last executing test programs:

48.143450094s ago: executing program 0 (id=898):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800002, &(0x7f0000000180)={[{@force}, {@nodecompose}, {@nobarrier}, {@nls={'nls', 0x3d, 'koi8-u'}}, {@nobarrier}, {}, {@nobarrier}, {@nobarrier}]}, 0x3, 0x6b3, &(0x7f0000000780)="$eJzs3U9sHFcdB/DvbDbrbJBSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7HipJXjorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHhlHskbhxyAIzmz9pre+PYieN1289Hmp03+96895tf5s/ubKwJ8Jl1/vXs76fI+RMXbpXL9+72Fu7d7V0flJNMJGkl7XqWopsUHyfnUk/5fPlm013xsHFevf9R0X7/w1691G6mqn1rs/U2GNmynxxYWdiXZKou/mcLHbZG91dNVT+XVvt7TMVK3GXCjg8SB+O2vEF/tXLUobHW1o9bYM+6XV83N5hMDqa+upafA9KcHR59Zhi/Tc9N/d2LAwAAAJ6Wkd/lhz3zIA9yK4d2JxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4dCjqZwYWzdQalKdSDJ7/3xl6pn5nzOE+ofeuVLPvPjPuQAAAAAAAAADgiRx7kAe5lUOD5eWi+s3/pWrhcPX6ubydm5nLYk7mVmazlKUsZibJ5FBHnVuzS0uLMxvX/GXKNZeXl283a54euebptXH11wc66n8abGgEAAAAAAAAAJ9ZP8r51d//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLyiSffWsmg4PypNptZMcSNIpplaad8Ya7A7487gDAAAAgKev28wPFf+rC8tF9Z3/SPW9/0Dezo0sZT5LWchcLlf3Aupv/a2/93sL9+72rpfTxo6/8a9txVH1mPrew+iRp6sWL6yscT7fzvdyIlO5mMXM5/uZzVLmMpVvVaXZFJls7l5M3rvbzSDWjfGeW7N0cX1sx4bKZXxHq0i6uZL5KraTudQZhN5q2h0dGu2PnWTdiHfK7BSvNbaYo8vNvNyiXzTzvWGy2vL9KxmZbnJfZuPZ4bxvzP0295P1I82ktXIP6vDqKOXi+pEeK+cHm3mZ658+3Zxv81ba2kz0f14uDfa+I5vnPPnyP/5y8WrrxrWrV26e2Du70WNav0/0hjLx4pYysVBmov8EmTjwJPHvnE6Tjfosur2z5UvVuocyn+/kzVzOXM5kOjM5m+l8LafTy+mhvL6weV6rY621vWPt+JeaQnlN+tnQtWnXTDysoszrs0N5HT7TTVZ1w++sZum5LWSp6GR0lv45MpT2F5pCOcaPh64447c+EzNDmXh+80z8+r/LSW4u3Li2eHX2rS2O93IzLw/b99aem3+zIxu0fc3mlvvLc+U/VurLxvDeUdY9P6hbl69O84tLu+lsTV0n1fFc1z3qSC17OnJnVE913YsjR+lVdUeH6tZ8ysmbWVj5FNLY9YMUgC04+MrBTvd+92/dD7o/6V7tXjjwzYmzE1/sZP9f23/a97vWb1tfL17JB/lhDo07UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DS4+c6712YXFuYW92AhrR3u8M7IqkEq6nc6I9ocyx7IxiejMLHZHvX71I9resjqnXHE3M1D49ndQtq7MNZERlRdWHmnm7RW4klybY884A54Gk4tXX/r1M133v3K/PXZN+bemLtx+uyZ1870vjpz+9SV+YW56fq1adwec7DAjlr9GDDuSAAAAAAAAAAAAICt2o0/bxgxbNEfw7YCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn0znX8/+forMTJ+cLpfv3e0tlNOgvNqynaSVpPhBUnycnEs9ZXKou+Jh47x6/6Nfvfz+h73VvtqD9q116/3h38vL29yKfjNlKsm+Zv5oE1vq79JQf/1tBlYrVrawTNjxQeJg3P4fAAD//+/HBYc=")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='.\x00', 0x0, 0x0)
lseek(r0, 0x1, 0x0)
getdents(r0, &(0x7f0000000200)=""/38, 0x26)

47.859804897s ago: executing program 0 (id=900):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000fdff00000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xe, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r0}, 0x18)
r1 = io_uring_setup(0x2c4c, &(0x7f00000000c0)={0x0, 0x2, 0x1000, 0x1000000, 0x4})
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r1, 0x18, &(0x7f0000000000), 0x1)

47.607887921s ago: executing program 0 (id=903):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x44, 0x10, 0x401, 0x20000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x8003}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @gretap={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_LINK={0x8, 0x1, r1}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x240008c4}, 0x4054)

47.415759754s ago: executing program 0 (id=906):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000580), 0x5, 0x504, &(0x7f0000002580)="$eJzs3c9rXFsdAPDvzCR5SZtn33uKvFfBFirUHzSTH0gTFcSVuiiIBTcKNSbTWDPphMykNqFgqrsuXIiiIC7c+xe4sStLQVwrbl1Ji9YIVSpcmTtz00kyk041mfHlfj4wnXvnTOd7ziTfkzPnnjs3gNy62PynEDEZEb+PiHOt3f1PuNi62312b6l5K0SSXP9rIX1ecz97avb/zkbETkSMR8RXvxjxrcLhuPWt7dXFarWy0d4vN9bWy/Wt7Su31hZXKiuV2zPzVxcW5qfnZheOra0PfvidB9d+/eWxXz3/wZNHP/rtb5rVmmyXdbbjOLWaPhpvdzw2EhGfO4lgQ1Bqt2di2BXhv9L8+X0wIi6l+X8uSulPsz8vTrRmwElLkiT5d/JGr+KdBDi1iukYuFCciojWdrE4NdUaw38ozhSrtXrjUzdrm7eXW2Plt2K0ePNWtTLd/qzwVowWmvsz6fbL/dkD+3MR6Rj4x6WJdH9qqVZdHmxXBxxw9kD+/6PUyn8gJ/r/yA+cNvIf8kv+Q37Jf8gv+Q/5Jf8hv+Q/5Jf8h/yS/5Bfnfmfncj15pDqAgzWUX//xwZYD2CgvnLtWvOWZOe/L9/Z2lyt3bmyXKmvTq1tLk0t1TbWp1ZqtZX0nJ21V71etVZbn/l0bN4tNyr1Rrm+tX1jrbZ5u3EjPa//RmV0IK0C+vH2hYd/LETEzmcm0lt0/MmXq3C6JUkhhn0OMjAcpWF3QMDQOPQH+fUan/F7fkkY8P7W5St694yf7Vn0+Vg/keoAA1A8qvDF48FVBBi4y+85/gd5Zf4f8sv8P+TXK8b4hgeQA0fN/0f7Wn5d9Tv///z16gOcvCPn/4FTbbLL9b+SJPnemx3X7pqOiA9ExB9Ko29k1/oCToPiXwrt8f/lcx+bPFg6VvhnOgcwFhHf/fn1n95dbDQ2ZpqP/23v8cbP2o/PDqP+QG/7Z/iyPM3yGADIr91n95ay2yDjPv1CaxHC4fgj7bnJ8XQEc2a3sG+tQuGY1i7s3I+Id7vFL7Svd9468nFmt3Qo/jvt+0LrJdL6jqTXTR9M/Pc64n+0I/75//ldgXx42Ox/prvlXzHN6djLv/39z+QxrY/O+r9szXVn/Kz/K/Xo/y70GePbv/h+t8O76WLvp/cjznftf7N442msg/GbdbvcZ/wn3/jah3uVJb9svU63+JnmVrmxtl6ub21fuZXVYv7qwsL89NzsQjmdoy5nM9WHffbd3z3qFb/Z/rYe7f/TofZPtOv0iT7b/6+PPP76xSPif/xS99+/d9L7A+9/kuzV4ZN9xv/77J+/2ausGX+5x/tf7BY/stKIuT7j13/yJecOA8D/kfrW9upitVrZ6LIx2rvIhg0bg94YiQEGfVXPsTOYDgo4MS+Tftg1AQAAAAAAAAAAAPrVa/Xvw2NcTjzsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnAb/CQAA//9AntRF")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000380)='./file0\x00')
open(&(0x7f0000000000)='./file1\x00', 0x0, 0x186)

47.032620509s ago: executing program 0 (id=913):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

46.522820846s ago: executing program 2 (id=917):
r0 = socket$inet6(0xa, 0x1, 0x84)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f0000000080)=0x2, 0x4)
sendto$inet6(r0, &(0x7f00000002c0)='\x00', 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x27b6a97, @private2={0xfc, 0x2, '\x00', 0xff}, 0x8080}, 0x1c)
getsockopt$bt_hci(r0, 0x84, 0x6d, &(0x7f0000002280)=""/4086, &(0x7f0000000040)=0xff6)

46.327787939s ago: executing program 0 (id=919):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

46.096620382s ago: executing program 32 (id=919):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

45.52772061s ago: executing program 2 (id=926):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x2}, [@FRA_FLOW={0x8, 0xb, 0xe}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0)

45.261793714s ago: executing program 2 (id=930):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000180)={0x0, 0x4, 0x1000000b, 0x9, 0x4, "00000000000000000000c2041a02003d00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TCSETS2(r1, 0x402c542b, &(0x7f0000000140)={0x9, 0x5, 0x5, 0x2, 0x0, "5fbb86857eea331e0237eebe96c77f4b2bef73", 0x0, 0xd})

45.034713177s ago: executing program 2 (id=933):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804071, 0x0, 0x0, 0x0, &(0x7f0000000140))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
rmdir(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

44.896842159s ago: executing program 2 (id=934):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x1, 0x3f, 0x40, 0x42}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000001a40), 0x1003, r0}, 0x38)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000600)={0x0, &(0x7f00000006c0)=""/145, &(0x7f0000000480), &(0x7f0000000780), 0x4, r0}, 0x38)

44.450605305s ago: executing program 2 (id=936):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x5)
close_range(r0, 0xffffffffffffffff, 0x0)

44.13893721s ago: executing program 33 (id=936):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$int_in(r1, 0x5452, &(0x7f0000000000)=0x5)
close_range(r0, 0xffffffffffffffff, 0x0)

4.22897237s ago: executing program 4 (id=1278):
r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ecm(0xc, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x20, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0xe, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x87, 0x9}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x3ff, 0x6, 0xfd, 0xfa}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x0, 0xa, 0x4}}}}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x83c0550b, 0x0)

