last executing test programs:

3m24.070629401s ago: executing program 2 (id=879):
r0 = syz_open_dev$media(&(0x7f0000000000), 0x7, 0x2)
write(r0, 0x0, 0x0)

3m23.995278736s ago: executing program 2 (id=880):
r0 = syz_open_dev$vbi(&(0x7f0000000340), 0x0, 0x2)
ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f0000000080)={0x2, "d8786f9622fba185c412812afbb23df264fad8983bca61e284dc481eb3d057d1", 0x1, 0x1})

3m23.808931395s ago: executing program 2 (id=881):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_GET_CHILD_SUBREAPER(0x25)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
keyctl$chown(0x6, 0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r4, 0x10e, 0x3, &(0x7f00000000c0)=0xffff, 0x4)
write(r4, &(0x7f0000000000)="240000001a005f0314f9f407000904000200000001000000000000000800040001000000", 0x24)
recvmmsg(r4, &(0x7f0000001dc0)=[{{0x0, 0x0, 0xfffffffffffffffe}, 0x4}], 0x1, 0x0, 0x0)

3m22.980033732s ago: executing program 2 (id=885):
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000480)='./file1\x00', 0x810010, &(0x7f0000000800)=ANY=[@ANYRES32=0x0, @ANYRES16, @ANYRES16=0x0, @ANYRES32, @ANYRESOCT, @ANYRESHEX, @ANYRESDEC=0x0], 0x1, 0x1ff, &(0x7f0000000600)="$eJzsks9rE0EUxz+zu0m22tIgUVGEYi1aD202qcYfBwUvBvUkFWpBMCRpDab+aAI1oYcIQhEvglVoEQ+ipIgH8R8wB0+9KRRvodBzDz14kcbI7E7SyX/gYT6H/e7MvPd9+97OvdLjUgRo7SxmIYrEIcYPIXCAIeFvkbMDdZXeUBpW51etQBtK/yhtnatOTYMoDDdTVuNw7riI0h/7vb5JlsE7XHh3/fPPm6HljQPbH7/J+Gu3Kl8Rp3KD799+eXllZcC3F7enW32BH8PNlN04tupKI+DV7lRz0zlCrONVWN446P49tP6s/in1XHbwZgbhrbrA+PexlUvewAtLeZYq1fuZYjE/X7r81GLbL/VrZzErX+5GoN1ut/3egTSgx8j219iLOerAJGDT7sY47BEvzz2KlyrVscJcZjY/m3+QTE6kvDOedzYZnykUP7yWz7wntBJqgkg9Dcjf1Kedh4BdFbMfalo1hPZpkn0g9Nyw9utGT9CDpeV2VNDo5kZUnBzBJCeRo12oCW13xHdx8FtKI7AXgkXC0b4vqOX6B+PZh8XcEgK3k1bH6Xoktgh1F0l9MXG+2/aS0hGlaaV1pVtKh9zem+r4Dpa6z6M1CPMkUy7PJ8Kw1q+y1F5SDi54i9b0gcmqUbu3uYs2BoPBYDAYDAaDwfDf8C8AAP//EG+bVA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

3m22.860789927s ago: executing program 2 (id=887):
timer_create(0x0, 0x0, 0x0)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0x8c0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
flock(r0, 0x2)

3m22.54698279s ago: executing program 2 (id=889):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff})
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x80, 0x6)

3m22.432375564s ago: executing program 32 (id=889):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
pipe(&(0x7f00000001c0)={<r1=>0xffffffffffffffff})
pipe(&(0x7f0000000380)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
splice(r1, 0x0, r2, 0x0, 0x80, 0x6)

2m27.704825714s ago: executing program 1 (id=1640):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x80140, 0x0)
fcntl$setlease(r2, 0x400, 0x1)
r3 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3}, &(0x7f0000000340)=<r4=>0x0, &(0x7f0000000040)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x80})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)

2m26.775039526s ago: executing program 1 (id=1661):
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, &(0x7f0000000240)=@name={0x1e, 0x2, 0x3, {{0x42, 0x1}}}, 0x10)
bind$tipc(r0, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x1, {0x42, 0x0, 0x2}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000400)={0x42, 0x3, 0x3}, 0x10)
bind$tipc(r1, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x2, {0x42, 0x1, 0x3}}, 0x10)
bind$tipc(r0, 0x0, 0x0)

2m26.722846695s ago: executing program 1 (id=1664):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$sock_int(r0, 0x1, 0x3e, &(0x7f00000000c0)=0x1, 0x4)
connect$llc(r0, &(0x7f0000000180)={0x1a, 0x1, 0x65, 0xc, 0x2, 0x4, @multicast}, 0x10)

2m26.722426282s ago: executing program 1 (id=1665):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f0000000200)={[{@quota}, {@oldalloc}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x7c}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
read(r2, &(0x7f0000001400)=""/4096, 0x1000)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x15, 0x0)
rt_sigaction(0x28, &(0x7f00000001c0)={&(0x7f0000000140)="f30faef0c4020993ac1c0010c0fe8fe808a63758470f2831650f8700000001c46161e5810b000000c403895cf400c4c1fc290fc48209bd9f03000000c44241469c12f7000000", 0x58000002, &(0x7f0000000080)="0fe77100c4427d0f8c18000000016afb66430fc41900c423115cd70bf20faef3c4614d7cf9c422c1b65e82c4a171ebcfc441bdf464e0ee", {[0x5]}}, &(0x7f0000000380)={&(0x7f0000000300)="c4e1addf28c4e27d24944e00000000c4a1e571e565478c03c441f96ecc410f01d0666764d290d8aa0000c4c2b1bd7f00c443316c5acd1fab", 0x0, &(0x7f0000000340)="36440f1c850c00000042f6a60900000044805b0e00c4a13bc22f7064360f6eb900000000420f18cd363ed34cf4b567410f1b36c4038d7832006743ac"}, 0x8, &(0x7f00000003c0))
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000040)={0x0, r0}, 0x0)

2m26.562259306s ago: executing program 1 (id=1668):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={<r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000039000000080000000b"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2}, &(0x7f0000000400), &(0x7f0000000380)=r1}, 0x20)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0a000000010000000220000006"], 0x50)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x8c, &(0x7f0000000840)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])

2m26.289454741s ago: executing program 1 (id=1669):
mkdir(&(0x7f00000004c0)='./cgroup.cpu/cpuset.cpus\x00', 0x0)
setxattr$incfs_size(&(0x7f00000002c0)='./cgroup.cpu/cpuset.cpus\x00', &(0x7f0000000300), 0x0, 0x0, 0x2)

2m26.091178095s ago: executing program 33 (id=1669):
mkdir(&(0x7f00000004c0)='./cgroup.cpu/cpuset.cpus\x00', 0x0)
setxattr$incfs_size(&(0x7f00000002c0)='./cgroup.cpu/cpuset.cpus\x00', &(0x7f0000000300), 0x0, 0x0, 0x2)

1m23.844467549s ago: executing program 4 (id=2489):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x94173000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000d80)={&(0x7f0000000000)=ANY=[@ANYBLOB="9beb01031800000000000000000000008000000002"], 0x0, 0x1a}, 0x28)
r0 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8916, &(0x7f0000000000)={r0})

1m23.416620024s ago: executing program 4 (id=2506):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102400, 0x19000)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000640)=@updpolicy={0xc4, 0x19, 0x1, 0x800, 0x0, {{@in6=@mcast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x80, 0x80, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x80000, 0x7fff, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x1000}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000001d00010000000000000000000a00100001"], 0x1c}}, 0x0)
ioctl$RTC_AIE_OFF(0xffffffffffffffff, 0x7002)

1m21.80409707s ago: executing program 4 (id=2512):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a400fe000000007110100000000000e5000200000000004704000001ed030407030000060000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)

1m21.803740962s ago: executing program 4 (id=2513):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x20081e, &(0x7f00000001c0)={[{@grpquota}, {@nogrpid}, {@quota}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
mount$bind(&(0x7f0000000040)='./file1\x00', &(0x7f00000000c0)='./file1\x00', 0x0, 0x3002, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x1006019, &(0x7f0000000100)={[{@noblock_validity}, {@commit={'commit', 0x3d, 0x1}}, {@journal_path={'journal_path', 0x3d, './file1'}}, {@min_batch_time={'min_batch_time', 0x3d, 0x71d}}, {@quota}]}, 0x1, 0x63e, &(0x7f00000003c0)="$eJzs3c9rG1ceAPDvjH/G3qydsLCbPWwMy5LAbuzYSZawLGx8X0L2xz/gxk4IceJgu1AngdjQHksvpRR66qHtf9EGeis99NpD7yUQSsmhKaFRGWnkyLIkW7J+ONbnA4rmzUjvPSn+6r15em8UQN+ayv5JI05FxL0kYqLi2GDkB6dKj3v248Pr2S2JQuF/PyTx8FGyWZlXkt+P50/+ZSKSb9KIkwO7y13buH97YXl5aTVPz6zfuTeztnH/3K07CzeXbi7dnfv73OVLFy9dnj1/oNc3VGPfJx+9SGY/++5qElfiZV637HVVP27kQCVn79lUFEqeV+7P3tfLB8z7sPhpovx38kpSvYNDLcnj5PcxEQMV/5sT8c5/eloxoKMKSZTbKKDvJHXi/6v5Rp8Mox2rD9At5X5A+dy+1nnwbmmHeyVANzydLw1IlWJ/KCLK8T9YGhuM0eLYwNizZMc4TxIRBxuZK8nK+PrLq29nt6gzDgd0xuZWeZS7uv1PirE5GaPF1NizdGf8bxYKad4TyPb/t8Xyp6rSWfnHW8wLaM7mVkT8IW//h2Pf8Z/msVuO/zdaLL9W/LeYFQAAAAAAAPS9x/MR8bda8//S7fk/wzXm/4xHxJU2lL/393/pk3wjqXrocBuKh772dD7inzXn/27P8Z0ciK1i6nhxPsCD5Mat5aXzEfHbiDgbQyNZerYq38oZwufePflhvfIr5/9lt6z88lzAPKcng1ULcRcX1hcO+rqBiKdbEX8szv89ne/ZOf8na/+TGu1/Ft/39lnGyb98eq3esb3jH+iUwscRZ2q2/6+620nj63PMFPsDM+VewW5/evDe5/XKr47/ymM+BKCzsvZ/rHH8jySV1+tZay7/7CT9wsZgod7xVvv/w8n/B6JiEOCthfX11dmI4eTfu/fPNVdnOKryeDgdebxk8X/2z43H/7b7/xVxeCwiNvdRXnH1QIOBQv1/6J0s/hcbt/+TO9v/pjbKnxhflO52D9lf21f7f7HYpp/N9xj/g0q7r8ex3wDtSXUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DWXRsRvIkmnt7fTdHo6Yjwifhdj6fLK2vpfb6y8eXcxOxYxGUNp+Zd+J0rppPz7/5MV6bmq9IWIOBER7w8cK6anr68sL/b6xQMAAAAAAAAAAAAAAAAAAMAhMV5c818YqV7/n/l+oNe1AzpuML8X79B/Blt+ZmGkrRUBuq71+AdeY9k5fxPxP9TJugA9UD/+n78oFHW1OkAX6f9D/2ox/n1dAEfAfuP/g6TDFQG6bJ9jeqOdrgfQCw3b/4fdqwcAAAAAANAWJ04//jaJiM1/HCveMsP5MZP94WhLe10BoGfM4YX+NbjS6xoAveIcH3i1sufnmov968/+tyYIAAAAAAAAAAAAALrlzCnr/6FfNV7/b24/HGUN1v/XCn6XC4AjpP5Pf2j74ahzjg/s1dpb/w8AAAAAAAAAAAAAh8Do/dsLy8tLq2sbbdp4XmhzhvU3/lXaKHSjrLZtbC4cimo0sVF4FNH4MS/3zieNiGZLH4qIw/ImrK5ltelWWeVLcDT99NmBdlWjx59LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAtl8DAAD//9ApGVs=")
syz_mount_image$fuse(&(0x7f0000002180), &(0x7f0000002080)='./file1\x00', 0x80b0, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0)

1m21.684114598s ago: executing program 4 (id=2515):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(r0, &(0x7f0000000240)=ANY=[], 0xe)

1m20.918395509s ago: executing program 4 (id=2527):
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x40000000, 0x8, 0x1000000, 0x0, 0x0, 0x1)

1m20.81599106s ago: executing program 34 (id=2527):
futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc)=0x40000000, 0x8, 0x1000000, 0x0, 0x0, 0x1)

1.650161789s ago: executing program 0 (id=3679):
syz_mount_image$squashfs(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000300), 0x1, 0x226, &(0x7f0000000340)="$eJzKKC4sZmdgYPj7sSaZgUGAAQRYGEQYLjAwMrAwMDDIM4KFGD4yQeipUPomlGaDyl+B0r5Q8XYo/de8KiKKgYExU+meGdMB8RRFRgEGHpGvpx4wJDPwxzJYzvNecykoc8pVobdL94PUe4VWbmJgVE/hXzRnwwSnmbxgYxkjo5DNYT4gM4sDZBADA8PkPxH3HrBIMoiwIcwS5fgndqpl+SqzzvsMMzqmpTEwGsziYGBg0DuiO9POgLebCWpmcWVVdmJOTmoR0xkGVPMnM+5nUmQEqTvz92rwA8atPN2xDIwMchv81RZ/+yNVuXFTfeT0qoiaqd1NN5euj2PYpv/3ionU+4kZYf8fHBLUssjL/zBPRun75oY5H2rquCEhwdB6+e+79zG1xQlqTI/FuwrZ+BPctGo+OTu5WT6em17dvqVYcUFWmsvEY1Mv/k04vpaBYfKFJ7b6NWcOxSvGcEq5Vc6NuesWL8i1TP18HdRABsbljPuZGBhmhu3cg+yv8gZoZDAwMzAwqDAwMDAxsDCkZeakGngwMDIwQzmGLDBjoDQTAwdYQi85PyelnYERnATA2pYzsMDNMHzMwArnGD1mhaQYEMfYogHmsnYIxa4C5XtA6eVQ+jEo6TAgACzZsIBN6IfyNBpAqioSS0qKDEGqISy4mBFczEiggYEV5gmIl+cyoXruOBPDKBgFo2AUjIJRMApGwSgYBaNgFIxkAAgAAP//K9ay9A==")

1.565612021s ago: executing program 0 (id=3680):
socket$tipc(0x1e, 0x2, 0x0)
socket$tipc(0x1e, 0x5, 0x0)
syz_io_uring_setup(0x497, &(0x7f0000000400)={0x0, 0x3f73, 0x100, 0x100000, 0x1a}, 0x0, &(0x7f0000000600))
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0, @ANYRES8, @ANYRES8=r0], 0x0)

960.265885ms ago: executing program 0 (id=3682):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x40, 0x0, 0x0, 0x4)
r1 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000140))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x0, &(0x7f0000000100), 0xc06620, 0x4)
syz_clone(0x8d002240, 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)

380.001612ms ago: executing program 3 (id=3696):
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000040))

298.047333ms ago: executing program 5 (id=3698):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x18, 0x5, 0x400, 0x9, 0x1}, 0x48)

297.827876ms ago: executing program 3 (id=3699):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x24, r1, 0x201, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x29045}, 0x8000)

297.69244ms ago: executing program 5 (id=3700):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
r1 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @local, 'geneve0\x00'}}, 0x1e)
close(r0)
connect$pppoe(r1, &(0x7f0000000000)={0x18, 0x0, {0x3, @broadcast, 'vxcan1\x00'}}, 0x1e)

297.42445ms ago: executing program 3 (id=3701):
setfsgid(0xffffffffffffffff)

229.36003ms ago: executing program 3 (id=3702):
ustat(0x11, &(0x7f0000000600))

229.141668ms ago: executing program 5 (id=3703):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

228.940291ms ago: executing program 3 (id=3704):
r0 = socket$kcm(0xa, 0x2, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
syz_open_dev$video(0x0, 0x7, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x8080)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000180)={0x38, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffff7fffffffe, 0x0, 0x2}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
openat$sysctl(0xffffffffffffff9c, 0x0, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x640100ff, 0x4e20, 0x3, 'lblc\x00', 0x20, 0xa7e, 0x400070}, 0x2c)
setsockopt$IP_VS_SO_SET_ADDDEST(r1, 0x0, 0x487, &(0x7f0000000000)={{0x84, @private=0xa010102, 0x4e21, 0x3, 'lblcr\x00', 0x1, 0x8000, 0x77}, {@remote, 0x4e20, 0x0, 0xcd}}, 0x44)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

228.088124ms ago: executing program 5 (id=3705):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6gretap0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=@newlink={0x4c, 0x10, 0x403, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_LINK={0x8, 0x5, r1}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_MTU={0x8, 0x4, 0x5dc}]}, 0x4c}, 0x1, 0xba01}, 0x4000040)

141.222103ms ago: executing program 5 (id=3706):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r1, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)={0x44, r0, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x5aa}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_PLINK_ACTION={0x5, 0x19, 0x1}]}, 0x44}}, 0x0)

