last executing test programs:

1m23.146675598s ago: executing program 0 (id=215):
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_IO(r0, 0x2285, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
write$sndseq(r1, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38)
write$sndseq(r1, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @time=@time}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect}], 0xc4)
ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000001c0))

1m22.923185357s ago: executing program 0 (id=217):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"})
ioctl$TIOCGPTPEER(r0, 0x5441, 0x2185)
close(r0)
r1 = io_uring_setup(0x5bde, &(0x7f0000000380)={0x0, 0x9014, 0x40, 0xfffffff9})
close_range(r1, 0xffffffffffffffff, 0x0)

1m22.665320168s ago: executing program 0 (id=219):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x0, &(0x7f0000000400)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x0, @multicast}, 0x10)
recvmmsg(r2, &(0x7f00000050c0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2, 0x0)

1m22.331848295s ago: executing program 0 (id=222):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)

1m21.562800657s ago: executing program 3 (id=229):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f046})
ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000000300)=@multiplanar_fd={0x0, 0x1, 0x4, 0xe000, 0xffff8c53, {}, {0x5, 0x8, 0x10, 0xe7, 0xc, 0x8d, "f443781b"}, 0x8, 0x4, {0x0}, 0xffffffff})

1m21.412599079s ago: executing program 3 (id=231):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000080), 0x2, 0x0)
sendfile(r1, r1, 0x0, 0x200)

1m21.27613107s ago: executing program 0 (id=232):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0xfcfa, &(0x7f0000000280)={&(0x7f0000000140)=@deltfilter={0x0, 0x2d, 0x200, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x0, 0x10}, {0x4, 0xe}, {0x4}}}, 0x24}}, 0x50)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0xb4}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1m21.231614404s ago: executing program 3 (id=233):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
syz_emit_ethernet(0x38, &(0x7f0000000240)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x1c, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x8, 0x0, 0x0, 0x1000}, {"b767"}}}}}}, 0x0)

1m20.842168335s ago: executing program 3 (id=237):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x818808, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
setxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@known='trusted.overlay.impure\x00', 0x0, 0x0, 0x1)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x200000, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@userxattr}]})
llistxattr(&(0x7f0000000140)='./bus\x00', &(0x7f00000001c0)=""/146, 0x92)

1m20.586586806s ago: executing program 0 (id=239):
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='O', 0x1, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

1m20.098494626s ago: executing program 32 (id=239):
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1700000007"], 0x50)
sendto$packet(0xffffffffffffffff, &(0x7f0000000000)='O', 0x1, 0x0, 0x0, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

1m18.825359399s ago: executing program 3 (id=246):
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {}, {}]}, @func={0x0, 0x0, 0x0, 0xc, 0x20}, @volatile, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x2}]}}, 0x0, 0x96}, 0x20)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000280)='GPL\x00', 0x5, 0xe2, &(0x7f00000002c0)=""/226, 0x0, 0x0, '\x00', 0x0, 0x25, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={r2, 0xd8, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001000), 0x8, 0x0, 0x8, 0xffffffffffffff0e, 0x0}}, 0x10)

1m17.649824654s ago: executing program 3 (id=251):
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000022020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ioprio_set$pid(0x1, r0, 0x4000)

1m17.181830392s ago: executing program 33 (id=251):
bind$packet(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_usb_disconnect(0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000022020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
ioprio_set$pid(0x1, r0, 0x4000)

4.265801554s ago: executing program 4 (id=608):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x4e20, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$NL80211_CMD_DEL_MPATH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000080}, 0x24840)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000000)={r2, @in={{0x2, 0x0, @empty}}, 0x27c0}, 0x90)

3.863627116s ago: executing program 1 (id=620):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
close_range(r1, r1, 0x2)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)

3.645495464s ago: executing program 1 (id=613):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100000914bf20c80a01c3d5820102031d0902"], 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
r0 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x1, 0x40000333}, &(0x7f00000006c0)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1})
io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0)

3.306792922s ago: executing program 4 (id=614):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x7c8})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00003cd000/0x1000)=nil, 0x1000, 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000843000/0x1000)=nil, 0x1000, 0x1000007, 0x401d071, 0xffffffffffffffff, 0x0)
readv(r0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/70, 0x20}], 0x1000000000000078)

3.110036367s ago: executing program 5 (id=617):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="05000000050000000200000004"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="0a00000001000000dd00000009"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb700000000000000b703000000000000850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000300)='tlb_flush\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

3.08248208s ago: executing program 4 (id=618):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000480), 0x101000, 0x0)
ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000000080)={0x4000000000000157, [0x0, 0x0, 0x0]})
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x121400, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0xc008ae88, &(0x7f0000000040)={0x10000000000000cf, 0x0, [{}]})

2.878525576s ago: executing program 5 (id=619):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_clone(0x2004011, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0xc0049364, &(0x7f00000000c0))

2.804242662s ago: executing program 4 (id=621):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000008000000010001000900000001"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000400008500000001000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r1}, 0x18)
syz_open_procfs$namespace(0x0, 0xfffffffffffffffe)

2.682697042s ago: executing program 4 (id=623):
r0 = gettid()
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x80)
read(r1, &(0x7f0000000440)=""/247, 0x26)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x31, @time={0x7, 0x1}, 0x0, {0xfd, 0x8}, 0xfe, 0x0, 0x4})
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0xc0bc5310, &(0x7f0000000040)={0x87, @time={0xbc, 0x7}, 0x0, {0x71, 0x6}, 0x6, 0x0, 0x1})
tkill(r0, 0x7)

2.575847051s ago: executing program 5 (id=624):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4)
sendto$inet(r0, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)

2.4579779s ago: executing program 5 (id=625):
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r0, &(0x7f0000001580)=""/102400, 0x19000)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv2(r1, &(0x7f0000001540)=[{0x0}, {&(0x7f0000001380)=""/129, 0x7ffff000}], 0x2, 0x0, 0x0, 0x0)

2.33813339s ago: executing program 4 (id=627):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUCODE(r1, 0xc018480d, &(0x7f0000000040)={0x1, 0xffffffff, 0x7, 0x7, 0x2, 0x3})
landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)

1.670782045s ago: executing program 1 (id=628):
r0 = gettid()
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x2000)
read(r1, &(0x7f0000000540)=""/212, 0xd4)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000080)={0x335, @time={0x80, 0xff}, 0x0, {0x0, 0x4}})
tkill(r0, 0x7)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO(r1, 0xc02c5341, &(0x7f00000004c0))

1.47542928s ago: executing program 2 (id=630):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x20000, 0x0)
open_tree(r0, &(0x7f0000000640)='\x00', 0x89901)