3.394736272s ago: executing program 4 (id=1284):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x41e, 0x3100, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(0xffffffffffffffff, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)={0x0, 0x4, 0x4, {0x4, 0x1, "a7ea"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000100)=ANY=[@ANYBLOB='\x00\x00\b'], 0x0, 0x0, 0x0, 0x0}, 0x0)

3.191694365s ago: executing program 5 (id=1285):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f00000003c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/tcp6\x00')
pread64(r1, &(0x7f0000002180)=""/4105, 0x137, 0x0)

3.114131186s ago: executing program 5 (id=1286):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000006c0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000632000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000500)='inet_sock_set_state\x00', r1}, 0x10)
close(r0)

3.090233576s ago: executing program 5 (id=1287):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000d605000001c0"])

2.887712399s ago: executing program 1 (id=1289):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x68, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xc}, {0xffff, 0xffff}, {0x1, 0xffff}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_LIMIT={0x8, 0x2, 0x5}]}}, @TCA_RATE={0x6, 0x5, {0x59, 0x80}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x9, 0x0, 0x8, 0x40, 0x1, 0x9, 0x88}}, {0x4}}]}]}, 0x68}}, 0x44080)

2.887495279s ago: executing program 5 (id=1290):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000000)={0x2, 0xfffc, @multicast1}, 0x10)
r1 = socket$kcm(0x2, 0x2, 0x73)
bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e22, @broadcast}, 0x10)

2.81646603s ago: executing program 5 (id=1291):
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x640, 0x0, &(0x7f0000000580)="de547e22bade76f1a03b79e954ee20bc43f7fe47218a02ff8ba942478a7b69462fc21aff55002ce55e854564e7d309f20d222f9220c8d9b1b0d196137252587ab17948adf2dcbba03d2f3e0e647c2e70b7a440b4187098442946238cdd38a235b264899fa2f8b51f8a660653545ab78b6a47b6462efaa8192061344501fb8d96f8de3b132ee012626f94be7b4a9e572a43167614409ee4aa2a40d2feb04bb54137ca025e367e2eee1e8b4f78b741aac17c55ab77d0fd2b7318207e91fd536b9fb7c994a9ad0769020b45bc05965f6dffb15fd462bb2e49632c788cfeb74472be3d9eaf3284719df7187a354b3915df2661363052a24baf8cc101728d302f75878515b436d1fbdb3fc5fc88e8745c56b1bd79dc2cc7e7b5be814275a3edfc67e923d199c97fd6a8b2d11d2923b688471fe8c1e771545d17bad44fc5f7a91cf43ba91b4627c9554a333b6e8ee1c457b54c30bccbbabdfed6158fed6e548cd54ad7409e0a03fb2f685f8987e98ee687a09a730c2a757d3b1595a1146d57230e178284ef3fed5553bbd1e82bd418a13c03f944421d013d96182302122d01c432e24c43a9dff19658a3680167297367a1ee7f70e0968ce28ca2bc8b8525c41f8d4f9cdcaaa25b2d0fea854626eba2e86ecb31e9be7b8e704287fe45ad3f169d7f67e798b0de3bf70f485f81ba5e9aef1ec5782c4c609ffdc93a3bdfeeb7e7cd05ea7023895be4a3f78f188fdbd83ded6dcdf1d429c12b1b250284110295e3515bfb117119839f13057ea2366d3c4b75b28f60afe17b195d04ff58dd2f3382bb57152f2928f9a91bbcc42057777ba13becb4552419caa2ffc325219a6995f5d1e9a193a1aede859834ef765009d6c242ad918ecf3fe62c8dfe2ff309cbce740950cdd05c8e0b7f75aa21731be678552b2d0024a4b3815fb52f056ba37f3f466afab6b5728def0fdef93655524121927df3a39af0845df7612e9ccdae25f406ac0ad7a0e4f980398597ab2c2291d87a1ed618b9e392f1d055d5290be67b6cec9e7505c41025d2aa6e82a4f693042989b5f4a9abfe0ec51fd9dcb972a054b80ee6a460fd422eaa971e2cb759c72e676e2877c667c6ce002be1ce6ba8380e6dd691590c84ba68d26f3284280dcacd082b42bf5aac71467b3fcd5d68ab1bc26cf48fe770ccff5f14ff8afafb18d3127a6d989b7d77665a7a9bf4cb488621c904acd0b073396ad8509c9ddb02eb1d23510a52289a5f0d7edba66d4ef271b9c6acc3bfa996b55f6808650236b0001132ef85fc5070b69144ff5fdd8d64f6c3e0dd22711f69a940ebdb4ab5ff6240da3160049d2047e6713d47ad0db40ec543c095ad67c8cbe438fb875927c98e265498b3da8d4ca54bac0e6efe759a2d4d4190e9fc8835599da8237f472411a71236bb930d28a26f49062d270f4087a6a709c005eebc9740ed54dd005c787c44badac9c720b0d424d0ded9bb8c24c0e842deedf386fc7714a31268292d3bcc53b1cf24b156445c8bf64336f742b1ba836eba0ae4a5aaa9a6f35d4f81734e16bce965795d5b1255609d1860fe11c9c536db078af94772830ba000c13e1d9383e3d862fa07f2199da148632c036bc19f6014eeb206a3654d390c78911deeabebf128def61122754e0a4696db82666a018f8d2f44b5aadc12809ade8bed1b1ba2adbb6e3e82180e26748dc30a8eda0edb21fcaa702632ed3fb4e89550c3e0e1fd2b5ecf1983d85bf9569b231e28155756bd97f1220cbc2b5b1c02dab88ee4a8970d4833b9e51529895afe5029823576297d4a917602fe08df57e1d7f63d050877ddf8e82a5383e15f313171b2d5618a1549f3dfced0732b887508ca5e134124d0ed0bd4b767115d1530f73504387e0364d73a2d3b114fcb49219b1c15e066c455b01672e49499995454a502236f5a5007895d3d1d8843007352a3ccc3f71d3e801efd0a6ef922bf39ead16e01ec20ebff2b1ce7cfd0984b26225cb1359b36efe9ad2ae1f6de4862c0faaa52f4d0eb4c13960ceb4aeaa10ae61a09a5abdb0c61661962a0aab14d465a8ae6f45826e1e66428cf8572eb53c98160df6613a62bb611c63f1ffb7a795a889fc16670f6302fd36ee4247bdd4282f1afb6042c832a4b0857cecae0a7090d9b11ae46d9186c710c8dd12911db573493329bea2c743734d86a577cf27aa01e4fc6c91f1fa34bba173d20b97ed8bb4bad43692df90bfd2b193b9e8b93a95ec0d0d42217395d89db511d2e9bbeb3ef47b7b2d8"})
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000080000106a05310300000000000109022400010000800009040002010300010009210000000122f804090581034000040000746ca48f2c1e849085d062224931fd79fe76b9bd87fa65285d8d939d64dc5d1a5295c920c9007b721ae70c00adcc5317588bb4dcd915a6693598f8eb9f869c4b34c30d6a5d701337f11357e89d6179dc0560c791"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

2.763805531s ago: executing program 1 (id=1292):
syz_mount_image$ocfs2(&(0x7f00000001c0), &(0x7f0000000040)='./bus\x00', 0x2804440, &(0x7f0000004680)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d30303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f41b8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc477bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd662a5f"], 0x5, 0x4430, &(0x7f0000004840)="$eJzs3c9PHNcdAPA3A67BtV1wfXClSl2pllq1FQKf2mKpGGNjsKkrt7aqXNYLrG2ShbVgiXLwgdws5RQphygHK5Fy42RxyNX5E3LJ0TlbSg65RIpkhWh3Z2FndldsEAux8/kcGOb9Zr8zb98chhcnKg+W1nJLa7nCSq68cG/tQu7tcml9uRjiQ9K2/2OH1z/d6cV1ctTX3i/ZzctX/3vnQgifL375Ynt7eztU9Ye2xpp+/+7bRwvNx4Y4U6fabvvWDsobIYSzLeOq6gsh/P+zEKIQwqUkbTI5DoYQToV63p1H793NHdBonj4vXsy/nHu8NX5+dvPJVue/PQrho9Lv/nZ/+es/9o1/9ZcD6h4AAAAAAAAAAAAAAAAAgFfc9K2bt/8zOhaeRaF/M2p9X3c6OXZ6P3b7wPyh938sAAAAAAAAAAAAAAAAAAAA/Eztvv+fi860ef9/KjlOdKi//a/ej5Hemfn3zakro2PJ/u9RS/7fk6RvLvWF4Tb7vmf3f7+Uqd9+//fWfvarMb5Gv0MhikdS53E8MhLCJ8nG7+eiE3GpvFb5673y+srigQ3jlZWOf333/lR0kg39u43/ZKb93u///9uWq6l6fvfgLrHXWjr+fR3Lffpu1FX8L2fqHUb82b90/PtraYPNBSbqE0A1/u/37x3/qUz7vYr/6RBCLqqONZeaAaprmGp6p/UKaen4H6ulpabO5IPsdP9/n4n/lUz7RzX/b2S/iGgrHf9f1dIGUiV27//heO/7/2qm/aOIf3X8G77/u5KO//F6Yn+qSO2T7Hb+n86036v4346TcZ6OUlfAZlRP7/T/6khLx3+gJX/3+S/uav13LVP/sJ7/Gv02nv8a0/+fo/rzH+2l4z/YsVy39/9Mpl6v5/+J2vqP/UrH/0QtLb12Hqr97Db+s5n2exX/2qpkoBH/3fnkh+P19I+t/7qSjv+v64lxc4mN2s/a+i/ae/1/PdP+Uaz/quPfiHvb6+siHf+THctV4/9FF9//NzL1muLfurg4IKPW+vuWjv+pjuVq9//A3vGfy9Tr9f3/p142DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAKmEyOQyEaSp/H8chICJeT83PhRDRfWMzPl8oLb62FMJWk58KZ6H6pPF8o5ZdWyovFfKFUKi+EcCXJPxsGorVSuZJfLjy8utPWYPSgWFitzBcLlRDCdJL++3Cq0db8UmW58DCEcG0n7zdxefXhg8JKfnFp9Z+jo6OjYWZnDMNR8Z1KcaVS772eG8LsTt2hqGlwtezrO2M5Gb1ZXl9dKZRq6Tea6pTKC4VSU525JO+DMBxVVtdXFgqVYr5Uvt/o7yhNJMepmVv/u3VjrCX/blQ/Th7usAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4iZ6N/+PDEEJ//SwOIUw0fonalX/6vHgx/3Lu8db4+dnNJ1svOpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ed24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsEvHKA0EURiA34yF2nkMq2W3s11RRAtXBE+gx/AwehQv4R1SpEibIgSSWQibXdgmqb6veTA/M+/BPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//9kGHvg=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000540), 0x44800, 0x0)
sendfile(r0, r1, 0x0, 0xfffe82)

