.665767][ T9349] 
[  179.665767][ T9349] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}:
[  179.668873][ T9349]        lock_acquire+0x120/0x360
[  179.670896][ T9349]        down_read+0x46/0x2e0
[  179.672806][ T9349]        ocfs2_init_acl+0x2f9/0x720
[  179.674883][ T9349]        ocfs2_mknod+0x1321/0x2050
[  179.676980][ T9349]        ocfs2_create+0x1a5/0x440
[  179.679005][ T9349]        path_openat+0x14f4/0x3830
[  179.681152][ T9349]        do_filp_open+0x1fa/0x410
[  179.683193][ T9349]        do_sys_openat2+0x121/0x1c0
[  179.685285][ T9349]        __x64_sys_openat+0x138/0x170
[  179.687459][ T9349]        do_syscall_64+0xfa/0x3b0
[  179.689525][ T9349]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.692167][ T9349] 
[  179.692167][ T9349] -> #3 (jbd2_handle){++++}-{0:0}:
[  179.695090][ T9349]        lock_acquire+0x120/0x360
[  179.697123][ T9349]        start_this_handle+0x1fa7/0x21c0
[  179.699404][ T9349]        jbd2__journal_start+0x2c1/0x5b0
[  179.701667][ T9349]        jbd2_journal_start+0x2a/0x40
[  179.703834][ T9349]        ocfs2_start_trans+0x376/0x6d0
[  179.706055][ T9349]        ocfs2_mknod+0xe93/0x2050
[  179.708146][ T9349]        ocfs2_create+0x1a5/0x440
[  179.710176][ T9349]        path_openat+0x14f4/0x3830
[  179.712211][ T9349]        do_filp_open+0x1fa/0x410
[  179.714363][ T9349]        do_sys_openat2+0x121/0x1c0
[  179.716468][ T9349]        __x64_sys_open+0x11e/0x150
[  179.718537][ T9349]        do_syscall_64+0xfa/0x3b0
[  179.720586][ T9349]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.723139][ T9349] 
[  179.723139][ T9349] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  179.726498][ T9349]        lock_acquire+0x120/0x360
[  179.728527][ T9349]        down_read+0x46/0x2e0
[  179.730460][ T9349]        ocfs2_start_trans+0x36a/0x6d0
[  179.732643][ T9349]        ocfs2_mknod+0xe93/0x2050
[  179.734669][ T9349]        ocfs2_create+0x1a5/0x440
[  179.736711][ T9349]        path_openat+0x14f4/0x3830
[  179.738763][ T9349]        do_filp_open+0x1fa/0x410
[  179.740791][ T9349]        do_sys_openat2+0x121/0x1c0
[  179.742897][ T9349]        __x64_sys_open+0x11e/0x150
[  179.744998][ T9349]        do_syscall_64+0xfa/0x3b0
[  179.747051][ T9349]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.749600][ T9349] 
[  179.749600][ T9349] -> #1 (sb_internal#5){.+.+}-{0:0}:
[  179.752523][ T9349]        lock_acquire+0x120/0x360
[  179.754375][ T9349]        ocfs2_start_trans+0x26b/0x6d0
[  179.756498][ T9349]        ocfs2_create_refcount_tree+0x349/0x1250
[  179.759006][ T9349]        ocfs2_reflink_remap_blocks+0x2ea/0x1930
[  179.761540][ T9349]        ocfs2_remap_file_range+0x4b7/0x730
[  179.764000][ T9349]        vfs_copy_file_range+0xd56/0x1310
[  179.766276][ T9349]        __se_sys_copy_file_range+0x2fb/0x470
[  179.768649][ T9349]        do_syscall_64+0xfa/0x3b0
[  179.770630][ T9349]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.773176][ T9349] 
[  179.773176][ T9349] -> #0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  179.777474][ T9349]        validate_chain+0xb9b/0x2140
[  179.779546][ T9349]        __lock_acquire+0xab9/0xd20
[  179.781601][ T9349]        lock_acquire+0x120/0x360
[  179.783162][ T9349]        down_write+0x96/0x1f0