1.036090956s ago: executing program 5 (id=631):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000005d40)='./file0\x00', 0x4000, &(0x7f0000001e40)=ANY=[@ANYBLOB="71756f74612c646973636172642c646973636172642c696f636861727365743d6b6f69382d72752c646973636172642c00f4193eb3ba2a0d5ff2cd7374288ff89ec513a53e007345decb720900f8312da2463eb0edf52fad1a00ebd41c14b3ce75d0cffefd379624b16f7260c835713b263352e03b5cb8fa0c042bd1225ed4ded2b62e12fea4d7e61b738e40781e58d5fff112364ac140f419e5dafecd283b3fab6b142ddbc893b35a81fe9265591ef35fa2928e095fee4c10b22e4212378de59bca0307cc644b9620b63f0000007bbbd422d87856b71348b8f45398b9660b6b3e8ee8a8c32f3234cb46e2cd827ec25c1ca4d046bc004f8df7b1ee690a5e50510700d80c7fa65fa724d0e1b4369f1b64fe249a0312010000004ac983de925f52d735b03fea941b1e948ad8d19cfda5b799325fd69d14fcf6cdde7700a63150eb3699e5314e0827750e244150ec19f3f3f1d8be542c084b5e40bfaa8ad206d2a33b0ddbd7f8e07dc7d17174a4549ffaf5976949cb69658c42ec7cd9fe8ad82852cefb04646edb3a41eb514eb6a772b3ee9f21e25822b54ec33e592d5c040946721101d53aff21f90351c95aa0f73f1853d6afcbf9448b220e988466066fa5c09e6198fc4520d199b93bdedee87c4043815aa05668a06f8da96680ccc1a139ade90f5c79af46208f9762f54e7c29088d9de69bd2d51c6b9c42209ddc3880051303b855853407d959a5777dce25201c5ea1faa084c36e3e349915ebec53435eb2910c59394ee84ba3baf9c440ae5833c23f46b0eaac543ce0c80ba0603213e53ea59755070b18bc10b9224aa082d96700e63d51c5bffa4f712c2d7fafb9cf506c06e1ddad4fc19038407786fedb9afdfb11a5f182676dd84c919f71d5eee2f3b740b68ee7f6518eb9d8baa26f1c3871f863b134ee942eb3af92d19e70d8268839cd7b4637f0627299f99b1873ca165e410f8bd421e1a4859fd9bd6bb34d25c07e1a52b9668a530b10b8585d797124a6975a71aedbe557a17b06bbfe547aa553c3d08b8921a4b0d938c03687bd48a9a387b4c066c056f457fba5738775b900a1e82a89aae1494b05c4bb0fc8ed1a93688bf850a4f7b0942eda1f16ecf043efa6b8c1f9e0fba31f4a58ed0031180fb1b8a00e4a86826b030000002dd1272a3d1609bed545b86ca7a6bf569ed35d0000ca23b0de742f6008fdf20928370d88f8c04bc3b97b9a9e0062e8fc5fd2337d85a66bd20730f3153db2459fb34c134c06c19364e9645e83040dd16ee08f18f0ba69ac9ca3e25e15442b07000000d30d38a64613b535fa808a9b3bae00bc371271d45db200a5cbf433e2f6dd03b7c7fcc040781e5151c9badb787e7e1e2f39d60998919aa8dbd156f31a5b7fa5f9e5ec01e8c799edc322703c7fc4a81ab9bc02dd96714ee9d7e75d28d040ff3566404fd6db547a4b553197c1f316d20ea54f9459cd81351a510d101e90eabe6dc6c6ac3ffa189c073a5fb3fc382df620bf5af9e638819c77a051e6875866a849f6f578c068c0e4c7cfbc15033997efa853c96297b3201dd30ea40dc94d010a0c33da9f63a10b8f813dc789b80be3bb3f00ee58b30d5c03a6ddbf418ac1b3d4a13839e4b273c4f914bed13f8806295495d41609478798396aeec06e8d342efd8ac6b422f6c23a011b1400000000000000bc2a02094e19a1ee8bb3c3c0c088ae8efaf68c85001faf7cf5426fb7c5c367ed93eb25c48a293549d15b91b59f1b574b3f6171f8e56a402ec56bdf51d90312b3ca5398f4050000007504be21456ec953bf06f12fff20c31e7c8b55fee5c49aa939830b09995ff149258118f9aae29206f9731288b56b10de51525665fdb4e289b1c177df97af3085f82045fbd012f1dde94ffecd90b7b63d8197d9c24a6fe5915ac7d7240847f6d0bf9099ee117c83e363f2ad36a4a9f4faa5734afe9770c38c565cae87a408d0acbb2db7db9174acab60a344814ee643fa82ba41706d2360269ed276e13dd83abbc258f07b0d58ab0b65290b18b7f9f871bcb43fec5a2e3789ecd0c1069d2da80b93c86dff8933e70c2108346003ddf6b60379eee63b66e7341cdd8f87ed9f11894c9ae040976321d87405b492f419ebfa77eb367ca6e360b808451102f54893d7d1695c24bcc184b1e7d19940a2b6931ade8638dd2b85a86dc511dbb97f5035d07ca024076e8581db332b1c5f135fe6b2e9d2c18c9d5d5a524d3d5b2657e4b28f1a09696bd5b076a1471c8b2ab2ca3ba57843af1d03590f4e8985e1c463c781bb03ad7ec816ea70bbe06411aae001e0ca72ee7e828ad14bb7a092d883ad000554bf7f00000000000075cc01f8a2e1802192f09e77bc488b3bd3f08a9ce88ba2e2bcc23cf5d7372b339ce1f5003db0ad70fa6e93aa908a2ced81f5514e23e2f94ff03c1c02f5a9195f4735563efd0a1fc7dafcfb3dae043fe0c172ec3a12747d7abf4382bf7453c13df994641017a0f461add956ef8f834b762af30408af6a61f317fd3c7b0816236a768601b7c6606ba52ff126eb13d33c915c5da99d118db488da3f3d7783a608282a93fcbe0910f0389c3ef91de7c84e23daa6554c42b2b3e9f70a9f790f29011a0b5101b23bfeba6e52877ed8a188958e39375dd203d434bef4dc82cc8a21fc40c6e6e6a2475f70bf1503beb9555036e606a9d3239d1df6f2e9ef16dee590b15ac028c6d873bb2965374b733d8e11ba763ab157ed91dd871b098c0543dcbba4cf67db8c83c84369dc67735fa4faa0fdcf34b1c6a862ccae9fe4fa28746504643b57f02623a2ef34ea90f2e7f7dd771f8f75217c799d978a3533fcfab6c6f5391b626d61b400f08172fc675e2a062d06c31b85452804f7b125c291f60a02a5d62271e96fe70d64bae36e28b42e197259169ebee8f64355544fbad8b83c1c8fad02cd1a2e56a6f6e82ec7719a48a1bea803546b8af7a89faf7cef94d8ada45fc0a98a79ba90c95262f0110725c6bf7c81237534dcd6a8a113bd8ac48b7db5526ab762cec103674742476cd6b92b8c7abcfb1f8e08f0a05c1b209187049f3206bd545e8c20f8db6d8a7cdd0c9ecbb9011b611a013cd581521dfcb028d59d5c69d286fb93e4c498b3aaff7e0cdcf1f41fec65ebdbe4c2bf453140251cdd94c32b87c4634d6500000000000000000000000000000000816e6c33f92dca3e03c400"/2294], 0xff, 0x5e54, &(0x7f0000005d80)="$eJzs3U9vHGcdB/Df/vH6T2kbVagKEQc3hdJSmv8JlH9NOXCAA0ioZxK5bhVIASUB0SoirnJAXICXAJdeOPQt8AL6GhAvgEg2px4og8Z+nmQ8XmcdEu/s+vl8JGfmN8+O95l8PZ5dz8w+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADED77/k7O9iLjym7TgWMTnYhDRj1iu69WoZy7nxw8j4nhsN8fzETFYjKjX3/7n2YgLEfHJMxGbW7fX6sXnDtiPi2du3fjsh9/7x+//dPf4z97+6Uft9h9//vzHf7gTcexHr3/82Z0ns+0AAABQiqqqql56m38ivb/vd90pAGAq8vG/SvJytVqtVj/R+o/92eqPutC6qRrvTrOIiI3mOvVrBqfjAWDObMSnXXeBDsm/aMOIeKrrTgAzrdd1BzgUm1u313op317zeLC6057/Trkr/43e/fs79ptO0r7GZFo/X3djEM/t05/lKfVhluT8++38r+y0j9LjDjv/adkv/9HOrU/FyfkP2vm37Mr/zxExt/n3x+Zfqpz/8FHy3xjM8f4vfwAAAAAAjr789/9jHZ//XXz8TTmQh53/XZ1SHwAAAAAAAADgSXvc8f/uM/4fAAAAzKz6vXrtL888WLbfZ7HVy9/qRTzdejxQmNXGhwMCAAAAAAAAAAAAANMxjFhJ1/UvRMTTKytVVdVfTe36UT3u+vOu9O2HknX9Sx4AAHZ88kzrXv5exFJEvJU+629hZWWlqpaWV6qVankxv54dLS5Vy433tXlaL1scHeAF8XBU1d9sqbFe06T3y5Pa29+vfq5RNThAx6ajw8ABICJ2jkabjkhHTFU9G12/ymE+2P+PHvs/B9H1zykAAABw+Kqqqnrp47xPpHP+/a47BQBMRT7+t88LqNVqtVqtPnp1UzXenWYRERvNderXDIbjB4A5sxGfdt0FOiT/og0j4njXnQBmWq/rDnAoNrdur/VSvr3m8WB1pz1fC7Ir/43e9np5/XHTSdrXmEzr5+tuDOK5ffrz/JT6MEty/v12/ld22vMQ/4ed/7Tsl3+9ncc66E/Xcv6Ddv4tRyf//tj8S5XzHz5S/gP5AwAAAADADMt//z/m/G/eZAAAAAAAAACYO5tbt9fyfa/5/P8Xxzyu15xz/+eRkfPvHTh/9/8eJTn/fjv/1gU5g8b8vTcf5P/vrdtrH9361xfydObzXxiM6ude6PUHw3TNT7XwTlyL67EeZ/Y8frir/eye9oVd7ecmtJ/f0z6q25dz+6lYi1/G9Xj7fvvihAujlia0VxPac/4D+3+Rcv7Dxled/0pq77WmtXsf9vfs983puOe5/Lf/vLR375q+uzG4v21N9fad7KA/2/8nT43i1zfXb5z67dVbt26cjTTZtfRcpMkTlvNfSF85/5df3GnPv/eb++u9D0ePnP+suBvDffN/sTFfb+8rU+5bF3L+o/SV889HoPH7/zznv//+/2oH/QEAAAAAAAAAAAAAAICHqapq+xbRyxFxKd3/09W9mQDAdOXjf5Xk5Wq1Wq1Wq49e3VSN90aziIi/N9epXzP8btw3AwBm2X8j4p9dd4LOyL9g+fP+6umXuu4MMFU33//g51evX1+/cbPrngAAAAAAAAAA/688/udqY/zn7euAWuNG7xr/9c1YndvxP/ujwfZY52mDXoiHj/99Mh4+/vdwwvMtTGgfTWhfnNC+NKF97I0eDTn/F1LGOf8TacNKGv/15Q7607Wc/8k01nPO/yutxzXzr/46z/n3d+V/+tZ7vzp98/0PXrv23tV3199d/8XZM5cunL944fzFi6ffuXZ9/czOvx32+HDl/PPY164DLUvOP2cu/7Lk/L+cavmXJef/UqrlX5acf369J/+y5Pzzex/5lyXn/0qq5V+WnP9XUy3/suT8X021/MuS8/9aquVflpz/a6mWf1ly/qdSLf+y5PxPp1r+Zcn55zNc8i9Lzj9f2SD/suT8z6Va/mXJ+Z9PtfzLkvO/kGr5lyXnfzHV8i9Lzv9SquVflpz/11Mt/7Lk/L+RavmXJef/eqrlX5ac/zdTLf+y5Py/lWr5lyXn/+1Uy78sOf/vpFr+Zcn5fzfV8i9Lzv+NVMu/LA8+/9+MGTNm8kzXv5kAAAAAAAAAAAAAgLZpXE7c9TYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFvXuLkfOszwD+7dFrJxCXhBCCIbZzwJBNdtenxAQnDhCahh7SQGhpQx1jrx2DT/Wuc1LULE3aBhGpkdqL9KIUEEVIbZWoQiqVUhSpSO1duSrKDWolLnyRVCaCSlQkW30z7/vuzOzszPow9sz3/n6R/ffOfDPzzjffzO6z0TMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANNr08dk/GyqKovxT+2t9UVxe/nttsaf8cmHnpV4hAAAAcL7eqv3991ekE/as4kIN2/zbB/7ju4uLi4vFF948/fZfLC6mMzYWxciaoqidF/37L36+2LhN8EwxMTTc8PVwl5sf6XL+aJfzx7qcP97l/DVdzp/ocv6yHbDM2vrvY2pXdkPtn+vru7S4qhirnXdDm0s9M7RmeDj+LqdmqHaZxbGDxeHiSDFbTC+7zFDtv6J4ZVN5W/cW8baGG25rQ1EUZ3761P64hqGwj28omm6spvGxe+PuYuObP31q/7fnX39vu9l1NyxbaVFs2Vyu89miWPp1VTFUrEn7JK5zuGGdG9qsc6RpnUO1y5X/bl3nmVWuM97vibDOH3ZY54Zw2uPXF0WxUKy4TatniuFiXcutpv09UT8iyusoH8p3FaNndZxsWsVxUl7mJ9c3Hyetx2Tc/5vCPhldYQ2ND8cbXx5ftt/P9Tgp73U/HKvldd9f3ujEROOvVpuO1XKbp25c+Rho+9i1OQbSsdxwDGzudgwMj4/UjoHhpTVvbjoGZpZdZrgYqt3W6Rs7HwNT80dPTM098eQth4/uOzR7aPbYzPTO7dt2bN+2Y8fUwcNHZqfrf5/dLh0g64rhdAxuDq818Rj8YMu2jYfk4jcu3PNgok+eB+V9/8xN5YIuHy5WOMbLbZ7dcv7Pg/R9v+F5MNrwPGj7mtrmeTC6iudBuc2ZLav7njna8KfdGnr1Wri+4Ri4lN8Py9t86EMrvxZuCOt67sNn+/1wZNkxEO/WUHjulaekn/cmbg/7ZflxcW15xmXjxam52ZO3Pr5vfv7kTBHGRXFlw2PVerysa7hPxbLjZfisj5c9f/fLm65tc/r6sK8mbu78WJXbbJ/s/FjVXt3b78+mU7cWYVxgF3t/tvtuVu7PlCU67M9ym2dvOf+fBVMuaXj9G+v2+jcyNlp//RtJe2Os6fVv+UMzUltZUZy5ZXWvf2Phz8V+/buqT17/yn310K2dj4Fym+emzvYYGO34+nd9mENhPR8KiWGiIfe/XTt/oX6YNjyWXY+b0dGxcNyMxltsPm62LbtMeW3lbW+ZPrfjZsv1zY9V088tFTxuyn31l9Odj5tym1dnzv+1Y238Z8Nrx3i3Y2BsZLxc71g6COqvd4tr4zFwa7G/OF4cKQ6ky5SPcnlbk1tXdwyMhz8X+7Xjmj45Bsp99eLWzsdAuc0Ptl3Yn522hFPSNg0/O7X+fmGlzH/t6NL1te62C535y3V+Ynvn3w2V27y+/WxzRuf9dHM45bI2+6n1+bPSMX2guDj76ZqwziM7Ov9uqtzmqp2rPJ72FEXx2sxrtd93hd/v/uOp//xu0+992/1O+bWZ1+6beuBHZ7N+AADO3du1vxfG6z9rNvwf69X8/38AAABgIMTcPxxmIv8DAABAZcTcPxJmIv8DAABAZcTcPxpmkkn+f+T2XS+99XSR3g1wMYjnx91w/5317WLHeyF8vXFxSXn6x7419tJXnl7dbQ8XRfHL+97XdvtH7ozrqjsR1/mR5tOXuea6Vd3+ww8ubdf4/glndtWvP96f1R4Gsav8ytTW2vVufGKmNl+9r6jNBxaee6Z+/fWv4/ant9W3/+vwpiV7Dg41XX5LWM8NYW4M7ylz/56l/VDOeLmXNnzgX6/87NLtxcsNbX5n7W6++Ef1643vEfXClfXt4/1eaf3/8tXvvFRu//iN7df/9HD79Z8O1/uTMH+xu7594z7/SsP6/ySsP95evNyt3/x+2/W//J769i+H4+LrYbau/+4/f/9b7R6veDt77qhfLt7+9P9ur10uXl+8/tb1Tzw907Q/Wq//1Tfr17P70Z+NNG4fT4+3Ez18R/PxPRQe36YeeVEU3/nTomk/Fx+tX+6fW9Yfr+/EHe3Xf3PLOk8MXVe7/NL9Wd90v772t1vb3t+4nj3/sL7p/rxwT9h/b079oLze0w+E4zGc/38/rF9f63uZvnxP8+tN3P7r6+vP23h9Uy3rf6Fl/QvXlfuu+/rvfbO+/pfvWtO0/j2fDMfTvfXZbf2H/uaKpst/49v1x+PkY5PHjs+dOnygYa82Po/XTKxdd9nl73jnFeG1tPXrvcfnH5k9uXF643RRbBzAtwzs9fq/Geb/1MfChb+Fuh/9rH7cPf+p+vetD/68/vUL4fSHw+MZvz9+7a/Gmo7X1sd94a76PN/1fzisY7Xe89X/vm5VG57+/Cun/umPX2/9uSDenxPvnqjdvxc3XV07b+jV+vmtr1fd/Ne7m5/XPx6drs3vhf26GN6ZefPV9dtrvf743iTPf7r+/I0/ycXLFy3vJ7J+pPl+nO/6fxx+jvn+Nc2vf/H4+N7TLe/mvL4YKpewEF4fioX6+XGruL+fP3N129uL78NTLLz3bJa5orkn5qaOHD526vGp+dm5+am5J57ce/T4qWPze2vvXbr3i90uv/T8Xld7fh+Y3bm9qD3bj9dHj13q9Z94cP+B26ZvOjB7cN+pg/MPnpg9eWj/3Nz+2QNzN+07eHD2sW6XP3xg98zWXdtu2zp56PCB3bfv2rVt1+ThY8fLZdQX1cXO6S9NHju5t3aRud3bd83s2LF9evLo8QOzu2+bnp481e3yte9Nk+WlH508OXtk3/zho7OTc4efnN09s2vnzq1d3/3x6ImDcxunTp46NnVqbvbkVP2+bJyvnVx+7+t2efIwdzy83rUYCj+df+7mnen9cUvf+vKKV1XfpPnH0+KN8F5Q8ftbt69j7h8LM8kk/wMAAEAOYu4Pb/y/dIb8DwAAAJURc/+aMBP5HwAAACoj5v6JMJNM8r/+v/6//r/+v/6//n8v6f/r/3ei/6//P8jr1//X/6e7fuv/x9y/tiiyzP8AAACQg5j714WZyP8AAABQGTH3XxZmIv8DAABAZcTcf3mYSR75f6z1n/r/+v/6/439/7it/n+h/6//f470//X/O9H/1/8f5PX3Yf9/be/7/0vHtP4/q7Gq/v/40um97v/H3P+OMJM88j8AAABkIeb+d4aZyP8AAABQGTH3XxFmIv8DAABAZcTcvz7MJJP87/P/9f/1/33+v/6//n8v6f/r/3ei/6//P8jr78P+v8//p+/02+f/x9z/K2EmmeR/AAAAyEHM/e8KM5H/AQAAoDJi7r8yzET+BwAAgMqIuf+qMJNM8r/+v/6//r/+v/6//n8v6f/r/3ei/6//P8jr1//X/6e7fuv/x9z/7jCTTPI/AAAA5CDm/qvDTOR/AAAAqIyY+98TZiL/AwAAQGXE3H9NmEkm+V//X/9f/1//X/9f/7+X9P/1/zvR/9f/H+T16//r/9Ndv/X/Y+5/b5hJJvkfAAAAchBz/7VhJvI/AAAAVEbM/e8LM5H/AQAAoDJi7t8QZpJJ/tf/1//X/9f/1//X/++lwer/D694jv5/nf5/M/1//X/9f/1/Ouu3/n/M/e8PM8kk/wMAAEAOYu7/QJiJ/A8AAACVEXP/dWEm8j8AAABURsz9G8NMMsn/+v/6//r/+v/6//r/vTRY/f+V6f/X6f830//X/9f/1/+ns37r/8fcvynMJJP8DwAAADmIuX9zmIn8DwAAAJURc//1YSbyPwAAAFRGzP03hJlkkv/1//X/9f/1//X/9f97Sf9f/78T/X/9/0Fev/7/6vr/492uiErrt/5/zP03hplkkv8BAAAgBzH33xRmIv8DAABAZcTc/8EwE/kfAAAAKiPm/i1hJpnkf/1//X/9f/1//X/9/17S/9f/70T/X/9/kNev/+/z/+mu3/r/Mfd/KMwkk/wPAAAAOYi5/8NhJvI/AAAAVEbM/TeHmcj/AAAAUBkx90+GmWSS//X/9f/1//X/9f/1/3upqv3/9Dqq/6//r/+v/6//r//Pivqt/x9z/y1hJpnkfwAAAMhBzP23hpnI/wAAAFAZMfdPhZnI/wAAAFAZMfdPh5lkkv/1//X/9f/1//X/9f97qar9f5//r/9f6P/r/+v/6//TVb/1/2PunwkzyST/AwAAQA5i7t8aZiL/AwAAQGXE3L8tzET+BwAAgMqIuX97mEkm+V///xz7/2uav9T/b79+/X/9f/1//X/9f/3/TvT/9f8Hef36//r/NBtuc1q/9f9j7t8RZpJJ/gcAAIAcxNy/M8xE/gcAAIDKiLn/tjAT+R8AAAAqI+b+28NMMsn/+v8+/1//X/9f/39Q+//jxSDQ/9f/70T/X/9/kNev/6//T3f91v+PuX9XmEkm+R8AAAByEHP/R8JM5H8AAACojJj77wgzkf8BAABgoLT7HMIo5v6Phplkkv/1/6ve/19co/+v/6//33n9g9v/Hwz6//r/nej/6/8P8vr1//X/6a7f+v8x9+8OM8kk/wMAAEAOYu6/M8xE/gcAAIDKiLn/rjAT+R8AAAAqI+b+PWEmmeR//f+q9/99/r/+/+D0/8fi46r/r/9/FvT/9f8L/f9zdq79+fBji/5/H/X/y2NI/59+1G/9/5j77w4zyST/AwAAQA5i7v9YmIn8DwAAAJURc//Hw0zkfwAAAKiMmPs/EWaSSf7X/9f/1//X/++X/n+k/6//fzb0//X/C/3/c3ap+/ODvv5+6v/7/H/6Vb/1/2PuvyfMJJP8DwAAADmIuf+TYSbyPwAAAFRGzP2/GmYi/wMAAEBlxNx/b5hJJvlf/1//X/9f/1//X/+/l/T/9f870f/X/x/k9ev/6//TXb/1/2Pu/7Uwk0zyPwAAAOQg5v77wkzkfwAAAKiMmPs/FWYi/wMAAEBlxNz/62EmmeR//f+L0/8fTtev/6//r/+v/6//fyHp/+v/F/r/5+xS9+cHff36//r/dNdv/f+Y+38jzCST/A8AAAA5iLn/N8NM5H8AAACojJj7fyvMRP4HAACAyoi5//4wk0zyv/6/z//X/9f/1//X/+8l/X/9/070//X/B3n9+v/6/3TXb/3/mPt/O8wkk/wPAAAAOYi5/4EwE/kfAAAAKiPm/k+Hmcj/AAAAUBkx938mzCST/K//r/+v/6//r/+v/99L+v/6/53o/+v/D/L69f/1/+mu3/r/Mfc/GGaSSf4HAACAHMTc/9kwE/kfAAAAKiPm/t8JM5H/AQAAoDJi7v/dMJNM8r/+v/6//r/+v/6//n8v6f8v7/+Xr2GXsv8/vpoN9f9XRf9f/1//X/+fzvqt/x9z/+fCTDLJ/wAAAJCDmPt/L8xE/gcAAIDKiLn/98NM5H8AAACojJj7HwozyST/6//r/+v/6//r/+v/95L+v8//70T/X/9/kNev/6//T3f91v+Puf/zYSaZ5H8AAADIQcz9fxBmIv8DAABAZcTcvzfMRP4HAACAyoi5/+Ewk0zyv/6//r/+v/6//r/+fy/p/+v/d6L/r/8/yOvX/9f/p7t+6//H3L8vzCST/A8AAAA5iLn/C2Em8j8AAABURsz9+8NM5H8AAACojJj7D4SZZJL/9f/1//X/9f/1//X/e0n/X/+/E/1//f9BXr/+v/4/3fVb/z/m/tkwk0zyPwAAAOQg5v6DYSbyPwAAAFRGzP2HwkzkfwAAAKiMmPsfCTPJJP/r/+v/6//r/+v/6//3kv6//n8n+v/6/4O8fv1//X+667f+f8z9h8NMMsn/AAAAkIOY+78YZiL/AwAAQGXE3P+lMBP5HwAAACoj5v4jYSaZ5H/9f/1//X/9f/1//f9e0v/X/+9E/1//f5DXr/+v/093/db/j7n/aJhJJvkfAAAAchBz/7EwE/kfAAAAKiPm/uNhJvI/AAAAVEbM/SfCTDLJ//r/+v/6//r/+v/6/72k/7+8/z8erlP/X/9f/3+w16//r/9Pd/3W/4+5/w/DTDLJ/wAAAJCDmPtPhpnI/wAAAFAZMffPhZnI/wAAAFAZMffPh5lkkv/1//X/9f/1//X/9f97Sf/f5/93ov+v/z/I69f/1/+nu37r/8fcfyrMJJP8DwAAADmIuf/RMBP5HwAAACoj5v7HwkzkfwAAAKiMmPsfDzPJJP/r//8/e3e961t5xHF406aWpum19Ap6Cb2GXkbdhbq7u7u7u1N3d1rqmtCEPTOQAmudA/zY75p5nn+mhZ3whk1IviGfLP2//n+Z/v+889P/6//1/5dF/3+79//X/SOv/z+n/9f/6//1/2xbrf/P3X+/uGXI/gcAAIAJcvffP26x/wEAAKCN3P0PiFvsfwAAAGgjd/8D45Yh+1//r//X/y/T//v+f/5e9f/6/8ug//f9/zP9/y120f380d+v/9f/s2+1/j93/4PiliH7HwAAACbI3f/guMX+BwAAgDZy9z8kbrH/AQAAoI3c/Q+NW4bsf/2//l//r//X/+v/T0n/r//fov/X/x/5/fp//T/7Vuv/c/c/LG4Zsv8BAABggtz9D49b7H8AAABoI3f/I+IW+x8AAADayN3/yLhlyP7X/+v/9f/6f/2//v+U9P/6/y36f/3/kd+v/9f/s2+1/j93/6PiliH7HwAAACbI3f/ouMX+BwAAgDZy9z8mbrH/AQAAoI3c/Y+NW4bsf/2//l//r//X/+v/T0n/r//fov/X/x/5/fp//T/7Tt7/3+fK6+6l9v+5+6+MW4bsfwAAAJggd//j4hb7HwAAANrI3f/4uMX+BwAAgDZy9z8hbhmy//X/+v/r+/9rr9D/6//1/9f/cf3/bUP/r//fov9ftf+/tL8T+n/9v/6fPSfv/3d6/////7n7nxi3DNn/AAAAMEHu/ifFLfY/AAAAtJG7/8lxi/0PAAAAbeTuf0rcMmT/H6X/v1v+D/2/7//r//X/+v9D0f/r/7fo/1ft/33//9b2//e+hPfr/5lgtf4/d/9T45Yh+x8AAAAmyN3/tLjF/gcAAIA2cvc/PW6x/wEAAKCN3P3PiFuG7P+j9P++/6//v6n36//1/2f6/+Xp//X/W/T/+v8jv9/3//X/7Fut/8/d/8y4Zcj+BwAAgAly9z8rbrH/AQAAoI3c/c+OW+x/AAAAaCN3/3PiliH7X/+v/9f/6/9vVf9/R/2//n+b/l//v0X/r/8/8vv1//p/9q3W/+fuf27cMmT/AwAAwAS5+58Xt9j/AAAA0Ebu/ufHLfY/AAAAtJG7/wVxy5D9r//X/+v/9f++/6//PyX9f7v+/wr9//X0//p//b/+n22r9f+5+18YtwzZ/wAAADBB7v4XxS32PwAAALSRu//FcYv9DwAAAG3k7n9J3DJk/+v/9f/6f/2//l//f0r6/3b9v+//34D+X/+v/9f/s221/j93/0vjliH7HwAAACbI3f+yuMX+BwAAgDZy9788brH/AQAAoI3c/a+IW4bsf/2//l//r//X/+v/T0n/r//fov+/6f7/rjfz19P/r/V+/b/+n32r9f+5+18ZtwzZ/wAAADBB7v5XxS32PwAAALSRu//VcYv9DwAAAG3k7n9N3DJk/99c/3/N3c//vP7/0uj/b/r9+n/9v/5f/6//1/9v0f/7/v+R36//1/+zb7X+P3f/a+OWIfsfAAAAJsjd/7q4xf4HAACANnL3vz5usf8BAACgjdz9b4hbhux/3//X/+v/9f/6f/3/Ken/9f9b9P/6/yO/X/+v/2ffav1/7v43xi1D9j8AAABMkLv/TXGL/Q8AAABt5O5/c9xi/wMAAEAbufvfErcM2f/6f/3/hff/d9D/J/1//F71//r/y6D/1/+f6f9vsYvu54/+fv2//p99q/X/ufvfGrcM2f8AAAAwQe7+t8Ut9j8AAAC0kbv/7XGL/Q8AAABt5O5/R9wyZP/r//X/F97/+/5/0f/H71X/r/+/DPp//f+Z/v8Wu+h+/ujv1//r/9m3Wv+fu/+dccuQ/Q8AAAAT5O5/V9xi/wMAAEAbufvfHbfY/wAAANBG7v73xC1D9r/+X/+v/9f/6//1/6ek/9f/b9H/6/+P/H79v/6ffav1/7n73xu3DNn/AAAAMEHu/vfFLfY/AAAAtJG7//1xi/0PAAAAbeTu/0DcMmT/6/+P3v/f9+p4gf5f/6//1/8vSf+v/9+i/9f/H/n9+n/9P/tW6/9z938wbhmy/wEAAGCC3P0filvsfwAAAGgjd/+H4xb7HwAAANrI3f+RuGXI/p/R/9/pRj/Wp//3/X/9v/5f/782/b/+f4v+X/9/5Pfr//X/7Fut/8/d/9G4Zcj+BwAAgAly938sbrH/AQAAoI3c/R+PW+x/AAAAaCN3/yfiliH7f0b/f2P6/3O3ef9/7T31//r/ov/X/5/p//X/O/T/+v8jv1//r/9n32r9f+7+T8YtQ/Y/AAAATJC7/1Nxi/0PAAAAbeTu/3TcYv8DAABAG7n7PxM33OseF/ek25X+X//v+//6f/2//v+U9P/6/y36f/3/kd+v/9f/s2+1/j93/2fjFv/9HwAAANrI3f+5uMX+BwAAgDZy938+brH/AQAAoI3c/V+IW4bsf/2//l//r//X/+v/T0n/r//fov/X/x/5/fp//T/7Vuv/c/d/MW4Zsv8BAABggtz9X4pb7H8AAABoI3f/l+MW+x8AAADayN3/lbhlyP7X/+v/9f/6f/2//v+U9P/6/y36f/3/kd+v/9f/s2+1/j93/1fjliH7HwAAACbI3f+1uMX+BwAAgDZy918Vt9j/AAAA0Ebu/q/HLUP2v/5f/6//1//r//X/p6T/1/9v0f/foP/Pf5no/w/zfv2//p99q/X/ufu/EbcM2f8AAAAwQe7+b8Yt9j8AAAC0kbv/W3GL/Q8AAABt5O7/dtwyZP937v+3fkz/f07/r/8/0//r/09M/6//36L/9/3/I79f/6//Z99q/X/u/u/ELUP2PwAAAEyQu/+7cYv9DwAAAG3k7v9e3GL/AwAAQBu5+78ftwzZ/537/y36/3P6f/3/mf5f/39i+n/9/xb9v/7/yO/X/+v/2bda/5+7/wdxy5D9DwAAABPk7v9h3GL/AwAAQBu5+38Ut9j/AAAA0Ebu/h/HLUP2v/5f/6//1//r//X/p6T/1/9v0f/r/4/8fv2//p99q/X/uft/ErcM2f8AAAAwQe7+n8Yt9j8AAAC0kbv/Z3GL/Q8AAABt5O7/edwyZP/r//X/+n/9v/5f/39K+n/9/xb9v/7/yO/X/+v/2bda/5+7/xdxy5D9DwAAABPk7v9l3GL/AwAAQBu5+38Vt9j/AAAA0Ebu/l/HLUP2v/5f/6//1//r//X/p6T/1/9v0f/r/4/8fv2//p99q/X/uft/E7cM2f8AAAAwQe7+38Yt9j8AAAC0kbv/d3GL/Q8AAABt5O7/fdwyZP/r//X/+n/9v/5f/39K+n/9/xb9v/7/yO/X/+v/2bda/5+7/+q4Zcj+BwAAgAly9/8hbrH/AQAAoI3c/X+MW+x/AAAAaCN3/zVxy5D937n/v+rON/9j+v9zbfv/u+j/9f/6/1Xo//X/W/T/+v8jv1//r/9n32r9f+7+P8UtQ/Y/AAAATJC7/89xi/0PAAAAbeTu/0vcYv8DAABAG7n7/xq3DNn/nfv/Lfr/c237f9//1//r/5eh/9f/b9H/6/+P/H79v/6ffav1/7n7/xa3DNn/AAAAMEHu/r/HLfY/AAAAtJG7/x9xi/0PAAAAbeTu/2fcMmT/6//1//p//b/+X/9/Svp//f8W/b/+/8jv1//r/9m3Wv+fu/9fccuQ/Q8AAAAT5O7/d9xi/wMAAEAbufv/E7fY/wAAANBG7v7/xi1D9r/+X/+v/9f/6//1/6ek/9f/b9H/6/+P/H79v/6ffav1/7n7/xcAAP//mdcmSQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0xb9cbbe05c791f09e)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
sendfile(r0, r1, 0x0, 0xff7e82)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
creat(&(0x7f0000000000)='./file0\x00', 0xd2)