1.708107486s ago: executing program 3 (id=1297):
r0 = add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0)
keyctl$get_persistent(0x16, 0x0, r0)

1.706129406s ago: executing program 1 (id=1298):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)

1.607768017s ago: executing program 3 (id=1299):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x7, 0x1, 0x0})

1.588871717s ago: executing program 4 (id=1300):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040))
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc003, 0x3, 0x5, 0x0, 0x8, 0x3, 0xd, 0xb9, 0x1, 0xe, 0x5, 0x204}, {0x804, 0x1, 0x4, 0x45, 0x7, 0xff, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x18, 0x5, 0x80, 0xfd, 0x3, 0x2, 0x0, 0x70, 0x4, 0x5}], 0xffffffff})

1.473867589s ago: executing program 3 (id=1301):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$team(&(0x7f00000044c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000240)={'team0\x00', <r2=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000004bc0)={0x0, 0x0, &(0x7f0000004b80)={&(0x7f00000047c0)={0x60, r1, 0x405, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r2}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x4000084}, 0x44084)

1.363785691s ago: executing program 3 (id=1302):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f0000000000), 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000003c0)={'vxcan0\x00', <r1=>0x0})
sendmsg$can_bcm(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x1d, r1}, 0x10, &(0x7f00000000c0)={&(0x7f0000000580)={0x1, 0x7ab0715dca68fed7, 0x0, {}, {}, {}, 0x4, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "b8ee0816756b62187804752330b2b55830d7228ef1593c0639bd084bba0bfd8db72f70e5b2e7f90e11cbc6ec61a03fc316d5d47970907af5fc4a27f6cf718909"}}, 0x20000600}}, 0x0)

1.363552371s ago: executing program 1 (id=1303):
r0 = syz_io_uring_setup(0x64b7, &(0x7f0000002600)={0x0, 0xffffff7c, 0x13580, 0x3, 0x35c}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000580)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x6000, @fd=r0, 0xffffffffffffffff, 0x3, 0x8007, 0x5, 0x1})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000800)=[{0x0}], 0x1)
io_uring_enter(r0, 0x54, 0x0, 0x0, 0x0, 0x0)

1.335156691s ago: executing program 4 (id=1304):
r0 = creat(&(0x7f0000000040)='./file0\x00', 0x81)
close(r0)
r1 = socket$caif_stream(0x25, 0x1, 0x1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

1.332793271s ago: executing program 1 (id=1305):
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000000500)=ANY=[], 0xc, 0xac, &(0x7f0000000100)="$eJzs0jFqwzAUBuBnY7cdu3foDXwHn6BnMB3tzZNLJ9+nlyh07RFygwxZsygYyUP2QAh8H0hPP/8ikP7PP2+xRryvESmlJu2aSPPyNQ7TvLTjMEVEG3+RVWU+Bw+uLs/ZR/4DWz72uatKfzh9f+4rNx+/eT7d7+IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEPV63Wuo+vK8WXbLgEAAP//2Bwh+A==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x80000, 0x0)
getdents64(r0, 0x0, 0x0)
openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.pending_reads\x00', 0x181cc3, 0x9c37611dc13d0d03)

1.294827551s ago: executing program 3 (id=1306):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x1, 0x6d0, &(0x7f0000001340)="$eJzs3cFvHFcdB/DvrNeOt1TBaRMaoSKsRCpIEYkTK4VwwSCEcqhQVQ49W4nTWN0kVeKitEKQAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmfXu/Y6Xif2OoHPJxrPe/Nm3vzmN29mvOusNsD/rctn0ryfIpfPvHG3rG+sL7Y31heP1M3tJGW5kTS7sxQ3k+JBslS2FwNTBubbfLx66a3PHm583q0166laf6q/3exYIY/Yx716ynzd3/zILafH6r/bVxVeXkxypZ4Pmxm3r6EVy6Sdrudw6Drb3NvL5jte78Czr/d0KrrPzW3mkhfqJ3P1O0F9d2hMLsKDsae7HAAAADynPr112BEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA86f+/v+inhr1PPMpet//P9NbVpefQUtjr3n/QOMAAAAAAAAAgMn4+qM8yt0c7dU7RfU3/1NV5Xi+6CRfyvu5k5XcztnczXLWspbbOZ9kbqCjmbvLa2u3z/e3LI3e8sLILS9M6ogBAAAAAAAA4H/SL9Pa/Ps/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8C4pkqjurpuP1PHNpNLPZlnvJP5PMHHa8e1CMWnh/8nEAAADAU5l9gm2+/CiPcjdHe/VOUb3m/0r1enk27+dm1rKatbSzkqv1a+jyVX9jY32xvbG+eKOcyvpwv9//957CmKl7mKpqo/Z8slqjlWtZrZaczZUqmKtpdPd9OjnZi2cgrgEflTEV36uNGVmzTmu5s9/v9C7Cvhh+K6LxmDVbm8El/Yws1LGVWx7rZqCo3qhJtmZi17PTHKrNVb1O9/d0Po3+Oz/HDyDnL9Tz8nh+c6A536t+JhqpMnGhN/rKa+bxmUi+8dc/vX29ffPd69funHl2DmkXUzss3zomFgcy8cpznYnmHtdfqDJxol+/nB/lJzmT+byZ21nNT7OctaykU7cv1+O5/Dn3+EwtDdXe3C2Smfq8dM/ZODHN54dVaTmnqm2PZjVFbuVqVvJ69e9CzufbuZiLuTRwhk/sGHd1bNVV39h61ffO9N9GBn/6m3WhvLv9dvMut/S4I95pdO6X7r2/zOuxgbx2R/3D/lrHBq6DhYEsvdTLzvTIzp/k3tj8al0o9/GrXZ4TkzVXZ6K8gHpPiV50L3cz0ayeRdvH+R865XZp3+x0ri+/t0P/97bUX6vn5bBa/9pua/eMPhX7qxwvL2W2vpMMj46y7eX+XWagrbM5lrttw0/ccrsTVVtR9K7UH+dWNQC2X6kz9e9w23u6ULW9MrJtsWo7OdA29PtWbqWdqxPIHwBP4h9v94tzeWGm9a/Wp61PWr9uXW+9MfuDI9858upMpv8+/d3mwtRrjVeLv+ST/Hzz9T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDk7nzw4bvL7fbK7dGFxs5NQ4VWti7Zqecjo/sp6i/0GWNfz0VhNsnQkup7jiYeRmtrGNsKnV8kE89P70sER6/zu7LQ3DaiRhWWhpb8eXuHH+0xwmK86+IAC41MdqdTGT0ADvGmBEzEubUb752788GH31q9sfzOyjsrN6cvXry0cOni64vnrq22Vxa6Pw87SuAgbD70DzsSAAAAAAAAAAAAYFyjPhhw6sXdPjQy1mc8/M9CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYF9cPpPm/RQ5v3B2oaxvrC+2y6lX3lyzmaTRSIqfJcWDZCndKXMD3RX544N0Ruzn49VLb332cOPzzb6a3fWTRj3f2eNbk9yrp8wnmarnT2GovytP3V/xn94xlAn7otPpLD1dfLA//hsAAP//P3v0tA==")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
removexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='user.incfs.metadata\x00')

1.000157516s ago: executing program 5 (id=1307):
syz_mount_image$ocfs2(&(0x7f00000001c0), &(0x7f0000000040)='./bus\x00', 0x2804440, &(0x7f0000004680)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d30303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f41b8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc477bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd662a5f"], 0x5, 0x4430, &(0x7f0000004840)="$eJzs3c9PHNcdAPA3A67BtV1wfXClSl2pllq1FQKf2mKpGGNjsKkrt7aqXNYLrG2ShbVgiXLwgdws5RQphygHK5Fy42RxyNX5E3LJ0TlbSg65RIpkhWh3Z2FndldsEAux8/kcGOb9Zr8zb98chhcnKg+W1nJLa7nCSq68cG/tQu7tcml9uRjiQ9K2/2OH1z/d6cV1ctTX3i/ZzctX/3vnQgifL375Ynt7eztU9Ye2xpp+/+7bRwvNx4Y4U6fabvvWDsobIYSzLeOq6gsh/P+zEKIQwqUkbTI5DoYQToV63p1H793NHdBonj4vXsy/nHu8NX5+dvPJVue/PQrho9Lv/nZ/+es/9o1/9ZcD6h4AAAAAAAAAAAAAAAAAgFfc9K2bt/8zOhaeRaF/M2p9X3c6OXZ6P3b7wPyh938sAAAAAAAAAAAAAAAAAAAA/Eztvv+fi860ef9/KjlOdKi//a/ej5Hemfn3zakro2PJ/u9RS/7fk6RvLvWF4Tb7vmf3f7+Uqd9+//fWfvarMb5Gv0MhikdS53E8MhLCJ8nG7+eiE3GpvFb5673y+srigQ3jlZWOf333/lR0kg39u43/ZKb93u///9uWq6l6fvfgLrHXWjr+fR3Lffpu1FX8L2fqHUb82b90/PtraYPNBSbqE0A1/u/37x3/qUz7vYr/6RBCLqqONZeaAaprmGp6p/UKaen4H6ulpabO5IPsdP9/n4n/lUz7RzX/b2S/iGgrHf9f1dIGUiV27//heO/7/2qm/aOIf3X8G77/u5KO//F6Yn+qSO2T7Hb+n86036v4346TcZ6OUlfAZlRP7/T/6khLx3+gJX/3+S/uav13LVP/sJ7/Gv02nv8a0/+fo/rzH+2l4z/YsVy39/9Mpl6v5/+J2vqP/UrH/0QtLb12Hqr97Db+s5n2exX/2qpkoBH/3fnkh+P19I+t/7qSjv+v64lxc4mN2s/a+i/ae/1/PdP+Uaz/quPfiHvb6+siHf+THctV4/9FF9//NzL1muLfurg4IKPW+vuWjv+pjuVq9//A3vGfy9Tr9f3/p142DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAKmEyOQyEaSp/H8chICJeT83PhRDRfWMzPl8oLb62FMJWk58KZ6H6pPF8o5ZdWyovFfKFUKi+EcCXJPxsGorVSuZJfLjy8utPWYPSgWFitzBcLlRDCdJL++3Cq0db8UmW58DCEcG0n7zdxefXhg8JKfnFp9Z+jo6OjYWZnDMNR8Z1KcaVS772eG8LsTt2hqGlwtezrO2M5Gb1ZXl9dKZRq6Tea6pTKC4VSU525JO+DMBxVVtdXFgqVYr5Uvt/o7yhNJMepmVv/u3VjrCX/blQ/Th7usAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4iZ6N/+PDEEJ//SwOIUw0fonalX/6vHgx/3Lu8db4+dnNJ1svOpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ed24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsEvHKA0EURiA34yF2nkMq2W3s11RRAtXBE+gx/AwehQv4R1SpEibIgSSWQibXdgmqb6veTA/M+/BPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//9kGHvg=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000540), 0x44800, 0x0)
sendfile(r0, r1, 0x0, 0xfffe82)