138.920009ms ago: executing program 3 (id=3707):
syz_mount_image$jfs(&(0x7f0000000100), &(0x7f00000000c0)='./file1\x00', 0x1010006, &(0x7f00000002c0)={[{@quota}, {@noquota}, {@nointegrity}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp863'}}, {@noquota}, {@gid}, {@iocharset={'iocharset', 0x3d, 'koi8-u'}}, {@uid={'uid', 0x3d, 0xee01}}]}, 0x24, 0x61b6, &(0x7f00000075c0)="$eJzs3cuOHFcZB/Cv+jYXE8fKIgoWQpPEXEKIr8EYAiRZwIINC+QtsjWZRBYOINsgJ7LwRLNhwUOAkFgixJIVD5AFW3Y8AJZsJFAWKIVq5pxxTaV7esb2dHW7fj9pXPX1qZo+5X9XX6aq+gQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/8wY/PFRFx5VfphhMRn4t+RC9iparXImJl7UR9nRdiuzmej4jhUkS1/vY/z0a8HhEfH4+4/+DOenXz+QP24/t//scffnLsR3//0/DMf/9yq//GpOVu3/7tf/5699G3FwAAALqoLMuySB/zT0bEIH22BwCefvn1v0zy7eq5qzfnrD9qtVqtXsC6rhzvbr2IiM36OtV7BofjAWDBbMYnbXeBFsm/0wYRcaztTgBzrWi7AxyJ+w/urBcp36L+erC2057PBdmT/2axe33HpOk0zXNMZvX42op+PDehPysz6sM8yfn3mvlf2WkfpeWOOv9ZmZT/aOfSp87J+feb+Tc8Pfn3xubfVTn/waHy78sfAAAAAADmWP77/4mWj/8uPf6mHMh+x3/XZtQHAAAAAAAAAHjSDjv+36Ax/t8u4/8BAADA3Ko+q1d+d/zhbZO+i626/XIR8UxjeaBj0sUyq233AwAAAAAAAAAAAAC6ZLBzDu/lImIYEc+srpZlWf3UNevDetz1F13Xtx+6rO0neQAA2PHx8ca1/EXEckRcTt/1N1xdXS3L5ZXVcrVcWcrvZ0dLy+VK7XNtnla3LY0O8IZ4MCqrX7ZcW69u2uflae3N31fd16jsH6Bjs9Fi4AAQETuvRvcnvSL9z+vVYirLZ6PlNzksiH32fxaU/Z+DaPtxCgAAABy9sizLIn2d98l0zL/XdqcAgJnIr//N4wJqtVqtVqufvrquHO9uvYiIzfo61XsGw/EDwILZjE/a7gItkn+nDSLihbY7Acy1ou0OcCTuP7izXqR8i/rrQRrfPZ8Lsif/zWJ7vbz+uOk0zXNMZvX42op+PDehP8/PqA/zJOffa+Z/Zad9lJZ7/PzLPX8mbOsco0n5V9t5ooX+tC3n32/m33DU+/+sbEVvbP5dlfMfHCr/vvwBAAAAAGCO5b//n5ir47+jR92cqfY7/rs2do2j6wsAAAAAAAAAPCn3H9xZz9e95uP/XxiznOs/n045/0L+nZTz7zXy/2pjuX5t/t7bD/P/94M763+89a/P5+lB81/KM0V6ZBXpEVGkeyoGafo4W/dZW8P+qLqnYdHrD9I5P+Xw3bgW12Mjzu5Ztpf+Px62n9vTXvV0uN1e9nfaz+9pH+y25/Uv7GkfprOLypXcfjrW4+dxPd7Zbq/alqZs//KU9nJKe86/b//vpJz/oPZT5b+a2ovGtHLvo95n9vv6dNz9vHXti785e/SbM9VW9He3ra7avpda6M/2/8mxUfzy5saN07ev3rp141ykyZ5bz0eaPGE5/2H62X3+f3mnPT/v1/fXex+NDp3/vNiKwcT8X67NV9v7yoz71oac/yj95PzfSe3j9/9Fzn/y/v9qC/0BAAAAAAAAAAAAAACA/ZRluX2J6FsRcTFd/9PWtZkAwGzl1/8yybfPqu7P+P7U6gWviznrz0zrT8v56o9avYh1XTnem/UiIv5WX6d6z/Drcb8MAJhnn0bEP9vuBK2Rf4fl7/urpqfa7gwwUzc/+PCnV69f37hxs+2eAAAAAAAAAACPKo//uVYb//lUWZZ3G8vtGf/17Vh73PE/B3lmd4DRCQNV9w+/TfvZ6o36vdpw4y/GpPG/h7tz+43/PZhyf8Mp7aMp7UtT2pentI+90KMm5/9ibbzzUxFxsjH8ehfGf22Oed8FOf+Xao/nKv+vNJar51/+fpHz7+3J/8yt939x5uYHH7527f2r7228t/GzC+fOnb1w8eKlS5fOvHvt+sbZnX9b7PHRyvnnsa+dB9otOf+cufy7Jef/pVTLv1ty/l9Otfy7Jeef3+/Jv1ty/vmzj/y7Jef/Sqrl3y05/6+lWv7dkvN/NdXy75ac/9dTLf9uyfm/lmr5d0vO/3Sq5d8tOf8zqT5g/itH3S9mI+efj3DZ/7sl55/PbJB/t+T8z6da/t2S87+Qavl3S87/9VTLv1ty/t9Itfy7Jed/MdXy75ac/zdTLf9uyflfSrX8uyXn/61Uy79bcv7fTrX8uyXn/0aq5d8tOf/vpFr+3ZLz/26q5d8tOf/vpVr+3ZLzfzPV8u+Wh9//b8aMGTN5pu1nJgAAAAAAAAAAAACgaRanE7e9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9mBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuLkaus74f+Jl989qBxEDI38nfwMYxISSb7NpO/EKbYsJrw1sJhEJfsF3v2iz4Da9dAo1k00CJhFFRRdtw0RYQanNTkQsuaAUoF6gVUiVoL+gNokLlIqoCCkiVaAXZas55nmdnZmdndu3x+sw5n4+U/LIzZ+acOXPm7H53850BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoNWtr5//dCPLsuY/+b+2ZtkLmv+9eWprftlrrvUWAgAAAFfqV/m/n7shXXBwDTdqWeafX/7dry0tLS1l7xv98/HPLy2lK6aybHxTluXXRU/96P2N1mWCx7LJxkjL1yN9Vj/a5/qxPteP97l+os/1m/pcP9nn+hU7YIXNxe9j8jvbmf/n1mKXZjdm4/l1O7vc6rHGppGR+LucXCO/zdL4sWwhO5HNZ7NtyxfLNvLlv3Frc11vyeK6RlrWtb15hPzs0aNxGxphH+9sW9fyfUY/eV029fOfPXr0b889e3O32Xc3tN1fsZ137Ghu5yfDJcW2NrJNaZ/E7Rxp2c7tXZ6T0bbtbOS3a/5353Y+t8btHF3ezA3V+ZxPZiP5f38v309jrb/WS/tpe7jsF7dlWXZxebM7l1mxrmwk29J2ycjy8zNZHJHN+2geSi/OxtZ1nN66huO0Oed2th+nna+J+PzfGm43tso2tD5NP/nERMvz/sulyzlOo+ajXu210nkMDvq1UpZjMB4X38sf9ONdj8Gd4fE/evvqx2DXY6fLMZged8sxuKPfMTgyMZpvc3oSGvltlo/BXW3Lj+ZrauTzmdt7H4Mz506emVn82MfvXjh55Pj88flTe3btmt2zd+/+/ftnji2cmJ8t/n2Ze7v8tmQj6TWwI+y7+Bp4VceyrYfq0pcmVpx/L/d1ONnjdbi1Y9lBvw7HOh9cY2NekCuP6eK18Z7mTp+8NJKt8hrLn587r/x1mB53y+twrOV12PV7SpfX4dgaXofNZc7cubafWcZa/um2Dat/L7iyY3BryzHY+fNI5zE46J9HynIMTobj4gd3rv69YHvY3sen1/vzyOiKYzA93HDuaV6Sft6f3J+PbsflLc0rrpvIzi/On73nkSPnzp3dlYWxIV7Scqx0Hq9bWh5TtuJ4HVn38Xpw4eWP39Ll8q1hX03e3fzX5KrPVXOZe+/p/Vzl392678+2S3dnYQzYRu/Pbt/Nm/tzIsu+8O1PPPTNR7/w+lX3ZzNvfnLmyn8WT7m05fw7vsr5N+b+54v1pbt6bHR8rHj9jqa9M952Pm5/qsbyc1cjX/dzM2s7H4+Hfzb6fHxjj/Pxto5lB30+Hu98cPF83Oj3244r0/l8Tobj5MRs7/Nxc5ltu9d7TI71PB/fFmYj7P9Xh6SQclHLsbPacZvWNTY2Hh7XWFxD+3G6p2358ZDNmut6cnf4oTBt5dqO0ztuK5YfbbldtFHH6VTHsoM+TtPvvlY7Thv9fvt2eTqfz8lwXNy4p/dx2lzm6Xuv/Ny5Of5ny7lzot8xOD460dzm8XQQ5uf7bGlzPAbvyY5mp7MT2Vx+7UR+PDXydU3ft7Zz5UT4Z6PPldt6HIN3dCw76GMwfR9b7dhrjK188APQ+XxOhuPiift6H4PNZd6wb7A/u94RLknLtPzs2vn7tdV+53VLx266WsfKWNjOb+/r/bvZ5jIn9q83Z/beT3eFS67rsp86X7+rvabmso3ZT9vCdj67f/X91Nye5jKfP7DG4+lglmUXPvJA/vve8PeVC+e//7W2v7t0+5vOhY888NMXHvun9Ww/AMPv+WJsKb7Xtfxlai1//wcAAACGQsz9I2Em8j8AAABURsz98f8KT+R/AAAAqIyY+8fCTKqQ//+4/yLb3vDswvMXstTMXwri9Wk3PFgsFzuus+HrqaVlzcsf+Mr8f//jhbVt3kiWZb988I+6Lr/twbhdhamwnU+9sf3yFb5295rWffjhC2m9rf31L4b7j49nrYdBtwrubJZl37jhs/l6pt5/KZ9PP3g4nw9dfPyx5jLPHSi+jrd/5iXF8n8Vyr8Hjx1pu/0zYT/8OMzZt3bfH/F2X7306u373ru8vni7xo7r84f9xAeK+43vk/O5x4rl435ebfu/+Zknv9pc/pFXdt/+CyPdt//JcL9fCfN/XlYs3/ocNL+Ot/tU2P64vni7e778ra7b/9Sni+XPvKlY7nCYcf13hK93vunZhdb99UjjSNvjyt5cLBfXP/v9P82vj/cX779z+ycPXWrbH53Hx9P/VtzPTMfy8fK4nugfOtbfvJ/W4zOu/8k/Ody2n/ut/6mHnnlZ8347139Xx3JnPnJnvv7l+2t/x6a//tRnu64vbs/Bvz/T9ngOviu8jsP6n/hAOB7D9f/7VHF/ne+ucPhd7eefuPwXt15oezzRW35erP+p1x7P56bJzVuue8ELr7/4iua+y7LvbSrur9/6j//N6bbt/9JNxf6I18eOfuf6VxPXf/aj06dOL55fmEt79dEb8vfOeVuxPXF7bwjn1s6vD50+98H5s1OzU7NZNlXdt9C7bF8O86fFuNh76aUVZ9A7Hw7P5y1/+Y0tt//rZ+Ll//6e4vJLby2+b70qLPe5cPnW8Pytb/0rPXHrTfnru/F02MKlle8XfCW27/yv/WtaMDz+zp8L4vF+5qUfzPdD87r8+0Z8XV/h9v9wrrifr4f9uhTemXnHTcvra10+vjfCpXcXr/cr3n/hNBef178Lz/fbf1zcf9yu+Hh/GH6O+da29vNdPD6+fmGk8/7zd/G4GM4n2cXi+rhU3N+Xnrup6+bF9yHJLt6cf/1n6X5uXtfDXM3ixxZnTiycOv/IzLn5xXMzix/7+KGTp8+fOncofy/PQx/qd/vl89OW/Pw0N7/33iw/W50uxlV2rbf/zMNH5/bN3j43f+zI+WPnHj4zf/b40cXFo/Nzi7cfOXZs/qP9br8wd/+u3Qf27Ns9fXxh7v79Bw7sOTC9cOp0czOKjepj7+yHp0+dPZTfZPH+ew/suu++e2enT56em79/3+zs9Pl+t8+/N003b/2H02fnTxw5t3Byfnpx4ePz9+86sHfv7r7vBnjyzLHFqZmz50/NnF+cPztTPJapc/nFze99/W5PNS3+R/HzbKdG8UZ82Tvv2pven7XpK59Y9a6KRTreQPTZ8F4033nRmf1r+Trm/vEwkyrkfwAAACAXc/9EmIn8DwAAAJURc/+mMBP5HwAAACoj5v7JMNP/ElCT/F+5/v+2C2tav/6//n/r/tL/r1n//91l6/8X5wv9/8G40v69/n+g/6//r/+v/6//zwCUrf8fc//mLPP3fwAAAKiomPu3hJnI/wAAAFAZMfdfF2Yi/wMAAEBlxNz/gjCTmuR//X/9f/1//X/9/+7r1/8fTvr/ven/96H/P5PVq/9/cZDbfw36/5tbv9D/p4zK1v+Puf+FYSY1yf8AAABQBzH3Xx9mIv8DAABAZcTcf0OYifwPAAAAlRFz/9Ywk5rkf/3/K+r/p86V/n/79uv/t9P/D8eD/r/+/wbQ/+9N/78P/X+f/z9c/f82+v+UUdn6/zH3vyjMpCb5HwAAAOog5v4Xh5nI/wAAAFA+Y5d3s5j7XxJmsiL/X+YKAAAAgGsu5v4bs44ieE3+/q//7/P/9f/1//X/u69/7f3/0Uz/vzz0/3vT/+9D/1//X/9f/5+BKlv/P8/92WT20jCTmuR/AAAAqIOY+28KM5H/AQAAoDJi7v9/YSbyPwAAAFRGzP3bwkxqkv/1/yvT//9F61On/6//32v9+v8+/7/K9P970//vQ/9f/1//X/+fgSpb/z/m/pvDTGqS/wEAAKAOYu6/JcxE/gcAAIDKiLn//4eZyP8AAABQGTH3bw8zqUn+1/8vef8/Nkd9/r/+v/5/Kfv/k/r/paP/35v+fx/6//r/+v/6/wxU2fr/Mfe/LMykJvkfAAAA6iDm/peHmcj/AAAAUBkx978izET+BwAAgMqIuX8qzKQm+X89/f/GRf3/1Vzlz/+fWMPn/7fR/9f/77V+/X+f/19l+v+96f/3of+v/6//r//PQJWt/x9z/61hJjXJ/wAAAFAHMffvCDOR/wEAAKAyYu6/LcxE/gcAAIDKiLl/Z5hJTfK/z/8fiv5/pv+v/6//r/+v/782+v+96f/3of+v/6//r//PQJWt/x9z/yvDTGqS/wEAAKAOYu6/PcxE/gcAAIDKiLn/VWEm8j8AAABURsz9d4SZ1CT/6//r/+v/6//r/3dfv/7/cNL/703/vw/9f/1//X/9fwaqbP3/mPtfHWZSk/wPAAAAdRBz/51hJvI/AAAAVEbM/XeFmcj/AAAAUBkx90+HmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j77w4zqUn+BwAAgDqIuf+eMBP5HwAAACoj5v6ZMBP5HwAAACoj5v7ZMJOa5H/9f/1//X/9/3X1/1+xfL/6/wX9/3LR/+9N/78P/X/9/2ve/x/X/6dSytb/j7l/V5hJTfI/AAAA1EHM/bvDTOR/AAAAqIyY+/eEmcj/AAAAUBkx998bZlKT/K//r/+v/6//7/P/u69f/3846f/3Nvj+f3yI+v/6//r/Pv9f/5+Vytb/j7n/vjCTmuR/AAAAqIOY+/eGmcj/AAAAUBkx9+8LM5H/AQAAoDJi7t8fZlKT/K//r/+v/6//r//fff36/8NJ/783n//fh/6//v8Q9/+bx5b+P2VTtv5/zP0Hwkxqkv8BAACgDmLuf02YifwPAAAAlRFz/6+Fmcj/AAAAUBkx9/96mElN8r/+v/6//r/+f9n7/xP6//r/66D/35v+fx/6//r/Q9z/9/n/lFHZ+v8x998fZlKT/A8AAAB1EHP/b4SZyP8AAABQGTH3vzbMRP4HAACAyoi5/2CYSU3yv/7/BvX/44X6//r/+v8+/1///6rS/+9N/78P/X/9f/1//X8Gqmz9/5j7XxdmUpP8DwAAAHUQc/8DYSbyPwAAAFRGzP2vDzOR/wEAAKAyYu5/Q5hJTfK//r/P/7/2/f/xtm3X/1++nf5/Qf9f/3899P970//vQ/9f/1//X/+fgSpb/z/m/jeGmdQk/wMAAEAdxNz/pjAT+R8AAAAqI+b+N4eZyP8AAABQGTH3vyXMpCb5X/9f///a9/99/r/+f0H/X/9/EPT/e9P/70P/X/9f/1//n4EqW/8/5v7fDDOpSf4HAACAOoi5/8EwE/kfAAAAKiPm/reGmcj/AAAAUBkx978tzKQm+V//X/9f/1//X/+/+/r1/4eT/n9vQ9b//9X14XL9/4L+f7m3f739/7GOr69K//9Hq/X/lzZ13l7/n6uhbP3/mPvfHmZSk/wPAAAAdRBz/zvCTOR/AAAAqIyY+98ZZiL/AwAAQGXE3P9bYSY1yf/6/83tWG4v6//r/+cX6P/r/+v/Dy39/96GrP/v8/876P+Xe/t9/r/+PyuVrf8fc/+7wkxqkv8BAACgDmLufyjMRP4HAACAyoi5/91hJvI/AAAAVEbM/e8JM6lJ/tf/9/n/+v/6//r/3dev/z+c9P970//vQ/9f/79s/f//1P9nuJWt/x9z/8NhJjXJ/wAAAFAHMfe/N8xE/gcAAIDKiLn/t8NM5H8AAACojJj73xdmUpP8r/8/LP3/Kf3/dfb/J8Jl+v/6//r/9aL/35v+fx/6//r/Zev/+/x/hlzZ+v8x978/zGTt+X9yzUsCAAAA10TM/b8TZlKTv/8DAABAHcTc/7thJvI/AAAAVEbM/b8XZlKT/K//Pyz9f5//n/n8f/3/jsej/6//383G9f/jmUf/X/9f/z/S/9f/1/+nU9n6/zH3/36YSU3yPwAAANRBzP0fCDOR/wEAAGAodPt/sjvF3H8ozET+BwAAgMqIuf9wmElN8r/+v/6//n9J+/9/seNffvDddxzepf+v/6//vy4b+vn/zRe/z//X/9f/T/T/9f/1/+lUtv5/zP1HwkyWg9/bfMA/AAAADLeY+/8gzKQmf/8HAACAOoi5/2iYifwPAAAAlRFz/1yYSU3yv/6//r/+f0n7/0P8+f9xfwxT/3960xD1/+NJV/+/qw3t/793uSeu/7/e/v9E10s7+/8N/f82+v/r3v7vZFmm/6//zzVUtv5/zP3zYSY1yf8AAABQByH3jxwr5vIV8j8AAABURsz9x8NM5H8AAACojJj7PxhmUpP8r/+v/6//r//v8/+7r7+0/X+f/9+T/n9v5en/d+fz//X/h3n79f/1/1mpbP3/mPsXwkxqkv8BAACgDmLu/1CYifwPAAAAlRFz/4fDTOR/AAAAqIyY+0+EmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j7T4aZ1CT/AwAAQB3E3H8qzOT/2LuPJsvq847jt3FTzBQb77zwwt77JbAwa/sFeMHGC7vK5YWxjXNicI4454BtJRRQAAmhhHICJSSUhSSUc0AZSTUqmOd5Znr69LndM7e7z/0/n89CDzSMzkU1BfrRfDn2PwAAAAwjd//NcYv9DwAAAMPI3f/LcUuT/a//1/8P2///pP7/oOfr//X/I9P/z9P/r6H/1//r//X/bNTS+v/c/b8StzTZ/wAAANBB7v5fjVvsfwAAABhG7v5b4hb7HwAAAIaRu//X4pYm+/+y/n9n1bP/z4xX/z9S/+/9/wc+X/+v/x/Zyfb/tz3xZz79v/5f/x/0//p//T+XW1r/n7v/1+OWJvsfAAAAOsjd/xtxi/0PAAAAw8jd/5txi/0PAAAAw8jd/1txS5P97/3/3v+v/9f/6/+nn6//307e/z+vU/9/y8PX/9Jj9/7ofUd5vv5f/6//1/+zWUvr/3P3/3bc0mT/AwAAQAe5+38nbrH/AQAAYBi5+383brH/AQAAYAudnfxq7v7fi1ua7H/9v/5f/x/9/xn9v/5f/z8C/f+8Tv3/lTxf/6//1//r/9mspfX/uft/P25psv8BAACgg9z9fxC32P8AAACwXFP/IPaM3P23xi32PwAAAAwjd/+5uKXJ/tf/H3///339/3b0/97/r//X/w9B/z9P/7+G/l//r//X/7NRS+v/c/ffFrc02f8AAADQQe7+P4xb7H8AAAAYRu7+P4pb7H8AAAAYRu7+P45bmux//b/3/+v/9f/6/+nn6/+3k/5/nv5/Df3/1fbz1+r/9f/6fy51xP7/8Zk/bW+k/8/d/ydxS5P9DwAAAB3k7v/TuMX+BwAAgGHk7v+zuMX+BwAAgGHk7v/zuKXJ/tf/6//1//r/K+7/9//Ue5L+f5r+/2To/+ctpv/f2Z38sv5/6/t/7//X/+v/2WNp7//P3f8XcUuT/Q8AAAAd5O7/y7hlZv8f+W/mAwAAAKcqd/9fxS2+/w8AAABbL6uz3P1/Hbc02f/6f/2//l//7/3/08+f6//vu+Tz6f+XRf8/bzH9/wH0//r/bf78+n/9P/strf/P3f83cUuT/Q8AAAAd5O6/PW6x/wEAAGAYufv/Nm6x/wEAAGAYufv/Lm5psv+n+/+Lv13/fzj6/72fX/8//fNjU/1//jfq/2f7/xu9/78n/f88/f8a+n/9v/7/oP7/7Lofr/9nytL6/9z9fx+3NNn/AAAA0EHu/n+IW+x/AAAAGEbu/n+MW+x/AAAAGEbu/n+KW5rsf+//1//r/7ev//f+/wtO8/3/qxPv/3f1/4ek/5+n/19D/6//1//Pv/9/5t8CoP9nytL6/9z9/xy3NNn/AAAA0EHu/n+JW+x/AAAA2A6X/rMDl/8DpSF3/7/GLfY/AAAADCN3/7/FLePs/9l3der/9f/6f/2//n/6+cvq/73//7D0//P0/2vo/4+jn98drP+/46Afv4T+/9bj7v9n6P+Zsqf/v//i10+r/8/d/+9xyzj7HwAAANrL3f8fcYv9DwAAAMPI3f+fcYv9DwAAAMPI3f9fcUuT/X/s/f/Mv31A/6//1//r//X/+v9N0//P0/+vof/3/n/v/9f/s1F7+v9LnFb/n7v/v+OWJvsfAAAAOsjd/z9xi/0PAAAAw8jdf0fcYv8DAADAMHL3/2/c0mT/e/+//l//r//X/08/X/+/na6qv79G/1/0//p//b/+X//PBiyt/8/d/39xS5P9DwAAAB3k7v//uMX+BwAAgGHk7n9K3GL/AwAAwDBy9z81bmmy//X/x9v/59f1//r/lf5f/6//PxFt3/+/M/VXov0O6P8f/IVzP733K/p//b/+X/+v/+eQfnjmty2i/z9/8f9d5u5/WtzSZP8DAABAB7n7nx632P8AAAAwjNz9z4hb7H8AAAAYRu7+O+OWI+7/ueZhyfT/3v+v/9f/6/+nn6//305t+/9D8v7/NfT/+n/9v/6fjVpE/3/Jr+fuf2bc4vv/AAAAMIzc/c+KW+x/AAAAGEbu/mfHLfY/AAAADCN3/3Pilib7X/+v/9f/6//1/9PP1/9vJ/3/PP3/GtvU/995Ff3/7vSXT7ufv1qn/fn1//p/9lta/5+7/664pcn+BwAAgA5y9z83brH/AQAAYBi5+58Xt9j/AAAAMIzc/c+PW5rsf/2//l//r//X/08/X/+/nfT/8/T/q9Xq7pkPMNX/n79umf2/9/8v7vPr//X/7Le0/j93/wvilib7HwAAADrI3X933GL/AwAAwDBy998Tt9j/AAAAMIzc/S+MW5rsf/2//l//r//X/08/X/+/nfT/8/T/a2zT+//1/4v7/Pp//T/7La3/z93/orilyf4HAACADnL33xu32P8AAAAwjNz9L45b7H8AAAAYRu7+++KWJvtf/6//1//r//X/08/X/2+n4+v/V/p//b/+fw39v/5f/8/lltb/5+5/SdzSZP8DAABAB7n7Xxq32P8AAAAwjNz9L4tb7H8AAAAYRu7+l8ctTfa//l//r//X/+v/p5+v/99O3v8/T/+/hv5f/6//1/+zUdP9/62n1v/n7n9F3NJk/wMAAEAHufvvj1vsfwAAABhG7v5Xxi32PwAAAAwjd/+r4pYm+1//r//f2/+vVvp//b/+/4IT6P/PrPT/G6f/n6f/X0P/P2b/f81qoP7/7IE/Xv/PEi3t/f+5+18dtzTZ/wAAANBB7v7XxC32PwAAAAwjd/9r4xb7HwAAAIaRu/91cUuT/a//1/97/7/+X/8//Xzv/99O+v95+v819P9j9v/e/6//59Qsrf/P3f/6uKXJ/gcAAIAOcve/IW6x/wEAAGAYufvfGLfY/wAAADCM3P1vilua7H/9v/5f/6//1/9PP1//v530//P0/2vo//X/+n/9Pxu1tP4/d/+b45Ym+x8AAAA6yN3/QNxi/wMAAMAwcvc/GLfY/wAAADCM3P1viVua7H/9v/5f/7+d/f8Z/b/+X/8/aSn9/w03/NRD+n/9v/5f/6//1/93t7T+P3f/W+OWJvsfAAAAOsjd/7a4xf4HAACAYeTuf3vcYv8DAADAMHL3vyNuabL/9/f/164uFKoXTPX/0ajp/y+h/9/7+fX/0z8/vP9f/6//P35L6f+9///KPr/+X/+/zZ//SP3/j+//8fp/RrS0/j93/0NxS5P9DwAAAB3k7n9n3GL/AwAAwDBy978rbrH/AQAAYBi5+x+OW5rsf+//1//r//X/+v/p5+v/t5P+f57+fw39v/7f+/9v/rkf0v+zOUvr/3P3vztuabL/AQAAoIPc/e+JW+x/AAAAGEbu/vfGLfY/AAAADCN3//vilib7X/+v/9f/6//1/9PP1/9vJ/3/PP1/ufwP7YI+/f+ZqS+edj9/tU778w/T/3v/Pxu0tP4/d//745Ym+x8AAAA6yN3/gbjF/gcAAIBh5O7/YNxi/wMAAMAwcvd/KG5psv/1//r/8fv/n9X/X/Z8/b/+f2T6//wr+jT9/xp9+v9Jp93Pb/vn1//r/9lvaf1/7v5H4pYm+x8AAAA6yN3/4bjF/gcAAIBh5O7/SNxi/wMAAMAwcvd/NG5psv/1/736/51Vx/7f+//1//r/TvT/8/T/a+j/9f/6f/0/G7W0/j93/6M7uy33PwAAAGyrn/mJX3zksL/vo0/+55nVx+KWG1fnD/ltbAAAAGDhntj9O7ur1cef/DXf/wcAAIAR5e7/RNzSZP/r/3v1/z3f/6//1//r/zvR/8/T/6+h/9f/6//1/2zU0vr/3P2fjFsuGX67R/6jBAAAAJYkd/+n4pYm3/8HAACADnL3fzpu2bf//esAAQAAYFvl7v9M3NLk+//6/4X3/6tj6v/j99P/X6D/1/9PPV//v530//Ousv8/v6P/1//P0P/r//X/XG5p/X/u/s/GLU32PwAAAAxqz99RyN3/ubjF/gcAAIBh5O7/fNxi/wMAAMAwcvd/IW5psv/1/yfe/2eqfozv/z9bv+T9/837/9vPTD5f/6//H5n+f573/6+h/x+l/79O/6//ZxmW1v/n7v9i3NJk/wMAAEAHufu/FLfY/wAAADCM3P1fjlvsfwAAABhG7v6vxC1N9r/+f+Hv/7+i/v8Q7//X//fo/w94/jj9/49cf+6Bm37+nrv0/1x0kv1//lzQ/+v/9f8XLKj/9/5//T8Lsfn+f3fPF4/a/+fu/2rc0mT/AwAAQAe5+x+LW+x/AAAAGEbu/q/FLfY/AAAADCN3/9fjlib7X/+v/19K/5//W59C/3/uivv/s6vV6lT6/2yKu/f/3v+v/9/P+//n6f/X0P/r//X/+n82avP9/94vHrX/z93/jbilyf4HAACADnL3fzNuyf2/c+S/dQ8AAAAsTO7+b8Utvv8PAAAAw8jd/+24pcn+1//r/5fS/yfv/7/448Z6//9NFaf27P9/rH5J/3+89P/z9P9r6P/1//p//T8btbT+P3f/d+KWJvsfAAAAOsjd/3jcYv8DAADAMHL3fzdusf8BAABgGLn7vxe3NNn/+v9R+/8s4vX/+v+l9P/e/+/9/ydD/z9P/7+G/l//r//X/7NRS+v/c/f/IAAA//9GqnSo")
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000280)='./bus\x00', 0x810408, 0x0, 0xff, 0x0, &(0x7f00000007c0))
rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000a00)='./bus/file0\x00')