1.035322976s ago: executing program 1 (id=639):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x1, 0x800001, 0x0, 0x0, 0x0)

1.031431846s ago: executing program 2 (id=640):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e00000000000000", @ANYRES32, @ANYBLOB="02"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

864.06252ms ago: executing program 1 (id=632):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000050000000400000001"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002500)={{r1}, &(0x7f0000002480), &(0x7f00000024c0)=r0}, 0x20)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r1, &(0x7f0000000180), &(0x7f0000000040)=@udp=r2}, 0x20)

863.76562ms ago: executing program 2 (id=633):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
connect$inet(r0, &(0x7f0000000240)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)

752.736139ms ago: executing program 1 (id=634):
ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0)
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f00000006c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x17, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0xc, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x1fff, 0x71, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0xff, 0x0, 0x2}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000040)={0x20, 0x18, 0x3f, {0x3f, 0x3, "17ba0f8d04d73c9877a73c2ecbb3ac4fcca68b0d4dd17ea18265cc3288651c16a4887bbf7d2b23ea3ff22c02443f73951b98091f3e9afa20b296d4fa97"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
open_tree(0xffffffffffffff9c, 0x0, 0x80800)
mmap$binder(&(0x7f00000a0000)=nil, 0x2000, 0x1, 0x11, 0xffffffffffffffff, 0x0)

362.64213ms ago: executing program 2 (id=635):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmmsg$unix(r1, &(0x7f0000001780)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000580)=""/223, 0xdf}], 0x1}}], 0x1, 0x42, 0x0)

313.172335ms ago: executing program 2 (id=636):
write(0xffffffffffffffff, &(0x7f00000002c0)="fc0000001a000708ab09250009a3", 0xe)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f0000000280)={@val={0x1c, 0x800}, @val={0x1, 0x0, 0x0, 0x0, 0x3d}, @mpls={[], @ipv4=@tcp={{0x6, 0x4, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x2, 0xb, 0x0, 0x0, 0x0, 0x1c, {[@window={0xe, 0x3}, @timestamp={0x5, 0x2}, @generic={0x0, 0x2, "d58838068b91"}]}}}}}}, 0x4e)

60.037485ms ago: executing program 2 (id=637):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

0s ago: executing program 5 (id=638):
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
io_uring_setup(0x4, &(0x7f0000000040)={0x0, 0x73e9, 0x1c410, 0x2, 0x20002f7})
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = io_uring_setup(0x868, &(0x7f00000000c0)={0x0, 0x1000, 0x2, 0x0, 0x8002})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r1, 0x14, &(0x7f0000001900)=[0xffffffff], 0x2)

kernel console output (not intermixed with test programs):