999.964796ms ago: executing program 3 (id=1308):
sched_setscheduler(0x0, 0x1, 0x0)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x10400, &(0x7f0000000180)={[{@jqfmt_vfsv1}, {@noheap}, {@adaptive_mode}, {@memory_normal}]}, 0x1, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
fdatasync(r0)

999.181676ms ago: executing program 1 (id=1315):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, &(0x7f00000003c0)={[], 0xf000}, 0x1000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

387.635144ms ago: executing program 4 (id=1309):
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000710431000000000095000080"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00', 0x2})
ioctl$TUNSETSTEERINGEBPF(r1, 0x800454e0, &(0x7f00000000c0)=r0)

0s ago: executing program 4 (id=1310):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
unshare(0x22020400)
recvmmsg(r0, &(0x7f00000037c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2040000, &(0x7f0000003700)={0x77359400})

kernel console output (not intermixed with test programs):

0x44c/0x8c0
[  124.017408][ T7303]  ? f2fs_fill_dentries+0xbb0/0xbb0
[  124.022602][ T7303]  ? mutex_lock_nested+0x20/0x20
[  124.027531][ T7303]  ? end_current_label_crit_section+0x149/0x170
[  124.033771][ T7303]  ? down_read_killable+0x1d0/0x340
[  124.038966][ T7303]  ? fsnotify_perm+0x271/0x5e0
[  124.043724][ T7303]  iterate_dir+0x1c2/0x580
[  124.048144][ T7303]  __se_sys_getdents64+0xe9/0x260
[  124.053168][ T7303]  ? __x64_sys_getdents64+0x80/0x80
[  124.058363][ T7303]  ? filldir+0x680/0x680
[  124.062615][ T7303]  ? lockdep_hardirqs_on+0x98/0x150
[  124.067811][ T7303]  do_syscall_64+0x55/0xb0
[  124.072244][ T7303]  ? clear_bhb_loop+0x40/0x90
[  124.076912][ T7303]  ? clear_bhb_loop+0x40/0x90
[  124.081587][ T7303]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  124.087479][ T7303] RIP: 0033:0x7f45a798e929
[  124.091904][ T7303] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  124.111516][ T7303] RSP: 002b:00007f45a77ff038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  124.119938][ T7303] RAX: ffffffffffffffda RBX: 00007f45a7bb5fa0 RCX: 00007f45a798e929
[  124.127905][ T7303] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  124.135872][ T7303] RBP: 00007f45a7a10b39 R08: 0000000000000000 R09: 0000000000000000
[  124.143835][ T7303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  124.151803][ T7303] R13: 0000000000000000 R14: 00007f45a7bb5fa0 R15: 00007ffd0e6f12d8
[  124.159783][ T7303]  </TASK>
[  124.162887][    C0] vkms_vblank_simulate: vblank timer overrun
[  124.258905][ T7303] syz.0.564: attempt to access beyond end of device
[  124.258905][ T7303] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  124.274313][ T7303] syz.0.564: attempt to access beyond end of device
[  124.274313][ T7303] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  124.392015][ T7331] loop1: detected capacity change from 0 to 128
[  124.442705][ T7329] loop3: detected capacity change from 0 to 8192
[  124.486240][   T11] kworker/u4:0: attempt to access beyond end of device
[  124.486240][   T11] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  124.523597][   T11] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  124.692072][ T7334] loop3: detected capacity change from 0 to 2048
[  124.753731][ T7334] EXT4-fs (loop3): mounted filesystem 00000000-0700-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  124.827380][ T7325] loop2: detected capacity change from 0 to 32768
[  124.886437][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0700-0000-0000-000000000000.
[  124.919668][ T7325] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  125.004673][ T7325] (syz.2.573,7325,1):ocfs2_rename:1284 ERROR: status = -2
[  125.027939][ T7325] (syz.2.573,7325,1):ocfs2_rename:1690 ERROR: status = -2
[  125.095024][ T5762] ocfs2: Unmounting device (7,2) on (node local)
[  125.142950][ T7347] loop1: detected capacity change from 0 to 64
[  125.308159][ T5804] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  125.318388][ T7356] mmap: syz.1.585 (7356) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  125.508014][ T5804] usb 1-1: Using ep0 maxpacket: 8
[  125.520800][ T5804] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  125.543379][ T5804] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.557920][ T5804] pvrusb2: Hardware description: Terratec Grabster AV400
[  125.565270][ T5804] pvrusb2: **********
[  125.574090][ T5804] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  125.584772][ T5804] pvrusb2: Important functionality might not be entirely working.
[  125.594077][ T5804] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  125.614811][ T5804] pvrusb2: **********
[  125.741986][ T7360] loop1: detected capacity change from 0 to 32768
[  125.755216][ T7360] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.587 (7360)
[  125.775681][ T2314] pvrusb2: Invalid write control endpoint
[  125.783218][ T7360] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  125.800738][ T7360] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  125.815234][ T7360] BTRFS info (device loop1): force zlib compression, level 3
[  125.825389][ T7360] BTRFS info (device loop1): force clearing of disk cache
[  125.835021][ T7360] BTRFS info (device loop1): setting nodatasum
[  125.846851][ T7360] BTRFS info (device loop1): doing ref verification
[  125.856075][ T7360] BTRFS info (device loop1): allowing degraded mounts
[  125.863445][ T7360] BTRFS info (device loop1): enabling disk space caching
[  125.874954][ T7360] BTRFS info (device loop1): disk space caching is enabled
[  125.887493][ T2314] pvrusb2: Invalid write control endpoint
[  125.897861][ T2314] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  125.909778][ T2314] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  125.917678][ T2314] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  125.929085][ T2314] pvrusb2: Device being rendered inoperable
[  125.935067][ T2314] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  125.942844][ T2314] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  125.957548][ T2314] pvrusb2: Attached sub-driver cx25840
[  125.967109][ T2314] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  125.982326][ T2314] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  125.986716][ T7364] loop2: detected capacity change from 0 to 32768
[  126.011107][ T7345] pvrusb2: Attempted to execute control transfer when device not ok
[  126.025325][ T5804] usb 1-1: USB disconnect, device number 5
[  126.034232][ T7364] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.589 (7364)
[  126.072783][ T7364] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  126.084309][ T7364] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  126.099187][ T7360] BTRFS info (device loop1): enabling ssd optimizations
[  126.105389][ T7364] BTRFS info (device loop2): setting nodatacow, compression disabled
[  126.115309][ T7364] BTRFS info (device loop2): max_inline at 0
[  126.118586][ T7360] BTRFS info (device loop1): auto enabling async discard
[  126.121813][ T7364] BTRFS info (device loop2): enabling disk space caching
[  126.135859][ T7364] BTRFS info (device loop2): turning off barriers
[  126.143640][ T7364] BTRFS info (device loop2): turning on flush-on-commit
[  126.151014][ T7360] BTRFS info (device loop1): rebuilding free space tree
[  126.164619][ T7364] BTRFS info (device loop2): doing ref verification
[  126.174921][ T7364] BTRFS info (device loop2): force clearing of disk cache
[  126.177674][ T7360] BTRFS info (device loop1): disabling free space tree
[  126.182401][ T7364] BTRFS info (device loop2): enabling ssd optimizations
[  126.196754][ T7364] BTRFS info (device loop2): max_inline at 4096
[  126.203149][ T7360] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  126.203347][ T7364] BTRFS info (device loop2): disk space caching is enabled
[  126.216737][ T7360] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  126.261828][ T7364] BTRFS info (device loop2): auto enabling async discard
[  126.272862][ T7364] BTRFS info (device loop2): rebuilding free space tree
[  126.293686][ T7364] BTRFS info (device loop2): disabling free space tree
[  126.305254][ T7364] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  126.317982][ T7364] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  126.319359][ T5765] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  126.439136][  T787] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  126.471669][ T5762] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  126.653568][  T787] usb 4-1: Using ep0 maxpacket: 32
[  126.692171][  T787] usb 4-1: config 0 has an invalid interface number: 35 but max is 0
[  126.763413][  T787] usb 4-1: config 0 has no interface number 0
[  126.775755][  T787] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f
[  126.808005][  T787] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.928907][  T787] usb 4-1: Product: syz
[  126.933215][  T787] usb 4-1: Manufacturer: syz
[  126.938001][  T787] usb 4-1: SerialNumber: syz
[  126.948874][  T787] usb 4-1: config 0 descriptor??
[  127.154583][ T7419] loop2: detected capacity change from 0 to 512
[  127.173980][ T7386] loop3: detected capacity change from 0 to 64
[  127.180971][  T787] radio-si470x 4-1:0.35: this is not a si470x device.
[  127.204187][ T7419] EXT4-fs error (device loop2): ext4_quota_enable:7125: comm syz.2.598: Bad quota inum: 1, type: 2
[  127.215795][ T7419] EXT4-fs warning (device loop2): ext4_enable_quotas:7173: Failed to enable quota tracking (type=2, err=-117, ino=1). Please run e2fsck to fix.
[  127.232609][  T787] radio-raremono 4-1:0.35: Thanko's Raremono connected: (10C4:818A)
[  127.244107][ T7419] EXT4-fs (loop2): mount failed
[  127.434227][  T787] radio-raremono 4-1:0.35: raremono_cmd_main failed (-71)
[  127.466038][  T787] radio-raremono 4-1:0.35: V4L2 device registered as radio48
[  127.488083][  T787] usb 4-1: USB disconnect, device number 7
[  127.494931][  T787] radio-raremono 4-1:0.35: Thanko's Raremono disconnected
[  127.722365][ T7419] loop2: detected capacity change from 0 to 32768
[  127.743643][ T7419] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  127.822118][ T7419] XFS (loop2): Ending clean mount
[  127.899285][ T5762] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  128.247961][  T787] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  128.440291][  T787] usb 1-1: Using ep0 maxpacket: 16
[  128.472263][  T787] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  128.502879][  T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  128.551153][  T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  128.592349][  T787] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  128.651835][  T787] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  128.724625][  T787] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  128.755975][  T787] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  128.795512][  T787] usb 1-1: Manufacturer: syz
[  128.913195][  T787] usb 1-1: config 0 descriptor??
[  129.088048][ T5084] Bluetooth: hci3: command tx timeout
[  129.167802][    C0] sched: RT throttling activated
[  129.388019][  T787] rc_core: IR keymap rc-hauppauge not found
[  129.393982][  T787] Registered IR keymap rc-empty
[  129.430880][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  129.493896][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  129.560059][  T787] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  129.617281][  T787] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input13