138.356867ms ago: executing program 5 (id=3708):
syz_usb_connect$sierra_net(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x1199, 0x68a3, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x0, 0x80, 0xfa, {{0x9, 0x4, 0x7, 0x0, 0x3, 0xff, 0x0, 0x0, 0x0, "", {{0x9, 0x5, 0x80, 0x2, 0x400, 0x3, 0x6a, 0x9}, {0x9, 0x5, 0x6, 0x2, 0x204, 0x4, 0x0, 0xa}, {0x9, 0x5, 0xe, 0x3, 0x200, 0xdd, 0x0, 0x6a}}}}}}]}}, 0x0)

90.553658ms ago: executing program 0 (id=3709):
timerfd_create(0x2, 0x0)

90.400673ms ago: executing program 0 (id=3710):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x2000000000000005, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f00000000c0)={0x5, 0x1, 0x0, "bb1e000064000080007f28becf0500063475de71000077a16c80b6db943400"})

0s ago: executing program 0 (id=3711):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090f04000000000000000000850000000f000000850000007d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x100000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000500)='sys_exit\x00', r0, 0x0, 0xffffffffffffffff}, 0x18)
pause()

kernel console output (not intermixed with test programs):

sid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2307 (11821)
[  266.233997][T11821] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  266.238640][T11821] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  266.378196][T11821] BTRFS info (device loop3): rebuilding free space tree
[  266.395013][T11821] BTRFS info (device loop3): disabling free space tree
[  266.404789][T11821] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  266.418436][T11821] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  266.456900][T11821] BTRFS info (device loop3): enabling ssd optimizations
[  266.459911][T11821] BTRFS info (device loop3): force clearing of disk cache
[  266.462798][T11821] BTRFS info (device loop3): enabling auto defrag
[  266.476935][T11821] BTRFS info (device loop3): doing ref verification
[  266.482166][T11821] BTRFS info (device loop3): force zstd compression, level 3
[  266.504843][T11847] loop4: detected capacity change from 0 to 1024
[  266.532090][   T33] audit: type=1800 audit(1758565611.628:42): pid=11821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2307" name="file1" dev="loop3" ino=260 res=0 errno=0
[  266.574321][T11847] hfsplus: xattr search failed
[  266.817631][ T8300] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  266.832143][T11861] loop4: detected capacity change from 0 to 256
[  267.323742][T11869] input: syz0 as /devices/virtual/input/input11
[  267.731604][T11888] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  267.808010][T11893] netlink: 'syz.0.2327': attribute type 1 has an invalid length.
[  267.884550][T11893] bond1: entered promiscuous mode
[  267.890549][T11893] 8021q: adding VLAN 0 to HW filter on device bond1
[  267.891409][ T5936] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  267.956613][T11893] bond1: (slave bridge3): making interface the new active one
[  267.968281][T11893] bridge3: entered promiscuous mode
[  267.997178][T11893] bond1: (slave bridge3): Enslaving as an active interface with an up link
[  268.099638][ T5936] usb 4-1: config 241 has an invalid interface number: 0 but max is -1
[  268.102538][ T5936] usb 4-1: config 241 has 1 interface, different from the descriptor's value: 0
[  268.105666][ T5936] usb 4-1: New USB device found, idVendor=0c98, idProduct=1140, bcdDevice=db.e9
[  268.119100][ T5936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.137389][ T5936] pcwd_usb: The device isn't a Human Interface Device
[  268.356148][ T5936] usb 4-1: USB disconnect, device number 20
[  268.386210][T11916] input: syz1 as /devices/virtual/input/input12
[  268.489011][T11921] loop4: detected capacity change from 0 to 256
[  268.639650][T11921] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  268.710971][ T2299] Process accounting resumed
[  268.713301][ T2299] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  268.717043][ T2299] FAT-fs (loop4): Filesystem has been set read-only
[  268.866497][T11924] loop4: detected capacity change from 0 to 64
[  268.879966][T11924] syz.4.2340: attempt to access beyond end of device
[  268.879966][T11924] loop4: rw=2049, sector=268435468, nr_sectors = 2 limit=64
[  268.970144][T11930] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2343'.
[  268.973818][T11930] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2343'.
[  269.043283][T11932] loop3: detected capacity change from 0 to 2048
[  269.051611][T11932] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  269.089537][ T8300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.447469][T11960] netlink: 18316 bytes leftover after parsing attributes in process `syz.4.2357'.
[  269.593441][T11966] loop4: detected capacity change from 0 to 256
[  269.607829][T11966] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  269.751698][T11970] loop4: detected capacity change from 0 to 4096
[  269.755484][T11970] ntfs3(loop4): Primary boot: invalid bytes per index 24576(6).
[  269.759193][T11970] ntfs3(loop4): try to read out of volume at offset 0x1ffe00
[  270.059127][ T2299] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  270.151126][T11994] loop3: detected capacity change from 0 to 22
[  270.209925][ T2299] usb 5-1: Using ep0 maxpacket: 32
[  270.221057][ T2299] usb 5-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=8a.0a
[  270.224611][ T2299] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.227311][ T2299] usb 5-1: Product: syz
[  270.237251][ T2299] usb 5-1: Manufacturer: syz
[  270.239387][ T2299] usb 5-1: SerialNumber: syz
[  270.243035][ T2299] usb 5-1: config 0 descriptor??
[  270.247082][ T2299] xr_serial 5-1:0.0: skipping garbage
[  270.458511][ T5856] usb 5-1: USB disconnect, device number 12
[  271.088018][ T5856] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  271.106972][   T33] audit: type=1107 audit(1758565616.208:43): pid=12029 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  271.246026][ T5856] usb 4-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc
[  271.289056][ T5856] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.292702][ T5856] usb 4-1: Product: syz
[  271.294422][ T5856] usb 4-1: Manufacturer: syz
[  271.306566][ T5856] usb 4-1: SerialNumber: syz
[  271.327016][ T5856] usb 4-1: config 0 descriptor??
[  271.331264][ T5856] cypress_m8 4-1:0.0: Nokia CA-42 V2 Adapter converter detected
[  271.334999][ T5856] nokiaca42v2 ttyUSB0: required endpoint is missing
[  271.565300][ T5856] usb 4-1: USB disconnect, device number 21
[  271.568276][ T5856] cypress_m8 4-1:0.0: device disconnected
[  273.081046][ T5858] Bluetooth: hci1: command 0x0406 tx timeout
[  273.529499][ T2299] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  273.687972][ T2299] usb 4-1: Using ep0 maxpacket: 32
[  273.698669][ T2299] usb 4-1: config 0 has an invalid interface number: 212 but max is 0
[  273.701881][ T2299] usb 4-1: config 0 has no interface number 0
[  273.704189][ T2299] usb 4-1: config 0 interface 212 has no altsetting 0
[  273.721157][ T2299] usb 4-1: New USB device found, idVendor=0bfd, idProduct=010b, bcdDevice=c5.d3
[  273.724593][ T2299] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.727594][ T2299] usb 4-1: Product: syz
[  273.729410][ T2299] usb 4-1: Manufacturer: syz
[  273.731208][ T2299] usb 4-1: SerialNumber: syz
[  273.735403][ T2299] usb 4-1: config 0 descriptor??
[  273.742002][ T2299] kvaser_usb 4-1:0.212: error -ENODEV: Cannot get usb endpoint(s)
[  273.977451][ T5856] usb 4-1: USB disconnect, device number 22
[  274.111611][T12106] overlayfs: failed to get inode (-116)
[  274.114839][T12106] overlayfs: failed to get inode (-116)
[  274.261426][T12122] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2430'.
[  274.339945][T12128] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2433'.
[  274.423002][T12130] loop4: detected capacity change from 0 to 8192
[  274.960204][T12157] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2447'.
[  275.025464][T12149] loop3: detected capacity change from 0 to 40427
[  275.028910][T12149] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010)
[  275.031426][T12149] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  275.033790][T12149] F2FS-fs (loop3): Image doesn't support compression
[  275.035821][T12149] F2FS-fs (loop3): build fault injection type: 0x4
[  275.039180][T12149] F2FS-fs (loop3): invalid crc value
[  275.074697][T12149] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  275.080560][T12149] F2FS-fs (loop3): Start checkpoint disabled!
[  275.086737][T12149] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  275.089611][T12149] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  275.461453][T12173] openvswitch: netlink: Key 27 has unexpected len 0 expected 40
[  275.904475][T12178] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  277.079728][T12196] macvtap1: entered promiscuous mode
[  277.081494][T12196] vlan0: entered promiscuous mode
[  277.083431][T12196] macvtap1: entered allmulticast mode
[  277.086790][T12196] vlan0: entered allmulticast mode
[  277.091101][T12196] veth0_vlan: entered allmulticast mode
[  277.371719][T12206] veth0_to_team: entered promiscuous mode
[  278.066409][T12238] loop3: detected capacity change from 0 to 256
[  278.070518][T12238] exfat: Deprecated parameter 'namecase'
[  278.072843][T12238] exfat: Deprecated parameter 'utf8'
[  278.086055][T12238] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  278.171697][T12244] loop4: detected capacity change from 0 to 4096
[  278.234952][T12250] netlink: 'syz.0.2488': attribute type 8 has an invalid length.
[  278.283808][   T33] audit: type=1800 audit(1758565623.388:44): pid=12254 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2491" name="nullb0" dev="tmpfs" ino=5057 res=0 errno=0
[  279.067862][ T5936] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  279.448921][ T5936] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  279.452834][ T5936] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  279.456812][ T5936] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  279.460499][ T5936] usb 4-1: config 1 has no interface number 0
[  279.462792][ T5936] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30
[  279.466864][ T5936] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[  279.477327][ T5936] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  279.481008][ T5936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.484855][ T5936] usb 4-1: Product: syz
[  279.486677][ T5936] usb 4-1: Manufacturer: syz
[  279.488692][ T5936] usb 4-1: SerialNumber: syz
[  279.777304][ T5936] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71
[  279.836040][ T5936] usb 4-1: USB disconnect, device number 23
[  280.317047][T12308] loop4: detected capacity change from 0 to 512
[  280.343820][T12308] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.350531][T12308] ext4 filesystem being mounted at /235/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  280.392356][T12308] EXT4-fs: Cannot specify journal on remount
[  280.440598][T10236] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816
[  280.446003][T10236] EXT4-fs error (device loop4): ext4_lookup:1787: inode #12: comm syz-executor: iget: bad i_size value: 2533274857506816
[  280.608441][   T10] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  280.769968][   T10] usb 4-1: New USB device found, idVendor=0e41, idProduct=4156, bcdDevice=3b.70
[  280.773175][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.789458][   T10] usb 4-1: config 0 descriptor??
[  280.914930][T11653] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  281.002791][ T5856] usb 4-1: USB disconnect, device number 24
[  281.557271][ T5858] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  281.562874][ T5858] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  281.566908][ T5858] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  281.583880][ T5858] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  281.587446][ T5858] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  281.862381][T12348] chnl_net:caif_netlink_parms(): no params data found
[  281.951984][T12366] loop3: detected capacity change from 0 to 128
[  282.068638][T12348] bridge0: port 1(bridge_slave_0) entered blocking state
[  282.076818][T12348] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.084153][T12348] bridge_slave_0: entered allmulticast mode
[  282.096584][T12348] bridge_slave_0: entered promiscuous mode
[  282.110397][T12348] bridge0: port 2(bridge_slave_1) entered blocking state
[  282.115697][T12348] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.135638][T12348] bridge_slave_1: entered allmulticast mode
[  282.145155][T12348] bridge_slave_1: entered promiscuous mode
[  282.163423][   T33] audit: type=1326 audit(1758565627.268:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12375 comm="syz.3.2543" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce3058ec29 code=0x7ffc0000
[  282.172096][   T33] audit: type=1326 audit(1758565627.268:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12375 comm="syz.3.2543" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce3058ec29 code=0x7ffc0000
[  282.181279][   T33] audit: type=1326 audit(1758565627.278:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12375 comm="syz.3.2543" exe="/syz-executor" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7fce3058ec29 code=0x7ffc0000
[  282.438533][   T33] audit: type=1326 audit(1758565627.278:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12375 comm="syz.3.2543" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce3058ec29 code=0x7ffc0000
[  282.481842][T12348] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  282.494520][T12348] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  282.546151][T12348] team0: Port device team_slave_0 added
[  282.551411][T12348] team0: Port device team_slave_1 added
[  282.572813][T12348] batman_adv: batadv0: Adding interface: batadv_slave_0
[  282.575050][T12348] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.586346][T12348] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  282.594391][T12348] batman_adv: batadv0: Adding interface: batadv_slave_1
[  282.597363][T12348] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  282.608196][T12348] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  282.664163][T12348] hsr_slave_0: entered promiscuous mode
[  282.667354][T12348] hsr_slave_1: entered promiscuous mode
[  282.670411][T12348] debugfs: 'hsr0' already exists in 'hsr'
[  282.672901][T12348] Cannot create hsr debugfs directory
[  282.798067][T12380] loop3: detected capacity change from 0 to 40427
[  282.801674][T12380] F2FS-fs: heap/no_heap options were deprecated
[  282.805211][T12380] F2FS-fs (loop3): build fault injection rate: 23
[  282.812918][T12380] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  282.905129][T12348] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  282.912917][T12380] F2FS-fs (loop3): invalid crc value
[  282.924672][T12348] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  282.934571][T12348] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  282.946640][T12348] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  282.959238][T12380] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  283.022734][T12348] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.025464][T12348] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.074337][T12348] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.083657][ T3580] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.106083][T12348] 8021q: adding VLAN 0 to HW filter on device team0
[  283.114082][T12380] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  283.123240][ T3580] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.125542][ T3580] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.135325][T12380] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  283.139176][ T3580] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.141479][ T3580] bridge0: port 2(bridge_slave_1) entered forwarding state
[  283.148670][T12380] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  283.205815][ T8300] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_grab_meta_folio+0x6a/0x1d0
[  283.658092][ T5858] Bluetooth: hci2: command tx timeout
[  283.887214][ T5696] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.015381][T12348] 8021q: adding VLAN 0 to HW filter on device batadv0
[  284.090568][ T5696] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.155321][ T5696] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.175380][T12402] loop3: detected capacity change from 0 to 32768
[  284.182615][T12402] bcachefs: bch2_fs_open() bch_fs_open err opening /dev/loop3: erofs_nochanges
[  284.186256][T12402] bcachefs: bch2_fs_get_tree() error: erofs_nochanges
[  284.224028][ T5696] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.245724][T12348] veth0_vlan: entered promiscuous mode
[  284.253978][T12348] veth1_vlan: entered promiscuous mode
[  284.295685][T12348] veth0_macvtap: entered promiscuous mode
[  284.310761][T12348] veth1_macvtap: entered promiscuous mode
[  284.364689][ T5696] bridge_slave_1: left allmulticast mode
[  284.366751][ T5696] bridge_slave_1: left promiscuous mode
[  284.369805][ T5696] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.377614][ T5696] bridge_slave_0: left allmulticast mode
[  284.387858][ T5696] bridge_slave_0: left promiscuous mode
[  284.390055][ T5696] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.924156][T12424] loop3: detected capacity change from 0 to 32768
[  284.928812][T12424] bcachefs (/dev/loop3): error validating superblock: Invalid superblock section clean: entry type (unknown jset_entry_type 255) overruns end of section
[  284.928812][T12424] clean (size 2912):
[  284.928812][T12424] flags:          0
[  284.928812][T12424] journal_seq:    8
[  284.928812][T12424] usage: type=inodes v=8
[  284.928812][T12424] usage: type=key_version v=0
[  284.928812][T12424] usage: type=reserved v=0
[  284.928812][T12424] usage: type=reserved v=0
[  284.928812][T12424] usage: type=reserved v=0
[  284.928812][T12424] usage: type=reserved v=0
[  284.928812][T12424] data_usage: free: 0/0 []=9895604652800
[  284.928812][T12424] data_usage: journal: 1/1 [0]=0
[  284.928812][T12424] data_usage: user: 1/1 [0]=32
[  284.928812][T12424] dev_usage: dev=0  
[  284.928812][T12424]   free: buckets=83 sectors=0 fragmented=0
[  284.928812][T12424]   sb: buckets=25 sectors=6152 fragmented=248
[  284.928812][T12424]   journal: buckets=8 sectors=2048 fragmented=0
[  284.928812][T12424]   btree: buckets=11 sectors=2816 fragmented=0
[  284.928812][T12424]   user: buckets=1 sectors=32 fragmented=224
[  284.928812][T12424]   cached: buckets=0 sectors=0 fragmented=0
[  284.928812][T12424]   parity: buckets=0 sectors=0 fragmented=0
[  284.928812][T12424]   stripe: buckets=0 sectors=0 fragmented=0
[  284.928812][T12424]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  284.928812][T12424]   need_discard: buckets=0 sectors=0 fragmented=0
[  284.928812][T12424] clock: read=0
[  284.928812][T12424] clock: write=1288
[  284.928812][T12424] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPO
[  284.928982][T12424] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  285.134481][ T5696] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  285.141100][ T5696] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  285.146250][ T5696] bond0 (unregistering): Released all slaves
[  285.184893][T12348] batman_adv: batadv0: Interface activated: batadv_slave_0
[  285.195874][T12439] netlink: 'syz.3.2561': attribute type 6 has an invalid length.
[  285.215217][T12348] batman_adv: batadv0: Interface activated: batadv_slave_1
[  285.255102][   T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  285.260290][   T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  285.301071][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  285.351153][T12447] loop3: detected capacity change from 0 to 4096
[  285.372301][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  285.413594][   T33] audit: type=1800 audit(1758565630.508:49): pid=12447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2564" name="file1" dev="loop3" ino=33 res=0 errno=0