fo (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[   91.312563][ T5778] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[   91.739631][ T6033] warning: `syz.1.43' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   92.205527][    T8] cfg80211: failed to load regulatory.db
[   92.517014][ T5778] em28xx 4-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[   92.554223][ T5778] em28xx 4-1:0.132: board has no eeprom
[   92.628708][ T5778] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[   92.636625][ T5778] em28xx 4-1:0.132: analog set to bulk mode.
[   92.654400][ T5835] em28xx 4-1:0.132: Registering V4L2 extension
[   92.687828][ T5778] usb 4-1: USB disconnect, device number 2
[   92.716530][ T5778] em28xx 4-1:0.132: Disconnecting em28xx
[   92.931725][ T5835] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[   92.943230][ T5835] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[   92.953472][ T5835] em28xx 4-1:0.132: No AC97 audio processor
[   92.971199][ T5835] usb 4-1: Decoder not found
[   92.978332][ T5835] em28xx 4-1:0.132: failed to create media graph
[   92.988044][ T5835] em28xx 4-1:0.132: V4L2 device video103 deregistered
[   93.015645][ T5835] em28xx 4-1:0.132: Remote control support is not available for this card.
[   93.029838][ T5778] em28xx 4-1:0.132: Closing input extension
[   93.056229][ T5778] em28xx 4-1:0.132: Freeing device
[   93.371257][ T6066] loop1: detected capacity change from 0 to 64
[   94.055654][ T6082] Driver unsupported XDP return value 0 on prog  (id 12) dev N/A, expect packet loss!
[   94.065427][ T6084] Bluetooth: MGMT ver 1.22
[   94.074552][ T6084] loop1: detected capacity change from 0 to 16
[   94.102115][ T6084] erofs: (device loop1): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 127766)
[   94.377497][ T6086] netlink: 4 bytes leftover after parsing attributes in process `syz.0.66'.
[   94.397085][ T6086] bridge_slave_1: left allmulticast mode
[   94.418057][ T6086] bridge_slave_1: left promiscuous mode
[   94.450271][ T6086] bridge0: port 2(bridge_slave_1) entered disabled state
[   94.492832][ T6086] bridge_slave_0: left allmulticast mode
[   94.504283][ T6086] bridge_slave_0: left promiscuous mode
[   94.519377][ T6086] bridge0: port 1(bridge_slave_0) entered disabled state
[   94.968931][ T6100] capability: warning: `syz.3.72' uses deprecated v2 capabilities in a way that may be insecure
[   95.645078][ T6090] loop2: detected capacity change from 0 to 32768
[   95.659162][ T6090] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 scanned by syz.2.68 (6090)
[   95.723286][ T6090] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[   95.736004][ T6090] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[   95.752271][ T6090] BTRFS info (device loop2): use no compression
[   95.769736][ T6090] BTRFS info (device loop2): turning on flush-on-commit
[   95.776899][ T6090] BTRFS info (device loop2): using free space tree
[   95.847560][ T6121] nbd3: detected capacity change from 0 to 4294967296
[   95.891077][ T6090] BTRFS info (device loop2): enabling ssd optimizations
[   95.903671][ T6138] block nbd3: shutting down sockets
[   95.909747][ T6090] BTRFS info (device loop2): auto enabling async discard
[   95.926813][    C0] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   95.936293][    C0] Buffer I/O error on dev nbd3, logical block 0, async page read
[   95.953784][   T10] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[   95.964107][   T10] Buffer I/O error on dev nbd3, logical block 0, async page read
[   95.974519][ T5799] ldm_validate_partition_table(): Disk read failed.
[   95.992814][ T5799] Dev nbd3: unable to read RDB block 0
[   95.999174][ T5799]  nbd3: unable to read partition table
[   96.006439][ T5799] nbd3: partition table beyond EOD, truncated
[   96.637389][ T5792] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[   96.750554][ T6149] iommufd_mock iommufd_mock1: Adding to iommu group 0
[   97.288818][ T5835] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   97.335504][ T6159] syz.2.89 uses obsolete (PF_INET,SOCK_PACKET)
[   97.498573][ T5835] usb 4-1: Using ep0 maxpacket: 8
[   97.506957][ T5835] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 13
[   97.529038][ T5835] usb 4-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58
[   97.545048][ T5835] usb 4-1: New USB device strings: Mfr=241, Product=1, SerialNumber=3
[   97.561010][ T5835] usb 4-1: Product: syz
[   97.565432][ T5835] usb 4-1: Manufacturer: syz
[   97.570733][ T5835] usb 4-1: SerialNumber: syz
[   97.578127][ T5835] usb 4-1: config 0 descriptor??
[   97.594614][ T5835] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae
[   97.618632][    T8] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   97.808651][    T8] usb 1-1: Using ep0 maxpacket: 16
[   97.823060][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   97.835278][    T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   97.845900][    T8] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[   97.855579][    T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.867563][    T8] usb 1-1: config 0 descriptor??
[   97.951393][ T5778] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   98.138828][ T5778] usb 2-1: Using ep0 maxpacket: 32
[   98.150669][ T5778] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[   98.160104][ T5778] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.168157][ T5778] usb 2-1: Product: syz
[   98.172630][ T5778] usb 2-1: Manufacturer: syz
[   98.177600][ T5778] usb 2-1: SerialNumber: syz
[   98.185570][ T5778] usb 2-1: config 0 descriptor??
[   98.300681][    T8] input: HID 05ac:8241 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:05AC:8241.0001/input/input5
[   98.433607][    T8] appleir 0003:05AC:8241.0001: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.0-1/input0
[   98.624120][ T5778] airspy 2-1:0.0: Board ID: 00
[   98.634119][ T5778] airspy 2-1:0.0: Firmware version: 
[   98.648591][ T5835] gspca_zc3xx: reg_w_i err -71
[   99.097967][ T5874] usb 1-1: USB disconnect, device number 2
[   99.278670][ T5835] gspca_zc3xx: Unknown sensor - set to TAS5130C
[   99.285128][ T5835] gspca_zc3xx: probe of 4-1:0.0 failed with error -71
[   99.298998][ T5835] usb 4-1: USB disconnect, device number 3
[   99.442065][ T5778] airspy 2-1:0.0: usb_control_msg() failed -71 request 0f
[   99.487702][ T5778] airspy 2-1:0.0: Registered as swradio24
[   99.502369][ T5778] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[   99.520908][ T5778] usb 2-1: USB disconnect, device number 2
[   99.922987][ T6179] loop6: detected capacity change from 0 to 524287999
[  100.905058][ T6187] loop2: detected capacity change from 0 to 40427
[  100.991610][ T6187] F2FS-fs (loop2): invalid crc value
[  101.021103][ T6187] F2FS-fs (loop2): Found nat_bits in checkpoint
[  101.178938][ T6187] F2FS-fs (loop2): Start checkpoint disabled!
[  101.251765][ T6187] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  101.548247][ T3556] kworker/u4:11: attempt to access beyond end of device
[  101.548247][ T3556] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  101.570808][ T3556] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  101.616907][ T6226] netlink: 16 bytes leftover after parsing attributes in process `syz.0.118'.
[  101.628815][   T28] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  101.829779][   T28] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  101.867935][   T28] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  101.896735][   T28] usb 2-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.00
[  101.919754][   T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.950552][   T28] usb 2-1: config 0 descriptor??
[  101.959841][ T6224] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  102.046543][ T6220] loop3: detected capacity change from 0 to 32768
[  102.131351][   T27] audit: type=1800 audit(1755236323.673:5): pid=6220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.114" name="file1" dev="loop3" ino=7 res=0 errno=0
[  102.260605][ T6233] loop2: detected capacity change from 0 to 1024
[  102.594522][   T28] wacom 0003:056A:0319.0002: unbalanced collection at end of report description
[  102.615400][   T28] wacom 0003:056A:0319.0002: parse failed
[  102.624727][ T3495] hfsplus: b-tree write err: -5, ino 4
[  102.637909][   T28] wacom: probe of 0003:056A:0319.0002 failed with error -22
[  102.834999][   T28] usb 2-1: USB disconnect, device number 3
[  103.366044][ T6252] loop2: detected capacity change from 0 to 512
[  103.382352][ T6252] EXT4-fs: Ignoring removed oldalloc option
[  103.435462][ T6252] EXT4-fs (loop2): 1 truncate cleaned up
[  103.449978][ T6252] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.625994][ T6252] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.128: invalid indirect mapped block 234881024 (level 0)
[  103.659512][ T6252] EXT4-fs (loop2): Remounting filesystem read-only
[  103.759613][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.200567][ T2951] nci: nci_rx_work: unknown MT 0x4
[  104.610255][ T6288] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  104.824357][ T6294] loop1: detected capacity change from 0 to 4096
[  104.849134][ T6294] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  104.996173][ T6294] ntfs3: loop1: Failed to initialize $Extend/$Reparse.
[  105.241108][ T5786] ntfs3: loop1: ino=1a, ntfs_sync_fs failed, -22.
[  106.168575][ T5874] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  106.214848][ T6318] loop0: detected capacity change from 0 to 40427
[  106.227612][ T6318] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x7ffff
[  106.236810][ T6318] F2FS-fs (loop0): Image doesn't support compression
[  106.246213][ T6318] F2FS-fs (loop0): Image doesn't support compression
[  106.269355][    T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  106.282861][ T6318] F2FS-fs (loop0): invalid crc value
[  106.325115][ T6318] F2FS-fs (loop0): Found nat_bits in checkpoint
[  106.364630][ T5874] usb 2-1: Using ep0 maxpacket: 16
[  106.385874][ T5874] usb 2-1: config 1 has an invalid interface number: 105 but max is 0
[  106.406475][ T5874] usb 2-1: config 1 has no interface number 0
[  106.413417][ T5874] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  106.427702][ T5874] usb 2-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  106.439654][ T5874] usb 2-1: config 1 interface 105 has no altsetting 0
[  106.445779][ T6318] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  106.451855][ T5874] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  106.463759][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.476602][ T5874] usb 2-1: Product: syz
[  106.481458][ T5874] usb 2-1: Manufacturer: syz
[  106.483548][    T9] usb 4-1: Using ep0 maxpacket: 8
[  106.486329][ T5874] usb 2-1: SerialNumber: syz
[  106.511048][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  106.543730][ T6320] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  106.550990][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.551890][ T6320] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  106.593104][    T9] usb 4-1: too many endpoints for config 1 interface 0 altsetting 255: 255, using maximum allowed: 30
[  106.626474][    T9] usb 4-1: config 1 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  106.649184][ T6318] F2FS-fs (loop0): inject page alloc in f2fs_grab_cache_page of f2fs_get_new_data_page+0xbe/0x600
[  106.662724][    T9] usb 4-1: config 1 interface 0 has no altsetting 1
[  106.681955][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  106.696837][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.715797][    T9] usb 4-1: Product: syz
[  106.721244][ T5787] syz-executor: attempt to access beyond end of device
[  106.721244][ T5787] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  106.736929][    T9] usb 4-1: Manufacturer: syz
[  106.742003][ T5787] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  106.754982][    T9] usb 4-1: SerialNumber: syz
[  106.762145][ T5787] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  106.775301][    T9] usb 4-1: selecting invalid altsetting 1
[  106.994497][    T9] cdc_ncm 4-1:1.0: bind() failure
[  107.050518][ T6320] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  107.060917][    T9] usb 4-1: USB disconnect, device number 4
[  107.078541][ T6320] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  107.520719][ T5874] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  107.787505][ T5874] aqc111 2-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  107.861164][ T5874] aqc111 2-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 8a:35:53:15:2b:a4
[  107.892024][ T5874] usb 2-1: USB disconnect, device number 4
[  107.939933][ T5874] aqc111 2-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.1-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  108.049285][ T5874] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  108.060547][ T5874] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  108.088619][ T5874] aqc111 2-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  108.462741][ T6341] loop2: detected capacity change from 0 to 32768
[  108.505771][ T6341] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.163 (6341)
[  108.541685][ T6341] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  108.552593][ T6341] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  108.561786][ T6341] BTRFS info (device loop2): setting nodatacow, compression disabled
[  108.572226][ T6341] BTRFS info (device loop2): setting datacow
[  108.578745][ T6341] BTRFS info (device loop2): doing ref verification
[  108.587129][ T6341] BTRFS info (device loop2): setting nodatacow, compression disabled
[  108.596378][ T6341] BTRFS info (device loop2): turning off barriers
[  108.603279][ T6341] BTRFS info (device loop2): enabling ssd optimizations
[  108.623017][ T6341] BTRFS info (device loop2): using spread ssd allocation scheme
[  108.644672][ T6341] BTRFS info (device loop2): not using ssd optimizations
[  108.657753][ T6341] BTRFS info (device loop2): not using spread ssd allocation scheme
[  108.684551][ T6341] BTRFS info (device loop2): using free space tree
[  108.716098][ T6358] loop1: detected capacity change from 0 to 256
[  108.855513][   T27] audit: type=1326 audit(1755236330.393:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f880bf8ebe9 code=0x7ffc0000
[  108.940522][   T27] audit: type=1326 audit(1755236330.393:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f880bf8ebe9 code=0x7ffc0000
[  109.013173][   T27] audit: type=1326 audit(1755236330.443:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f880bf8ebe9 code=0x7ffc0000
[  109.072642][   T27] audit: type=1326 audit(1755236330.443:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f880bf8ebe9 code=0x7ffc0000
[  109.121515][ T6378] input: syz1 as /devices/virtual/input/input6
[  109.149078][   T27] audit: type=1326 audit(1755236330.443:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f880bf8ebe9 code=0x7ffc0000
[  109.223017][   T27] audit: type=1326 audit(1755236330.443:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f880bf8ebe9 code=0x7ffc0000
[  109.314109][   T27] audit: type=1326 audit(1755236330.443:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f880bf8ebe9 code=0x7ffc0000
[  109.445601][   T27] audit: type=1326 audit(1755236330.443:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f880bf8ebe9 code=0x7ffc0000
[  109.488016][ T5792] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  109.499287][ T6382] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  109.514013][   T27] audit: type=1326 audit(1755236330.443:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f880bf8ebe9 code=0x7ffc0000
[  109.577639][   T27] audit: type=1326 audit(1755236330.443:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6373 comm="syz.3.171" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f880bf8ebe9 code=0x7ffc0000
[  109.655380][ T6380] loop1: detected capacity change from 0 to 4096
[  110.132295][ T6396] loop6: detected capacity change from 0 to 7
[  110.174219][ T6396] Dev loop6: unable to read RDB block 7
[  110.206979][ T6396]  loop6: unable to read partition table
[  110.258818][ T6396] loop6: partition table beyond EOD, truncated
[  110.279186][ T6396] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  110.834146][ T6420] loop0: detected capacity change from 0 to 1024
[  110.847178][ T6420] EXT4-fs: Ignoring removed nobh option
[  110.857557][ T6420] EXT4-fs: Ignoring removed bh option
[  110.883447][ T6420] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  110.935986][ T6420] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  111.061188][ T6418] loop3: detected capacity change from 0 to 32768
[  111.070759][ T6418] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.188 (6418)
[  111.094591][ T6418] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  111.105434][ T6418] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  111.114382][ T6418] BTRFS info (device loop3): using free space tree
[  111.152038][ T6418] BTRFS info (device loop3): enabling ssd optimizations
[  111.159265][ T6418] BTRFS info (device loop3): auto enabling async discard
[  111.239890][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  111.280289][ T5787] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.351352][ T5794] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  111.470956][    T9] usb 3-1: Using ep0 maxpacket: 16
[  111.492862][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  111.549105][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  111.566227][    T9] usb 3-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00
[  111.598552][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.619772][    T9] usb 3-1: config 0 descriptor??
[  112.102834][ T6414] loop2: detected capacity change from 0 to 1024
[  112.164859][ T6414] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  112.179079][ T6414] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  112.243470][    T9] ntrig 0003:1B96:0008.0003: unbalanced delimiter at end of report description
[  112.269526][    T9] ntrig 0003:1B96:0008.0003: parse failed
[  112.279680][    T9] ntrig: probe of 0003:1B96:0008.0003 failed with error -22
[  112.505554][    T9] usb 3-1: USB disconnect, device number 2
[  113.075397][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.716784][ T6477] "syz.0.203" (6477) uses obsolete ecb(arc4) skcipher
[  113.732888][ T6477] trusted_key: syz.0.203 sent an empty control message without MSG_MORE.
[  114.177661][ T6482] loop1: detected capacity change from 0 to 512
[  114.228887][ T6482] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.259907][ T6482] ext4 filesystem being mounted at /44/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  114.473615][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.708719][    T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  114.813012][ T6492] binder: 6491:6492 unknown command 0
[  114.828733][ T6492] binder: 6491:6492 ioctl c0306201 200000000080 returned -22
[  114.908886][    T9] usb 3-1: Using ep0 maxpacket: 16
[  114.930022][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  114.952233][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  114.987585][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  115.009162][    T9] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  115.028538][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.050867][    T9] usb 3-1: config 0 descriptor??
[  115.215551][ T6488] loop3: detected capacity change from 0 to 32768
[  115.264410][ T6488] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  115.341375][ T6490] loop1: detected capacity change from 0 to 32768
[  115.364339][ T6488] XFS (loop3): Ending clean mount
[  115.408321][ T6490] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  115.440787][ T6488] XFS (loop3): Quotacheck needed: Please wait.
[  115.473851][    T9] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  115.494606][    T9] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  115.526787][    T9] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  115.567372][    T9] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  115.594154][ T6488] XFS (loop3): Quotacheck: Done.
[  115.618731][    T9] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  115.647493][    T9] input: HID 0955:7214 Haptics as /devices/virtual/input/input7
[  115.675503][ T6486] netlink: 'syz.2.206': attribute type 2 has an invalid length.
[  115.706577][ T6490] XFS (loop1): Ending clean mount
[  115.725328][ T6486] netlink: 244 bytes leftover after parsing attributes in process `syz.2.206'.
[  115.756349][ T6490] XFS (loop1): Quotacheck needed: Please wait.
[  115.796424][    T9] shield 0003:0955:7214.0004: Registered Thunderstrike controller
[  115.812199][    T9] shield 0003:0955:7214.0004: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[  115.914170][ T5778] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  115.919043][ T6490] XFS (loop1): Quotacheck: Done.
[  115.936640][    T9] usb 3-1: USB disconnect, device number 3
[  115.958184][ T5778] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  116.012940][ T5778] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  116.042652][ T5778] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  116.208851][ T5794] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  116.539160][ T5786] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  116.959137][ T6532] process 'syz.3.221' launched './file0' with NULL argv: empty string added
[  117.017033][ T6536] loop2: detected capacity change from 0 to 512
[  117.034436][ T6536] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  117.116309][ T6536] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.223: iget: bad i_size value: 360287970189639680
[  117.138258][ T6536] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.223: couldn't read orphan inode 15 (err -117)
[  117.155572][ T6536] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  117.239396][ T6536] EXT4-fs error (device loop2): ext4_empty_dir:3145: inode #12: block 13: comm syz.2.223: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=1
[  117.294790][ T6536] EXT4-fs warning (device loop2): ext4_empty_dir:3147: inode #12: comm syz.2.223: directory missing '.'
[  117.435804][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  118.549646][  T785] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  118.700261][ T1316] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.791373][  T785] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  118.827739][  T785] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  118.859738][  T785] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  118.876078][  T785] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.883407][ T1316] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  118.914455][  T785] usb 3-1: config 0 descriptor??
[  119.022398][ T1316] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.108084][ T6578] loop3: detected capacity change from 0 to 40427
[  119.172935][ T6578] F2FS-fs (loop3): invalid crc value
[  119.191416][ T1316] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  119.211306][ T6578] F2FS-fs (loop3): Found nat_bits in checkpoint
[  119.367569][  T785] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0
[  119.376914][ T6578] F2FS-fs (loop3): Start checkpoint disabled!
[  119.393576][  T785] cm6533_jd 0003:0D8C:0022.0005: unknown main item tag 0x0
[  119.433113][  T785] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0005/input/input8