[  129.690905][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  129.758266][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  129.819048][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  129.898075][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  129.947959][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  130.008586][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  130.058003][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  130.108279][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  130.158174][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  130.198223][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  130.248216][  T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  130.293741][  T787] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  130.340502][  T787] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  130.359018][ T7458] loop2: detected capacity change from 0 to 262144
[  130.380384][  T787] usb 1-1: USB disconnect, device number 6
[  130.402775][ T7458] F2FS-fs (loop2): Found nat_bits in checkpoint
[  130.465320][ T7458] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  130.504666][ T7506] loop1: detected capacity change from 0 to 2048
[  130.555150][ T7506] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  130.803991][ T7512] netlink: 'syz.1.636': attribute type 12 has an invalid length.
[  131.223201][ T7524] binder: 7523:7524 ioctl 400c620e 0 returned -14
[  131.625903][ T7542] netlink: 'syz.3.651': attribute type 3 has an invalid length.
[  131.685452][ T7544] loop0: detected capacity change from 0 to 256
[  131.958014][ T7554] netlink: 8 bytes leftover after parsing attributes in process `syz.0.656'.
[  132.072033][ T7558] loop3: detected capacity change from 0 to 1024
[  132.106484][ T7558] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  132.173957][ T7558] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  132.193217][ T7558] ext4 filesystem being mounted at /133/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  133.129197][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  133.151495][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  133.157935][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  133.251323][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.436459][ T7599] kAFS: unable to lookup cell '.,'
[  133.495574][ T7597] loop3: detected capacity change from 0 to 4096
[  133.519766][ T7597] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512).
[  133.993773][ T7616] tipc: Started in network mode
[  134.022587][ T7616] tipc: Node identity ac14140f, cluster identity 4711
[  134.033871][ T7592] loop2: detected capacity change from 0 to 32768
[  134.044555][ T7616] tipc: New replicast peer: 255.255.255.255
[  134.049777][ T7592] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 scanned by syz.2.670 (7592)
[  134.062366][ T7616] tipc: Enabled bearer <udp:syz2>, priority 10
[  134.077113][ T7592] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  134.078057][ T7618] netem: unknown loss type 0
[  134.087730][ T7592] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  134.103122][ T7592] BTRFS info (device loop2): setting nodatacow, compression disabled
[  134.107855][ T7618] netem: change failed
[  134.115554][ T7592] BTRFS info (device loop2): turning on flush-on-commit
[  134.122913][ T7621] netlink: 12 bytes leftover after parsing attributes in process `syz.0.680'.
[  134.123093][ T7592] BTRFS info (device loop2): using free space tree
[  134.137743][ T7621] tipc: Disabling bearer <udp:syz2>
[  134.230675][ T7592] BTRFS info (device loop2): enabling ssd optimizations
[  134.237720][ T7592] BTRFS info (device loop2): auto enabling async discard
[  134.434849][ T5762] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  135.179814][ T7648] loop0: detected capacity change from 0 to 32768
[  135.219994][ T7648] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  135.259489][ T7654] loop3: detected capacity change from 0 to 32768
[  135.290717][ T7654] 
[  135.290717][ T7654]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  135.290717][ T7654] 
[  135.336561][ T7654] ERROR: (device loop3): diWrite: ixpxd invalid
[  135.336561][ T7654] 
[  135.351759][ T7654] ERROR: (device loop3): txCommit: 
[  135.351759][ T7654] 
[  135.376725][ T7654] 
[  135.376725][ T7654]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  135.376725][ T7654] 
[  135.392389][ T7654] 
[  135.392389][ T7654]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  135.392389][ T7654] 
[  135.435754][ T7654] find_entry called with index = 0
[  135.442531][ T7660] loop2: detected capacity change from 0 to 32768
[  135.447716][ T7654] read_mapping_page failed!
[  135.454661][ T7648] XFS (loop0): Ending clean mount
[  135.454657][ T7654] ERROR: (device loop3): txCommit: 
[  135.454657][ T7654] 
[  135.468367][ T7660] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.691 (7660)
[  135.485638][ T1086] ERROR: (device loop3): diWrite: ixpxd invalid
[  135.485638][ T1086] 
[  135.489492][ T7660] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  135.507609][ T7648] XFS (loop0): Quotacheck needed: Please wait.
[  135.509726][ T1086] ERROR: (device loop3): txCommit: 
[  135.509726][ T1086] 
[  135.514821][ T7660] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  135.536279][ T7660] BTRFS info (device loop2): using free space tree
[  135.542980][ T5155] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  135.550500][ T1086] jfs_write_inode: jfs_commit_inode failed!
[  135.552932][ T5763] 
[  135.552932][ T5763]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  135.552932][ T5763] 
[  135.561996][ T7648] XFS (loop0): Quotacheck: Done.
[  135.578513][ T5763] 
[  135.578513][ T5763]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  135.578513][ T5763] 
[  135.681670][ T7660] BTRFS info (device loop2): enabling ssd optimizations
[  135.691868][ T7660] BTRFS info (device loop2): auto enabling async discard
[  135.693512][ T5764] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  135.762737][ T5155] usb 2-1: Using ep0 maxpacket: 8
[  135.801195][ T5155] usb 2-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[  135.812842][ T5155] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.825232][ T5155] usb 2-1: Product: syz
[  135.833302][ T5155] usb 2-1: Manufacturer: syz
[  135.841717][ T5155] usb 2-1: SerialNumber: syz
[  135.851981][ T5155] usb 2-1: config 0 descriptor??
[  135.878339][ T5155] gspca_main: sq930x-2.14.0 probing 2770:930c
[  135.885109][ T5762] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  136.522165][ T7708] loop0: detected capacity change from 0 to 4190
[  136.532110][ T7708] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(2)
[  136.543465][ T7708] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  136.726375][ T5155] gspca_sq930x: ucbus_write failed -71
[  136.748616][  T787] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  136.892838][ T7714] loop3: detected capacity change from 0 to 32768
[  136.908259][ T7714] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.710 (7714)
[  136.928009][ T7714] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  136.938942][ T7714] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  136.947627][ T7714] BTRFS info (device loop3): enabling auto defrag
[  136.954229][  T787] usb 3-1: Using ep0 maxpacket: 32
[  136.962314][ T7714] BTRFS info (device loop3): doing ref verification
[  136.972373][  T787] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  136.982738][ T5155] gspca_sq930x: Sensor ov9630 not yet treated
[  136.989345][  T787] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  136.997511][ T5155] sq930x: probe of 2-1:0.0 failed with error -22
[  137.004399][ T7714] BTRFS info (device loop3): use no compression
[  137.015679][  T787] usb 3-1: config 0 descriptor??
[  137.021142][ T5155] usb 2-1: USB disconnect, device number 5
[  137.038079][ T7714] BTRFS info (device loop3): force clearing of disk cache
[  137.045261][ T7714] BTRFS info (device loop3): setting nodatacow, compression disabled
[  137.059594][  T787] gspca_main: sunplus-2.14.0 probing 041e:400b
[  137.068841][ T7714] BTRFS info (device loop3): disabling free space tree
[  137.116884][ T7714] BTRFS info (device loop3): enabling ssd optimizations
[  137.124544][ T7714] BTRFS info (device loop3): auto enabling async discard
[  137.152551][ T7714] BTRFS info (device loop3): rebuilding free space tree
[  137.170934][ T7718] loop0: detected capacity change from 0 to 40427
[  137.180827][ T7714] BTRFS info (device loop3): disabling free space tree
[  137.184095][ T7718] F2FS-fs (loop0): Found nat_bits in checkpoint
[  137.190728][ T7714] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  137.211061][ T7714] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  137.242359][ T7718] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  137.375788][ T5763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  137.910873][  T787] gspca_sunplus: reg_w_riv err -71
[  137.916479][  T787] sunplus: probe of 3-1:0.0 failed with error -71
[  137.948415][  T787] usb 3-1: USB disconnect, device number 7
[  138.384307][ T7763] loop0: detected capacity change from 0 to 32768
[  138.423807][ T7763] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  138.440224][ T5818] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  138.487113][ T7763] OCFS2: ERROR (device loop0): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature 
[  138.524708][ T7763] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  138.552827][ T7763] OCFS2: File system is now read-only.
[  138.566887][ T7763] (syz.0.724,7763,1):ocfs2_find_entry_dx:1029 ERROR: status = -30
[  138.594776][ T7774] OCFS2: ERROR (device loop0): int __ocfs2_find_path(struct ocfs2_caching_info *, struct ocfs2_extent_list *, u32, path_insert_t *, void *): Owner 65 has invalid tree depth 312 in extent list
[  138.637248][ T7774] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  138.648072][ T7774] (syz.0.724,7774,0):ocfs2_find_leaf:1941 ERROR: status = -30
[  138.657891][ T5818] usb 2-1: Using ep0 maxpacket: 32
[  138.666291][ T5818] usb 2-1: config index 0 descriptor too short (expected 35577, got 27)
[  138.677925][ T7774] (syz.0.724,7774,0):ocfs2_get_clusters_nocache:421 ERROR: status = -30
[  138.682125][ T5818] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  138.686277][ T7774] (syz.0.724,7774,0):ocfs2_get_clusters:624 ERROR: status = -30
[  138.710854][ T5818] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92
[  138.721649][ T5818] usb 2-1: config 1 has no interface number 0
[  138.735283][ T5818] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  138.744067][ T7774] (syz.0.724,7774,0):ocfs2_extent_map_get_blocks:671 ERROR: status = -30
[  138.759623][ T5818] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  138.777366][ T5818] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  138.781255][ T7774] (syz.0.724,7774,0):ocfs2_read_virt_blocks:987 ERROR: status = -30
[  138.794498][ T5818] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.816581][ T5818] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found
[  138.822837][ T7774] (syz.0.724,7774,0):ocfs2_read_dir_block:511 ERROR: status = -30
[  138.900380][ T5764] ocfs2: Unmounting device (7,0) on (node local)
[  139.035517][ T5818] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached
[  139.464043][ T5818] usb 2-1: USB disconnect, device number 6
[  139.481698][ T5818] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected
[  139.557173][ T7800] loop2: detected capacity change from 0 to 4096
[  139.566179][ T7800] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512).
[  139.718356][ T7794] loop3: detected capacity change from 0 to 32768
[  139.756457][ T7794] XFS (loop3): Mounting V5 Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b
[  139.832377][ T7818] loop0: detected capacity change from 0 to 64
[  139.886352][ T7794] XFS (loop3): Ending clean mount
[  139.900233][ T7794] XFS (loop3): Quotacheck needed: Please wait.
[  139.936828][ T7794] XFS (loop3): Quotacheck: Done.
[  140.075390][ T5763] XFS (loop3): Unmounting Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b