[  179.784696][ T9349]        ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  179.786947][ T9349]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[  179.789668][ T9349]        ocfs2_init_xattr_set_ctxt+0x307/0x700
[  179.792085][ T9349]        ocfs2_xattr_set+0xb70/0x11f0
[  179.794240][ T9349]        __vfs_setxattr+0x43c/0x480
[  179.796344][ T9349]        __vfs_setxattr_noperm+0x12d/0x660
[  179.798626][ T9349]        vfs_setxattr+0x16b/0x2f0
[  179.800622][ T9349]        filename_setxattr+0x274/0x600
[  179.802764][ T9349]        path_setxattrat+0x364/0x3a0
[  179.804893][ T9349]        __x64_sys_setxattr+0xbc/0xe0
[  179.807042][ T9349]        do_syscall_64+0xfa/0x3b0
[  179.809016][ T9349]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.811136][ T9349] 
[  179.811136][ T9349] other info that might help us debug this:
[  179.811136][ T9349] 
[  179.814242][ T9349] Chain exists of:
[  179.814242][ T9349]   &ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE] --> jbd2_handle --> &oi->ip_xattr_sem
[  179.814242][ T9349] 
[  179.820074][ T9349]  Possible unsafe locking scenario:
[  179.820074][ T9349] 
[  179.823090][ T9349]        CPU0                    CPU1
[  179.825200][ T9349]        ----                    ----
[  179.827338][ T9349]   lock(&oi->ip_xattr_sem);
[  179.829223][ T9349]                                lock(jbd2_handle);
[  179.831746][ T9349]                                lock(&oi->ip_xattr_sem);
[  179.834563][ T9349]   lock(&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]);
[  179.837529][ T9349] 
[  179.837529][ T9349]  *** DEADLOCK ***
[  179.837529][ T9349] 
[  179.840740][ T9349] 3 locks held by syz.2.1232/9349:
[  179.842834][ T9349]  #0: ffff888109966428 (sb_writers#22){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  179.846651][ T9349]  #1: ffff888032ad5240 (&type->i_mutex_dir_key#17){+.+.}-{4:4}, at: vfs_setxattr+0x144/0x2f0
[  179.850617][ T9349]  #2: ffff888032ad4f78 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_xattr_set+0x40f/0x11f0
[  179.854457][ T9349] 
[  179.854457][ T9349] stack backtrace:
[  179.856829][ T9349] CPU: 0 UID: 0 PID: 9349 Comm: syz.2.1232 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  179.856852][ T9349] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  179.856861][ T9349] Call Trace:
[  179.856868][ T9349]  <TASK>
[  179.856875][ T9349]  dump_stack_lvl+0x189/0x250
[  179.856897][ T9349]  ? __pfx_dump_stack_lvl+0x10/0x10
[  179.856943][ T9349]  ? __pfx__printk+0x10/0x10
[  179.856964][ T9349]  ? print_lock_name+0xde/0x100
[  179.856983][ T9349]  print_circular_bug+0x2ee/0x310
[  179.857000][ T9349]  check_noncircular+0x134/0x160
[  179.857017][ T9349]  validate_chain+0xb9b/0x2140
[  179.857032][ T9349]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  179.857048][ T9349]  ? look_up_lock_class+0x74/0x170
[  179.857065][ T9349]  ? register_lock_class+0x51/0x320
[  179.857085][ T9349]  __lock_acquire+0xab9/0xd20
[  179.857105][ T9349]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  179.857125][ T9349]  lock_acquire+0x120/0x360
[  179.857153][ T9349]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  179.857178][ T9349]  down_write+0x96/0x1f0