[  285.571235][ T1089] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.573858][ T1089] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.610276][ T1089] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.613530][ T1089] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.632780][ T5696] hsr_slave_0: left promiscuous mode
[  285.638702][ T5696] hsr_slave_1: left promiscuous mode
[  285.641303][ T5696] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  285.644228][ T5696] batman_adv: batadv0: Removing interface: batadv_slave_0
[  285.657438][ T5696] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  285.661086][ T5696] batman_adv: batadv0: Removing interface: batadv_slave_1
[  285.684175][ T5696] veth1_macvtap: left promiscuous mode
[  285.686333][ T5696] veth0_macvtap: left promiscuous mode
[  285.697963][ T5696] veth1_vlan: left promiscuous mode
[  285.700236][ T5696] veth0_vlan: left promiscuous mode
[  285.718251][ T5858] Bluetooth: hci2: command tx timeout
[  285.814911][T12453] loop3: detected capacity change from 0 to 32768
[  285.821499][T12453] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  285.843275][T12453] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x50.
[  285.863493][T12453] XFS (loop3): Ending clean mount
[  285.991841][ T8300] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  286.537056][ T5696] team0 (unregistering): Port device team_slave_1 removed
[  286.585700][ T5696] team0 (unregistering): Port device team_slave_0 removed
[  287.139434][T12478] loop3: detected capacity change from 0 to 16
[  287.142902][T12478] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  287.562743][T12508] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2588'.
[  287.597833][ T2299] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  287.757962][ T2299] usb 4-1: Using ep0 maxpacket: 32
[  287.767295][ T2299] usb 4-1: unable to get BOS descriptor or descriptor too short
[  287.776826][ T2299] usb 4-1: config 125 has an invalid interface number: 27 but max is 0
[  287.786406][ T2299] usb 4-1: config 125 has no interface number 0
[  287.789926][ T2299] usb 4-1: config 125 interface 27 altsetting 24 has an invalid endpoint descriptor of length 6, skipping
[  287.798407][ T5858] Bluetooth: hci2: command tx timeout
[  287.801245][ T2299] usb 4-1: config 125 interface 27 altsetting 24 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  287.812828][T12514] loop5: detected capacity change from 0 to 4096
[  287.816703][ T2299] usb 4-1: config 125 interface 27 has no altsetting 0
[  287.827622][ T2299] usb 4-1: New USB device found, idVendor=1199, idProduct=68aa, bcdDevice=a4.70
[  287.831735][ T2299] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.835010][ T2299] usb 4-1: Product: syz
[  287.843476][T12514] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512).
[  287.850132][ T2299] usb 4-1: Manufacturer: syz
[  287.852017][ T2299] usb 4-1: SerialNumber: syz
[  287.868100][T12494] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  288.018391][T12520] loop5: detected capacity change from 0 to 64
[  288.023265][T12520] MINIX-fs: deleted inode referenced: 1
[  288.084573][ T2299] hub 4-1:125.27: bad descriptor, ignoring hub
[  288.086958][ T2299] hub 4-1:125.27: probe with driver hub failed with error -5
[  288.098115][ T2299] sierra 4-1:125.27: Sierra USB modem converter detected
[  288.107266][ T2299] usb 4-1: Sierra USB modem converter now attached to ttyUSB0
[  288.148705][ T2299] usb 4-1: USB disconnect, device number 25
[  288.162121][ T2299] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  288.166717][ T2299] sierra 4-1:125.27: device disconnected
[  288.279074][ T1088] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  289.291141][T12550] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (16777216)
[  289.488369][T12569] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present
[  289.574379][T12576] netlink: 'syz.5.2619': attribute type 3 has an invalid length.
[  289.865006][T12598] loop5: detected capacity change from 0 to 64
[  289.888158][ T5858] Bluetooth: hci2: command tx timeout
[  289.927251][T12598] minix_free_block (loop5:21): bit already cleared
[  290.034070][T12609] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  290.050053][T12609] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  290.221585][T12600] loop3: detected capacity change from 0 to 32768
[  290.267429][T12600] ERROR: (device loop3): diAllocAG: numfree > numinos
[  290.267429][T12600] 
[  290.274167][T12600] ERROR: (device loop3): remounting filesystem as read-only
[  290.277046][T12600] ialloc: diAlloc returned -5!
[  290.516005][T12614] loop5: detected capacity change from 0 to 40427
[  290.520515][T12614] F2FS-fs (loop5): build fault injection rate: 14
[  290.523076][T12614] F2FS-fs (loop5): build fault injection type: 0x3bfe8c
[  290.538845][T12614] F2FS-fs (loop5): invalid crc value
[  290.542527][    C1] F2FS-fs (loop5): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  290.553702][    C1] F2FS-fs (loop5): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  290.607291][T12614] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  290.612816][T12614] F2FS-fs (loop5): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  290.647171][T12614] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  290.677596][T12614] F2FS-fs (loop5): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  290.721893][T12348] syz-executor: attempt to access beyond end of device
[  290.721893][T12348] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  290.727146][T12348] F2FS-fs (loop5): inject write IO error in f2fs_write_end_io of __submit_merged_bio+0x27a/0x6a0
[  290.738152][T12348] CPU: 1 UID: 0 PID: 12348 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  290.738174][T12348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  290.738182][T12348] Call Trace:
[  290.738187][T12348]  <TASK>
[  290.738219][T12348]  dump_stack_lvl+0x189/0x250
[  290.738243][T12348]  ? __pfx_dump_stack_lvl+0x10/0x10
[  290.738261][T12348]  ? __pfx_queue_work_on+0x10/0x10
[  290.738274][T12348]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  290.738297][T12348]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  290.738332][T12348]  f2fs_handle_critical_error+0x37c/0x540
[  290.738357][T12348]  f2fs_write_end_io+0x886/0xb60
[  290.738385][T12348]  __submit_merged_bio+0x27a/0x6a0
[  290.738409][T12348]  __submit_merged_write_cond+0x255/0x530
[  290.738433][T12348]  f2fs_write_data_pages+0x261d/0x3000
[  290.738472][T12348]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  290.738485][T12348]  ? is_bpf_text_address+0x26/0x2b0
[  290.738537][T12348]  ? ktime_get+0x3e/0x1f0
[  290.738552][T12348]  ? ktime_get+0x3e/0x1f0
[  290.738568][T12348]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  290.738583][T12348]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  290.738608][T12348]  ? rcu_is_watching+0x15/0xb0
[  290.738625][T12348]  ? __lock_acquire+0xab9/0xd20
[  290.738654][T12348]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  290.738668][T12348]  do_writepages+0x32e/0x550
[  290.738695][T12348]  ? do_raw_spin_unlock+0x4d/0x240
[  290.738715][T12348]  filemap_fdatawrite+0x199/0x240
[  290.738735][T12348]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  290.738785][T12348]  ? do_raw_spin_unlock+0x4d/0x240
[  290.738806][T12348]  f2fs_sync_dirty_inodes+0x31f/0x830
[  290.738831][T12348]  f2fs_write_checkpoint+0x95a/0x1df0
[  290.738865][T12348]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  290.738913][T12348]  ? kill_f2fs_super+0x298/0x6c0
[  290.738932][T12348]  kill_f2fs_super+0x2c3/0x6c0
[  290.738951][T12348]  ? __pfx_kill_f2fs_super+0x10/0x10
[  290.738963][T12348]  ? radix_tree_delete_item+0x2b6/0x400
[  290.738982][T12348]  ? shrinker_free+0x2ce/0x3e0
[  290.738999][T12348]  deactivate_locked_super+0xbc/0x130
[  290.739019][T12348]  cleanup_mnt+0x425/0x4c0
[  290.739034][T12348]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.739051][T12348]  task_work_run+0x1d4/0x260
[  290.739071][T12348]  ? __pfx_task_work_run+0x10/0x10
[  290.739087][T12348]  ? __x64_sys_umount+0x122/0x160
[  290.739109][T12348]  ? exit_to_user_mode_loop+0x40/0x110
[  290.739130][T12348]  exit_to_user_mode_loop+0xec/0x110
[  290.739150][T12348]  do_syscall_64+0x2bd/0x3b0
[  290.739163][T12348]  ? lockdep_hardirqs_on+0x9c/0x150
[  290.739178][T12348]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.739216][T12348]  ? exc_page_fault+0x9f/0xf0
[  290.739232][T12348]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  290.739244][T12348] RIP: 0033:0x7f08e998ff57
[  290.739258][T12348] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  290.739270][T12348] RSP: 002b:00007fff8eb44208 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  290.739285][T12348] RAX: 0000000000000000 RBX: 00007f08e9a11c2d RCX: 00007f08e998ff57
[  290.739293][T12348] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff8eb442c0
[  290.739302][T12348] RBP: 00007fff8eb442c0 R08: 0000000000000000 R09: 0000000000000000
[  290.739317][T12348] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff8eb45350
[  290.739325][T12348] R13: 00007f08e9a11c2d R14: 0000000000046f11 R15: 00007fff8eb45390
[  290.739348][T12348]  </TASK>
[  290.739354][T12348] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  291.017958][   T10] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  291.167920][   T10] usb 4-1: Using ep0 maxpacket: 32
[  291.171642][   T10] usb 4-1: config 0 has an invalid interface number: 12 but max is 0
[  291.174672][   T10] usb 4-1: config 0 has no interface number 0
[  291.183325][   T10] usb 4-1: config 0 interface 12 has no altsetting 0
[  291.189214][   T10] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  291.192908][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  291.196218][   T10] usb 4-1: Product: syz
[  291.199373][   T10] usb 4-1: Manufacturer: syz
[  291.201098][   T10] usb 4-1: SerialNumber: syz
[  291.205118][   T10] usb 4-1: config 0 descriptor??
[  292.610386][   T10] f81534 4-1:0.12: f81534_set_register: reg: 1003 data: e0 failed: -71
[  292.621505][   T10] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71
[  292.637559][   T10] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  292.646943][   T10] f81534 4-1:0.12: probe with driver f81534 failed with error -71
[  292.667503][   T10] usb 4-1: USB disconnect, device number 26
[  293.047552][T12674] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2662'.
[  293.110385][T12676] loop5: detected capacity change from 0 to 1024
[  293.142318][T12676] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  293.147067][T12676] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  293.169796][T12676] EXT4-fs warning (device loop5): ext4_empty_dir:3099: inode #12: comm syz.5.2663: directory missing '..'
[  293.200290][T12348] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  293.263125][T12688] loop3: detected capacity change from 0 to 128
[  293.302681][T12690] overlayfs: failed to clone upperpath
[  293.485943][T12696] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2671'.
[  293.887551][T12722] loop3: detected capacity change from 0 to 256
[  293.896636][T12728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2687'.
[  294.004494][T12731] 9pnet_fd: Insufficient options for proto=fd
[  294.108503][T12737] macsec0: entered allmulticast mode
[  294.111896][T12737] veth1_macvtap: entered allmulticast mode
[  294.114582][T12737] macsec0: left allmulticast mode
[  294.116692][T12737] veth1_macvtap: left allmulticast mode
[  294.167561][T12740] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[  294.271679][T12686] comedi comedi3: reset error (fatal)
[  294.406805][T12755] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2699'.
[  294.421750][T12755] bridge1: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[  294.537922][  T792] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  294.626106][T12772] netlink: 'syz.5.2707': attribute type 2 has an invalid length.
[  294.703048][  T792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7
[  294.716352][  T792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  294.727880][  T792] usb 4-1: New USB device found, idVendor=06cd, idProduct=011a, bcdDevice=17.cb
[  294.731359][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.734409][  T792] usb 4-1: Product: syz
[  294.736035][  T792] usb 4-1: Manufacturer: syz
[  294.740354][  T792] usb 4-1: SerialNumber: syz
[  294.744418][  T792] usb 4-1: config 0 descriptor??
[  294.748628][  T792] keyspan 4-1:0.0: Keyspan - (without firmware) converter detected
[  294.839392][T12786] comedi comedi0: Minor 3 could not be opened
[  294.950353][ T5936] usb 4-1: USB disconnect, device number 27
[  294.953374][ T5936] keyspan 4-1:0.0: device disconnected
[  295.163237][T12798] netlink: 168 bytes leftover after parsing attributes in process `syz.5.2719'.
[  295.733319][T12817] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2727'.
[  296.012040][T12822] loop3: detected capacity change from 0 to 32768
[  296.106679][T12822] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  296.106698][T12822]   allowing incompatible features above 0.0: (unknown version)
[  296.106708][T12822]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  296.121937][T12822] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  296.125044][T12822] bcachefs (loop3): initializing new filesystem
[  296.135057][T12822] bcachefs (loop3): going read-write
[  296.144126][T12822] bcachefs (loop3): marking superblocks
[  296.155478][T12822] bcachefs (loop3): initializing freespace
[  296.160978][T12822] bcachefs (loop3): done initializing freespace
[  296.165629][T12822] bcachefs (loop3): reading snapshots table
[  296.168057][T12822] bcachefs (loop3): reading snapshots done
[  296.196433][T12838] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2733'.
[  296.204562][T12822] bcachefs (loop3):  loop3: Superblock write was silently dropped! (seq 0 expected 42)
[  296.208412][T12822] bcachefs (loop3): done starting filesystem
[  296.276149][ T8300] bcachefs (loop3): shutting down
[  296.285697][ T8300] bcachefs (loop3): going read-only
[  296.289115][ T8300] bcachefs (loop3): finished waiting for writes to stop
[  296.292416][ T8300] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  296.344893][ T8300] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  296.356924][ T8300] bcachefs (loop3): clean shutdown complete, journal seq 4
[  296.361964][ T8300] bcachefs (loop3): marking filesystem clean
[  296.388918][ T8300] bcachefs (loop3): shutdown complete
[  296.681557][T12856] loop5: detected capacity change from 0 to 4096
[  296.886671][T12864] loop5: detected capacity change from 0 to 512
[  296.905783][T12864] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  296.914550][T12864] ext4 filesystem being mounted at /61/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  297.099274][T12348] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.714280][T12871] loop5: detected capacity change from 0 to 1024
[  297.763618][   T82] hfsplus: b-tree write err: -5, ino 4
[  297.807008][T12875] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2750'.
[  297.810625][T12875] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2750'.
[  297.813978][T12875] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2750'.
[  298.410971][T12885] loop5: detected capacity change from 0 to 8192
[  299.144686][T12902] /dev/nullb0: Can't lookup blockdev
[  299.177905][ T2299] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  299.337926][ T2299] usb 6-1: Using ep0 maxpacket: 32
[  299.342245][ T2299] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  299.347684][ T2299] usb 6-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00
[  299.359201][ T2299] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.370030][ T2299] usb 6-1: config 0 descriptor??
[  299.606691][T12924] __nla_validate_parse: 1 callbacks suppressed
[  299.606774][T12924] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2770'.
[  299.792892][ T2299] steelseries 0003:1038:1410.000A: not enough fields in HID_OUTPUT_REPORT 0
[  299.831146][T12927] loop3: detected capacity change from 0 to 32768
[  299.990619][ T2299] usb 6-1: USB disconnect, device number 2
[  300.050353][T12931] loop3: detected capacity change from 0 to 4096
[  300.065030][T12931] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  300.131542][T12933] loop3: detected capacity change from 0 to 1024
[  300.176905][T12935] loop3: detected capacity change from 0 to 128
[  300.180694][T12935] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  300.560058][T12955] netlink: 88 bytes leftover after parsing attributes in process `syz.5.2785'.
[  300.648503][ T5936] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  300.711550][T12961] sctp: [Deprecated]: syz.5.2788 (pid 12961) Use of int in max_burst socket option.
[  300.711550][T12961] Use struct sctp_assoc_value instead
[  300.797840][ T5936] usb 4-1: Using ep0 maxpacket: 16
[  300.802477][ T5936] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  300.807100][ T5936] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  300.817965][ T5936] usb 4-1: config 0 has no interface number 0
[  300.831306][ T5936] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  300.834856][ T5936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.842074][ T5936] usb 4-1: Product: syz
[  300.843789][ T5936] usb 4-1: Manufacturer: syz
[  300.845674][ T5936] usb 4-1: SerialNumber: syz
[  300.849794][ T5936] usb 4-1: config 0 descriptor??
[  300.860093][ T5936] usb 4-1: Found UVC 0.00 device syz (046d:08f3)
[  300.862780][ T5936] usb 4-1: No valid video chain found.
[  301.063460][ T5936] usb 4-1: USB disconnect, device number 28
[  301.144064][   T33] audit: type=1326 audit(1758565646.248:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12979 comm="syz.0.2797" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52478ec29 code=0x7ffc0000
[  301.153541][   T33] audit: type=1326 audit(1758565646.248:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12979 comm="syz.0.2797" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52478ec29 code=0x7ffc0000
[  301.161612][   T33] audit: type=1326 audit(1758565646.258:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12979 comm="syz.0.2797" exe="/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fd52478ec29 code=0x7ffc0000
[  301.168914][   T33] audit: type=1326 audit(1758565646.258:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12979 comm="syz.0.2797" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52478ec29 code=0x7ffc0000
[  301.176027][   T33] audit: type=1326 audit(1758565646.258:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12979 comm="syz.0.2797" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52478ec29 code=0x7ffc0000
[  301.184577][   T33] audit: type=1326 audit(1758565646.268:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12979 comm="syz.0.2797" exe="/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7fd52478ec29 code=0x7ffc0000
[  301.194065][   T33] audit: type=1326 audit(1758565646.268:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12979 comm="syz.0.2797" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52478ec29 code=0x7ffc0000
[  301.202170][   T33] audit: type=1326 audit(1758565646.268:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12979 comm="syz.0.2797" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52478ec29 code=0x7ffc0000
[  301.210283][   T33] audit: type=1326 audit(1758565646.278:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12979 comm="syz.0.2797" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd52478ec29 code=0x7ffc0000
[  301.218827][   T33] audit: type=1326 audit(1758565646.278:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12979 comm="syz.0.2797" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd52478ec29 code=0x7ffc0000
[  301.632949][T13004] loop5: detected capacity change from 0 to 1024
[  301.636182][T13004] ext3: Bad value for 'mb_optimize_scan'
[  301.651468][T13006] tmpfs: Bad value for 'mpol'
[  301.697204][T13010] loop3: detected capacity change from 0 to 8