[  140.088027][ T5155] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  140.307050][ T5155] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  140.333819][ T5155] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  140.360239][ T5155] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  140.370753][ T5155] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  140.385440][ T5155] usb 3-1: config 0 descriptor??
[  140.423731][ T7833] netlink: 'syz.3.748': attribute type 11 has an invalid length.
[  140.433184][ T7833] netlink: 44 bytes leftover after parsing attributes in process `syz.3.748'.
[  140.505877][ T7835] loop1: detected capacity change from 0 to 2048
[  140.551595][ T7835] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  140.619077][ T7835] EXT4-fs error (device loop1): ext4_ext_precache:627: inode #2: comm syz.1.752: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5)
[  140.667668][ T7835] EXT4-fs (loop1): Remounting filesystem read-only
[  140.739419][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.806482][ T5155] playstation 0003:054C:0DF2.0005: unknown main item tag 0x0
[  140.833982][ T5155] playstation 0003:054C:0DF2.0005: unknown main item tag 0x0
[  140.850594][ T5155] playstation 0003:054C:0DF2.0005: unknown main item tag 0x0
[  140.867964][ T5155] playstation 0003:054C:0DF2.0005: unknown main item tag 0x0
[  140.877940][ T5155] playstation 0003:054C:0DF2.0005: unknown main item tag 0x0
[  140.896040][ T5155] playstation 0003:054C:0DF2.0005: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0
[  141.053442][ T7856] loop1: detected capacity change from 0 to 4096
[  141.063868][ T7856] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  141.127066][ T7856] ntfs3: loop1: ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to parse mft record
[  141.186067][   T12] ntfs3: loop1: ino=1e, failed to parse mft record
[  141.205615][ T5155] playstation 0003:054C:0DF2.0005: Failed to retrieve feature with reportID 32: -71
[  141.217567][ T5155] playstation 0003:054C:0DF2.0005: Failed to retrieve DualSense firmware info: -71
[  141.232635][ T5155] playstation 0003:054C:0DF2.0005: Failed to get firmware info from DualSense
[  141.242909][ T5155] playstation 0003:054C:0DF2.0005: Failed to create dualsense.
[  141.261935][ T5155] playstation: probe of 0003:054C:0DF2.0005 failed with error -71
[  141.279511][ T5155] usb 3-1: USB disconnect, device number 8
[  141.881920][ T7877] loop1: detected capacity change from 0 to 256
[  141.929549][ T7877] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  141.988820][ T7879] loop0: detected capacity change from 0 to 256
[  142.061602][ T7879] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  142.162891][ T7887] netlink: 24 bytes leftover after parsing attributes in process `syz.2.775'.
[  142.783535][ T7916] syz.3.789 (7916) used greatest stack depth: 18984 bytes left
[  142.957960][ T5768] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  143.017973][ T5155] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  143.157310][ T5768] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  143.177989][ T5768] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.186042][ T5768] usb 1-1: Product: syz
[  143.201004][ T5768] usb 1-1: Manufacturer: syz
[  143.213239][ T5768] usb 1-1: SerialNumber: syz
[  143.217979][ T5155] usb 2-1: Using ep0 maxpacket: 8
[  143.228705][ T5768] usb 1-1: config 0 descriptor??
[  143.242427][ T5155] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  143.253990][ T5155] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.278587][ T5155] pvrusb2: Hardware description: Terratec Grabster AV400
[  143.288436][ T5155] pvrusb2: **********
[  143.292469][ T5155] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  143.305003][ T5155] pvrusb2: Important functionality might not be entirely working.
[  143.315754][ T5155] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  143.327564][ T5155] pvrusb2: **********
[  143.484086][ T2314] pvrusb2: Invalid write control endpoint
[  143.532847][ T2314] pvrusb2: Invalid write control endpoint
[  143.555835][ T2314] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  143.576480][ T2314] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  143.592629][ T2314] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  143.598427][ T7953] loop2: detected capacity change from 0 to 4096
[  143.603133][ T2314] pvrusb2: Device being rendered inoperable
[  143.616301][ T2314] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  143.617248][ T7953] EXT4-fs: Ignoring removed mblk_io_submit option
[  143.623758][ T2314] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  143.639301][ T2314] pvrusb2: Attached sub-driver cx25840
[  143.644788][ T2314] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  143.655737][ T2314] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  143.694671][  T787] usb 2-1: USB disconnect, device number 7
[  143.707898][ T5818] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  143.734729][ T7953] EXT4-fs (loop2): Test dummy encryption mode enabled
[  143.746584][ T7953] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  143.786259][ T7953] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  143.825314][ T5762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  143.908074][ T5818] usb 4-1: Using ep0 maxpacket: 32
[  143.915418][ T5818] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  143.925322][ T5818] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.936886][ T5818] usb 4-1: config 0 descriptor??
[  144.057360][ T5768] usb 1-1: Firmware version (0.0) predates our first public release.
[  144.065780][ T5768] usb 1-1: Please update to version 0.2 or newer
[  144.140403][ T5768] usb 1-1: USB disconnect, device number 7
[  144.148131][ T5818] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  144.167820][ T5818] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  144.179475][ T5818] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  144.189514][ T5818] usb 4-1: media controller created
[  144.233275][ T5818] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  144.358023][ T5818] az6027: usb out operation failed. (-71)
[  144.367676][ T5818] az6027: usb out operation failed. (-71)
[  144.378469][ T5818] stb0899_attach: Driver disabled by Kconfig
[  144.397905][ T5818] az6027: no front-end attached
[  144.397905][ T5818] 
[  144.405573][ T5818] az6027: usb out operation failed. (-71)
[  144.436194][ T5818] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  144.450361][ T5818] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input14
[  144.468189][ T5818] dvb-usb: schedule remote query interval to 400 msecs.
[  144.475385][ T5818] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  144.487694][ T5818] usb 4-1: USB disconnect, device number 8
[  144.523025][ T7971] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  144.542154][ T5818] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  144.632160][ T7975] netlink: 40 bytes leftover after parsing attributes in process `syz.2.813'.
[  144.718104][    T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  144.914797][    T8] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  144.934179][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.958012][    T8] usb 2-1: Product: syz
[  144.962229][    T8] usb 2-1: Manufacturer: syz
[  144.981022][    T8] usb 2-1: SerialNumber: syz
[  145.003373][    T8] usb 2-1: config 0 descriptor??
[  145.011965][    T8] ch341 2-1:0.0: ch341-uart converter detected
[  145.504469][ T8014] program syz.3.829 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  145.715400][ T8006] loop2: detected capacity change from 0 to 32768
[  145.733808][ T8006] 
[  145.733808][ T8006]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.733808][ T8006] 
[  145.781936][ T8006] ERROR: (device loop2): diWrite: ixpxd invalid
[  145.781936][ T8006] 
[  145.792769][ T8006] ERROR: (device loop2): txCommit: 
[  145.792769][ T8006] 
[  145.808444][ T8006] 
[  145.808444][ T8006]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.808444][ T8006] 
[  145.819384][    T8] usb 2-1: failed to send control message: -71
[  145.826829][ T8006] 
[  145.826829][ T8006]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.826829][ T8006] 
[  145.837458][    T8] ch341-uart: probe of ttyUSB0 failed with error -71
[  145.846072][ T8006] find_entry called with index = 0
[  145.846767][ T8010] loop0: detected capacity change from 0 to 32768
[  145.852164][ T8006] read_mapping_page failed!
[  145.863845][ T8006] ERROR: (device loop2): txCommit: 
[  145.863845][ T8006] 
[  145.865400][    T8] usb 2-1: USB disconnect, device number 8
[  145.885106][    T8] ch341 2-1:0.0: device disconnected
[  145.902228][ T8010] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  145.925293][ T4484] ERROR: (device loop2): diWrite: ixpxd invalid
[  145.925293][ T4484] 
[  145.954732][ T4484] ERROR: (device loop2): txCommit: 
[  145.954732][ T4484] 
[  145.965925][ T4484] jfs_write_inode: jfs_commit_inode failed!
[  145.975351][ T5762] 
[  145.975351][ T5762]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.975351][ T5762] 
[  145.986720][ T8010] XFS (loop0): Ending clean mount
[  145.990553][ T5762] 
[  145.990553][ T5762]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  145.990553][ T5762] 
[  146.094924][ T5764] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  146.419843][ T8034] loop0: detected capacity change from 0 to 2048
[  146.464090][ T8034] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.531950][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.967923][  T787] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  147.024494][ T8061] loop0: detected capacity change from 0 to 512
[  147.033840][ T8061] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  147.056895][ T8061] EXT4-fs (loop0): 1 truncate cleaned up
[  147.064879][ T8061] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  147.118280][ T5764] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  147.152319][  T787] usb 2-1: Using ep0 maxpacket: 8
[  147.164013][  T787] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  147.179524][  T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.217910][  T787] pvrusb2: Hardware description: Terratec Grabster AV400
[  147.225687][  T787] pvrusb2: **********
[  147.230199][  T787] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  147.245071][  T787] pvrusb2: Important functionality might not be entirely working.
[  147.253521][  T787] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  147.272532][  T787] pvrusb2: **********
[  147.422716][ T2314] pvrusb2: Invalid write control endpoint
[  147.511227][ T2314] pvrusb2: Invalid write control endpoint
[  147.517009][ T2314] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  147.541332][ T2314] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  147.541924][ T8079] loop0: detected capacity change from 0 to 2048
[  147.557646][ T2314] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  147.574000][ T2314] pvrusb2: Device being rendered inoperable
[  147.579589][ T8079] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  147.586277][ T2314] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  147.599572][ T2314] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  147.611534][ T2314] pvrusb2: Attached sub-driver cx25840
[  147.617101][ T2314] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  147.643569][ T8048] pvrusb2: Killing an I2C write to 0 that is too large (desired=62 limit=61)
[  147.644516][ T2314] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  147.659774][  T787] usb 2-1: USB disconnect, device number 9
[  147.778073][ T5777] Bluetooth: hci3: command tx timeout
[  147.851177][  T786] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  148.057960][  T786] usb 3-1: Using ep0 maxpacket: 16
[  148.064937][  T786] usb 3-1: config 7 has an invalid interface number: 76 but max is 0