[  119.445057][ T6578] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  119.514242][  T785] cm6533_jd 0003:0D8C:0022.0005: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0
[  119.593186][  T785] usb 3-1: USB disconnect, device number 4
[  119.941993][ T6593] fido_id[6593]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  119.978101][ T5794] syz-executor: attempt to access beyond end of device
[  119.978101][ T5794] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  120.021666][ T5794] syz-executor: attempt to access beyond end of device
[  120.021666][ T5794] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  120.332619][   T50] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  120.344617][   T50] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  120.354150][   T50] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  120.362721][   T50] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  120.373024][   T50] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  120.381586][   T50] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  120.444262][ T6609] input: syz1 as /devices/virtual/input/input9
[  120.477185][   T12] kworker/u4:1: attempt to access beyond end of device
[  120.477185][   T12] loop3: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  120.492642][   T12] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  120.500308][   T12] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  121.732086][ T6604] chnl_net:caif_netlink_parms(): no params data found
[  122.279645][ T1316] hsr_slave_0: left promiscuous mode
[  122.318916][ T1316] hsr_slave_1: left promiscuous mode
[  122.319449][ T6644] Process accounting resumed
[  122.333606][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  122.353096][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_0
[  122.372758][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  122.388599][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_1
[  122.432020][ T5104] Bluetooth: hci0: command tx timeout
[  122.551417][ T1316] veth1_macvtap: left promiscuous mode
[  122.557720][ T1316] veth0_macvtap: left promiscuous mode
[  122.593183][ T1316] veth1_vlan: left promiscuous mode
[  122.605680][   T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  122.616963][   T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  122.619044][ T1316] veth0_vlan: left promiscuous mode
[  122.649076][   T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  122.662450][   T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  122.672521][   T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  122.692550][   T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  122.718792][ T6654] loop2: detected capacity change from 0 to 4096
[  123.382581][ T6651] loop1: detected capacity change from 0 to 32768
[  123.476597][ T6651] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  123.547296][ T6651] XFS (loop1): Ending clean mount
[  123.585490][ T6651] XFS (loop1): Quotacheck needed: Please wait.
[  123.711944][ T6651] XFS (loop1): Quotacheck: Done.
[  123.952716][ T5786] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  124.249287][ T1316] team0 (unregistering): Port device team_slave_1 removed
[  124.365402][ T1316] team0 (unregistering): Port device team_slave_0 removed
[  124.423322][ T1316] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  124.508593][   T50] Bluetooth: hci0: command tx timeout
[  124.528785][ T1316] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  124.762972][   T50] Bluetooth: hci2: command tx timeout
[  125.090348][ T1316] bond0 (unregistering): Released all slaves
[  125.131658][ T6604] bridge0: port 1(bridge_slave_0) entered blocking state
[  125.142678][ T6604] bridge0: port 1(bridge_slave_0) entered disabled state
[  125.150169][ T6604] bridge_slave_0: entered allmulticast mode
[  125.157279][ T6604] bridge_slave_0: entered promiscuous mode
[  125.166545][ T6604] bridge0: port 2(bridge_slave_1) entered blocking state
[  125.177289][ T6604] bridge0: port 2(bridge_slave_1) entered disabled state
[  125.184795][ T6604] bridge_slave_1: entered allmulticast mode
[  125.200281][ T6604] bridge_slave_1: entered promiscuous mode
[  125.230135][ T6674] netlink: 'syz.2.259': attribute type 33 has an invalid length.
[  125.244333][ T6674] netlink: 152 bytes leftover after parsing attributes in process `syz.2.259'.
[  125.255022][ T6675] netlink: 'syz.2.259': attribute type 10 has an invalid length.
[  125.294620][ T6675] 8021q: adding VLAN 0 to HW filter on device bond0
[  125.305235][ T6675] team0: Port device bond0 added
[  125.379846][ T6675] syz.2.259 (6675) used greatest stack depth: 20656 bytes left
[  125.489916][ T6682] netlink: 'syz.2.263': attribute type 39 has an invalid length.
[  125.587606][ T6604] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  125.630936][ T6604] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  125.820720][ T6604] team0: Port device team_slave_0 added
[  125.874822][ T6604] team0: Port device team_slave_1 added
[  125.932935][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  125.978381][ T6692] loop2: detected capacity change from 0 to 128
[  126.015731][ T6692] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  126.039857][ T6604] batman_adv: batadv0: Adding interface: batadv_slave_0
[  126.046953][ T6604] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.091331][ T6692] ext4 filesystem being mounted at /68/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  126.120253][ T6604] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  126.151618][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  126.187521][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  126.220159][ T6604] batman_adv: batadv0: Adding interface: batadv_slave_1
[  126.227171][ T6604] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  126.257210][ T6692] syz.2.266 (pid 6692) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  126.261371][    T9] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  126.282099][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.301232][    T9] usb 2-1: config 0 descriptor??
[  126.313584][ T6604] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  126.399237][ T5792] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  126.590324][   T50] Bluetooth: hci0: command tx timeout
[  126.673505][ T6604] hsr_slave_0: entered promiscuous mode
[  126.685555][ T6604] hsr_slave_1: entered promiscuous mode
[  126.726434][    T9] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0
[  126.747121][    T9] cm6533_jd 0003:0D8C:0022.0006: unknown main item tag 0x0
[  126.789808][    T9] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0D8C:0022.0006/input/input10
[  126.822610][ T1316] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.838677][   T50] Bluetooth: hci2: command tx timeout
[  126.857746][    T9] cm6533_jd 0003:0D8C:0022.0006: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.1-1/input0
[  126.888655][ T5778] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  126.992232][ T1316] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.021399][  T785] usb 2-1: USB disconnect, device number 5
[  127.088489][ T5778] usb 3-1: Using ep0 maxpacket: 16
[  127.097421][ T5778] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.124164][ T5778] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  127.137601][ T5778] usb 3-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  127.149962][ T5778] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.160833][ T5778] usb 3-1: config 0 descriptor??
[  127.172981][ T1316] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.195888][ T6652] chnl_net:caif_netlink_parms(): no params data found
[  127.277701][ T1316] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.580032][ T6652] bridge0: port 1(bridge_slave_0) entered blocking state
[  127.587929][ T6652] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.603363][ T6652] bridge_slave_0: entered allmulticast mode
[  127.625566][ T5778] input: HID 05ac:8241 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:05AC:8241.0007/input/input11
[  127.641383][ T6652] bridge_slave_0: entered promiscuous mode
[  127.770990][ T6652] bridge0: port 2(bridge_slave_1) entered blocking state
[  127.778195][ T6652] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.790082][ T5778] appleir 0003:05AC:8241.0007: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.2-1/input0
[  127.825807][ T6652] bridge_slave_1: entered allmulticast mode
[  127.850144][ T6652] bridge_slave_1: entered promiscuous mode
[  128.032471][ T6652] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  128.080679][ T6652] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  128.247386][ T6652] team0: Port device team_slave_0 added
[  128.260377][ T6652] team0: Port device team_slave_1 added
[  128.295532][ T6604] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  128.339819][ T6652] batman_adv: batadv0: Adding interface: batadv_slave_0
[  128.347085][ T6652] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.373459][ T6652] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  128.385285][ T6604] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  128.412317][  T785] usb 3-1: USB disconnect, device number 5
[  128.433907][ T6652] batman_adv: batadv0: Adding interface: batadv_slave_1
[  128.447258][ T6652] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  128.475050][ T6652] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  128.507236][ T6604] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  128.527029][ T6604] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  128.628112][ T6652] hsr_slave_0: entered promiscuous mode
[  128.635034][ T6652] hsr_slave_1: entered promiscuous mode
[  128.643559][ T6652] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  128.652795][ T6652] Cannot create hsr debugfs directory
[  128.668655][   T50] Bluetooth: hci0: command tx timeout
[  128.909061][   T50] Bluetooth: hci2: command tx timeout
[  129.139788][ T6747] loop1: detected capacity change from 0 to 2048
[  129.252430][ T6747] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.278649][ T6747] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  129.357512][ T6747] fs-verity: sha512 using implementation "sha512-avx2"
[  129.385388][ T6747] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.274: bg 0: block 345: padding at end of block bitmap is not set
[  129.404692][ T6604] 8021q: adding VLAN 0 to HW filter on device bond0
[  129.415249][ T6747] fs-verity (loop1, inode 13): Error -117 writing Merkle tree block 0
[  129.436570][ T6747] fs-verity (loop1, inode 13): Error -117 building Merkle tree
[  129.463214][ T6604] 8021q: adding VLAN 0 to HW filter on device team0
[  129.509885][    T8] Process accounting resumed
[  129.611142][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  129.624147][ T3513] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.631391][ T3513] bridge0: port 1(bridge_slave_0) entered forwarding state
[  129.711709][ T3556] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.719028][ T3556] bridge0: port 2(bridge_slave_1) entered forwarding state
[  129.828077][ T1316] hsr_slave_0: left promiscuous mode
[  129.842606][ T1316] hsr_slave_1: left promiscuous mode
[  129.850658][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.867548][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_0
[  129.876405][ T1316] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  129.884402][ T1316] batman_adv: batadv0: Removing interface: batadv_slave_1
[  129.894629][ T1316] bridge_slave_1: left allmulticast mode
[  129.903837][ T1316] bridge_slave_1: left promiscuous mode
[  129.913665][ T1316] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.928254][ T1316] bridge_slave_0: left allmulticast mode
[  129.934521][ T1316] bridge_slave_0: left promiscuous mode
[  129.940694][ T1316] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.030727][ T1316] veth1_macvtap: left promiscuous mode
[  130.040959][ T1316] veth0_macvtap: left promiscuous mode
[  130.060527][ T1316] veth1_vlan: left promiscuous mode
[  130.074469][ T1316] veth0_vlan: left promiscuous mode
[  130.999780][   T50] Bluetooth: hci2: command tx timeout
[  131.079145][ T1316] team0 (unregistering): Port device team_slave_1 removed
[  131.130002][ T1316] team0 (unregistering): Port device team_slave_0 removed
[  131.178374][ T1316] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  131.233083][ T1316] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.761182][ T1316] bond0 (unregistering): Released all slaves
[  131.913662][ T6652] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  131.936157][ T6652] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  131.996471][ T6652] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  132.027573][ T6652] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  132.521151][ T6652] 8021q: adding VLAN 0 to HW filter on device bond0
[  132.653151][ T6652] 8021q: adding VLAN 0 to HW filter on device team0
[  132.718776][ T3495] bridge0: port 1(bridge_slave_0) entered blocking state
[  132.726002][ T3495] bridge0: port 1(bridge_slave_0) entered forwarding state
[  132.813088][ T3513] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.820374][ T3513] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.909370][ T6604] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.157078][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  133.169314][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  133.436758][ T6652] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.456468][ T6604] veth0_vlan: entered promiscuous mode
[  133.489595][ T6604] veth1_vlan: entered promiscuous mode
[  133.539047][ T6604] veth0_macvtap: entered promiscuous mode
[  133.557865][ T6604] veth1_macvtap: entered promiscuous mode
[  133.598772][ T6604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  133.609875][ T6604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.620727][ T6604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  133.641181][ T6604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.656292][ T6604] batman_adv: batadv0: Interface activated: batadv_slave_0
[  133.681130][ T6604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  133.692049][ T6604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.703479][ T6604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  133.715924][ T6604] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.731713][ T6604] batman_adv: batadv0: Interface activated: batadv_slave_1
[  133.754662][ T6604] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  133.765213][ T6604] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  133.775568][ T6604] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  133.785616][ T6604] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  133.913808][ T1316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.939099][ T1316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.998909][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  134.006852][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  134.187046][ T6652] veth0_vlan: entered promiscuous mode
[  134.254722][ T6652] veth1_vlan: entered promiscuous mode
[  134.376772][ T6652] veth0_macvtap: entered promiscuous mode
[  134.414671][ T6652] veth1_macvtap: entered promiscuous mode
[  134.496256][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  134.530400][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.557611][ T6839] loop1: detected capacity change from 0 to 1024
[  134.572631][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  134.586223][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.606473][ T6839] EXT4-fs: Ignoring removed nobh option
[  134.619273][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  134.645019][ T6839] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  134.662978][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.684684][ T6652] batman_adv: batadv0: Interface activated: batadv_slave_0
[  134.691234][ T5874] Process accounting resumed
[  134.710490][ T6839] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.743473][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  134.784533][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.834287][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  134.879017][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.898410][ T6652] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  134.943774][ T6652] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  134.975534][ T6652] batman_adv: batadv0: Interface activated: batadv_slave_1
[  134.997264][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.016886][ T6652] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  135.033941][ T6652] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  135.049405][ T6652] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  135.058172][ T6652] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  135.347816][ T2951] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  135.375718][ T2951] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  135.444038][ T2951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  135.465165][ T2951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  135.732012][ T6861] loop5: detected capacity change from 0 to 256
[  135.777200][ T6832] loop2: detected capacity change from 0 to 40427
[  135.847157][ T6866] loop1: detected capacity change from 0 to 16
[  135.859443][ T6861] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  135.868756][ T6832] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  135.893443][ T6832] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  135.906264][ T6866] erofs: (device loop1): mounted with root inode @ nid 36.
[  135.981864][ T6832] F2FS-fs (loop2): invalid crc value
[  136.017113][ T6832] F2FS-fs (loop2): Found nat_bits in checkpoint
[  136.121827][ T5778] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  136.273604][ T6832] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  136.315141][ T6832] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  136.343108][ T5778] usb 5-1: Using ep0 maxpacket: 16
[  136.366679][ T5778] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.419854][ T5778] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.461288][ T2951] nci: nci_add_new_protocol: the target found does not have the desired protocol
[  136.485740][ T5778] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  136.520204][ T6832] syz.2.287: attempt to access beyond end of device
[  136.520204][ T6832] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  136.543891][ T6832] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  136.569308][ T5778] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  136.592843][ T5778] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.627775][ T5778] usb 5-1: config 0 descriptor??
[  137.173766][ T5778] shield 0003:0955:7214.0008: unknown main item tag 0x0
[  137.182051][ T5778] shield 0003:0955:7214.0008: unknown main item tag 0x0
[  137.189117][ T5778] shield 0003:0955:7214.0008: unknown main item tag 0x0
[  137.196116][ T5778] shield 0003:0955:7214.0008: unknown main item tag 0x0
[  137.203182][ T5778] shield 0003:0955:7214.0008: unknown main item tag 0x0
[  137.215222][ T5778] input: HID 0955:7214 Haptics as /devices/virtual/input/input12
[  137.298766][ T5778] shield 0003:0955:7214.0008: Registered Thunderstrike controller
[  137.348735][ T5778] shield 0003:0955:7214.0008: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0
[  137.369955][ T6865] netlink: 'syz.4.288': attribute type 2 has an invalid length.
[  137.377750][ T6865] netlink: 244 bytes leftover after parsing attributes in process `syz.4.288'.
[  137.454733][ T5835] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  137.467916][ T5778] usb 5-1: USB disconnect, device number 2
[  137.504220][ T5835] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  137.570047][ T5835] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  137.654866][ T5835] shield 0003:0955:7214.0008: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  138.099133][ T6909] loop1: detected capacity change from 0 to 1024
[  138.339435][   T11] hfsplus: b-tree write err: -5, ino 4
[  138.964937][ T6905] loop5: detected capacity change from 0 to 32768
[  139.175958][ T6905] JBD2: Ignoring recovery information on journal
[  139.186204][ T6905] jbd2_journal_bmap: journal block not found at offset 32 on loop5-75
[  139.195593][ T6905] JBD2: bad block at offset 32
[  139.270884][ T6905] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  139.556671][ T5159] udevd[5159]: worker [5798] terminated by signal 33 (Unknown signal 33)
[  139.586057][ T5159] udevd[5159]: worker [5798] failed while handling '/devices/virtual/block/loop5'
[  139.599078][    T8] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  139.717042][ T6652] ocfs2: Unmounting device (7,5) on (node local)
[  139.819861][    T8] usb 5-1: Using ep0 maxpacket: 16
[  139.829239][ T6955] loop1: detected capacity change from 0 to 1024
[  139.831150][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  139.858722][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  139.884347][    T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  139.928571][    T8] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  139.937679][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.973161][    T8] usb 5-1: config 0 descriptor??
[  140.037535][   T11] hfsplus: b-tree write err: -5, ino 4
[  140.392734][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.417309][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.433049][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.450381][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.467050][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.494454][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.518533][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.546403][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.564430][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.578569][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.596280][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.648902][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.673781][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.688530][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.714981][    T8] microsoft 0003:045E:07DA.0009: unknown main item tag 0x0
[  140.777356][    T8] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0009/input/input13
[  140.816256][    T8] microsoft 0003:045E:07DA.0009: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  140.873422][    T8] usb 5-1: USB disconnect, device number 3
[  140.970150][ T6980] fido_id[6980]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  141.303703][ T6984] loop4: detected capacity change from 0 to 1024
[  141.349876][ T6984] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  141.398622][ T6984] ext4 filesystem being mounted at /10/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  141.436297][   T27] kauditd_printk_skb: 7 callbacks suppressed
[  141.436312][   T27] audit: type=1800 audit(1755236362.973:23): pid=6984 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.323" name="file1" dev="loop4" ino=15 res=0 errno=0
[  141.515726][ T6982] loop2: detected capacity change from 0 to 32768
[  141.530221][ T6987] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  141.538882][ T6982] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.322 (6982)
[  141.597430][ T6982] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  141.647146][ T6982] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  141.670876][ T6982] BTRFS info (device loop2): using free space tree