[  301.715813][T13010] SQUASHFS error: Failed to read block 0x1ec: -5
[  301.720054][T13010] SQUASHFS error: Unable to read metadata cache entry [1ea]
[  301.861459][T13024] loop5: detected capacity change from 0 to 764
[  301.865757][T13024] rock: directory entry would overflow storage
[  301.869850][T13024] rock: sig=0x4654, size=5, remaining=4
[  301.964352][T13032] Bluetooth: MGMT ver 1.23
[  302.079404][T13028] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  302.187634][T13034] loop3: detected capacity change from 0 to 32768
[  302.192800][T13034] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2823 (13034)
[  302.201519][T13034] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  302.207842][T13034] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  302.237116][T13034] BTRFS info (device loop3): enabling ssd optimizations
[  302.239872][T13034] BTRFS info (device loop3): enabling free space tree
[  302.264571][ T8300] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  302.428746][T13064] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2831'.
[  302.432685][T13064] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2831'.
[  302.606934][T13072] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  302.615969][T13072] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  304.507379][T13096] loop5: detected capacity change from 0 to 764
[  304.689223][ T5858] Bluetooth: hci2: command tx timeout
[  304.854373][T13111] openvswitch: netlink: Tunnel attr 171 out of range max 16
[  304.974388][T13122] loop3: detected capacity change from 0 to 256
[  304.978145][T13122] exfat: Deprecated parameter 'utf8'
[  304.986239][T13122] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  305.024688][T13125] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2857'.
[  305.096584][T13129] loop5: detected capacity change from 0 to 2048
[  305.139500][T13129] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  305.144251][T13129] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  305.222296][T13129] overlayfs: failed to verify upper (/file0, ino=12, err=-28)
[  305.225413][T13129] overlayfs: failed to verify index dir 'upper' xattr
[  305.230015][T13129] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[  305.267352][T13145] netlink: 'syz.3.2863': attribute type 1 has an invalid length.
[  305.272542][T13145] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2863'.
[  305.284699][T12348] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.309789][T13147] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2864'.
[  305.613767][T13151] loop5: detected capacity change from 0 to 32768
[  305.622850][T13163] loop3: detected capacity change from 0 to 512
[  305.625480][T13151] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2865 (13151)
[  305.637614][T13151] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  305.638047][T13163] EXT4-fs: Ignoring removed orlov option
[  305.642744][T13151] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  305.645300][T13163] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  305.654617][T13163] EXT4-fs (loop3): orphan cleanup on readonly fs
[  305.672295][T13163] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2872: bg 0: block 248: padding at end of block bitmap is not set
[  305.681499][T13163] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.2872: Failed to acquire dquot type 1
[  305.685192][T13151] BTRFS info (device loop5): enabling ssd optimizations
[  305.685950][T13163] EXT4-fs (loop3): 1 truncate cleaned up
[  305.690369][T13151] BTRFS info (device loop5): enabling free space tree
[  305.697173][T13163] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  305.714253][T12348] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  305.719082][T13163] EXT4-fs: Ignoring removed orlov option
[  305.721316][T13163] EXT4-fs: can't change dax mount option while remounting
[  305.747304][ T8300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.868041][T13185] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2876'.
[  305.964204][T13191] IPVS: sh: FWM 3 0x00000003 - no destination available
[  306.593370][T13247] loop5: detected capacity change from 0 to 512
[  306.601283][T13247] EXT4-fs: Ignoring removed orlov option
[  306.603518][T13247] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  306.615549][T13247] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  306.620230][T13247] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.2903: corrupted in-inode xattr: e_value size too large
[  306.625345][T13247] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2903: couldn't read orphan inode 15 (err -117)
[  306.640115][T13247] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  306.662518][T12348] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  306.869136][T13265] PKCS8: Unsupported PKCS#8 version
[  306.934829][T13269] netlink: 144 bytes leftover after parsing attributes in process `syz.3.2913'.
[  307.019310][   T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  307.121855][T13276] netlink: 'syz.3.2916': attribute type 3 has an invalid length.
[  307.128976][T13276] netlink: 'syz.3.2916': attribute type 3 has an invalid length.
[  307.178112][   T10] usb 6-1: Using ep0 maxpacket: 16
[  307.195567][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  307.200498][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  307.204720][   T10] usb 6-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00
[  307.208771][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.218092][   T10] usb 6-1: config 0 descriptor??
[  307.655580][   T10] kye 0003:0458:0138.000B: item fetching failed at offset 0/3
[  307.661980][   T10] kye 0003:0458:0138.000B: parse failed
[  307.664554][   T10] kye 0003:0458:0138.000B: probe with driver kye failed with error -22
[  307.854755][  T792] usb 6-1: USB disconnect, device number 3
[  308.509014][T13298] netlink: 5 bytes leftover after parsing attributes in process `syz.3.2926'.
[  309.052354][T13307] loop3: detected capacity change from 0 to 1024
[  309.055745][T13307] EXT4-fs: Ignoring removed nomblk_io_submit option
[  309.059112][T13307] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  309.068671][T13307] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.157911][   T54] Bluetooth: hci2: command 0x0405 tx timeout
[  309.180633][ T8300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.334540][T13313] delete_channel: no stack
[  309.454165][T13324] loop5: detected capacity change from 0 to 4096
[  309.458998][T13324] ntfs3(loop5): Different NTFS sector size (1024) and media sector size (512).
[  309.474570][T13324] ntfs3(loop5): Failed to load $Extend (-22).
[  309.477394][T13324] ntfs3(loop5): Failed to initialize $Extend.
[  309.713901][T13339] netlink: 'syz.3.2944': attribute type 16 has an invalid length.
[  309.716928][T13339] netlink: 'syz.3.2944': attribute type 17 has an invalid length.
[  309.717020][T13338] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2945'.
[  309.994005][T13339] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  310.117585][T13350] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2950'.
[  310.296999][T13359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2951'.
[  310.451330][T13366] loop3: detected capacity change from 0 to 4096
[  310.454906][T13366] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  310.515378][T13366] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  311.238624][   T54] Bluetooth: hci2: command 0x0405 tx timeout
[  311.243948][T13390] loop3: detected capacity change from 0 to 512
[  311.249887][T13390] EXT4-fs: Ignoring removed bh option
[  311.262623][T13390] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  311.266205][T13390] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  311.282620][T13390] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended
[  311.289837][T13390] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006]
[  311.333756][T13390] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  311.401662][ T8300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.725794][T13405] loop3: detected capacity change from 0 to 512
[  311.737249][T13405] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  311.812517][T13405] EXT4-fs (loop3): 1 truncate cleaned up
[  311.815924][T13405] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  311.851446][T13410] netlink: 'syz.5.2975': attribute type 21 has an invalid length.
[  311.854541][T13410] netlink: 'syz.5.2975': attribute type 6 has an invalid length.
[  311.857666][T13410] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2975'.
[  311.863845][T13410] netlink: 'syz.5.2975': attribute type 21 has an invalid length.
[  311.866949][T13410] netlink: 'syz.5.2975': attribute type 6 has an invalid length.
[  311.872521][T13410] netlink: 64 bytes leftover after parsing attributes in process `syz.5.2975'.
[  311.890351][ T8300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.983644][T13414] sp0: Synchronizing with TNC
[  312.045621][T13422] loop3: detected capacity change from 0 to 1024
[  312.284502][T13441] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check.
[  312.321616][T13443] netlink: 'syz.5.2991': attribute type 25 has an invalid length.
[  312.330127][T13443] netlink: 'syz.5.2991': attribute type 8 has an invalid length.
[  313.043996][T13449] loop5: detected capacity change from 0 to 40427
[  313.048214][T13449] F2FS-fs (loop5): build fault injection rate: 14
[  313.050263][T13449] F2FS-fs (loop5): build fault injection type: 0x3bfe8c
[  313.053629][T13449] F2FS-fs (loop5): invalid crc value
[  313.057600][    C0] F2FS-fs (loop5): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  313.072431][    C0] F2FS-fs (loop5): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  313.153546][T13449] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  313.157145][T13449] F2FS-fs (loop5): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  313.163179][T13449] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  313.301514][T13465] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-alb(6)
[  313.389858][T13466] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2997'.
[  313.710982][T13468] loop3: detected capacity change from 0 to 256
[  313.714739][T13468] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  313.719484][T13468] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  313.727256][T13468] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  313.842355][T13474] loop3: detected capacity change from 0 to 64
[  313.885528][T13476] loop5: detected capacity change from 0 to 512
[  313.888348][T13476] EXT4-fs: Ignoring removed orlov option
[  313.891039][T13476] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  313.901379][T13476] EXT4-fs error (device loop5): ext4_iget_extra_inode:5104: inode #15: comm syz.5.2999: corrupted in-inode xattr: e_value size too large
[  313.906860][T13476] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2999: couldn't read orphan inode 15 (err -117)
[  313.915434][T13476] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  313.932428][   T33] kauditd_printk_skb: 67 callbacks suppressed
[  313.932444][   T33] audit: type=1800 audit(1758565659.038:125): pid=13476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2999" name="file2" dev="loop5" ino=16 res=0 errno=0
[  313.983646][T12348] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.800568][T13506] loop5: detected capacity change from 0 to 32768
[  314.804102][T13506] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3016 (13506)
[  314.822216][T13506] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  314.826078][T13506] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  314.856089][T13506] BTRFS info (device loop5): rebuilding free space tree
[  314.862940][T13506] BTRFS info (device loop5): disabling free space tree
[  314.865466][T13506] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  314.869419][T13506] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  314.875820][T13506] BTRFS info (device loop5): enabling ssd optimizations
[  314.878100][T13506] BTRFS info (device loop5): force clearing of disk cache
[  314.880933][T13506] BTRFS info (device loop5): enabling auto defrag
[  314.883367][T13506] BTRFS info (device loop5): doing ref verification
[  314.943056][T12348] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  315.310363][T13545] 9pnet_fd: Insufficient options for proto=fd
[  315.350675][T13542] netlink: set zone limit has 4 unknown bytes
[  315.354043][T13546] netlink: del zone limit has 4 unknown bytes
[  316.137886][ T5936] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  316.290052][ T5936] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  316.294239][ T5936] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.308917][ T5936] usb 6-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  316.312404][ T5936] usb 6-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  316.315533][ T5936] usb 6-1: Manufacturer: syz
[  316.345483][ T5936] usb 6-1: config 0 descriptor??
[  316.506322][T13576] serio: Serial port ptm0
[  316.764094][ T5936] cougar 0003:060B:700A.000C: unknown main item tag 0x0
[  316.769178][ T5936] cougar 0003:060B:700A.000C: unknown main item tag 0x0
[  316.772005][ T5936] cougar 0003:060B:700A.000C: unknown main item tag 0x0
[  316.774765][ T5936] cougar 0003:060B:700A.000C: unknown main item tag 0x0
[  316.778295][ T5936] cougar 0003:060B:700A.000C: unknown main item tag 0x0
[  316.785219][ T5936] cougar 0003:060B:700A.000C: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[  316.861205][T13581] loop3: detected capacity change from 0 to 32768
[  316.879324][T13581] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  316.904061][T13581] XFS (loop3): Ending clean mount
[  316.907370][T13581] XFS (loop3): Quotacheck needed: Please wait.
[  316.951487][T13581] XFS (loop3): Quotacheck: Done.
[  316.959667][   T24] usb 6-1: USB disconnect, device number 4
[  317.082198][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  317.084632][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  317.125350][ T8300] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  317.643198][T13607] loop3: detected capacity change from 0 to 16
[  317.664505][T13607] erofs (device loop3): mounted with root inode @ nid 36.
[  317.684827][T13607] erofs (device loop3): corrupted dir block 8200 @ nid 36
[  317.749005][T13610] syzkaller1: tun_chr_ioctl cmd 2147767520
[  317.787160][T13613] tmpfs: Bad value for 'nr_blocks'
[  317.873478][T13615] loop3: detected capacity change from 0 to 1024
[  317.877406][T13615] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  317.881488][T13615] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  317.885978][T13615] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  317.911389][T13615] EXT4-fs error (device loop3): ext4_get_journal_inode:5800: inode #5: comm syz.3.3052: unexpected bad inode w/o EXT4_IGET_BAD
[  317.921669][T13615] EXT4-fs (loop3): no journal found
[  317.923714][T13615] EXT4-fs (loop3): can't get journal size
[  317.938345][T13615] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  318.033785][ T8300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.337896][  T792] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  318.487840][  T792] usb 4-1: Using ep0 maxpacket: 32
[  318.492426][  T792] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  318.502303][  T792] usb 4-1: language id specifier not provided by device, defaulting to English
[  318.508313][  T792] usb 4-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.40
[  318.512123][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  318.515329][  T792] usb 4-1: Product: syz
[  318.517138][  T792] usb 4-1: Manufacturer: 剩ꗨ㌌谮㞔畺魶๊≱還뛌큭⡋≣ᆓෟ劚썵췚眃赺漉ꋋㄐ鸒씀芆栯혁煮薂酒ꄙ╚둥შ볚酔⏓䣣ᛖ齗䔟顱ﬠ㎵稃ն䍳
[  318.525692][  T792] usb 4-1: SerialNumber: syz
[  318.533883][  T792] usbhid 4-1:1.0: couldn't find an input interrupt endpoint
[  318.741330][  T792] usb 4-1: USB disconnect, device number 29
[  319.854909][T13682] bridge0: entered promiscuous mode
[  319.858737][T13682] macvlan2: entered promiscuous mode
[  320.179537][T13705] loop3: detected capacity change from 0 to 1024
[  320.364123][  T340] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  321.165602][    T9] usb 4-1: new full-speed USB device number 30 using dummy_hcd
[  321.329910][    T9] usb 4-1: config 0 has an invalid interface number: 6 but max is 0
[  321.335394][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  321.341826][    T9] usb 4-1: config 0 has no interface number 0
[  321.344566][    T9] usb 4-1: config 0 interface 6 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  321.494693][    T9] usb 4-1: New USB device found, idVendor=10cf, idProduct=8061, bcdDevice=b7.12
[  321.498736][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  321.502079][    T9] usb 4-1: Product: syz
[  321.503812][    T9] usb 4-1: Manufacturer: syz
[  321.505834][    T9] usb 4-1: SerialNumber: syz
[  321.511447][    T9] usb 4-1: config 0 descriptor??
[  321.526031][    T9] vmk80xx 4-1:0.6: driver 'vmk80xx' failed to auto-configure device.
[  321.893963][T13705] hfsplus: cannot replace xattr
[  321.901734][   T24] usb 4-1: USB disconnect, device number 30
[  322.733870][T13748] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3109'.
[  323.017526][T13762] loop5: detected capacity change from 0 to 4096
[  323.036024][T13762] NILFS (loop5): corrupt root inode
[  323.038504][T13765] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  323.048126][    T9] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  323.417423][T13782] loop5: detected capacity change from 0 to 256
[  323.421564][    T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  323.435935][    T9] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  323.441780][    T9] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  323.445779][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  323.449051][    T9] usb 4-1: New USB device found, idVendor=0458, idProduct=5015, bcdDevice= 0.00
[  323.452562][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.458044][    T9] usb 4-1: config 0 descriptor??
[  323.604314][T13797] netlink: 244 bytes leftover after parsing attributes in process `syz.5.3130'.
[  323.774529][T13807] loop5: detected capacity change from 0 to 512
[  323.793219][T13807] EXT4-fs (loop5): Cannot turn on journaled quota: type 0: error -2
[  323.796941][T13807] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #13: comm syz.5.3134: invalid indirect mapped block 2683928664 (level 1)
[  323.807076][T13807] EXT4-fs (loop5): Remounting filesystem read-only
[  323.809798][T13807] EXT4-fs (loop5): 1 truncate cleaned up
[  323.812748][T13807] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  323.822021][T13807] EXT4-fs (loop5): shut down requested (1)
[  323.851113][T12348] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  323.880675][    T9] kye 0003:0458:5015.000D: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  323.903440][    T9] kye 0003:0458:5015.000D: hidraw0: USB HID v0.04 Device [HID 0458:5015] on usb-dummy_hcd.3-1/input0
[  323.917871][    T9] kye 0003:0458:5015.000D: tablet-enabling feature report not found
[  323.920293][    T9] kye 0003:0458:5015.000D: tablet enabling failed
[  323.994940][T13814] loop5: detected capacity change from 0 to 1024
[  324.016728][T13814] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  324.039281][T13814] EXT4-fs warning (device loop5): empty_inline_dir:1749: bad inline directory (dir #12) - no `..'
[  324.077065][    T9] usb 4-1: USB disconnect, device number 31
[  324.090109][T12348] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  324.128766][T13819] loop5: detected capacity change from 0 to 512
[  324.142157][T13819] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  324.146479][T13819] ext4 filesystem being mounted at /192/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  324.261478][T12348] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  324.334665][T13827] overlayfs: failed to clone upperpath
[  324.409457][T13837] loop5: detected capacity change from 0 to 128
[  324.414474][T13837] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  324.420368][T13837] hpfs: filesystem error: improperly stopped