[  148.068103][ T8093] loop0: detected capacity change from 0 to 32768
[  148.076791][  T786] usb 3-1: config 7 has no interface number 0
[  148.097993][  T786] usb 3-1: config 7 interface 76 altsetting 7 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  148.117932][  T786] usb 3-1: config 7 interface 76 altsetting 7 endpoint 0x6 has invalid maxpacket 50176, setting to 1024
[  148.130289][  T786] usb 3-1: config 7 interface 76 has no altsetting 0
[  148.149498][  T786] usb 3-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=b7.d3
[  148.165352][  T786] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.173635][  T786] usb 3-1: Product: syz
[  148.177893][  T786] usb 3-1: Manufacturer: syz
[  148.182506][  T786] usb 3-1: SerialNumber: syz
[  148.411696][  T786] usb 3-1: Quirk or no altest; falling back to MIDI 1.0
[  148.498192][  T786] usb 3-1: USB disconnect, device number 9
[  148.598896][ T8107] loop3: detected capacity change from 0 to 2048
[  148.651219][ T8107] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  148.746616][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.793666][ T8102] loop1: detected capacity change from 0 to 32768
[  148.849453][ T8102] XFS (loop1): Mounting V5 Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b
[  148.980419][ T8102] XFS (loop1): Ending clean mount
[  148.990024][ T8102] XFS (loop1): Quotacheck needed: Please wait.
[  149.078802][ T8102] XFS (loop1): Quotacheck: Done.
[  149.161718][ T8128] sctp: [Deprecated]: syz.2.873 (pid 8128) Use of struct sctp_assoc_value in delayed_ack socket option.
[  149.161718][ T8128] Use struct sctp_sack_info instead
[  149.163940][ T5765] XFS (loop1): Unmounting Filesystem 6b3d8c96-b8b2-4f73-8344-2893082bca0b
[  149.294179][ T8114] loop0: detected capacity change from 0 to 40427
[  149.305431][ T8114] F2FS-fs (loop0): heap/no_heap options were deprecated
[  149.320365][ T8132] capability: warning: `syz.2.876' uses 32-bit capabilities (legacy support in use)
[  149.331283][ T8114] F2FS-fs (loop0): invalid crc value
[  149.370805][ T8114] F2FS-fs (loop0): Found nat_bits in checkpoint
[  149.509831][ T8114] F2FS-fs (loop0): Start checkpoint disabled!
[  149.523568][ T8135] loop2: detected capacity change from 0 to 512
[  149.541489][ T8114] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  149.542851][ T8135] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  149.571646][ T8135] EXT4-fs (loop2): 1 truncate cleaned up
[  149.584766][ T8135] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  149.713656][   T28] kauditd_printk_skb: 1 callbacks suppressed
[  149.713670][   T28] audit: type=1800 audit(1751521401.387:51): pid=8135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.877" name="file1" dev="loop2" ino=15 res=0 errno=0
[  149.754200][ T8147] vxcan0: tx address claim with dlc 0
[  149.754231][   T28] audit: type=1800 audit(1751521401.407:52): pid=8135 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.877" name="file1" dev="loop2" ino=15 res=0 errno=0
[  149.788014][ T8135] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.877: corrupted in-inode xattr: overlapping e_value 
[  149.811872][ T8135] EXT4-fs warning (device loop2): ext4_xattr_set_entry:1781: inode #15: comm syz.2.877: unable to update i_inline_off
[  149.831064][ T8135] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  149.851641][   T48] kworker/u4:3: attempt to access beyond end of device
[  149.851641][   T48] loop0: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  149.877382][   T48] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  149.885509][ T8148] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.877: corrupted in-inode xattr: overlapping e_value 
[  149.895900][   T48] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  149.908353][   T48] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  149.944655][ T8148] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2244: inode #15: comm syz.2.877: corrupted in-inode xattr: overlapping e_value 
[  150.127380][ T5762] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.737951][    T8] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  150.919782][    T8] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  150.938631][    T8] usb 3-1: config 0 has no interface number 0
[  150.950680][    T8] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  150.965477][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.982270][    T8] usb 3-1: Product: syz
[  150.991362][    T8] usb 3-1: Manufacturer: syz
[  151.000457][    T8] usb 3-1: SerialNumber: syz
[  151.015197][    T8] usb 3-1: config 0 descriptor??
[  151.251067][    T8] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  151.281054][    T8] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  151.322465][    T8] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  151.341756][    T8] usb 3-1: media controller created
[  151.355525][   T28] audit: type=1326 audit(1751521403.027:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.1.889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53a718e929 code=0x7ffc0000
[  151.402981][    T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  151.428928][   T28] audit: type=1326 audit(1751521403.057:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.1.889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53a718e929 code=0x7ffc0000
[  151.493291][   T28] audit: type=1326 audit(1751521403.077:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.1.889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f53a718e929 code=0x7ffc0000
[  151.547890][   T28] audit: type=1326 audit(1751521403.077:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.1.889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53a718e929 code=0x7ffc0000
[  151.589931][ T8171] loop1: detected capacity change from 0 to 256
[  151.612514][   T28] audit: type=1326 audit(1751521403.077:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.1.889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53a718e929 code=0x7ffc0000
[  151.620412][ T8171] exfat: Deprecated parameter 'utf8'
[  151.675223][   T28] audit: type=1326 audit(1751521403.077:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.1.889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f53a718e929 code=0x7ffc0000
[  151.735696][   T28] audit: type=1326 audit(1751521403.077:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.1.889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f53a718e929 code=0x7ffc0000
[  151.792436][   T28] audit: type=1326 audit(1751521403.077:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8166 comm="syz.1.889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7f53a718e929 code=0x7ffc0000
[  152.493180][ T8186] loop0: detected capacity change from 0 to 1024
[  152.535957][    T8] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  152.633027][    T8] usb 3-1: USB disconnect, device number 10
[  152.668919][   T48] hfsplus: b-tree write err: -5, ino 4
[  152.958984][ T8197] batman_adv: batadv0: Adding interface: gretap1
[  152.988075][ T8197] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  153.026551][ T8197] batman_adv: batadv0: Interface activated: gretap1
[  153.154456][ T8203] loop0: detected capacity change from 0 to 512
[  153.216417][ T8203] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.264015][ T8203] ext4 filesystem being mounted at /231/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.425296][ T8203] fs-verity (loop0, inode 15): Unrecognized descriptor size: 0 bytes
[  153.542063][ T5764] VFS: Lookup of 'ÿÿ' in ext4 loop0 would have caused loop
[  153.566306][ T5764] VFS: Lookup of 'ÿÿ' in ext4 loop0 would have caused loop
[  153.700195][ T8004] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.729162][ T8218] loop1: detected capacity change from 0 to 4096
[  153.874266][ T8218] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  154.040469][ T5765] ntfs3: loop1: ino=9, ntfs_sync_fs failed, -22.
[  154.095137][ T8215] loop3: detected capacity change from 0 to 32768
[  154.149875][ T8215] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  154.279695][   T11] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.305384][ T8215] XFS (loop3): Ending clean mount
[  154.427769][   T11] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.459986][ T5763] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  154.554120][   T11] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.612124][ T8242] netlink: 8 bytes leftover after parsing attributes in process `syz.1.923'.
[  154.644081][ T8242] netlink: 'syz.1.923': attribute type 2 has an invalid length.
[  154.767399][   T11] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.105091][ T8250] netlink: 4 bytes leftover after parsing attributes in process `syz.2.926'.
[  155.121173][   T11] tipc: Left network mode
[  155.147324][ T5084] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  155.153941][ T8254] netlink: 20 bytes leftover after parsing attributes in process `syz.3.927'.
[  155.163730][ T5084] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  155.166041][ T5084] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  155.189343][ T5084] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  155.198779][ T5084] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  155.206256][ T5084] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  155.286796][ T8258] loop1: detected capacity change from 0 to 1024
[  155.310762][ T8258] hfsplus: bad catalog entry type
[  155.344337][ T1086] hfsplus: b-tree write err: -5, ino 4
[  155.872896][ T8251] chnl_net:caif_netlink_parms(): no params data found
[  155.958132][ T5155] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  155.967022][ T8251] bridge0: port 1(bridge_slave_0) entered blocking state
[  155.974749][ T8251] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.982701][ T8251] bridge_slave_0: entered allmulticast mode
[  155.990092][ T8251] bridge_slave_0: entered promiscuous mode
[  155.999987][   T11] batman_adv: batadv0: Interface deactivated: gretap1
[  156.034396][   T11] batman_adv: batadv0: Removing interface: gretap1
[  156.043980][ T8251] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.055555][ T8251] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.064536][ T8251] bridge_slave_1: entered allmulticast mode
[  156.077458][ T8251] bridge_slave_1: entered promiscuous mode
[  156.168592][ T5155] usb 4-1: Using ep0 maxpacket: 8
[  156.180858][ T5155] usb 4-1: unable to get BOS descriptor or descriptor too short
[  156.204937][ T5155] usb 4-1: config 9 has an invalid interface number: 4 but max is 0
[  156.221769][ T5155] usb 4-1: config 9 has no interface number 0
[  156.229854][ T5155] usb 4-1: config 9 interface 4 has no altsetting 0
[  156.241188][ T5155] usb 4-1: New USB device found, idVendor=2cb7, idProduct=0104, bcdDevice=43.2f
[  156.260472][ T8251] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.275643][ T5155] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  156.295178][ T5155] usb 4-1: Product: syz
[  156.318232][ T5155] usb 4-1: Manufacturer: syz
[  156.322960][ T5155] usb 4-1: SerialNumber: syz
[  156.466463][ T8251] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.509927][ T8278] netlink: 124 bytes leftover after parsing attributes in process `syz.1.938'.
[  156.565990][ T8251] team0: Port device team_slave_0 added
[  156.612595][ T8251] team0: Port device team_slave_1 added
[  156.774134][ T5777] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  156.789951][ T5777] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  156.796073][ T8251] batman_adv: batadv0: Adding interface: batadv_slave_0
[  156.812271][ T8251] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  156.812390][ T5777] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  156.852440][ T8251] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  156.858108][ T5777] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  156.878867][ T5777] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  156.891964][ T5777] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  156.899197][   T11] bond0: left promiscuous mode