[  141.673424][ T6604] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  141.797251][ T6993] loop1: detected capacity change from 0 to 1024
[  141.806294][ T6993] EXT4-fs: Ignoring removed nobh option
[  141.816900][ T6993] EXT4-fs: Ignoring removed bh option
[  141.826230][ T6993] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  141.888546][ T6982] BTRFS info (device loop2): enabling ssd optimizations
[  141.903772][ T6993] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  141.919168][ T6982] BTRFS info (device loop2): auto enabling async discard
[  142.257637][ T5792] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  142.364715][ T7019] netlink: 'syz.4.330': attribute type 1 has an invalid length.
[  142.421945][ T6591] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 10 /dev/loop2 scanned by udevd (6591)
[  142.471254][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.049910][    T8] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  143.167422][ T7038] loop5: detected capacity change from 0 to 2048
[  143.239169][ T7039] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  143.258751][    T8] usb 3-1: Using ep0 maxpacket: 8
[  143.270428][    T8] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  143.302621][   T27] audit: type=1800 audit(1755236364.843:24): pid=7038 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.336" name="file1" dev="loop5" ino=15 res=0 errno=0
[  143.326218][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.350717][    T8] usb 3-1: Product: syz
[  143.365002][ T7039] NILFS (loop5): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  143.369143][    T8] usb 3-1: Manufacturer: syz
[  143.401794][ T7039] NILFS error (device loop5): nilfs_bmap_propagate: broken bmap (inode number=4)
[  143.424817][    T8] usb 3-1: SerialNumber: syz
[  143.447575][    T8] usb 3-1: config 0 descriptor??
[  143.450182][ T7039] Remounting filesystem read-only
[  143.487525][ T7040] NILFS (loop5): discard dirty page: offset=28672, ino=15
[  143.505712][ T7040] NILFS (loop5): discard dirty block: blocknr=0, size=1024
[  143.532509][ T7040] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  143.545760][ T7034] loop6: detected capacity change from 0 to 524287999
[  143.557447][ T7040] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  143.608584][ T7040] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  143.650770][ T7038] syz.5.336 (7038) used greatest stack depth: 19376 bytes left
[  143.719474][    T8] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  143.791450][ T6652] NILFS (loop5): disposed unprocessed dirty file(s) when stopping log writer
[  143.836704][ T6652] NILFS (loop5): discard dirty page: offset=0, ino=6
[  143.848475][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  143.879193][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  143.899337][ T6652] NILFS (loop5): discard dirty block: blocknr=37, size=1024
[  143.916904][ T6652] NILFS (loop5): discard dirty block: blocknr=38, size=1024
[  143.943711][ T6652] NILFS (loop5): discard dirty page: offset=0, ino=5
[  143.959534][ T6652] NILFS (loop5): discard dirty block: blocknr=41, size=1024
[  143.977251][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  144.009060][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  144.038483][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  144.073876][ T6652] NILFS (loop5): discard dirty page: offset=0, ino=4
[  144.091015][ T6652] NILFS (loop5): discard dirty block: blocknr=40, size=1024
[  144.125773][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  144.148494][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  144.178210][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  144.209122][ T6652] NILFS (loop5): discard dirty page: offset=0, ino=3
[  144.216000][ T6652] NILFS (loop5): discard dirty block: blocknr=42, size=1024
[  144.238469][ T6652] NILFS (loop5): discard dirty block: blocknr=43, size=1024
[  144.246717][ T7048] loop1: detected capacity change from 0 to 256
[  144.266310][ T6652] NILFS (loop5): discard dirty block: blocknr=44, size=1024
[  144.283710][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  144.293067][ T7048] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  144.314091][ T6652] NILFS (loop5): discard dirty page: offset=229376, ino=3
[  144.334337][ T7048] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  144.343652][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  144.364588][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  144.391870][ T6652] NILFS (loop5): discard dirty block: blocknr=50, size=1024
[  144.413021][ T6652] NILFS (loop5): discard dirty block: blocknr=18446744073709551615, size=1024
[  144.432513][ T7048] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  144.929209][ T7055] loop5: detected capacity change from 0 to 512
[  144.977498][   T11] Bluetooth: hci4: Frame reassembly failed (-84)
[  144.989424][    T8] usb write operation failed. (-71)
[  145.020567][    T8] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  145.040131][    T8] dvbdev: DVB: registering new adapter (Terratec H7)
[  145.055057][    T8] usb 3-1: media controller created
[  145.065410][    T8] usb read operation failed. (-71)
[  145.080140][    T8] usb write operation failed. (-71)
[  145.089498][ T7055] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.092108][    T8] dvb_usb_az6007: probe of 3-1:0.0 failed with error -5
[  145.133363][    T8] usb 3-1: USB disconnect, device number 6
[  145.162162][ T7055] ext4 filesystem being mounted at /16/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  145.249459][ T6652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.487326][ T7062] dccp_invalid_packet: P.type (CLOSE) not Data || [Data]Ack, while P.X == 0
[  145.738276][ T7066] loop5: detected capacity change from 0 to 4096
[  145.897186][ T7075] netlink: 240 bytes leftover after parsing attributes in process `syz.4.346'.
[  146.568322][ T7082] loop2: detected capacity change from 0 to 32768
[  146.587222][ T7082] (syz.2.350,7082,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  146.617784][    T8] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  146.626435][ T7082] (syz.2.350,7082,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  146.688901][ T7082] JBD2: Ignoring recovery information on journal
[  146.787992][ T7082] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  146.807551][    T8] usb 5-1: Using ep0 maxpacket: 32
[  146.821025][    T8] usb 5-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00
[  146.836654][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.892030][    T8] usb 5-1: config 0 descriptor??
[  146.988837][   T50] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  147.030510][ T7087] loop5: detected capacity change from 0 to 32768
[  147.107210][ T7087] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  147.175929][ T7085] Bluetooth: MGMT ver 1.22
[  147.185903][ T7085] Bluetooth: hci0: service_discovery: too big uuid_count value 5215
[  147.254419][    T8] usbhid 5-1:0.0: can't add hid device: -71
[  147.275202][    T8] usbhid: probe of 5-1:0.0 failed with error -71
[  147.304542][ T7082] syz.2.350 (7082) used greatest stack depth: 18736 bytes left
[  147.314881][    T8] usb 5-1: USB disconnect, device number 4
[  147.412799][ T5792] ocfs2: Unmounting device (7,2) on (node local)
[  147.456780][ T7099] loop1: detected capacity change from 0 to 8192
[  147.495693][ T7087] XFS (loop5): Ending clean mount
[  147.530152][ T7087] XFS (loop5): Quotacheck needed: Please wait.
[  147.537036][ T7099] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  147.581630][ T7099] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  147.593611][ T7099] REISERFS (device loop1): using ordered data mode
[  147.600410][ T7099] reiserfs: using flush barriers
[  147.630189][ T7099] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  147.654139][ T7099] REISERFS (device loop1): checking transaction log (loop1)
[  147.680434][ T7087] XFS (loop5): Quotacheck: Done.
[  147.710989][ T7099] REISERFS (device loop1): Using r5 hash to sort names
[  147.724707][ T7099] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  147.750347][ T7099] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  147.989406][ T6652] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  148.274940][ T5874] usb 5-1: new low-speed USB device number 5 using dummy_hcd
[  148.423017][ T7111] netlink: 'syz.2.360': attribute type 1 has an invalid length.
[  148.494853][ T5874] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  148.528527][ T5874] usb 5-1: config 0 has no interface number 0
[  148.555110][ T5874] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  148.582444][ T7111] bond1: entered promiscuous mode
[  148.599732][ T5874] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  148.617794][ T7111] 8021q: adding VLAN 0 to HW filter on device bond1
[  148.644441][ T5874] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  148.668577][ T5874] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  148.700227][ T7115] 8021q: adding VLAN 0 to HW filter on device bond1
[  148.707398][ T7115] bond1: (slave vcan1): The slave device specified does not support setting the MAC address
[  148.739640][ T5874] usb 5-1: config 0 descriptor??
[  148.748178][ T7104] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  148.793468][ T5874] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  148.801281][ T7115] bond1: (slave vcan1): Setting fail_over_mac to active for active-backup mode
[  148.838087][ T7115] bond1: (slave vcan1): making interface the new active one
[  148.847262][ T7115] vcan1: entered promiscuous mode
[  148.861540][ T7115] bond1: (slave vcan1): Enslaving as an active interface with an up link
[  149.341112][ T7138] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  149.740540][ T5856] usb 5-1: USB disconnect, device number 5
[  149.740577][    C0] iowarrior 5-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  150.103238][ T7147] loop5: detected capacity change from 0 to 32768
[  150.110874][ T7147] XFS: noikeep mount option is deprecated.
[  150.145820][ T7147] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  150.361843][ T7147] XFS (loop5): Ending clean mount
[  150.387392][ T7147] XFS (loop5): Quotacheck needed: Please wait.
[  150.463527][ T7147] XFS (loop5): Quotacheck: Done.
[  150.995967][ T6652] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  151.558541][ T5856] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  151.793640][ T5856] usb 2-1: unable to get BOS descriptor or descriptor too short
[  151.820723][ T5856] usb 2-1: unable to read config index 0 descriptor/start: -71
[  151.828740][ T5856] usb 2-1: can't read configurations, error -71
[  152.240061][ T7178] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  152.419785][ T7182] netlink: 'syz.5.376': attribute type 1 has an invalid length.
[  152.526505][ T7185] loop4: detected capacity change from 0 to 2048
[  152.910335][ T5835] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  152.987982][ T7181] loop2: detected capacity change from 0 to 32768
[  153.063907][   T27] audit: type=1800 audit(1755236374.593:25): pid=7181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.383" name="file1" dev="loop2" ino=7 res=0 errno=0
[  153.115528][ T5835] usb 5-1: config 220 has an invalid interface number: 76 but max is 2
[  153.133243][ T5835] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  153.153077][ T5835] usb 5-1: config 220 has an invalid descriptor of length 159, skipping remainder of the config
[  153.176907][ T5835] usb 5-1: config 220 has no interface number 2
[  153.210744][ T5835] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  153.262032][ T5835] usb 5-1: config 220 interface 0 has no altsetting 0
[  153.281706][ T5835] usb 5-1: config 220 interface 76 has no altsetting 0
[  153.311128][ T5835] usb 5-1: config 220 interface 1 has no altsetting 0
[  153.322103][ T5835] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  153.341066][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.367737][ T5835] usb 5-1: Product: syz
[  153.376638][ T5835] usb 5-1: Manufacturer: syz
[  153.384718][ T5835] usb 5-1: SerialNumber: syz
[  153.498017][ T7205] 9pnet: p9_errstr2errno: server reported unknown error þLì²¼	O€
[  153.625942][ T5835] usb 5-1: selecting invalid altsetting 0
[  153.656357][ T5835] usb 5-1: Found UVC 7.01 device syz (8086:0b07)
[  153.663107][ T5835] usb 5-1: No valid video chain found.
[  153.683017][ T5835] usb 5-1: selecting invalid altsetting 0
[  153.689050][ T5835] usbtest: probe of 5-1:220.1 failed with error -22
[  153.710959][ T5835] usb 5-1: USB disconnect, device number 6
[  153.881575][ T5874] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  154.071510][ T5874] usb 6-1: Using ep0 maxpacket: 32
[  154.079205][ T5874] usb 6-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  154.088326][ T5874] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.099189][ T5874] usb 6-1: config 0 descriptor??
[  154.115629][ T5874] gspca_main: nw80x-2.14.0 probing 055f:d001
[  154.872756][ T7209] loop1: detected capacity change from 0 to 32768
[  154.911319][ T7209] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 scanned by syz.1.396 (7209)
[  154.974304][ T7209] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  154.985401][ T7209] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  155.002867][ T7209] BTRFS info (device loop1): use no compression
[  155.013819][ T7209] BTRFS info (device loop1): turning on flush-on-commit
[  155.023675][ T7209] BTRFS info (device loop1): using free space tree
[  155.131176][ T7209] BTRFS info (device loop1): enabling ssd optimizations
[  155.145773][ T7209] BTRFS info (device loop1): auto enabling async discard
[  155.174287][ T7215] loop2: detected capacity change from 0 to 32768
[  155.189135][ T7215] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.394 (7215)
[  155.198594][ T5835] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  155.248482][ T7215] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  155.278757][ T7215] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  155.287624][ T7215] BTRFS info (device loop2): allowing degraded mounts
[  155.321192][ T7215] BTRFS info (device loop2): force zlib compression, level 3
[  155.343556][ T7215] BTRFS info (device loop2): use zlib compression, level 3
[  155.356463][ T5874] gspca_nw80x: reg_w err -71
[  155.361303][ T5874] nw80x: probe of 6-1:0.0 failed with error -71
[  155.389230][ T5874] usb 6-1: USB disconnect, device number 2
[  155.398503][ T7215] BTRFS info (device loop2): force clearing of disk cache
[  155.405697][ T7215] BTRFS info (device loop2): using free space tree
[  155.418659][ T5835] usb 5-1: Using ep0 maxpacket: 16
[  155.431378][ T5835] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  155.464140][ T5835] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  155.515410][ T5835] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  155.558023][ T5835] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  155.591774][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  155.646923][ T5786] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  155.662975][ T5835] usb 5-1: Product: syz
[  155.672668][ T5835] usb 5-1: Manufacturer: syz
[  155.677338][ T5835] usb 5-1: SerialNumber: syz
[  155.684951][ T7215] BTRFS info (device loop2): enabling ssd optimizations
[  155.712271][ T7215] BTRFS info (device loop2): rebuilding free space tree
[  155.882438][ T5799] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 10 /dev/loop1 scanned by udevd (5799)
[  156.005466][ T7215] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  156.183042][ T5835] usb 5-1: 0:2 : does not exist
[  157.098374][ T5835] usb 5-1: USB disconnect, device number 7
[  157.112599][ T7253] loop1: detected capacity change from 0 to 32768
[  157.192038][   T27] audit: type=1800 audit(1755236378.733:26): pid=7253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.400" name="file1" dev="loop1" ino=7 res=0 errno=0
[  158.197907][ T7268] loop5: detected capacity change from 0 to 32768
[  158.311695][   T27] audit: type=1800 audit(1755236379.853:27): pid=7268 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.404" name="file1" dev="loop5" ino=7 res=0 errno=0
[  158.667783][ T7283] loop1: detected capacity change from 0 to 4096
[  159.249151][ T7297] loop5: detected capacity change from 0 to 1024
[  159.267036][ T7297] EXT4-fs: Ignoring removed nobh option
[  159.288568][ T7297] EXT4-fs: Ignoring removed bh option
[  159.312585][ T7297] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  159.383276][ T7297] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.402731][ T7301] loop1: detected capacity change from 0 to 2048
[  159.485268][ T7303] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  159.528591][   T27] audit: type=1800 audit(1755236381.063:28): pid=7297 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.423" name="file2" dev="overlay" ino=16 res=0 errno=0
[  159.603937][   T27] audit: type=1800 audit(1755236381.123:29): pid=7301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.416" name="file1" dev="loop1" ino=15 res=0 errno=0
[  159.644816][ T7303] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  159.670221][ T7303] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4)
[  159.695895][ T7303] Remounting filesystem read-only
[  159.703631][ T7304] NILFS (loop1): discard dirty page: offset=28672, ino=15
[  159.719934][ T6652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.738481][ T7304] NILFS (loop1): discard dirty block: blocknr=0, size=1024
[  159.757390][ T7304] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  159.782486][ T7304] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  159.805914][ T7304] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  159.921746][ T5786] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer
[  159.932211][ T5786] NILFS (loop1): discard dirty page: offset=0, ino=6
[  159.939551][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  159.951595][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  159.961040][ T5786] NILFS (loop1): discard dirty block: blocknr=37, size=1024
[  159.970780][ T5786] NILFS (loop1): discard dirty block: blocknr=38, size=1024
[  159.980223][ T5786] NILFS (loop1): discard dirty page: offset=0, ino=5
[  159.987074][ T5786] NILFS (loop1): discard dirty block: blocknr=41, size=1024
[  159.995525][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.004947][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.014334][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.023864][ T5786] NILFS (loop1): discard dirty page: offset=0, ino=4
[  160.032655][ T5786] NILFS (loop1): discard dirty block: blocknr=40, size=1024
[  160.040327][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.051081][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.060547][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.070153][ T5786] NILFS (loop1): discard dirty page: offset=0, ino=3
[  160.076978][ T5786] NILFS (loop1): discard dirty block: blocknr=42, size=1024
[  160.087230][ T5786] NILFS (loop1): discard dirty block: blocknr=43, size=1024
[  160.095002][ T5786] NILFS (loop1): discard dirty block: blocknr=44, size=1024
[  160.107100][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.117700][ T5786] NILFS (loop1): discard dirty page: offset=229376, ino=3
[  160.129955][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.141669][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.155090][ T5786] NILFS (loop1): discard dirty block: blocknr=50, size=1024
[  160.162912][ T5786] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024
[  160.218617][    T8] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  160.363132][ T7306] loop4: detected capacity change from 0 to 32768
[  160.418608][    T8] usb 6-1: Using ep0 maxpacket: 32
[  160.424173][ T7306] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  160.435956][    T8] usb 6-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  160.457622][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.500225][ T7322] loop1: detected capacity change from 0 to 2048
[  160.504877][    T8] usb 6-1: config 0 descriptor??
[  160.544708][    T8] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  160.562497][ T7322] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.605647][ T7322] ext4 filesystem being mounted at /112/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  160.649395][ T7322] EXT4-fs error (device loop1): __ext4_new_inode:1075: comm syz.1.421: reserved inode found cleared - inode=1
[  160.651600][ T7306] XFS (loop4): Ending clean mount
[  160.681843][ T7322] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  160.685456][ T7306] XFS (loop4): Quotacheck needed: Please wait.
[  160.709700][ T7322] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[  160.766559][ T7322] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  160.797898][ T7306] XFS (loop4): Quotacheck: Done.
[  160.844736][ T7322] EXT4-fs error (device loop1) in ext4_free_inode:363: Corrupt filesystem
[  160.943147][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.958695][ T6604] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  160.988765][ T5104] Bluetooth: hci4: command 0x1003 tx timeout
[  160.989765][   T50] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  161.345589][ T7335] loop2: detected capacity change from 0 to 1024
[  161.353874][ T7335] EXT4-fs: Ignoring removed nobh option
[  161.360053][ T7335] EXT4-fs: Ignoring removed bh option
[  161.366857][ T7335] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  161.404231][   T28] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  161.416874][ T7335] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  161.472731][   T27] audit: type=1800 audit(1755236383.013:30): pid=7335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.427" name="file2" dev="overlay" ino=16 res=0 errno=0
[  161.548938][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.611469][   T28] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  161.634195][   T28] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  161.653419][   T28] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  161.663048][   T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.684156][   T28] usb 2-1: config 0 descriptor??
[  161.764168][   T27] audit: type=1326 audit(1755236383.303:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7340 comm="syz.2.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cd618ebe9 code=0x7ffc0000
[  161.799094][    T8] gspca_vc032x: reg_w err -71
[  161.803537][   T27] audit: type=1326 audit(1755236383.303:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7340 comm="syz.2.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cd618ebe9 code=0x7ffc0000
[  161.826773][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.829932][   T27] audit: type=1326 audit(1755236383.333:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7340 comm="syz.2.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cd618ebe9 code=0x7ffc0000
[  161.832990][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.856352][   T27] audit: type=1326 audit(1755236383.343:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7340 comm="syz.2.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cd618ebe9 code=0x7ffc0000
[  161.886458][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.886932][   T27] audit: type=1326 audit(1755236383.343:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7340 comm="syz.2.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7cd618ebe9 code=0x7ffc0000