[  324.422833][T13837] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  324.425803][T13837] hpfs: You really don't want any checks? You are crazy...
[  324.437063][T13837] hpfs: hpfs_map_sector(): read error
[  324.440381][T13837] hpfs: code page support is disabled
[  324.443039][T13837] hpfs: hpfs_map_4sectors(): unaligned read
[  324.445451][T13837] hpfs: hpfs_map_4sectors(): unaligned read
[  324.448480][T13837] hpfs: filesystem error: unable to find root dir
[  325.152025][T13852] loop5: detected capacity change from 0 to 32768
[  325.156157][T13852] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3152 (13852)
[  325.158048][ T2299] usb 4-1: new full-speed USB device number 32 using dummy_hcd
[  325.168576][T13852] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  325.172504][T13852] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  325.329358][ T2299] usb 4-1: config 0 has an invalid interface number: 251 but max is 0
[  325.336791][ T2299] usb 4-1: config 0 has no interface number 0
[  325.340388][T13852] BTRFS info (device loop5): enabling ssd optimizations
[  325.343138][T13852] BTRFS info (device loop5): enabling free space tree
[  325.456098][ T2299] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  325.459907][ T2299] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.462820][ T2299] usb 4-1: Product: syz
[  325.464458][ T2299] usb 4-1: Manufacturer: syz
[  325.465965][ T2299] usb 4-1: SerialNumber: syz
[  325.469284][ T2299] usb 4-1: config 0 descriptor??
[  325.897103][T12348] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  326.016478][ T2299] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  326.020930][ T2299] asix 4-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71
[  326.024048][ T2299] asix 4-1:0.251: probe with driver asix failed with error -5
[  326.028269][ T2299] usb 4-1: USB disconnect, device number 32
[  326.471734][T13907] netlink: 'syz.5.3170': attribute type 2 has an invalid length.
[  326.472596][T13908] 9pnet_fd: Insufficient options for proto=fd
[  326.577530][T13915] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3174'.
[  326.850251][T13912] loop5: detected capacity change from 0 to 32768
[  326.854013][T13912] ocfs2: Bad value for 'localalloc'
[  327.067514][T13950] netlink: 'syz.0.3191': attribute type 2 has an invalid length.
[  327.151241][T13959] netlink: 140 bytes leftover after parsing attributes in process `syz.0.3196'.
[  327.161270][T13959] netlink: 140 bytes leftover after parsing attributes in process `syz.0.3196'.
[  327.171644][ T2299] kernel write not supported for file /1367/clear_refs (pid: 2299 comm: kworker/0:2)
[  327.224017][T13967] tipc: Started in network mode
[  327.226227][T13967] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[  327.230294][T13967] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  327.295292][T13975] libceph: resolve '4.' (ret=-3): failed
[  327.343723][T13978] block nbd3: Attempted send on invalid socket
[  327.360136][T13978] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  327.378155][T13978] efs: cannot read volume header
[  328.016042][T13993] loop5: detected capacity change from 0 to 1024
[  328.024646][T13993] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  328.030853][T13993] EXT4-fs (loop5): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  328.034785][T13993] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  328.041620][T13993] EXT4-fs (loop5): filesystem has both journal inode and journal device!
[  328.232070][T14000] loop5: detected capacity change from 0 to 2048
[  328.246276][T14001] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  328.387209][T13984] Bluetooth: hci0: Opcode 0x0401 failed: -4
[  328.763884][T14022] FAT-fs (loop1): bogus number of reserved sectors
[  328.767482][T14022] FAT-fs (loop1): Can't find a valid FAT filesystem
[  328.798113][    T9] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  328.952099][    T9] usb 6-1: not running at top speed; connect to a high speed hub
[  328.959741][    T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  328.967845][    T9] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  328.971327][    T9] usb 6-1: config 1 has no interface number 1
[  328.973683][    T9] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  328.979509][    T9] usb 6-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  328.986325][    T9] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  328.990464][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.993657][    T9] usb 6-1: Product: syz
[  328.995460][    T9] usb 6-1: Manufacturer: syz
[  328.997382][    T9] usb 6-1: SerialNumber: syz
[  328.999616][   T54] Bluetooth: hci1: command 0x0406 tx timeout
[  329.262592][    T9] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[  329.265714][    T9] usb 6-1: 2:1 : no or invalid class specific endpoint descriptor
[  329.286604][    T9] usb 6-1: USB disconnect, device number 5
[  329.590450][T14040] loop3: detected capacity change from 0 to 512
[  329.592937][T14040] EXT4-fs: Ignoring removed nomblk_io_submit option
[  329.594990][T14040] EXT4-fs: Ignoring removed bh option
[  329.608430][T14040] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[  329.616174][T14040] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.3232: corrupted inode contents
[  329.621632][T14040] EXT4-fs error (device loop3): ext4_dirty_inode:6538: inode #11: comm syz.3.3232: mark_inode_dirty error
[  329.625658][T14040] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.3232: invalid indirect mapped block 1 (level 1)
[  329.630691][T14040] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.3232: corrupted inode contents
[  329.642334][T14040] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  329.646400][T14040] EXT4-fs error (device loop3): ext4_do_update_inode:5653: inode #11: comm syz.3.3232: corrupted inode contents
[  329.652010][T14040] EXT4-fs error (device loop3): ext4_truncate:4666: inode #11: comm syz.3.3232: mark_inode_dirty error
[  329.656596][T14040] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  329.660285][T14040] EXT4-fs (loop3): 1 truncate cleaned up
[  329.663043][T14040] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  329.696010][T14040] can: request_module (can-proto-0) failed.
[  329.703909][T14040] EXT4-fs error (device loop3): ext4_find_dest_de:2052: inode #2: block 13: comm syz.3.3232: bad entry in directory: directory entry too close to block end - offset=76, inode=16, rec_len=940, size=1024 fake=0
[  329.742379][ T8300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  330.087160][T14054] delete_channel: no stack
[  330.120164][T14058] netlink: 148 bytes leftover after parsing attributes in process `syz.5.3234'.
[  330.123247][T14058] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3234'.
[  330.127310][T14058] netlink: 'syz.5.3234': attribute type 1 has an invalid length.
[  331.427972][T14111] vivid-002: disconnect
[  331.966140][T14122] geneve2: entered allmulticast mode
[  331.979434][ T5696] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 20001 - 0
[  331.982752][ T5696] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 20001 - 0
[  331.986065][ T5696] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 20001 - 0
[  332.007970][ T5696] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 20001 - 0
[  332.018309][T14105] vivid-002: reconnect
[  332.223305][T14134] netlink: 'syz.3.3272': attribute type 1 has an invalid length.
[  332.261846][T14134] 8021q: adding VLAN 0 to HW filter on device bond2
[  332.284389][T14134] bond2: (slave geneve2): making interface the new active one
[  332.291615][T14134] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  332.687120][T14143] loop3: detected capacity change from 0 to 8
[  332.766508][T14143] SQUASHFS error: xz decompression failed, data probably corrupt
[  332.769960][T14143] SQUASHFS error: Failed to read block 0x108: -5
[  332.772633][T14143] SQUASHFS error: Unable to read metadata cache entry [106]
[  332.775583][T14143] SQUASHFS error: Unable to read inode 0x11f
[  333.311185][T14160] netlink: 'syz.0.3282': attribute type 4 has an invalid length.
[  333.421446][T14153] loop5: detected capacity change from 0 to 32768
[  333.938107][ T5936] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  334.089916][ T5936] usb 6-1: Using ep0 maxpacket: 32
[  334.096898][ T5936] usb 6-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0
[  334.102971][ T5936] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.160431][ T5936] usb 6-1: config 0 descriptor??
[  334.171488][ T5936] rndis_host 6-1:0.0: probe with driver rndis_host failed with error -22
[  334.275274][T14186] netlink: 8916 bytes leftover after parsing attributes in process `syz.3.3294'.
[  334.374525][   T24] usb 6-1: USB disconnect, device number 6
[  336.090838][T14238] loop5: detected capacity change from 0 to 256
[  336.120125][T14238] FAT-fs (loop5): error, fat_free_clusters: deleting FAT entry beyond EOF
[  336.123706][T14238] FAT-fs (loop5): Filesystem has been set read-only
[  336.339068][T14248] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3319'.
[  336.727889][T14254] loop5: detected capacity change from 0 to 32768
[  336.731705][T14254] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3322 (14254)
[  336.749884][T14254] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  336.753228][T14254] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  336.811764][T14254] BTRFS info (device loop5): enabling ssd optimizations
[  336.814725][T14254] BTRFS info (device loop5): enabling free space tree
[  336.853211][T12348] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  337.086751][T14290] netlink: 'syz.5.3329': attribute type 1 has an invalid length.
[  337.093428][T14290] netlink: 'syz.5.3329': attribute type 2 has an invalid length.
[  337.096548][T14290] netlink: 1180 bytes leftover after parsing attributes in process `syz.5.3329'.
[  337.152448][T14294] loop5: detected capacity change from 0 to 128
[  337.170849][T14294] qnx6: superblock #1 checksum error
[  337.217681][T14298] loop5: detected capacity change from 0 to 64
[  337.239337][T14298] MINIX-fs: file system does not have enough zmap blocks allocated.  Refusing to mount.
[  337.244637][T14298] MINIX-fs: bad superblock or unable to read bitmaps
[  337.895834][T14308] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  338.307518][T14324] netlink: 'syz.5.3346': attribute type 1 has an invalid length.
[  338.555802][T14333] netlink: 'syz.5.3351': attribute type 2 has an invalid length.
[  338.694531][T14315] loop3: detected capacity change from 0 to 131072
[  338.706895][T14315] F2FS-fs (loop3): invalid journal entries nats 0 sits 64
[  338.709710][T14315] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-22)
[  339.329699][T14361] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  339.554885][T14370] loop5: detected capacity change from 0 to 512
[  339.575868][T14370] EXT4-fs warning (device loop5): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  339.590846][T14370] EXT4-fs (loop5): mount failed
[  339.660474][T14377] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma?
[  340.031734][T14398] netlink: 104 bytes leftover after parsing attributes in process `syz.5.3376'.
[  340.410749][T14405] GUP no longer grows the stack in syz.3.3380 (14405): 200000004000-200000008000 (200000002000)
[  340.422201][T14405] CPU: 1 UID: 0 PID: 14405 Comm: syz.3.3380 Not tainted syzkaller #0 PREEMPT(full) 
[  340.422222][T14405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  340.422229][T14405] Call Trace:
[  340.422235][T14405]  <TASK>
[  340.422242][T14405]  dump_stack_lvl+0x189/0x250
[  340.422269][T14405]  ? __pfx_dump_stack_lvl+0x10/0x10
[  340.422293][T14405]  ? __pfx__printk+0x10/0x10
[  340.422308][T14405]  ? find_vma+0xe7/0x160
[  340.422333][T14405]  __get_user_pages+0x24d0/0x2ce0
[  340.422368][T14405]  ? mtree_load+0x100/0x700
[  340.422392][T14405]  get_user_pages_remote+0x2f1/0xad0
[  340.422404][T14405]  ? __pfx_mtree_load+0x10/0x10
[  340.422419][T14405]  ? __pfx_get_user_pages_remote+0x10/0x10
[  340.422438][T14405]  ? __access_remote_vm+0x367/0x7d0
[  340.422461][T14405]  __access_remote_vm+0x211/0x7d0
[  340.422488][T14405]  ? __pfx___access_remote_vm+0x10/0x10
[  340.422510][T14405]  ? alloc_pages_noprof+0xbe/0x190
[  340.422526][T14405]  proc_pid_cmdline_read+0x430/0x810
[  340.422547][T14405]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  340.422565][T14405]  ? rw_verify_area+0x2a6/0x4d0
[  340.422586][T14405]  vfs_readv+0x5aa/0x850
[  340.422601][T14405]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  340.422611][T14405]  ? __pfx_vfs_readv+0x10/0x10
[  340.422634][T14405]  ? __fget_files+0x2a/0x420
[  340.422649][T14405]  ? __fget_files+0x3a0/0x420
[  340.422661][T14405]  ? __fget_files+0x2a/0x420
[  340.422681][T14405]  __x64_sys_preadv+0x197/0x2a0
[  340.422703][T14405]  ? __pfx___x64_sys_preadv+0x10/0x10
[  340.422713][T14405]  ? rcu_is_watching+0x15/0xb0
[  340.422731][T14405]  ? do_syscall_64+0xbe/0x3b0
[  340.422750][T14405]  do_syscall_64+0xfa/0x3b0
[  340.422764][T14405]  ? lockdep_hardirqs_on+0x9c/0x150
[  340.422778][T14405]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.422791][T14405]  ? exc_page_fault+0x9f/0xf0
[  340.422799][T14405]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  340.422811][T14405] RIP: 0033:0x7fce3058ec29
[  340.422824][T14405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  340.422836][T14405] RSP: 002b:00007fce3144d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  340.422851][T14405] RAX: ffffffffffffffda RBX: 00007fce307d5fa0 RCX: 00007fce3058ec29
[  340.422863][T14405] RDX: 0000000000000001 RSI: 0000200000000d00 RDI: 0000000000000003
[  340.422873][T14405] RBP: 00007fce30611e41 R08: 0000000000000201 R09: 0000000000000000
[  340.422882][T14405] R10: 00000000000006cd R11: 0000000000000246 R12: 0000000000000000
[  340.422891][T14405] R13: 00007fce307d6038 R14: 00007fce307d5fa0 R15: 00007ffdc64c47b8
[  340.422907][T14405]  </TASK>
[  340.531488][T14408] loop5: detected capacity change from 0 to 512
[  340.534922][T14408] EXT4-fs (loop5): external journal device major/minor numbers have changed
[  340.548844][T14408] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  340.552346][T14408] block device autoloading is deprecated and will be removed.
[  340.556475][T14408] EXT4-fs (loop5): couldn't read superblock of external journal
[  340.738358][T14423] binder: 14422:14423 unknown command 0
[  340.741054][T14423] binder: 14422:14423 ioctl c0306201 200000000080 returned -22
[  340.922616][T14433] tipc: New replicast peer: 255.255.255.255
[  340.925753][T14433] tipc: Enabled bearer <udp:syz2>, priority 10
[  340.971082][T14429] loop5: detected capacity change from 0 to 40427
[  340.974934][T14429] F2FS-fs (loop5): Image doesn't support compression
[  340.981381][T14429] F2FS-fs (loop5): build fault injection rate: 690
[  340.984116][T14429] F2FS-fs (loop5): build fault injection type: 0x35f7
[  340.991911][T14429] F2FS-fs (loop5): invalid crc value
[  341.023672][T14429] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  341.026602][T14429] F2FS-fs (loop5): Start checkpoint disabled!
[  341.029725][T14429] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  341.037364][T14429] F2FS-fs (loop5): access invalid blkaddr:4043309056
[  341.039974][T14429] CPU: 0 UID: 0 PID: 14429 Comm: syz.5.3392 Not tainted syzkaller #0 PREEMPT(full) 
[  341.039988][T14429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  341.039994][T14429] Call Trace:
[  341.039998][T14429]  <TASK>
[  341.040002][T14429]  dump_stack_lvl+0x189/0x250
[  341.040020][T14429]  ? __pfx_dump_stack_lvl+0x10/0x10
[  341.040030][T14429]  ? __pfx_f2fs_get_dnode_of_data+0x10/0x10
[  341.040048][T14429]  __f2fs_is_valid_blkaddr+0xe52/0x14f0
[  341.040096][T14429]  f2fs_map_blocks+0xd84/0x4130
[  341.040128][T14429]  ? __pfx_f2fs_map_blocks+0x10/0x10
[  341.040143][T14429]  ? xa_load+0x60/0x210
[  341.040159][T14429]  ? xa_load+0x1ea/0x210
[  341.040171][T14429]  f2fs_mpage_readpages+0xcb2/0x1ac0
[  341.040190][T14429]  ? __pfx_f2fs_mpage_readpages+0x10/0x10
[  341.040201][T14429]  ? __folio_batch_add_and_move+0x192/0xc60
[  341.040218][T14429]  ? f2fs_readahead+0x177/0x330
[  341.040227][T14429]  read_pages+0x17a/0x580
[  341.040241][T14429]  ? __pfx_read_pages+0x10/0x10
[  341.040256][T14429]  ? filemap_add_folio+0x1af/0x270
[  341.040270][T14429]  page_cache_ra_unbounded+0x6b0/0x7b0
[  341.040291][T14429]  f2fs_readdir+0x49b/0xa60
[  341.040298][T14429]  ? look_up_lock_class+0x74/0x170
[  341.040316][T14429]  ? __pfx_f2fs_readdir+0x10/0x10
[  341.040332][T14429]  ? down_read_killable+0x1d1/0x350
[  341.040344][T14429]  iterate_dir+0x399/0x570
[  341.040357][T14429]  __se_sys_getdents64+0xe4/0x260
[  341.040368][T14429]  ? __pfx___se_sys_getdents64+0x10/0x10
[  341.040377][T14429]  ? __bad_area_nosemaphore+0x3fb/0x780
[  341.040384][T14429]  ? __pfx_filldir64+0x10/0x10
[  341.040395][T14429]  ? rcu_is_watching+0x15/0xb0
[  341.040406][T14429]  ? do_syscall_64+0xbe/0x3b0
[  341.040416][T14429]  do_syscall_64+0xfa/0x3b0
[  341.040423][T14429]  ? lockdep_hardirqs_on+0x9c/0x150
[  341.040431][T14429]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.040438][T14429]  ? exc_page_fault+0x9f/0xf0
[  341.040447][T14429]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.040454][T14429] RIP: 0033:0x7f08e998ec29
[  341.040462][T14429] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  341.040469][T14429] RSP: 002b:00007f08ea886038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  341.040478][T14429] RAX: ffffffffffffffda RBX: 00007f08e9bd5fa0 RCX: 00007f08e998ec29
[  341.040484][T14429] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  341.040488][T14429] RBP: 00007f08e9a11e41 R08: 0000000000000000 R09: 0000000000000000
[  341.040493][T14429] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  341.040497][T14429] R13: 00007f08e9bd6038 R14: 00007f08e9bd5fa0 R15: 00007fff8eb44f78
[  341.040511][T14429]  </TASK>
[  341.041745][T14429] syz.5.3392: attempt to access beyond end of device
[  341.041745][T14429] loop5: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  341.142153][T14429] syz.5.3392: attempt to access beyond end of device
[  341.142153][T14429] loop5: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  341.161472][ T5936] usb 4-1: new high-speed USB device number 33 using dummy_hcd
[  341.166849][T13452] kworker/u9:6: attempt to access beyond end of device
[  341.166849][T13452] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  341.172806][T13452] CPU: 1 UID: 0 PID: 13452 Comm: kworker/u9:6 Not tainted syzkaller #0 PREEMPT(full) 
[  341.172819][T13452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  341.172824][T13452] Workqueue: writeback wb_workfn (flush-7:5)
[  341.172838][T13452] Call Trace:
[  341.172842][T13452]  <TASK>
[  341.172846][T13452]  dump_stack_lvl+0x189/0x250
[  341.172861][T13452]  ? __pfx_dump_stack_lvl+0x10/0x10
[  341.172870][T13452]  ? __pfx_queue_work_on+0x10/0x10
[  341.172879][T13452]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  341.172892][T13452]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  341.172908][T13452]  f2fs_handle_critical_error+0x37c/0x540
[  341.172924][T13452]  f2fs_write_end_io+0x886/0xb60
[  341.172941][T13452]  __submit_merged_bio+0x27a/0x6a0
[  341.172955][T13452]  __submit_merged_write_cond+0x255/0x530
[  341.172970][T13452]  f2fs_write_data_pages+0x261d/0x3000
[  341.172994][T13452]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  341.173009][T13452]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  341.173035][T13452]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  341.173080][T13452]  ? look_up_lock_class+0x74/0x170
[  341.173094][T13452]  ? trace_f2fs_writepages+0x7f/0x200
[  341.173110][T13452]  ? f2fs_write_node_pages+0x478/0x6e0
[  341.173123][T13452]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  341.173141][T13452]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  341.173148][T13452]  do_writepages+0x32e/0x550
[  341.173162][T13452]  ? reacquire_held_locks+0x127/0x1d0
[  341.173170][T13452]  ? writeback_sb_inodes+0x384/0x1010