[  179.857197][ T9349]  ? ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  179.857218][ T9349]  ? __pfx_down_write+0x10/0x10
[  179.857240][ T9349]  ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  179.857268][ T9349]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  179.857283][ T9349]  ? lockdep_hardirqs_on+0x9c/0x150
[  179.857298][ T9349]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  179.857312][ T9349]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  179.857326][ T9349]  ? __pfx_ocfs2_reserve_suballoc_bits+0x10/0x10
[  179.857349][ T9349]  ? stack_depot_save_flags+0x41b/0x860
[  179.857367][ T9349]  ? kasan_save_track+0x4f/0x80
[  179.857383][ T9349]  ? kasan_save_track+0x3e/0x80
[  179.857397][ T9349]  ? __kasan_kmalloc+0x93/0xb0
[  179.857412][ T9349]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  179.857430][ T9349]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[  179.857451][ T9349]  ? ocfs2_init_xattr_set_ctxt+0x307/0x700
[  179.857466][ T9349]  ? ocfs2_xattr_set+0xb70/0x11f0
[  179.857479][ T9349]  ? __vfs_setxattr+0x43c/0x480
[  179.857498][ T9349]  ? __vfs_setxattr_noperm+0x12d/0x660
[  179.857516][ T9349]  ? vfs_setxattr+0x16b/0x2f0
[  179.857533][ T9349]  ? filename_setxattr+0x274/0x600
[  179.857553][ T9349]  ? path_setxattrat+0x364/0x3a0
[  179.857567][ T9349]  ? __x64_sys_setxattr+0xbc/0xe0
[  179.857586][ T9349]  ? do_syscall_64+0xfa/0x3b0
[  179.857603][ T9349]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.857629][ T9349]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[  179.857652][ T9349]  ? __kasan_kmalloc+0x93/0xb0
[  179.857669][ T9349]  ? ocfs2_reserve_new_metadata_blocks+0x113/0x940
[  179.857692][ T9349]  ocfs2_reserve_new_metadata_blocks+0x403/0x940
[  179.857716][ T9349]  ? __pfx_ocfs2_reserve_new_metadata_blocks+0x10/0x10
[  179.857738][ T9349]  ? __pfx_ocfs2_calc_xattr_set_need+0x10/0x10
[  179.857757][ T9349]  ? __lock_acquire+0xab9/0xd20
[  179.857779][ T9349]  ocfs2_init_xattr_set_ctxt+0x307/0x700
[  179.857797][ T9349]  ? __pfx_ocfs2_init_xattr_set_ctxt+0x10/0x10
[  179.857814][ T9349]  ? ocfs2_xattr_set+0xb36/0x11f0
[  179.857829][ T9349]  ? up_write+0x1c4/0x420
[  179.857843][ T9349]  ? ocfs2_xattr_set+0x334/0x11f0
[  179.857858][ T9349]  ocfs2_xattr_set+0xb70/0x11f0
[  179.857879][ T9349]  ? __pfx_ocfs2_xattr_set+0x10/0x10
[  179.857893][ T9349]  ? ocfs2_permission+0x107/0x1b0
[  179.857948][ T9349]  ? __pfx_ocfs2_permission+0x10/0x10
[  179.857972][ T9349]  ? inode_permission+0x149/0x470
[  179.857985][ T9349]  ? __pfx_ocfs2_permission+0x10/0x10
[  179.858005][ T9349]  ? look_up_lock_class+0x74/0x170
[  179.858023][ T9349]  ? register_lock_class+0x51/0x320
[  179.858045][ T9349]  ? posix_xattr_acl+0x93/0xc0
[  179.858060][ T9349]  ? evm_protect_xattr+0x4d4/0xa90
[  179.858075][ T9349]  ? __pfx_evm_protect_xattr+0x10/0x10
[  179.858089][ T9349]  ? __pfx_ocfs2_xattr_trusted_set+0x10/0x10
[  179.858105][ T9349]  __vfs_setxattr+0x43c/0x480
[  179.858129][ T9349]  __vfs_setxattr_noperm+0x12d/0x660
[  179.858159][ T9349]  vfs_setxattr+0x16b/0x2f0
[  179.858182][ T9349]  ? __pfx_vfs_setxattr+0x10/0x10
[  179.858203][ T9349]  ? mnt_get_write_access+0x223/0x2a0
[  179.858222][ T9349]  filename_setxattr+0x274/0x600
[  179.858246][ T9349]  ? __pfx_filename_setxattr+0x10/0x10