[  161.920578][   T27] audit: type=1326 audit(1755236383.343:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7340 comm="syz.2.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7cd618ebe9 code=0x7ffc0000
[  161.942717][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942734][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942743][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942752][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942761][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942770][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942779][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942789][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942798][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942807][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942816][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942824][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942833][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942842][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942851][    T8] gspca_vc032x: I2c Bus Busy Wait 00
[  161.942870][    T8] gspca_vc032x: Unknown sensor...
[  161.942943][    T8] vc032x: probe of 6-1:0.0 failed with error -22
[  161.949200][    T8] usb 6-1: USB disconnect, device number 3
[  162.153926][   T28] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  162.169461][   T28] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  162.198802][   T28] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  162.455834][    T8] usb 2-1: USB disconnect, device number 8
[  163.414007][ T7351] loop2: detected capacity change from 0 to 32768
[  163.472101][ T7351] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  163.516773][ T7356] loop4: detected capacity change from 0 to 32768
[  163.534585][ T7356] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.435 (7356)
[  163.644020][ T7356] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  163.678669][ T7356] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  163.707125][ T7351] XFS (loop2): Ending clean mount
[  163.717382][ T7356] BTRFS info (device loop4): setting nodatacow, compression disabled
[  163.748828][ T7351] XFS (loop2): Quotacheck needed: Please wait.
[  163.756547][ T7356] BTRFS info (device loop4): max_inline at 0
[  163.786111][ T7356] BTRFS info (device loop4): enabling disk space caching
[  163.816025][ T7356] BTRFS info (device loop4): turning off barriers
[  163.846310][ T7356] BTRFS info (device loop4): turning on flush-on-commit
[  163.885226][ T7356] BTRFS info (device loop4): doing ref verification
[  163.908984][ T7356] BTRFS info (device loop4): force clearing of disk cache
[  163.911149][ T7351] XFS (loop2): Quotacheck: Done.
[  163.939049][ T7356] BTRFS info (device loop4): enabling ssd optimizations
[  163.946135][ T7356] BTRFS info (device loop4): max_inline at 4096
[  164.007353][ T7356] BTRFS info (device loop4): disk space caching is enabled
[  164.276620][ T7356] BTRFS info (device loop4): auto enabling async discard
[  164.317866][ T5792] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  164.327633][ T7356] BTRFS info (device loop4): rebuilding free space tree
[  164.408282][ T7356] BTRFS info (device loop4): disabling free space tree
[  164.437701][ T7356] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  164.452098][ T7356] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  165.086255][ T6604] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  165.727862][ T7423] netlink: 12 bytes leftover after parsing attributes in process `syz.5.451'.
[  165.762599][ T7423] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  165.772219][ T7423] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  165.781555][ T7423] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  165.791953][ T7423] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  165.811984][ T7423] netlink: 12 bytes leftover after parsing attributes in process `syz.5.451'.
[  166.859043][ T7444] loop2: detected capacity change from 0 to 4096
[  166.877168][ T7444] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  166.977201][ T7444] ntfs3: loop2: Failed to initialize $Extend/$Reparse.
[  167.351236][ T5792] ntfs3: loop2: ino=1a, ntfs_sync_fs failed, -22.
[  167.919317][ T7448] loop5: detected capacity change from 0 to 32768
[  167.948737][ T7448] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop5 scanned by syz.5.460 (7448)
[  167.994288][ T7448] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  168.017729][ T7448] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  168.038737][ T7448] BTRFS info (device loop5): force clearing of disk cache
[  168.049235][ T7448] BTRFS info (device loop5): setting nodatacow, compression disabled
[  168.068603][   T28] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  168.069381][ T7448] BTRFS info (device loop5): doing ref verification
[  168.102034][ T7448] BTRFS info (device loop5): enabling auto defrag
[  168.116816][ T7448] BTRFS info (device loop5): max_inline at 0
[  168.153839][ T7448] BTRFS info (device loop5): using free space tree
[  168.264351][ T7448] BTRFS info (device loop5): enabling ssd optimizations
[  168.271747][   T28] usb 3-1: Using ep0 maxpacket: 16
[  168.289083][   T28] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  168.321295][ T7448] BTRFS info (device loop5): auto enabling async discard
[  168.339018][   T28] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.358752][ T7448] BTRFS info (device loop5): rebuilding free space tree
[  168.378866][   T28] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  168.401987][   T28] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  168.422492][   T28] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.451899][   T28] usb 3-1: config 0 descriptor??
[  168.522935][ T7481] BTRFS error (device loop5: state M): unrecognized mount option 'rag'
[  168.568558][    T8] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  168.637548][ T6652] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  168.778902][    T8] usb 5-1: Using ep0 maxpacket: 32
[  168.805927][    T8] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  168.827897][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  168.837020][    T8] usb 5-1: Product: syz
[  168.842109][    T8] usb 5-1: Manufacturer: syz
[  168.847471][    T8] usb 5-1: SerialNumber: syz
[  168.858588][    T8] usb 5-1: config 0 descriptor??
[  168.895334][   T28] HID 045e:07da: Invalid code 65791 type 1
[  168.924976][ T7483] loop5: detected capacity change from 0 to 512
[  168.932411][   T28] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.000B/input/input15
[  168.975421][ T7483] EXT4-fs error (device loop5): ext4_orphan_get:1399: inode #15: comm syz.5.469: casefold flag without casefold feature
[  168.978045][   T28] microsoft 0003:045E:07DA.000B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  169.037288][ T7483] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.469: couldn't read orphan inode 15 (err -117)
[  169.063540][ T7483] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.154389][    T9] usb 3-1: USB disconnect, device number 7
[  169.249848][ T6652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.307078][    T8] airspy 5-1:0.0: Board ID: 00
[  169.322564][    T8] airspy 5-1:0.0: Firmware version: 
[  169.375189][ T7489] loop5: detected capacity change from 0 to 1024
[  169.513980][   T11] hfsplus: b-tree write err: -5, ino 4
[  170.116354][    T8] airspy 5-1:0.0: usb_control_msg() failed -71 request 0f
[  170.129331][    T8] airspy 5-1:0.0: Registered as swradio24
[  170.135121][    T8] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  170.150111][    T8] usb 5-1: USB disconnect, device number 8
[  170.892080][ T7498] loop5: detected capacity change from 0 to 4096
[  170.939062][ T7498] ntfs3: loop5: Different NTFS sector size (4096) and media sector size (512).
[  171.091883][ T7498] ntfs3: loop5: Failed to initialize $Extend/$Reparse.
[  171.406107][ T6652] ntfs3: loop5: ino=1a, ntfs_sync_fs failed, -22.
[  172.038533][   T23] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  172.239024][   T23] usb 3-1: Using ep0 maxpacket: 32
[  172.253485][   T23] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  172.268614][   T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.280200][   T23] usb 3-1: Product: syz
[  172.297189][   T23] usb 3-1: Manufacturer: syz
[  172.303100][   T23] usb 3-1: SerialNumber: syz
[  172.315556][   T23] usb 3-1: config 0 descriptor??
[  172.584440][ T7520] loop5: detected capacity change from 0 to 32768
[  172.649754][ T7520] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode.
[  172.717523][ T6652] ocfs2: Unmounting device (7,5) on (node local)
[  172.768669][   T23] airspy 3-1:0.0: Board ID: 00
[  172.784152][   T23] airspy 3-1:0.0: Firmware version: 
[  173.517993][ T7524] loop4: detected capacity change from 0 to 40427
[  173.545183][ T7524] F2FS-fs (loop4): invalid crc value
[  173.572955][ T7524] F2FS-fs (loop4): Found nat_bits in checkpoint
[  173.575540][   T23] airspy 3-1:0.0: usb_control_msg() failed -71 request 0f
[  173.608627][   T23] airspy 3-1:0.0: Registered as swradio24
[  173.614429][   T23] airspy 3-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  173.632715][ T7540] loop5: detected capacity change from 0 to 2048
[  173.649349][   T23] usb 3-1: USB disconnect, device number 8
[  173.767214][ T7540] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  173.781371][ T7524] F2FS-fs (loop4): Start checkpoint disabled!
[  173.839697][ T7524] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  173.888745][ T7540] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.007770][ T7540] EXT4-fs error (device loop5): __ext4_new_inode:1075: comm syz.5.489: reserved inode found cleared - inode=1
[  174.057031][ T7540] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  174.084945][ T7540] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended
[  174.124742][ T7540] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  174.174094][ T7540] EXT4-fs error (device loop5) in ext4_free_inode:363: Corrupt filesystem
[  174.192800][ T3513] kworker/u4:10: attempt to access beyond end of device
[  174.192800][ T3513] loop4: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  174.212317][ T3513] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  174.221103][ T3513] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  174.229502][ T3513] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  174.340888][ T6652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.195999][ T7568] loop2: detected capacity change from 0 to 512
[  175.248737][ T7568] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.498: casefold flag without casefold feature
[  175.265358][ T7568] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.498: couldn't read orphan inode 15 (err -117)
[  175.283322][ T7568] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  175.310440][ T7556] loop5: detected capacity change from 0 to 32768
[  175.400533][ T7556] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  175.404740][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  175.498581][   T28] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  175.524182][ T7560] loop1: detected capacity change from 0 to 32768
[  175.553936][ T7560] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.493 (7560)
[  175.572512][ T7556] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  175.638224][ T7560] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  175.662653][ T7560] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  175.688746][ T7560] BTRFS info (device loop1): allowing degraded mounts
[  175.699511][   T28] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  175.728849][ T7560] BTRFS info (device loop1): force zlib compression, level 3
[  175.736426][   T28] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  175.755863][ T7560] BTRFS info (device loop1): use zlib compression, level 3
[  175.765800][   T28] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.774157][ T7560] BTRFS info (device loop1): force clearing of disk cache
[  175.791541][   T28] usb 5-1: config 0 descriptor??
[  175.798498][ T7560] BTRFS info (device loop1): using free space tree
[  175.891409][ T6652] ocfs2: Unmounting device (7,5) on (node local)
[  176.029190][ T7560] BTRFS info (device loop1): enabling ssd optimizations
[  176.090084][ T7560] BTRFS info (device loop1): rebuilding free space tree
[  176.118609][   T28] usbhid 5-1:0.0: can't add hid device: -71
[  176.151650][   T28] usbhid: probe of 5-1:0.0 failed with error -71
[  176.162644][ T6518] udevd[6518]: '/usr/bin/udevadm trigger -s block -p ID_BTRFS_READY=0' [7580] terminated by signal 33 (Unknown signal 33)
[  176.182007][   T28] usb 5-1: USB disconnect, device number 9
[  176.215622][ T6518] udevd[6518]: failed to send result of seq 13090 to main daemon: Connection refused
[  176.238289][ T7560] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  176.630359][ T7604] loop2: detected capacity change from 0 to 64
[  176.668678][   T28] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  176.810106][ T7610] loop2: detected capacity change from 0 to 128
[  176.858598][   T28] usb 5-1: Using ep0 maxpacket: 32
[  176.876283][   T28] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  176.888772][   T28] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40
[  176.899275][   T28] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.910391][   T28] usb 5-1: config 0 descriptor??
[  176.912316][ T5778] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  176.927791][   T28] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  176.961329][   T28] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  176.986053][ T1316] kworker/u4:6: attempt to access beyond end of device
[  176.986053][ T1316] loop2: rw=1, sector=129, nr_sectors = 3 limit=128
[  177.065682][ T7614] netlink: 536 bytes leftover after parsing attributes in process `syz.2.507'.
[  177.075362][ T7614] netlink: 16 bytes leftover after parsing attributes in process `syz.2.507'.
[  177.125006][   T28] usb 5-1: USB disconnect, device number 10
[  177.135657][   T28] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  177.138566][ T5778] usb 6-1: Using ep0 maxpacket: 8
[  177.175052][ T5778] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  177.189207][ T5778] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.207449][ T5778] usb 6-1: Product: syz
[  177.212314][ T5778] usb 6-1: Manufacturer: syz
[  177.216965][ T5778] usb 6-1: SerialNumber: syz
[  177.226709][ T5778] usb 6-1: config 0 descriptor??
[  177.245475][ T7620] binder: 7619:7620 ioctl c0306201 2000000003c0 returned -14
[  177.444736][ T5778] usb 6-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  178.306728][ T7627] loop4: detected capacity change from 0 to 32768
[  178.342977][ T7627] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.514 (7627)
[  178.382678][ T7627] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  178.397927][ T7627] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  178.418664][ T7627] BTRFS info (device loop4): allowing degraded mounts
[  178.425509][ T7627] BTRFS info (device loop4): force zlib compression, level 3
[  178.468566][ T7627] BTRFS info (device loop4): use zlib compression, level 3
[  178.475856][ T7627] BTRFS info (device loop4): force clearing of disk cache
[  178.491294][ T7627] BTRFS info (device loop4): using free space tree
[  178.596058][ T7627] BTRFS info (device loop4): enabling ssd optimizations
[  178.609375][ T7627] BTRFS info (device loop4): rebuilding free space tree
[  178.620910][ T7664] cgroup: fork rejected by pids controller in /syz1
[  178.679004][ T5778] usb write operation failed. (-71)
[  178.709468][ T5778] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  178.749370][ T5778] dvbdev: DVB: registering new adapter (Terratec H7)
[  178.770351][ T5778] usb 6-1: media controller created
[  178.778970][ T5778] usb read operation failed. (-71)
[  178.794912][ T7627] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  178.807840][ T5778] usb write operation failed. (-71)
[  178.837426][ T5778] dvb_usb_az6007: probe of 6-1:0.0 failed with error -5
[  178.859903][ T5778] usb 6-1: USB disconnect, device number 4
[  179.212751][   T12] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.394076][   T12] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.563803][   T12] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.598625][ T7677] loop4: detected capacity change from 0 to 128
[  179.633303][ T7677] EXT4-fs: Ignoring removed nobh option
[  179.698711][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  179.720597][ T7677] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  179.746525][ T7682] netlink: 4 bytes leftover after parsing attributes in process `syz.5.528'.
[  179.766145][   T12] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  179.778306][ T7677] ext4 filesystem being mounted at /49/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  180.178518][ T5778] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  180.224673][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[  180.458552][ T5778] usb 5-1: Using ep0 maxpacket: 16
[  180.485308][ T5104] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  180.497959][ T5104] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  180.510901][ T5778] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  180.519454][ T5778] usb 5-1: config 0 has no interface number 0
[  180.525601][ T5778] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  180.537939][ T5778] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  180.548002][ T5778] usb 5-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  180.557178][ T5104] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  180.564298][ T5778] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.575378][ T5104] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  180.586396][ T5778] usb 5-1: config 0 descriptor??
[  180.591740][ T5104] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  180.601459][ T5104] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  180.885767][ T7693] netlink: 4 bytes leftover after parsing attributes in process `syz.5.532'.
[  181.217719][ T5778] uclogic 0003:28BD:0071.000C: pen parameters not found
[  181.264813][ T5778] uclogic 0003:28BD:0071.000C: interface is invalid, ignoring
[  181.507812][ T5778] usb 5-1: USB disconnect, device number 11
[  181.749957][ T7687] chnl_net:caif_netlink_parms(): no params data found
[  181.859008][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  181.868799][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  182.114390][ T6604] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  182.180978][   T12] hsr_slave_0: left promiscuous mode
[  182.199759][   T12] hsr_slave_1: left promiscuous mode
[  182.224888][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  182.248487][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  182.277039][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  182.295569][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  182.315683][   T12] bridge_slave_1: left allmulticast mode
[  182.340767][   T12] bridge_slave_1: left promiscuous mode
[  182.346673][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  182.393120][   T12] bridge_slave_0: left allmulticast mode
[  182.406720][   T12] bridge_slave_0: left promiscuous mode
[  182.415012][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.509098][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  182.558882][   T12] veth1_macvtap: left promiscuous mode
[  182.564573][   T12] veth0_macvtap: left promiscuous mode
[  182.574870][   T12] veth1_vlan: left promiscuous mode
[  182.580630][   T12] veth0_vlan: left promiscuous mode
[  182.671357][   T50] Bluetooth: hci1: command tx timeout
[  182.768616][    T8] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  182.987728][    T8] usb 5-1: Using ep0 maxpacket: 16
[  183.020163][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  183.049492][    T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  183.095613][    T8] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  183.153695][    T8] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  183.179695][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.226043][    T8] usb 5-1: config 0 descriptor??
[  183.506757][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  183.681596][    T8] HID 045e:07da: Invalid code 65791 type 1
[  183.728763][    T8] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000D/input/input16
[  183.793865][    T8] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  183.892203][    T8] usb 5-1: USB disconnect, device number 12
[  184.756853][   T50] Bluetooth: hci1: command tx timeout
[  184.869815][   T12] team0 (unregistering): Port device team_slave_1 removed
[  185.015257][   T12] team0 (unregistering): Port device team_slave_0 removed
[  185.083051][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  185.188924][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  186.050449][ T7730] loop2: detected capacity change from 0 to 512
[  186.070440][ T7730] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  186.106567][ T7730] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  186.195390][ T7730] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  186.244168][ T7730] EXT4-fs (loop2): 1 truncate cleaned up
[  186.255200][ T7730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.499928][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.741759][   T12] bond0 (unregistering): Released all slaves
[  186.829754][   T50] Bluetooth: hci1: command tx timeout
[  187.021494][ T7687] bridge0: port 1(bridge_slave_0) entered blocking state
[  187.049279][ T7687] bridge0: port 1(bridge_slave_0) entered disabled state
[  187.056548][ T7687] bridge_slave_0: entered allmulticast mode
[  187.074288][ T7687] bridge_slave_0: entered promiscuous mode
[  187.096334][ T7687] bridge0: port 2(bridge_slave_1) entered blocking state
[  187.113883][ T7687] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.117788][ T7750] loop2: detected capacity change from 0 to 2048
[  187.129706][ T7687] bridge_slave_1: entered allmulticast mode
[  187.160021][ T7687] bridge_slave_1: entered promiscuous mode
[  187.169747][ T7750] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  187.230647][ T7750] ext4 filesystem being mounted at /148/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.394154][ T7687] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  187.441038][ T7687] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  187.494406][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.574690][ T7687] team0: Port device team_slave_0 added
[  187.625234][ T7754] netlink: 4 bytes leftover after parsing attributes in process `syz.2.554'.
[  187.688487][ T7687] team0: Port device team_slave_1 added
[  187.807702][ T7687] batman_adv: batadv0: Adding interface: batadv_slave_0
[  187.825052][ T7687] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  187.851247][ T7687] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  187.877548][ T7758] netlink: 'syz.2.555': attribute type 12 has an invalid length.
[  187.885707][ T7758] netlink: 'syz.2.555': attribute type 29 has an invalid length.
[  187.893761][ T7758] netlink: 148 bytes leftover after parsing attributes in process `syz.2.555'.