[  341.173185][T13452]  __writeback_single_inode+0x145/0xff0
[  341.173201][T13452]  ? do_raw_spin_unlock+0x4d/0x240
[  341.173218][T13452]  writeback_sb_inodes+0x6c7/0x1010
[  341.173255][T13452]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  341.173306][T13452]  ? rcu_is_watching+0x15/0xb0
[  341.173329][T13452]  wb_writeback+0x43b/0xaf0
[  341.173345][T13452]  ? queue_io+0x311/0x590
[  341.173356][T13452]  ? __pfx_wb_writeback+0x10/0x10
[  341.173369][T13452]  ? _raw_spin_unlock_irq+0x23/0x50
[  341.173383][T13452]  wb_workfn+0x409/0xef0
[  341.173400][T13452]  ? __pfx_wb_workfn+0x10/0x10
[  341.173410][T13452]  ? __lock_acquire+0xab9/0xd20
[  341.173426][T13452]  ? process_scheduled_works+0x9ef/0x17b0
[  341.173438][T13452]  ? _raw_spin_unlock_irq+0x23/0x50
[  341.173448][T13452]  ? process_scheduled_works+0x9ef/0x17b0
[  341.173454][T13452]  ? process_scheduled_works+0x9ef/0x17b0
[  341.173463][T13452]  process_scheduled_works+0xae1/0x17b0
[  341.173486][T13452]  ? __pfx_process_scheduled_works+0x10/0x10
[  341.173502][T13452]  worker_thread+0x8a0/0xda0
[  341.173512][T13452]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  341.173527][T13452]  ? __kthread_parkme+0x7b/0x200
[  341.173541][T13452]  kthread+0x711/0x8a0
[  341.173551][T13452]  ? __pfx_worker_thread+0x10/0x10
[  341.173559][T13452]  ? __pfx_kthread+0x10/0x10
[  341.173568][T13452]  ? _raw_spin_unlock_irq+0x23/0x50
[  341.173579][T13452]  ? lockdep_hardirqs_on+0x9c/0x150
[  341.173585][T13452]  ? __pfx_kthread+0x10/0x10
[  341.173594][T13452]  ret_from_fork+0x439/0x7d0
[  341.173604][T13452]  ? __pfx_ret_from_fork+0x10/0x10
[  341.173615][T13452]  ? __switch_to_asm+0x39/0x70
[  341.173624][T13452]  ? __switch_to_asm+0x33/0x70
[  341.173632][T13452]  ? __pfx_kthread+0x10/0x10
[  341.173642][T13452]  ret_from_fork_asm+0x1a/0x30
[  341.173660][T13452]  </TASK>
[  341.173664][T13452] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  341.280077][T14439] overlayfs: failed to clone upperpath
[  341.358065][ T5936] usb 4-1: Using ep0 maxpacket: 8
[  341.363572][ T5936] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  341.373150][ T5936] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  341.378961][ T5936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.385459][ T5936] usb 4-1: Product: syz
[  341.389356][ T5936] usb 4-1: Manufacturer: syz
[  341.393541][ T5936] usb 4-1: SerialNumber: syz
[  341.404904][ T5936] usb 4-1: config 0 descriptor??
[  341.412356][ T5936] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  341.420707][ T5936] usb 4-1: setting power ON
[  341.425192][ T5936] dvb-usb: bulk message failed: -22 (2/0)
[  341.437499][ T5936] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  341.441879][ T5936] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  341.445270][ T5936] usb 4-1: media controller created
[  341.473523][ T5936] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  341.495725][ T5936] usb 4-1: selecting invalid altsetting 6
[  341.499906][ T5936] usb 4-1: digital interface selection failed (-22)
[  341.503618][ T5936] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  341.510492][ T5936] usb 4-1: setting power OFF
[  341.512804][ T5936] dvb-usb: bulk message failed: -22 (2/0)
[  341.517061][ T5936] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  341.520908][ T5936] (NULL device *): no alternate interface
[  341.549165][ T5936] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  341.691898][ T5936] usb 4-1: USB disconnect, device number 33
[  342.053205][ T5936] tipc: Node number set to 1
[  342.660738][T14464] loop3: detected capacity change from 0 to 65
[  342.664157][T14464] BFS-fs: bfs_fill_super(): NOTE: filesystem loop3 was created with 512 inodes, the real maximum is 511, mounting anyway
[  342.671310][T14464] BFS-fs: bfs_fill_super(): Inode 0x00000002 corrupted on loop3
[  342.762513][T14468] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3408'.
[  342.867858][ T5936] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  343.032789][T14478] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3412'.
[  343.036619][T14478] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3412'.
[  343.079711][ T5936] usb 6-1: config index 0 descriptor too short (expected 35577, got 27)
[  343.083041][ T5936] usb 6-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  343.086399][ T5936] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  343.093272][ T5936] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 92
[  343.098606][ T5936] usb 6-1: config 1 has no interface number 0
[  343.101090][ T5936] usb 6-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  343.106613][ T5936] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.121814][ T5936] snd_usb_pod 6-1:1.1: Line 6 Pocket POD found
[  343.323028][ T5936] snd_usb_pod 6-1:1.1: endpoint not available, using fallback values
[  343.326013][ T5936] snd_usb_pod 6-1:1.1: invalid control EP
[  343.328047][ T5936] snd_usb_pod 6-1:1.1: cannot start listening: -22
[  343.330443][ T5936] snd_usb_pod 6-1:1.1: Line 6 Pocket POD now disconnected
[  343.333011][ T5936] snd_usb_pod 6-1:1.1: probe with driver snd_usb_pod failed with error -22
[  343.358943][T14492] pimreg: entered allmulticast mode
[  343.362850][T14492] pimreg: left allmulticast mode
[  343.364949][T14492] dvmrp8: left allmulticast mode
[  343.469709][T14494] bond0: entered promiscuous mode
[  343.472666][T14494] batadv0: entered promiscuous mode
[  343.475767][T14494] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  343.480033][T14494] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[  343.484479][T14494] 8021q: adding VLAN 0 to HW filter on device hsr1
[  343.527297][ T5936] usb 6-1: USB disconnect, device number 7
[  343.981324][T14519] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3432'.
[  344.077219][T14526] bond1: entered promiscuous mode
[  344.081383][   T10] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  344.086169][T14526] 8021q: adding VLAN 0 to HW filter on device bond1
[  344.194000][T14539] loop5: detected capacity change from 0 to 1024
[  344.238179][   T10] usb 4-1: Using ep0 maxpacket: 8
[  344.249146][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  344.252584][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x93, changing to 0x83
[  344.256144][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  344.268692][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  344.272413][   T10] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  344.290143][   T10] usb 4-1: New USB device found, idVendor=15c2, idProduct=003b, bcdDevice=66.3e
[  344.293710][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.296898][   T10] usb 4-1: Product: syz
[  344.298689][   T10] usb 4-1: Manufacturer: syz
[  344.300514][   T10] usb 4-1: SerialNumber: syz
[  344.304656][   T10] usb 4-1: config 0 descriptor??
[  344.309936][   T10] imon:imon_init_intf0: usb_submit_urb failed for intf0 (-90)
[  344.313482][   T10] imon 4-1:0.0: unable to initialize intf0, err -90
[  344.316103][   T10] imon:imon_probe: failed to initialize context!
[  344.318889][   T10] imon 4-1:0.0: unable to register, err -19
[  344.338549][T14548] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3445'.
[  344.489328][ T5856] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  344.511230][   T10] usb 4-1: USB disconnect, device number 34
[  344.659646][ T5856] usb 6-1: config 0 interface 0 altsetting 162 endpoint 0x81 has invalid wMaxPacketSize 0
[  344.663595][ T5856] usb 6-1: config 0 interface 0 altsetting 162 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  344.669410][ T5856] usb 6-1: config 0 interface 0 has no altsetting 0
[  344.672233][ T5856] usb 6-1: New USB device found, idVendor=1b1c, idProduct=1c1f, bcdDevice= 0.00
[  344.675938][ T5856] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  344.681594][ T5856] usb 6-1: config 0 descriptor??
[  345.066387][T14572] netlink: 'syz.3.3455': attribute type 10 has an invalid length.
[  345.074968][T14572] 8021q: adding VLAN 0 to HW filter on device batadv0
[  345.083792][T14572] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  345.099583][T14572] bond0: entered promiscuous mode
[  345.100956][ T5856] corsair-psu 0003:1B1C:1C1F.000E: hidraw0: USB HID v0.00 Device [HID 1b1c:1c1f] on usb-dummy_hcd.5-1/input0
[  345.101843][T14572] bond_slave_0: entered promiscuous mode
[  345.109756][T14572] bond_slave_1: entered promiscuous mode
[  345.112233][T14572] batadv0: entered promiscuous mode
[  345.168107][ T5856] corsair-psu 0003:1B1C:1C1F.000E: unable to initialize device (-38)
[  345.175524][ T5856] corsair-psu 0003:1B1C:1C1F.000E: probe with driver corsair-psu failed with error -38
[  345.299533][ T5856] usb 6-1: USB disconnect, device number 8
[  345.373907][T14576] loop3: detected capacity change from 0 to 32768
[  345.539387][T14580] loop3: detected capacity change from 0 to 1024
[  345.542784][T14580] EXT4-fs: Ignoring removed nobh option
[  345.545768][T14580] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  345.559483][T14580] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #11: comm syz.3.3459: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  345.567556][T14580] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.3459: couldn't read orphan inode 11 (err -117)
[  345.579065][T14580] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  345.595744][T14580] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.3459: Invalid block bitmap block 0 in block_group 0
[  345.606825][T14580] Quota error (device loop3): write_blk: dquota write failed
[  345.612585][T14580] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  345.616492][T14580] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.3459: Failed to acquire dquot type 0
[  345.641738][   T36] EXT4-fs error (device loop3): __ext4_get_inode_loc:4861: comm kworker/u10:1: Invalid inode table block 8589934593 in block_group 0
[  345.660086][ T8300] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.670979][T14590] openvswitch: netlink: Multiple metadata blocks provided
[  346.026497][T14598] loop3: detected capacity change from 0 to 32768
[  346.044407][T14598] ERROR: (device loop3): dbAlloc: the hint is outside the map
[  346.044407][T14598] 
[  346.064971][   T27] read_mapping_page failed!
[  346.066951][   T27] ERROR: (device loop3): txCommit: 
[  346.066951][   T27] 
[  346.073175][   T27] jfs_write_inode: jfs_commit_inode failed!
[  346.160978][T14608] netlink: 'syz.3.3471': attribute type 5 has an invalid length.
[  346.210292][ T5856] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  346.318483][T14616] xt_HMARK: spi-set and port-set can't be combined
[  346.358263][ T5856] usb 6-1: Using ep0 maxpacket: 8
[  346.362625][ T5856] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  346.365956][ T5856] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  346.378758][ T5856] usb 6-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[  346.385097][ T5856] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  346.393949][ T5856] usb 6-1: config 0 descriptor??
[  346.410048][T14610] loop3: detected capacity change from 0 to 40427
[  346.413006][T14610] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  346.416038][T14610] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  346.420239][T14610] F2FS-fs (loop3): invalid crc value
[  346.480637][T14610] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  346.486281][T14610] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  346.489332][T14610] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  346.740701][T14638] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3479'.
[  346.744655][T14638] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3479'.
[  346.748621][T14638] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3479'.
[  346.812645][T14642] loop3: detected capacity change from 0 to 128
[  346.846359][ T5856] hid-rmi 0003:06CB:81A7.000F: unknown main item tag 0x4
[  346.849353][ T5856] hid-rmi 0003:06CB:81A7.000F: unknown main item tag 0x0
[  346.852020][ T5856] hid-rmi 0003:06CB:81A7.000F: unknown main item tag 0x0
[  346.855617][ T5856] hid-rmi 0003:06CB:81A7.000F: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.5-1/input0
[  347.418254][ T5856] usb 6-1: USB disconnect, device number 9
[  347.558073][T14659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3492'.
[  347.677056][T14664] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  348.022440][T14680] loop5: detected capacity change from 0 to 2048
[  348.026821][T14680] UDF-fs: error (device loop5): udf_process_sequence: Primary Volume Descriptor not found!
[  348.034879][T14680] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  348.133041][T14684] loop5: detected capacity change from 0 to 512
[  348.152834][T14684] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  348.158714][T14684] ext4 filesystem being mounted at /269/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  348.184410][T12348] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.238958][   T10] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  348.271938][T14691] netlink: 'syz.0.3506': attribute type 10 has an invalid length.
[  348.277341][T14691] team0: Port device netdevsim0 added
[  348.402244][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  348.411343][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  348.417556][   T10] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf
[  348.426914][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.430497][   T10] usb 4-1: Product: syz
[  348.432265][   T10] usb 4-1: Manufacturer: syz
[  348.434052][   T10] usb 4-1: SerialNumber: syz
[  348.452489][   T10] usb 4-1: config 0 descriptor??
[  348.457406][   T10] usb 4-1: Found UVC 0.00 device syz (18ec:3288)
[  348.460104][   T10] usb 4-1: No valid video chain found.
[  348.661587][   T10] usb 4-1: USB disconnect, device number 35
[  348.691302][T14710] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  348.738365][T14712] xt_limit: Overflow, try lower: 271964/0
[  349.163296][T14728] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3523'.
[  349.166651][T14728] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3523'.
[  349.492163][T14737] loop3: detected capacity change from 0 to 32768
[  349.492684][T14745] netlink: 'syz.5.3531': attribute type 8 has an invalid length.
[  349.504094][T14737] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  349.612119][ T8300] ocfs2: Unmounting device (7,3) on (node local)
[  349.753976][T14759] netlink: 'syz.5.3538': attribute type 21 has an invalid length.
[  349.756911][T14759] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3538'.
[  349.823823][T14765] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3539'.
[  349.841551][T14765] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3539'.
[  350.217862][   T10] usb 6-1: new full-speed USB device number 10 using dummy_hcd
[  350.370150][   T10] usb 6-1: config 0 has an invalid interface number: 110 but max is 0
[  350.373467][   T10] usb 6-1: config 0 has no interface number 0
[  350.375941][   T10] usb 6-1: config 0 interface 110 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  350.380927][   T10] usb 6-1: config 0 interface 110 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  350.386609][   T10] usb 6-1: config 0 interface 110 has no altsetting 0
[  350.392609][   T10] usb 6-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=af.55
[  350.396347][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.401156][   T10] usb 6-1: Product: syz
[  350.402940][   T10] usb 6-1: Manufacturer: syz
[  350.404824][   T10] usb 6-1: SerialNumber: syz
[  350.409348][   T10] usb 6-1: config 0 descriptor??
[  350.620971][   T10] cdc_subset 6-1:0.110: probe with driver cdc_subset failed with error -22
[  350.721917][T14781] IPVS: Unknown mcast interface: vcan0
[  350.807385][T14786] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3550'.
[  350.810563][T14786] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3550'.
[  350.813687][T14787] netlink: 'syz.0.3549': attribute type 10 has an invalid length.
[  350.822486][   T10] usb 6-1: USB disconnect, device number 10
[  351.607328][T14826] netlink: 168 bytes leftover after parsing attributes in process `syz.5.3568'.
[  351.669734][T14830] netlink: 'syz.5.3570': attribute type 2 has an invalid length.
[  352.288062][  T792] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  352.341638][T14848] netlink: 44 bytes leftover after parsing attributes in process `syz.0.3578'.
[  352.345391][T14848] netlink: 84 bytes leftover after parsing attributes in process `syz.0.3578'.
[  352.443034][  T792] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  352.447221][  T792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  352.453325][  T792] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  352.457001][  T792] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  352.463239][  T792] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  352.466792][  T792] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  352.471592][  T792] usb 4-1: Manufacturer: syz
[  352.475449][  T792] usb 4-1: config 0 descriptor??
[  352.827877][ T5936] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  352.887410][  T792] appleir 0003:05AC:8243.0010: unknown main item tag 0x0
[  352.894207][  T792] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  352.918185][ T1088] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  352.987943][ T5936] usb 6-1: Using ep0 maxpacket: 8
[  352.994326][ T5936] usb 6-1: config 0 has an invalid interface number: 31 but max is 0
[  352.998019][ T5936] usb 6-1: config 0 has no interface number 0
[  353.003345][ T5936] usb 6-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  353.007011][ T5936] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  353.012926][ T5936] usb 6-1: Product: syz
[  353.014592][ T5936] usb 6-1: Manufacturer: syz
[  353.016390][ T5936] usb 6-1: SerialNumber: syz
[  353.022292][ T5936] usb 6-1: config 0 descriptor??
[  353.139515][   T10] usb 4-1: USB disconnect, device number 36
[  353.233789][ T5936] usb 6-1: Found UVC 0.04 device syz (046d:08c3)
[  353.236355][ T5936] usb 6-1: No streaming interface found for terminal 6.
[  353.243932][ T5936] usb 6-1: USB disconnect, device number 11
[  354.838301][ T2299] usb 4-1: new full-speed USB device number 37 using dummy_hcd
[  355.069970][ T2299] usb 4-1: config 0 has an invalid interface number: 46 but max is 0
[  355.081025][ T2299] usb 4-1: config 0 has no interface number 0
[  355.083708][ T2299] usb 4-1: config 0 interface 46 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[  355.100275][ T2299] usb 4-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01
[  355.104029][ T2299] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.107176][ T2299] usb 4-1: Product: syz
[  355.114195][ T2299] usb 4-1: Manufacturer: syz
[  355.116076][ T2299] usb 4-1: SerialNumber: syz
[  355.127059][ T2299] usb 4-1: config 0 descriptor??
[  355.135303][T14895] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  355.139856][ T2299] ums-karma 4-1:0.46: USB Mass Storage device detected
[  355.209562][ T2299] ums-karma 4-1:0.46: probe with driver ums-karma failed with error -5
[  355.234778][T14913] loop5: detected capacity change from 0 to 40427
[  355.240649][T14913] F2FS-fs (loop5): invalid crc value
[  355.293828][T14913] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  355.297679][T14913] F2FS-fs (loop5): Start checkpoint disabled!
[  355.303217][T14913] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  355.329777][ T3580] kworker/u9:4: attempt to access beyond end of device
[  355.329777][ T3580] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  355.337932][ T3580] CPU: 0 UID: 0 PID: 3580 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) 
[  355.337952][ T3580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  355.337960][ T3580] Workqueue: writeback wb_workfn (flush-7:5)
[  355.337982][ T3580] Call Trace:
[  355.337988][ T3580]  <TASK>
[  355.337994][ T3580]  dump_stack_lvl+0x189/0x250
[  355.338015][ T3580]  ? __pfx_dump_stack_lvl+0x10/0x10
[  355.338031][ T3580]  ? __pfx_queue_work_on+0x10/0x10