[  179.858269][ T9349]  ? getname_flags+0x1e5/0x540
[  179.858283][ T9349]  path_setxattrat+0x364/0x3a0
[  179.858300][ T9349]  ? __pfx_path_setxattrat+0x10/0x10
[  179.858315][ T9349]  ? do_futex+0x333/0x420
[  179.858342][ T9349]  ? rcu_is_watching+0x15/0xb0
[  179.858358][ T9349]  __x64_sys_setxattr+0xbc/0xe0
[  179.858381][ T9349]  do_syscall_64+0xfa/0x3b0
[  179.858396][ T9349]  ? lockdep_hardirqs_on+0x9c/0x150
[  179.858412][ T9349]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.858426][ T9349]  ? exc_page_fault+0x9f/0xf0
[  179.858442][ T9349]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.858456][ T9349] RIP: 0033:0x7fea8b98ebe9
[  179.858471][ T9349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.858484][ T9349] RSP: 002b:00007fea8c87c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  179.858501][ T9349] RAX: ffffffffffffffda RBX: 00007fea8bbb5fa0 RCX: 00007fea8b98ebe9
[  179.858511][ T9349] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000200000000240
[  179.858519][ T9349] RBP: 00007fea8ba11e19 R08: 0000000000000000 R09: 0000000000000000
[  179.858528][ T9349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  179.858535][ T9349] R13: 00007fea8bbb6038 R14: 00007fea8bbb5fa0 R15: 00007ffff70fa478
[  179.858550][ T9349]  </TASK>
[  180.112040][ T5847] ocfs2: Unmounting device (7,2) on (node local)
[  180.610065][   T54] Bluetooth: hci1: command 0x0406 tx timeout

VM DIAGNOSIS:
22:27:15  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000010ea RDI=00000000000010eb RBP=00000000000003f8 RSP=ffffc90002ebe4b0
R8 =ffff888021090237 R9 =1ffff11004212046 R10=dffffc0000000000 R11=ffffffff854e72a0
R12=dffffc0000000000 R13=ffffffff99af1905 R14=ffffffff99de64e0 R15=0000000000000000
RIP=ffffffff854e731c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fea8c87c6c0 ffffffff 00c00000
GS =0000 ffff8880b8624000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32123ffc CR3=000000010f9a0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ffffff0000000000 XMM01=0101010101010101 0101010000000000
XMM02=695f746e756f6d5f 7a79730032736667 XMM03=75663d79636e6572 65686f632c6c6c75
XMM04=652c736b636f6c66 6c61636f6c2c6c6c XMM05=0000000000000000 00007fea8c87b6e0
XMM06=00007fea8c87b6e0 00007fea8c87b560 XMM07=00007fea8c87b5a0 00007fea8c87b580
XMM08=0000000000000000 0000000000000dbe XMM09=0000000000000000 00007fea8ba12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ea3a3db00febc400 RBX=ffffffff81968308 RCX=ea3a3db00febc400 RDX=0000000000000001
RSI=ffffffff8be325e0 RDI=ffffffff81968308 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa34230 R13=0000000000000001 R14=0000000000000001 R15=1ffff11020005000
RIP=ffffffff8b7893f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c24000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b31419ff8 CR3=0000000030d80000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff812b2c35 ffffffff812b2c35
XMM02=00007ff8f3387498 ffffffff812b2c35 XMM03=00007ff8f33874a8 00007ff8f33874a0
XMM04=00007ff8f3eed100 00007ff8f3387460 XMM05=00007ff8f3387478 00007ff8f33874c0
XMM06=00007ff8f33874b8 00007ff8f33874b0 XMM07=00007ff8f33874a8 00007ff8f33874a0
XMM08=0000000000000000 00007ff8f3212ee7 XMM09=0000000000000000 00007ff8f3212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