[  187.914324][ T7758] netlink: 16 bytes leftover after parsing attributes in process `syz.2.555'.
[  187.943892][ T7687] batman_adv: batadv0: Adding interface: batadv_slave_1
[  187.961793][ T7748] loop4: detected capacity change from 0 to 32768
[  187.968805][ T7687] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  187.996485][ T7687] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  188.011692][ T7748] (syz.4.552,7748,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  188.025518][ T7748] (syz.4.552,7748,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  188.078327][ T7748] JBD2: Ignoring recovery information on journal
[  188.160317][ T7748] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  188.176857][ T7687] hsr_slave_0: entered promiscuous mode
[  188.194268][ T7687] hsr_slave_1: entered promiscuous mode
[  188.201931][ T7687] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  188.228618][ T7687] Cannot create hsr debugfs directory
[  188.328039][ T7748] ocfs2: Unmounting device (7,4) on (node local)
[  188.910438][   T50] Bluetooth: hci1: command tx timeout
[  189.201085][ T7687] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  189.259640][ T7687] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  189.295912][ T7687] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  189.338540][ T7687] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  189.457653][ T7789] netlink: 4 bytes leftover after parsing attributes in process `syz.2.566'.
[  189.475594][ T7789] bridge0: entered promiscuous mode
[  189.481657][ T7789] macsec1: entered allmulticast mode
[  189.487001][ T7789] bridge0: entered allmulticast mode
[  189.494861][ T7789] bridge0: port 3(macsec1) entered blocking state
[  189.503282][ T7789] bridge0: port 3(macsec1) entered disabled state
[  189.520613][ T7789] bridge0: left allmulticast mode
[  189.530455][ T7789] bridge0: left promiscuous mode
[  189.674105][ T7687] 8021q: adding VLAN 0 to HW filter on device bond0
[  189.723240][ T7687] 8021q: adding VLAN 0 to HW filter on device team0
[  189.775925][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.783176][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  189.784685][ T7797] Bluetooth: hci0: invalid length 0, exp 2 for type 3
[  189.833716][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  189.841019][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  189.873119][ T7801] loop5: detected capacity change from 0 to 256
[  190.295022][ T7687] 8021q: adding VLAN 0 to HW filter on device batadv0
[  190.403717][ T7687] veth0_vlan: entered promiscuous mode
[  190.430946][ T7687] veth1_vlan: entered promiscuous mode
[  190.515088][ T7687] veth0_macvtap: entered promiscuous mode
[  190.537289][ T7687] veth1_macvtap: entered promiscuous mode
[  190.582996][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.599857][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.614571][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.626283][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.639623][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  190.660547][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.680356][ T7687] batman_adv: batadv0: Interface activated: batadv_slave_0
[  190.702381][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  190.709340][ T7827] loop5: detected capacity change from 0 to 4096
[  190.714348][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.734408][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  190.750816][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.761125][ T7827] NILFS (loop5): invalid segment: Checksum error in segment payload
[  190.769598][ T7827] NILFS (loop5): trying rollback from an earlier position
[  190.776869][ T7687] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  190.796124][ T7687] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  190.810215][ T7687] batman_adv: batadv0: Interface activated: batadv_slave_1
[  190.817544][ T7827] NILFS (loop5): recovery complete
[  190.833899][ T7834] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  190.852286][ T7687] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  190.862850][ T7687] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  190.879548][ T7687] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  190.893194][ T7687] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  190.938519][ T5874] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  191.049566][ T3513] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.066344][ T3513] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.118571][ T5874] usb 5-1: Using ep0 maxpacket: 32
[  191.128079][ T5874] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  191.133773][ T3556] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  191.139961][ T5874] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.170158][ T3556] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  191.184875][ T5874] usb 5-1: config 0 descriptor??
[  191.202458][ T5874] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  191.317576][ T7836] loop5: detected capacity change from 0 to 1024
[  191.345481][ T7836] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  191.358049][ T7836] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  191.412214][ T7836] EXT4-fs error (device loop5): ext4_free_blocks:6681: comm syz.5.584: Freeing blocks not in datazone - block = 0, count = 16
[  191.467127][ T3495] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  191.494274][ T3495] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  191.507315][ T3495] EXT4-fs (loop5): This should not happen!! Data will be lost
[  191.507315][ T3495] 
[  191.518940][ T3495] EXT4-fs (loop5): Total free blocks count 0
[  191.525063][ T3495] EXT4-fs (loop5): Free/Dirty block details
[  191.531384][ T3495] EXT4-fs (loop5): free_blocks=4293918736
[  191.537644][ T3495] EXT4-fs (loop5): dirty_blocks=16
[  191.543569][ T3495] EXT4-fs (loop5): Block reservation details
[  191.551199][ T3495] EXT4-fs (loop5): i_reserved_data_blocks=1
[  191.564579][ T6652] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  191.589516][ T5842] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  191.788851][ T5842] usb 2-1: Using ep0 maxpacket: 16
[  191.805133][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  191.828542][ T5842] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  191.830191][ T7849] loop2: detected capacity change from 0 to 512
[  191.847599][ T5842] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00
[  191.861803][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.883119][ T5842] usb 2-1: config 0 descriptor??
[  192.028221][ T7849] EXT4-fs (loop2): Test dummy encryption mode enabled
[  192.060669][ T7849] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  192.083626][ T7849] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.588: bad orphan inode 131083
[  192.107540][ T7849] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  192.216136][ T5874] gspca_vc032x: reg_w err -71
[  192.221653][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.226995][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.232633][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.238027][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.243774][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.250510][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.256025][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.261475][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.267272][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.287178][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.292889][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.303269][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.313492][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.329616][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.340706][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.362949][ T7849] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  192.371866][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.377285][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.383479][ T5874] gspca_vc032x: I2c Bus Busy Wait 00
[  192.389786][ T5874] gspca_vc032x: Unknown sensor...
[  192.405654][ T5874] vc032x: probe of 5-1:0.0 failed with error -22
[  192.425786][ T5874] usb 5-1: USB disconnect, device number 13
[  192.458252][ T5792] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.700455][ T5842] letsketch 0003:6161:4D15.000E: Device info: à ‡
[  192.908272][ T5842] letsketch 0003:6161:4D15.000E: Device info: 擃
[  193.104504][ T7871] loop4: detected capacity change from 0 to 32768
[  193.113935][ T7871] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.594 (7871)
[  193.129236][ T7871] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  193.139531][ T7871] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  193.140784][ T5842] usb 2-1: Max retries (5) exceeded reading string descriptor 202
[  193.148169][ T7871] BTRFS info (device loop4): enabling auto defrag
[  193.148199][ T7871] BTRFS info (device loop4): doing ref verification
[  193.148258][ T7871] BTRFS info (device loop4): max_inline at 0
[  193.157769][ T5842] letsketch: probe of 0003:6161:4D15.000E failed with error -71
[  193.183613][ T7871] BTRFS info (device loop4): force clearing of disk cache
[  193.189156][ T5842] usb 2-1: USB disconnect, device number 9
[  193.196446][ T7871] BTRFS info (device loop4): turning on sync discard
[  193.203603][ T7871] BTRFS info (device loop4): using free space tree
[  193.246720][ T7871] BTRFS info (device loop4): enabling ssd optimizations
[  193.256625][ T7871] BTRFS info (device loop4): rebuilding free space tree
[  193.427705][ T6604] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  193.828920][ T5842] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  194.040934][ T5842] usb 6-1: config index 0 descriptor too short (expected 23569, got 27)
[  194.056869][ T5842] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.069555][ T5842] usb 6-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  194.082535][ T5842] usb 6-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  194.096427][ T5842] usb 6-1: Manufacturer: syz
[  194.103950][ T5842] usb 6-1: config 0 descriptor??
[  194.208611][ T5842] rc_core: IR keymap rc-hauppauge not found
[  194.218847][ T5842] Registered IR keymap rc-empty
[  194.237680][ T5842] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  194.251737][ T5842] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input17
[  194.342832][ T7892] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  194.355818][ T7892] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  194.375844][ T5874] usb 6-1: USB disconnect, device number 5
[  194.595081][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  194.601839][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  194.866983][ T7918] loop4: detected capacity change from 0 to 64
[  195.032900][ T7924] netlink: 12 bytes leftover after parsing attributes in process `syz.5.609'.
[  195.170455][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805ea13800: rx timeout, send abort
[  195.181944][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805ea13800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  195.241285][ T7926] vivid-003: disconnect
[  195.252545][ T7926] vivid-003: reconnect
[  195.395640][ T7931] KVM: debugfs: duplicate directory 7931-4
[  195.686096][ T7934] loop2: detected capacity change from 0 to 32768
[  195.712172][   T27] kauditd_printk_skb: 7 callbacks suppressed
[  195.712187][   T27] audit: type=1800 audit(1755236417.253:44): pid=7934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.612" name="file1" dev="loop2" ino=7 res=0 errno=0
[  195.860268][ T5874] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  196.048542][ T5874] usb 2-1: Using ep0 maxpacket: 32
[  196.062342][ T5874] usb 2-1: too many configurations: 29, using maximum allowed: 8
[  196.084032][ T5874] usb 2-1: config 0 has no interfaces?
[  196.109346][ T5874] usb 2-1: config 0 has no interfaces?
[  196.118282][ T5874] usb 2-1: config 0 has no interfaces?
[  196.137098][ T5874] usb 2-1: config 0 has no interfaces?
[  196.146855][ T5874] usb 2-1: config 0 has no interfaces?
[  196.155345][ T5874] usb 2-1: config 0 has no interfaces?
[  196.166722][ T5874] usb 2-1: config 0 has no interfaces?
[  196.179581][ T5874] usb 2-1: config 0 has no interfaces?
[  196.211221][ T5874] usb 2-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5
[  196.229609][ T5874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  196.248474][ T5874] usb 2-1: Product: syz
[  196.252711][ T5874] usb 2-1: Manufacturer: syz
[  196.257350][ T5874] usb 2-1: SerialNumber: syz
[  196.281582][ T5874] usb 2-1: config 0 descriptor??
[  196.841515][ T7970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.626'.
[  196.853545][    T8] usb 2-1: USB disconnect, device number 10
[  197.258711][   T28] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  197.454652][   T28] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.476079][   T28] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  197.502487][   T28] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  197.578344][   T28] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  197.597262][   T28] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.635192][   T28] usb 5-1: config 0 descriptor??
[  198.063034][   T28] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[  198.088886][   T28] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  198.694040][ T7987] loop5: detected capacity change from 0 to 32768
[  198.725893][   T27] audit: type=1800 audit(1755236420.263:45): pid=7987 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.631" name="file1" dev="loop5" ino=7 res=0 errno=0
[  198.798881][    T8] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  198.999215][    T8] usb 2-1: Using ep0 maxpacket: 16
[  199.007750][    T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  199.019445][    T8] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  199.032999][    T8] usb 2-1: New USB device found, idVendor=056a, idProduct=0017, bcdDevice= 0.00
[  199.042611][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  199.054104][    T8] usb 2-1: config 0 descriptor??
[  199.218926][  T111] ==================================================================
[  199.227067][  T111] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0x753/0xa60
[  199.234765][  T111] Read of size 4 at addr ffff8880790dc294 by task jfsCommit/111
[  199.242452][  T111] 
[  199.244834][  T111] CPU: 1 PID: 111 Comm: jfsCommit Not tainted 6.6.101-syzkaller #0
[  199.252855][  T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  199.265596][  T111] Call Trace:
[  199.268917][  T111]  <TASK>
[  199.271889][  T111]  dump_stack_lvl+0x16c/0x230
[  199.276609][  T111]  ? __lock_acquire+0x7c80/0x7c80
[  199.281692][  T111]  ? show_regs_print_info+0x20/0x20
[  199.286949][  T111]  ? load_image+0x3b0/0x3b0
[  199.291511][  T111]  ? __virt_addr_valid+0x469/0x540
[  199.296672][  T111]  print_report+0xac/0x220
[  199.301123][  T111]  ? jfs_lazycommit+0x753/0xa60
[  199.305992][  T111]  kasan_report+0x117/0x150
[  199.310526][  T111]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  199.315965][  T111]  ? jfs_lazycommit+0x753/0xa60
[  199.320860][  T111]  jfs_lazycommit+0x753/0xa60
[  199.325578][  T111]  ? txFreelock+0x5a0/0x5a0
[  199.330121][  T111]  ? do_task_dead+0xd0/0xd0
[  199.334659][  T111]  ? __kthread_parkme+0x7a/0x1c0
[  199.339656][  T111]  kthread+0x2fa/0x390
[  199.343743][  T111]  ? txFreelock+0x5a0/0x5a0
[  199.348270][  T111]  ? kthread_blkcg+0xd0/0xd0
[  199.352905][  T111]  ret_from_fork+0x48/0x80
[  199.357352][  T111]  ? kthread_blkcg+0xd0/0xd0
[  199.361971][  T111]  ret_from_fork_asm+0x11/0x20
[  199.366792][  T111]  </TASK>
[  199.369842][  T111] 
[  199.372178][  T111] Allocated by task 7987:
[  199.376516][  T111]  kasan_set_track+0x4e/0x70
[  199.381126][  T111]  __kasan_kmalloc+0x8f/0xa0
[  199.385727][  T111]  jfs_fill_super+0xd6/0xac0
[  199.390420][  T111]  mount_bdev+0x22b/0x2d0
[  199.394766][  T111]  legacy_get_tree+0xea/0x180
[  199.399502][  T111]  vfs_get_tree+0x8c/0x280
[  199.403931][  T111]  do_new_mount+0x24b/0xa40
[  199.408447][  T111]  __se_sys_mount+0x2da/0x3c0
[  199.413131][  T111]  do_syscall_64+0x55/0xb0
[  199.417558][  T111]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  199.423473][  T111] 
[  199.425819][  T111] Freed by task 6652:
[  199.429822][  T111]  kasan_set_track+0x4e/0x70
[  199.434446][  T111]  kasan_save_free_info+0x2e/0x50
[  199.439494][  T111]  ____kasan_slab_free+0x126/0x1e0
[  199.444617][  T111]  slab_free_freelist_hook+0x130/0x1b0
[  199.450175][  T111]  __kmem_cache_free+0xba/0x1f0
[  199.455050][  T111]  generic_shutdown_super+0x134/0x2b0
[  199.460457][  T111]  kill_block_super+0x44/0x90
[  199.465152][  T111]  deactivate_locked_super+0x97/0x100
[  199.470543][  T111]  cleanup_mnt+0x429/0x4c0
[  199.474970][  T111]  task_work_run+0x1ce/0x250
[  199.479579][  T111]  exit_to_user_mode_loop+0xe6/0x110
[  199.484881][  T111]  exit_to_user_mode_prepare+0xb1/0x140
[  199.490446][  T111]  syscall_exit_to_user_mode+0x1a/0x50
[  199.495931][  T111]  do_syscall_64+0x61/0xb0
[  199.500356][  T111]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  199.506292][  T111] 
[  199.508622][  T111] Last potentially related work creation:
[  199.514339][  T111]  kasan_save_stack+0x3e/0x60
[  199.519034][  T111]  __kasan_record_aux_stack+0xaf/0xc0
[  199.524428][  T111]  call_rcu+0x158/0x930
[  199.528600][  T111]  fib_release_info+0x688/0x740
[  199.533464][  T111]  fib_table_flush+0x9a7/0x11b0
[  199.538330][  T111]  fib_disable_ip+0xfd/0x170
[  199.542934][  T111]  fib_netdev_event+0x31f/0x490
[  199.547807][  T111]  notifier_call_chain+0x197/0x390
[  199.552932][  T111]  dev_close_many+0x297/0x400
[  199.557674][  T111]  unregister_netdevice_many_notify+0x4c1/0x1810
[  199.564040][  T111]  ip_tunnel_delete_nets+0x31c/0x360
[  199.569384][  T111]  cleanup_net+0x77f/0xb90
[  199.573825][  T111]  process_scheduled_works+0xa45/0x15b0
[  199.579397][  T111]  worker_thread+0xa55/0xfc0
[  199.584032][  T111]  kthread+0x2fa/0x390
[  199.588113][  T111]  ret_from_fork+0x48/0x80
[  199.592548][  T111]  ret_from_fork_asm+0x11/0x20
[  199.597327][  T111] 
[  199.599670][  T111] The buggy address belongs to the object at ffff8880790dc200
[  199.599670][  T111]  which belongs to the cache kmalloc-256 of size 256
[  199.613729][  T111] The buggy address is located 148 bytes inside of
[  199.613729][  T111]  freed 256-byte region [ffff8880790dc200, ffff8880790dc300)
[  199.627540][  T111] 
[  199.629873][  T111] The buggy address belongs to the physical page:
[  199.636301][  T111] page:ffffea0001e43700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x790dc
[  199.646473][  T111] head:ffffea0001e43700 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  199.655447][  T111] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  199.663450][  T111] page_type: 0xffffffff()
[  199.667797][  T111] raw: 00fff00000000840 ffff888017841b40 dead000000000100 dead000000000122
[  199.676399][  T111] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  199.685001][  T111] page dumped because: kasan: bad access detected
[  199.691426][  T111] page_owner tracks the page as allocated
[  199.697145][  T111] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5786, tgid 5786 (syz-executor), ts 81023530012, free_ts 80941170644
[  199.718528][  T111]  post_alloc_hook+0x1cd/0x210
[  199.723317][  T111]  get_page_from_freelist+0x195c/0x19f0
[  199.728895][  T111]  __alloc_pages+0x1e3/0x460
[  199.733526][  T111]  alloc_slab_page+0x5d/0x170
[  199.738236][  T111]  new_slab+0x87/0x2e0
[  199.742328][  T111]  ___slab_alloc+0xc6d/0x12f0
[  199.747025][  T111]  __kmem_cache_alloc_node+0x1a2/0x260
[  199.752514][  T111]  __kmalloc+0xa4/0x240
[  199.756699][  T111]  fib_create_info+0xa61/0x2460
[  199.761570][  T111]  fib_table_insert+0xc7/0x1b50
[  199.766451][  T111]  fib_magic+0x2c5/0x390
[  199.770717][  T111]  fib_add_ifaddr+0x38d/0x5e0
[  199.775416][  T111]  fib_netdev_event+0x389/0x490
[  199.780285][  T111]  notifier_call_chain+0x197/0x390
[  199.785408][  T111]  __dev_notify_flags+0x18e/0x2e0
[  199.790455][  T111]  dev_change_flags+0xe8/0x1a0
[  199.795236][  T111] page last free stack trace:
[  199.799948][  T111]  free_unref_page_prepare+0x7ce/0x8e0
[  199.805442][  T111]  free_unref_page+0x32/0x2e0
[  199.810134][  T111]  __unfreeze_partials+0x1cf/0x210
[  199.815270][  T111]  put_cpu_partial+0x17c/0x250
[  199.820053][  T111]  __slab_free+0x31d/0x410
[  199.824486][  T111]  qlist_free_all+0x75/0xe0
[  199.829011][  T111]  kasan_quarantine_reduce+0x143/0x160
[  199.834491][  T111]  __kasan_slab_alloc+0x22/0x80
[  199.839351][  T111]  slab_post_alloc_hook+0x6e/0x4d0
[  199.844481][  T111]  __kmem_cache_alloc_node+0x13e/0x260
[  199.849968][  T111]  kmalloc_trace+0x2a/0xe0
[  199.854419][  T111]  __ipv6_dev_mc_inc+0x413/0xac0
[  199.859389][  T111]  addrconf_dad_work+0x3c5/0x14e0
[  199.864444][  T111]  process_scheduled_works+0xa45/0x15b0
[  199.870019][  T111]  worker_thread+0xa55/0xfc0
[  199.874635][  T111]  kthread+0x2fa/0x390
[  199.878721][  T111] 
[  199.881064][  T111] Memory state around the buggy address:
[  199.886713][  T111]  ffff8880790dc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  199.894789][  T111]  ffff8880790dc200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  199.902862][  T111] >ffff8880790dc280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  199.910931][  T111]                          ^
[  199.915527][  T111]  ffff8880790dc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  199.923609][  T111]  ffff8880790dc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  199.931685][  T111] ==================================================================
[  199.939795][  T111] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  199.946997][  T111] CPU: 1 PID: 111 Comm: jfsCommit Not tainted 6.6.101-syzkaller #0
[  199.954903][  T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  199.964966][  T111] Call Trace:
[  199.968261][  T111]  <TASK>
[  199.971215][  T111]  dump_stack_lvl+0x16c/0x230
[  199.975913][  T111]  ? show_regs_print_info+0x20/0x20
[  199.981129][  T111]  ? load_image+0x3b0/0x3b0
[  199.985657][  T111]  panic+0x2c0/0x710
[  199.989584][  T111]  ? bpf_jit_dump+0xd0/0xd0
[  199.994113][  T111]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  200.000074][  T111]  ? _raw_spin_unlock+0x40/0x40
[  200.004949][  T111]  ? print_memory_metadata+0x314/0x400
[  200.010423][  T111]  ? jfs_lazycommit+0x753/0xa60
[  200.015292][  T111]  check_panic_on_warn+0x84/0xa0
[  200.020244][  T111]  ? jfs_lazycommit+0x753/0xa60
[  200.025107][  T111]  end_report+0x6f/0x140
[  200.029364][  T111]  kasan_report+0x128/0x150
[  200.033892][  T111]  ? _raw_spin_lock_irqsave+0xb4/0xf0
[  200.039300][  T111]  ? jfs_lazycommit+0x753/0xa60
[  200.044179][  T111]  jfs_lazycommit+0x753/0xa60
[  200.048888][  T111]  ? txFreelock+0x5a0/0x5a0
[  200.053405][  T111]  ? do_task_dead+0xd0/0xd0
[  200.057920][  T111]  ? __kthread_parkme+0x7a/0x1c0
[  200.062877][  T111]  kthread+0x2fa/0x390
[  200.066958][  T111]  ? txFreelock+0x5a0/0x5a0
[  200.071479][  T111]  ? kthread_blkcg+0xd0/0xd0
[  200.076085][  T111]  ret_from_fork+0x48/0x80
[  200.080549][  T111]  ? kthread_blkcg+0xd0/0xd0
[  200.085160][  T111]  ret_from_fork_asm+0x11/0x20
[  200.089966][  T111]  </TASK>
[  200.093383][  T111] Kernel Offset: disabled
[  200.097726][  T111] Rebooting in 86400 seconds..