[  355.338044][ T3580]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  355.338065][ T3580]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  355.338096][ T3580]  f2fs_handle_critical_error+0x37c/0x540
[  355.338122][ T3580]  f2fs_write_end_io+0x886/0xb60
[  355.338153][ T3580]  __submit_merged_bio+0x27a/0x6a0
[  355.338179][ T3580]  __submit_merged_write_cond+0x255/0x530
[  355.338205][ T3580]  f2fs_write_data_pages+0x261d/0x3000
[  355.338250][ T3580]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  355.338275][ T3580]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  355.338323][ T3580]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  355.338342][ T3580]  ? look_up_lock_class+0x74/0x170
[  355.338366][ T3580]  ? trace_f2fs_writepages+0x7f/0x200
[  355.338386][ T3580]  ? f2fs_write_node_pages+0x478/0x6e0
[  355.338409][ T3580]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  355.338441][ T3580]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  355.338455][ T3580]  do_writepages+0x32e/0x550
[  355.338478][ T3580]  ? reacquire_held_locks+0x127/0x1d0
[  355.338491][ T3580]  ? writeback_sb_inodes+0x384/0x1010
[  355.338524][ T3580]  __writeback_single_inode+0x145/0xff0
[  355.338541][ T3580]  ? do_raw_spin_unlock+0x4d/0x240
[  355.338562][ T3580]  writeback_sb_inodes+0x6c7/0x1010
[  355.338631][ T3580]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  355.338690][ T3580]  ? rcu_is_watching+0x15/0xb0
[  355.338713][ T3580]  wb_writeback+0x43b/0xaf0
[  355.338738][ T3580]  ? queue_io+0x311/0x590
[  355.338757][ T3580]  ? __pfx_wb_writeback+0x10/0x10
[  355.338782][ T3580]  ? _raw_spin_unlock_irq+0x23/0x50
[  355.338807][ T3580]  wb_workfn+0x409/0xef0
[  355.338836][ T3580]  ? __pfx_wb_workfn+0x10/0x10
[  355.338854][ T3580]  ? __lock_acquire+0xab9/0xd20
[  355.338883][ T3580]  ? process_scheduled_works+0x9ef/0x17b0
[  355.338903][ T3580]  ? _raw_spin_unlock_irq+0x23/0x50
[  355.338920][ T3580]  ? process_scheduled_works+0x9ef/0x17b0
[  355.338932][ T3580]  ? process_scheduled_works+0x9ef/0x17b0
[  355.338948][ T3580]  process_scheduled_works+0xae1/0x17b0
[  355.338989][ T3580]  ? __pfx_process_scheduled_works+0x10/0x10
[  355.339019][ T3580]  worker_thread+0x8a0/0xda0
[  355.339033][ T3580]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  355.339058][ T3580]  ? __kthread_parkme+0x7b/0x200
[  355.339079][ T3580]  kthread+0x711/0x8a0
[  355.339091][ T3580]  ? __pfx_worker_thread+0x10/0x10
[  355.339098][ T3580]  ? __pfx_kthread+0x10/0x10
[  355.339108][ T3580]  ? _raw_spin_unlock_irq+0x23/0x50
[  355.339119][ T3580]  ? lockdep_hardirqs_on+0x9c/0x150
[  355.339126][ T3580]  ? __pfx_kthread+0x10/0x10
[  355.339135][ T3580]  ret_from_fork+0x439/0x7d0
[  355.339145][ T3580]  ? __pfx_ret_from_fork+0x10/0x10
[  355.339156][ T3580]  ? __switch_to_asm+0x39/0x70
[  355.339165][ T3580]  ? __switch_to_asm+0x33/0x70
[  355.339173][ T3580]  ? __pfx_kthread+0x10/0x10
[  355.339182][ T3580]  ret_from_fork_asm+0x1a/0x30
[  355.339200][ T3580]  </TASK>
[  355.339204][ T3580] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  355.363880][ T5936] usb 4-1: USB disconnect, device number 37
[  355.710011][T14928] loop5: detected capacity change from 0 to 4096
[  355.713820][T14928] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512).
[  355.720967][T14928] ntfs3(loop5): ino=0, mi_enum_attr
[  355.725882][T14928] ntfs3(loop5): ino=0, mi_enum_attr
[  355.729925][T14928] ntfs3(loop5): Failed to load $MFT (-2).
[  355.985585][T14942] netlink: 'syz.3.3621': attribute type 1 has an invalid length.
[  356.004677][T14942] 8021q: adding VLAN 0 to HW filter on device bond3
[  356.024012][T14942] bond3: (slave geneve3): making interface the new active one
[  356.027647][T14942] bond3: (slave geneve3): Enslaving as an active interface with an up link
[  356.419308][T14960] netlink: 'syz.0.3629': attribute type 15 has an invalid length.
[  356.422033][T14960] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3629'.
[  357.014648][T14975] loop5: detected capacity change from 0 to 256
[  357.026197][T14975] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d)
[  357.361140][T14999] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[  357.493657][T15009] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3651'.
[  357.908565][ T5936] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  358.088729][ T5936] usb 4-1: Using ep0 maxpacket: 16
[  358.095829][ T5936] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  358.100809][ T5936] usb 4-1: config 0 interface 0 altsetting 16 has 0 endpoint descriptors, different from the interface descriptor's value: 5
[  358.106110][ T5936] usb 4-1: config 0 interface 0 has no altsetting 0
[  358.111471][ T5936] usb 4-1: New USB device found, idVendor=04b4, idProduct=ed81, bcdDevice= 0.00
[  358.115088][ T5936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  358.121884][ T5936] usb 4-1: config 0 descriptor??
[  358.134766][ T5936] usbhid 4-1:0.0: couldn't find an input interrupt endpoint
[  358.375138][ T2299] usb 4-1: USB disconnect, device number 38
[  359.240985][T15048] openvswitch: netlink: Flow actions attr not present in new flow.
[  359.487891][ T5936] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  359.600691][ T5858] Bluetooth: hci2: unexpected event for opcode 0x0c2d
[  359.657942][ T5936] usb 4-1: Using ep0 maxpacket: 16
[  359.666231][ T5936] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  359.670338][ T5936] usb 4-1: config 0 has no interface number 0
[  359.672760][ T5936] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  359.676521][ T5936] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  359.680460][ T5936] usb 4-1: config 0 interface 41 has no altsetting 0
[  359.693591][ T5936] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  359.696970][ T5936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.701247][ T5936] usb 4-1: Product: syz
[  359.708038][ T5936] usb 4-1: Manufacturer: syz
[  359.709844][ T5936] usb 4-1: SerialNumber: syz
[  359.719730][ T5936] usb 4-1: config 0 descriptor??
[  359.722648][T15047] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  359.725437][T15047] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  359.942085][T15047] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  359.945013][T15047] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  360.352438][T15071] loop5: detected capacity change from 0 to 32768
[  360.355722][T15071] XFS: noikeep mount option is deprecated.
[  360.378332][T15071] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  360.415925][T15071] XFS (loop5): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  360.433887][T15071] XFS (loop5): Starting recovery (logdev: internal)
[  360.451027][T15071] XFS (loop5): Ending recovery (logdev: internal)
[  360.459449][   T33] audit: type=1800 audit(1758565705.568:126): pid=15071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3678" name="file1" dev="loop5" ino=4422 res=0 errno=0
[  360.512923][T15084] XFS (loop5): Metadata corruption detected at xfs_btree_lookup_get_block+0x3c5/0x500, xfs_bnobt block 0x8
[  360.516871][T15084] XFS (loop5): Unmount and run xfs_repair
[  360.531596][T15071] XFS (loop5): Internal error i != 1 at line 628 of file fs/xfs/libxfs/xfs_alloc.c.  Caller xfs_alloc_fixup_trees+0x929/0xd20
[  360.536406][T15071] CPU: 0 UID: 0 PID: 15071 Comm: syz.5.3678 Not tainted syzkaller #0 PREEMPT(full) 
[  360.536426][T15071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  360.536435][T15071] Call Trace:
[  360.536442][T15071]  <TASK>
[  360.536449][T15071]  dump_stack_lvl+0x189/0x250
[  360.536471][T15071]  ? __pfx__xfs_alert_tag+0x10/0x10
[  360.536491][T15071]  ? __pfx_dump_stack_lvl+0x10/0x10
[  360.536510][T15071]  ? __pfx_xfs_btree_lookup+0x10/0x10
[  360.536533][T15071]  xfs_corruption_error+0x122/0x170
[  360.536550][T15071]  ? xfs_alloc_fixup_trees+0x929/0xd20
[  360.536575][T15071]  xfs_alloc_fixup_trees+0x95e/0xd20
[  360.536591][T15071]  ? xfs_alloc_fixup_trees+0x929/0xd20
[  360.536616][T15071]  ? __pfx_xfs_alloc_fixup_trees+0x10/0x10
[  360.536637][T15071]  ? rcu_is_watching+0x15/0xb0
[  360.536653][T15071]  ? xfs_alloc_ag_vextent_lastblock+0x3e2/0x6e0
[  360.536667][T15071]  ? rcu_is_watching+0x15/0xb0
[  360.536687][T15071]  xfs_alloc_cur_finish+0xd3/0x4b0
[  360.536707][T15071]  xfs_alloc_ag_vextent_near+0xd1a/0x1230
[  360.536747][T15071]  ? __pfx_xfs_alloc_ag_vextent_near+0x10/0x10
[  360.536768][T15071]  ? xfs_group_grab+0x28/0x480
[  360.536785][T15071]  ? xfs_alloc_vextent_prepare_ag+0x1b2/0x610
[  360.536809][T15071]  xfs_alloc_vextent_iterate_ags+0x640/0x940
[  360.536842][T15071]  xfs_alloc_vextent_start_ag+0x388/0x850
[  360.536870][T15071]  xfs_bmapi_allocate+0x188e/0x2e00
[  360.536904][T15071]  ? __pfx_xfs_bmapi_allocate+0x10/0x10
[  360.536920][T15071]  ? get_random_u32+0x155/0x940
[  360.536950][T15071]  ? xfs_iext_lookup_extent+0x41e/0x7e0
[  360.536969][T15071]  ? xfs_iext_prev+0x35a/0x370
[  360.536986][T15071]  ? xfs_iext_get_extent+0x1bb/0x370
[  360.537008][T15071]  xfs_bmapi_write+0x7df/0x1260
[  360.537039][T15071]  ? __pfx_xfs_bmapi_write+0x10/0x10
[  360.537102][T15071]  ? xfs_trans_alloc_inode+0x22a/0x4a0
[  360.537124][T15071]  ? xfs_iext_count_extend+0x1fc/0x2c0
[  360.537156][T15071]  xfs_iomap_write_direct+0x3b2/0x6b0
[  360.537184][T15071]  ? __pfx_xfs_iomap_write_direct+0x10/0x10
[  360.537200][T15071]  ? xfs_iunlock+0x14f/0x330
[  360.537220][T15071]  ? xfs_direct_write_iomap_begin+0xf82/0x13e0
[  360.537239][T15071]  ? xfs_direct_write_iomap_begin+0xf82/0x13e0
[  360.537252][T15071]  ? xfs_iunlock+0x1c0/0x330
[  360.537273][T15071]  xfs_direct_write_iomap_begin+0xfa3/0x13e0
[  360.537288][T15071]  ? iomap_dio_rw+0x45/0xb0
[  360.537324][T15071]  ? __pfx_xfs_direct_write_iomap_begin+0x10/0x10
[  360.537364][T15071]  ? __pfx_xfs_direct_write_iomap_begin+0x10/0x10
[  360.537381][T15071]  iomap_iter+0x534/0xde0
[  360.537409][T15071]  __iomap_dio_rw+0xc57/0x1e30
[  360.537451][T15071]  ? __pfx___iomap_dio_rw+0x10/0x10
[  360.537475][T15071]  ? xfs_trans_log_inode+0x12c/0x1a0
[  360.537508][T15071]  ? mnt_put_write_access_file+0xc0/0x100
[  360.537526][T15071]  ? __pfx_xfs_vn_update_time+0x10/0x10
[  360.537544][T15071]  ? file_modified_flags+0x4bb/0x560
[  360.537566][T15071]  ? xfs_file_write_checks+0x987/0xa10
[  360.537597][T15071]  iomap_dio_rw+0x45/0xb0
[  360.537621][T15071]  xfs_file_dio_write_aligned+0x157/0x1b0
[  360.537638][T15071]  ? __pfx_xfs_file_dio_write_aligned+0x10/0x10
[  360.537658][T15071]  ? splice_from_pipe_next+0x608/0x660
[  360.537680][T15071]  xfs_file_write_iter+0x8b2/0xa60
[  360.537731][T15071]  iter_file_splice_write+0xa0b/0x11f0
[  360.537777][T15071]  ? __pfx_iter_file_splice_write+0x10/0x10
[  360.537803][T15071]  ? rcu_read_lock_any_held+0xb3/0x120
[  360.537831][T15071]  ? __pfx_iter_file_splice_write+0x10/0x10
[  360.537852][T15071]  direct_splice_actor+0x101/0x160
[  360.537876][T15071]  splice_direct_to_actor+0x5a8/0xcc0
[  360.537913][T15071]  ? __pfx_direct_splice_actor+0x10/0x10
[  360.537933][T15071]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  360.537963][T15071]  do_splice_direct+0x181/0x270
[  360.537985][T15071]  ? __pfx_do_splice_direct+0x10/0x10
[  360.538005][T15071]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  360.538023][T15071]  ? rw_verify_area+0x255/0x4d0
[  360.538045][T15071]  do_sendfile+0x4da/0x7e0
[  360.538058][T15071]  ? lockdep_hardirqs_on+0x9c/0x150
[  360.538108][T15071]  ? __pfx_do_sendfile+0x10/0x10
[  360.538128][T15071]  ? __se_sys_futex+0x36f/0x400
[  360.538157][T15071]  __se_sys_sendfile64+0x13e/0x190
[  360.538174][T15071]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  360.538186][T15071]  ? rcu_is_watching+0x15/0xb0
[  360.538205][T15071]  ? do_syscall_64+0xbe/0x3b0
[  360.538225][T15071]  do_syscall_64+0xfa/0x3b0
[  360.538240][T15071]  ? lockdep_hardirqs_on+0x9c/0x150
[  360.538254][T15071]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.538268][T15071]  ? exc_page_fault+0x9f/0xf0
[  360.538284][T15071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.538300][T15071] RIP: 0033:0x7f08e998ec29
[  360.538315][T15071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  360.538329][T15071] RSP: 002b:00007f08ea886038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  360.538347][T15071] RAX: ffffffffffffffda RBX: 00007f08e9bd5fa0 RCX: 00007f08e998ec29
[  360.538358][T15071] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  360.538366][T15071] RBP: 00007f08e9a11e41 R08: 0000000000000000 R09: 0000000000000000
[  360.538375][T15071] R10: 0000000020fffe82 R11: 0000000000000246 R12: 0000000000000000
[  360.538385][T15071] R13: 00007f08e9bd6038 R14: 00007f08e9bd5fa0 R15: 00007fff8eb44f78
[  360.538411][T15071]  </TASK>
[  360.553717][ T5936] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0
[  360.554865][T15071] XFS (loop5): Corruption detected. Unmount and run xfs_repair
[  360.776454][T12348] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  360.780956][ T5936] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9
[  360.786626][ T5936] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to power down PHY : -71
[  360.786770][T12348] XFS (loop5): Uncorrected metadata errors detected; please run xfs_repair.
[  360.790820][ T5936] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -71
[  360.799987][ T5936] usb 4-1: USB disconnect, device number 39
[  361.200596][T15087] loop5: detected capacity change from 0 to 40427
[  361.204636][T15087] F2FS-fs (loop5): Image doesn't support compression
[  361.207409][T15087] F2FS-fs (loop5): build fault injection rate: 690
[  361.210029][T15087] F2FS-fs (loop5): build fault injection type: 0x35f7
[  361.214444][T15087] F2FS-fs (loop5): invalid crc value
[  361.266444][T15087] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  361.270495][T15087] F2FS-fs (loop5): Start checkpoint disabled!
[  361.274199][T15087] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  361.386437][T15096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3685'.
[  361.391419][T15096] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3685'.
[  361.595450][T15112] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3692'.
[  361.613776][T15114] loop5: detected capacity change from 0 to 512
[  361.617266][T15114] EXT4-fs: Ignoring removed nomblk_io_submit option
[  361.620688][T15114] EXT4-fs: Mount option(s) incompatible with ext3
[  361.632468][T15114] gfs2: Unexpected value for 'barrier'
[  361.835205][ T5936] kernel write not supported for file /sequencer (pid: 5936 comm: kworker/1:6)
[  361.882440][ T5936] IPVS: starting estimator thread 0...
[  361.979358][T15139] IPVS: using max 41 ests per chain, 98400 per kthread
[  362.083844][T15143] loop3: detected capacity change from 0 to 32768
[  362.109669][T15143] read_mapping_page failed!
[  362.111380][T15143] ERROR: (device loop3): txCommit: 
[  362.111380][T15143] 
[  362.129583][  T116] BUG at fs/jfs/jfs_txnmgr.c:931 assert(mp->nohomeok > 0)
[  362.132176][  T116] ------------[ cut here ]------------
[  362.134244][  T116] kernel BUG at fs/jfs/jfs_txnmgr.c:931!
[  362.136204][  T116] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  362.138655][  T116] CPU: 0 UID: 0 PID: 116 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  362.142728][  T116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  362.145970][  T116] RIP: 0010:txUnlock+0xdaf/0xdf0
[  362.147525][  T116] Code: e4 fd 90 0f 0b e8 d1 b5 7c fe 48 c7 c7 20 23 c4 8b 48 c7 c6 19 1f c4 8b ba a3 03 00 00 48 c7 c1 20 30 c4 8b e8 42 95 e4 fd 90 <0f> 0b e8 aa b5 7c fe 48 c7 c7 20 23 c4 8b 48 c7 c6 19 1f c4 8b ba
[  362.154100][  T116] RSP: 0018:ffffc9000243fbc8 EFLAGS: 00010246
[  362.156327][  T116] RAX: 0000000000000037 RBX: 0000000000001000 RCX: 0d9a9a7e56845e00
[  362.159179][  T116] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  362.161948][  T116] RBP: ffffc90001f92090 R08: 0000000000000003 R09: 0000000000000004
[  362.164443][  T116] R10: dffffc0000000000 R11: fffffbfff1bfa22c R12: dffffc0000000000
[  362.167289][  T116] R13: 1ffff11021b8e8ee R14: ffff88810dc74770 R15: 0000000000000000
[  362.169922][  T116] FS:  0000000000000000(0000) GS:ffff8880b8611000(0000) knlGS:0000000000000000
[  362.172829][  T116] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  362.174867][  T116] CR2: 00005555943a25c8 CR3: 000000010f5da000 CR4: 00000000000006f0
[  362.177307][  T116] Call Trace:
[  362.178384][  T116]  <TASK>
[  362.179306][  T116]  ? lockdep_hardirqs_on+0x9c/0x150
[  362.180790][  T116]  jfs_lazycommit+0x584/0xa90
[  362.182291][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[  362.183991][  T116]  ? __pfx_default_wake_function+0x10/0x10
[  362.185882][  T116]  ? __kthread_parkme+0x7b/0x200
[  362.187324][  T116]  ? __kthread_parkme+0x1a1/0x200
[  362.188757][  T116]  kthread+0x711/0x8a0
[  362.189938][  T116]  ? __pfx_jfs_lazycommit+0x10/0x10
[  362.191600][  T116]  ? __pfx_kthread+0x10/0x10
[  362.193197][  T116]  ? _raw_spin_unlock_irq+0x23/0x50
[  362.194780][  T116]  ? lockdep_hardirqs_on+0x9c/0x150
[  362.196566][  T116]  ? __pfx_kthread+0x10/0x10
[  362.198132][  T116]  ret_from_fork+0x439/0x7d0
[  362.199707][  T116]  ? __pfx_ret_from_fork+0x10/0x10
[  362.201393][  T116]  ? __switch_to_asm+0x39/0x70
[  362.202927][  T116]  ? __switch_to_asm+0x33/0x70
[  362.204399][  T116]  ? __pfx_kthread+0x10/0x10
[  362.205752][  T116]  ret_from_fork_asm+0x1a/0x30
[  362.207178][  T116]  </TASK>
[  362.208119][  T116] Modules linked in:
[  362.209688][  T116] ---[ end trace 0000000000000000 ]---
[  362.211673][ T7518] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  362.215170][  T116] RIP: 0010:txUnlock+0xdaf/0xdf0
[  362.216878][  T116] Code: e4 fd 90 0f 0b e8 d1 b5 7c fe 48 c7 c7 20 23 c4 8b 48 c7 c6 19 1f c4 8b ba a3 03 00 00 48 c7 c1 20 30 c4 8b e8 42 95 e4 fd 90 <0f> 0b e8 aa b5 7c fe 48 c7 c7 20 23 c4 8b 48 c7 c6 19 1f c4 8b ba
[  362.223408][  T116] RSP: 0018:ffffc9000243fbc8 EFLAGS: 00010246
[  362.225376][  T116] RAX: 0000000000000037 RBX: 0000000000001000 RCX: 0d9a9a7e56845e00
[  362.227824][  T116] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[  362.230427][  T116] RBP: ffffc90001f92090 R08: 0000000000000003 R09: 0000000000000004
[  362.233293][  T116] R10: dffffc0000000000 R11: fffffbfff1bfa22c R12: dffffc0000000000
[  362.235822][  T116] R13: 1ffff11021b8e8ee R14: ffff88810dc74770 R15: 0000000000000000
[  362.238595][  T116] FS:  0000000000000000(0000) GS:ffff8880b8611000(0000) knlGS:0000000000000000
[  362.241818][  T116] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  362.244024][  T116] CR2: 00005555943a25c8 CR3: 000000010f5da000 CR4: 00000000000006f0
[  362.246386][  T116] Kernel panic - not syncing: Fatal exception
[  362.248946][  T116] Kernel Offset: disabled
[  362.250546][  T116] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:28:27  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000049 RBX=0000000000000049 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc9000243f2d0
R8 =ffff88801fed8237 R9 =1ffff11003fdb046 R10=dffffc0000000000 R11=ffffffff855006f0
R12=dffffc0000000000 R13=ffffffff99b048e7 R14=ffffffff99df9460 R15=0000000000000000
RIP=ffffffff8550076c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8611000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00005555943a25c8 CR3=000000010f5da000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f08e9a12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=75f37deb946fe400 RBX=ffffffff81969568 RCX=75f37deb946fe400 RDX=0000000000000001
RSI=ffffffff8be33f60 RDI=ffffffff81969568 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa3a730 R13=0000000000000001 R14=0000000000000001 R15=1ffff1102001f000
RIP=ffffffff8b7b2433 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c11000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000560e69f137e8 CR3=000000001c29a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=08060a016fda07a9 c010001003001000
XMM02=2010000004018408 0002080001000000 XMM03=0c0171f608018802 0501800402014ca2
XMM04=010010003cfc1000 0fffffffffffff04 XMM05=0100000208060fff ffffffffff040100
XMM06=000008060c0171f6 0801880205018004 XMM07=02014ca220100000 0401840800020800
XMM08=0100014bfe301000 0180042210000601 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