[  156.904989][   T11] bond_slave_0: left promiscuous mode
[  156.922210][   T11] bond_slave_1: left promiscuous mode
[  156.947929][   T11] batadv_slave_0: left promiscuous mode
[  156.949497][ T8286] loop1: detected capacity change from 0 to 256
[  156.961038][ T8286] exfat: Deprecated parameter 'utf8'
[  156.974612][   T11] hsr_slave_0: left promiscuous mode
[  156.982803][   T11] hsr_slave_1: left promiscuous mode
[  156.989530][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  156.996994][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  157.006086][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  157.013616][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  157.024586][   T11] bridge_slave_1: left allmulticast mode
[  157.031924][   T11] bridge_slave_1: left promiscuous mode
[  157.040221][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.071087][   T11] bridge_slave_0: left allmulticast mode
[  157.076824][   T11] bridge_slave_0: left promiscuous mode
[  157.083045][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.104371][ T8288] loop1: detected capacity change from 0 to 64
[  157.109646][ T5155] usb 4-1: USB disconnect, device number 9
[  157.147698][   T11] veth0_macvtap: left promiscuous mode
[  157.155840][   T11] veth1_vlan: left promiscuous mode
[  157.162928][   T11] veth0_vlan: left promiscuous mode
[  157.292782][ T5777] Bluetooth: hci2: command tx timeout
[  157.352803][ T8292] loop1: detected capacity change from 0 to 8192
[  158.050021][ T8304] loop1: detected capacity change from 0 to 128
[  158.058904][ T8304] FAT-fs (loop1): Unrecognized mount option "dos1xfloppy=win95" or missing value
[  158.075417][   T11] team0 (unregistering): Port device team_slave_1 removed
[  158.146781][   T11] team0 (unregistering): Port device team_slave_0 removed
[  158.215074][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  158.279459][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  158.863191][ T8311] loop1: detected capacity change from 0 to 40427
[  158.873936][ T8311] F2FS-fs (loop1): Invalid Fs Meta Ino: node(3) meta(0) root(3)
[  158.881738][ T8311] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  158.890352][ T8311] F2FS-fs (loop1): heap/no_heap options were deprecated
[  158.908448][ T8311] F2FS-fs (loop1): invalid crc value
[  158.937005][ T8311] F2FS-fs (loop1): Found nat_bits in checkpoint
[  158.985194][ T5777] Bluetooth: hci0: command tx timeout
[  159.018097][ T8311] F2FS-fs (loop1): Start checkpoint disabled!
[  159.038423][ T8311] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  159.045519][ T8311] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  159.048118][   T11] bond0 (unregistering): Released all slaves
[  159.154765][ T2882] kworker/u4:7: attempt to access beyond end of device
[  159.154765][ T2882] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  159.168904][ T2882] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  159.175997][ T2882] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  159.185518][ T2882] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  159.230915][ T8251] batman_adv: batadv0: Adding interface: batadv_slave_1
[  159.258033][ T8251] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  159.296884][ T8251] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  159.378224][ T5777] Bluetooth: hci2: command tx timeout
[  159.446032][ T8251] hsr_slave_0: entered promiscuous mode
[  159.457207][ T8251] hsr_slave_1: entered promiscuous mode
[  160.004295][ T8281] chnl_net:caif_netlink_parms(): no params data found
[  160.052641][   T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.150079][ T8251] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  160.199908][   T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.225126][ T8251] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  160.264312][ T8251] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  160.290129][   T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.302926][ T8281] bridge0: port 1(bridge_slave_0) entered blocking state
[  160.311315][ T8281] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.318857][ T8281] bridge_slave_0: entered allmulticast mode
[  160.326329][ T8281] bridge_slave_0: entered promiscuous mode
[  160.337429][ T8251] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  160.361444][ T8281] bridge0: port 2(bridge_slave_1) entered blocking state
[  160.369041][ T8281] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.376256][ T8281] bridge_slave_1: entered allmulticast mode
[  160.384601][ T8281] bridge_slave_1: entered promiscuous mode
[  160.430672][   T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  160.467997][ T8281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  160.494824][ T8281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  160.594417][ T8281] team0: Port device team_slave_0 added
[  160.609483][ T8281] team0: Port device team_slave_1 added
[  160.707360][ T8352] loop3: detected capacity change from 0 to 512
[  160.715732][ T8352] EXT4-fs: Ignoring removed mblk_io_submit option
[  160.717446][ T8281] batman_adv: batadv0: Adding interface: batadv_slave_0
[  160.732393][ T8352] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  160.741310][ T8281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.770837][ T8352] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c118, mo2=0002]
[  160.772675][ T8281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  160.785789][ T8352] System zones: 1-12
[  160.814281][ T8281] batman_adv: batadv0: Adding interface: batadv_slave_1
[  160.815476][ T8352] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.963: corrupted in-inode xattr: e_value size too large
[  160.823228][ T8281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  160.846031][ T8352] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.963: couldn't read orphan inode 15 (err -117)
[  160.863410][ T8281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  160.891105][ T8352] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.958258][ T8281] hsr_slave_0: entered promiscuous mode
[  160.965263][ T8281] hsr_slave_1: entered promiscuous mode
[  160.980575][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.989706][ T8281] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  160.997436][ T8281] Cannot create hsr debugfs directory
[  161.068429][ T5777] Bluetooth: hci0: command tx timeout
[  161.090063][  T787] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  161.140101][ T8360] loop3: detected capacity change from 0 to 1024
[  161.186713][ T8360] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  161.249434][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.298860][  T787] usb 2-1: Using ep0 maxpacket: 16
[  161.313362][  T787] usb 2-1: config 7 has an invalid interface number: 76 but max is 0
[  161.324999][  T787] usb 2-1: config 7 has no interface number 0
[  161.335584][  T787] usb 2-1: config 7 interface 76 altsetting 7 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  161.338918][ T8251] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.351274][  T787] usb 2-1: config 7 interface 76 altsetting 7 endpoint 0x6 has invalid maxpacket 50176, setting to 1024
[  161.377736][  T787] usb 2-1: config 7 interface 76 has no altsetting 0
[  161.394568][  T787] usb 2-1: New USB device found, idVendor=0499, idProduct=103e, bcdDevice=b7.d3
[  161.407290][  T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.422803][  T787] usb 2-1: Product: syz
[  161.441389][  T787] usb 2-1: Manufacturer: syz
[  161.448058][ T5777] Bluetooth: hci2: command tx timeout
[  161.466425][  T787] usb 2-1: SerialNumber: syz
[  161.528490][ T8251] 8021q: adding VLAN 0 to HW filter on device team0
[  161.546124][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.553433][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.633996][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.641436][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.695347][  T787] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  161.729312][  T787] usb 2-1: USB disconnect, device number 10
[  161.762621][ T8370] netlink: 8 bytes leftover after parsing attributes in process `syz.3.970'.
[  161.786104][ T8281] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  161.810006][ T8281] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  161.833140][ T8370] IPVS: Error joining to the multicast group
[  161.878010][ T8281] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  161.894148][ T8281] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  162.124319][   T11] mac80211_hwsim hwsim3 wlan0 (unregistering): left allmulticast mode
[  162.328449][   T11] hsr_slave_0: left promiscuous mode
[  162.343088][   T11] hsr_slave_1: left promiscuous mode
[  162.386429][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  162.397483][   T11] batman_adv: batadv0: Removing interface: batadv_slave_0
[  162.407496][   T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  162.416109][   T11] batman_adv: batadv0: Removing interface: batadv_slave_1
[  162.424403][   T11] bridge_slave_1: left allmulticast mode
[  162.426608][ T8384] loop1: detected capacity change from 0 to 256
[  162.430751][   T11] bridge_slave_1: left promiscuous mode
[  162.442896][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  162.453152][   T11] bridge_slave_0: left allmulticast mode
[  162.465431][   T11] bridge_slave_0: left promiscuous mode
[  162.473687][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  162.491964][ T8384] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  162.517131][ T8384] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  162.545644][   T11] veth1_macvtap: left promiscuous mode
[  162.551332][   T11] veth0_macvtap: left promiscuous mode
[  162.556985][   T11] veth1_vlan: left promiscuous mode
[  162.569729][   T11] veth0_vlan: left promiscuous mode
[  162.924063][ T8390] loop1: detected capacity change from 0 to 4096
[  162.977716][ T8390] ntfs3: loop1: MFT: r=b, expect seq=7 instead of b!
[  163.138353][ T5777] Bluetooth: hci0: command tx timeout
[  163.323227][ T8399] loop3: detected capacity change from 0 to 1024
[  163.346396][ T8399] EXT4-fs: Ignoring removed nobh option
[  163.357305][ T8399] EXT4-fs: Ignoring removed bh option
[  163.363537][ T8399] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  163.416486][ T8399] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.529976][   T11] team0 (unregistering): Port device team_slave_1 removed
[  163.538493][ T5777] Bluetooth: hci2: command tx timeout
[  163.590990][   T11] team0 (unregistering): Port device team_slave_0 removed
[  163.603613][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  163.687620][   T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  163.759342][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  164.119905][ T8404] loop3: detected capacity change from 0 to 40427
[  164.143571][ T8404] F2FS-fs (loop3): heap/no_heap options were deprecated
[  164.152728][ T8404] F2FS-fs (loop3): invalid crc value
[  164.189250][ T8404] F2FS-fs (loop3): Found nat_bits in checkpoint
[  164.321015][ T8404] F2FS-fs (loop3): Start checkpoint disabled!
[  164.351401][ T8404] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  164.643632][ T1086] kworker/u4:6: attempt to access beyond end of device
[  164.643632][ T1086] loop3: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  164.676649][ T1086] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  164.684378][ T1086] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  164.692378][ T1086] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  164.804570][ T8413] loop1: detected capacity change from 0 to 40427
[  164.844696][ T8413] F2FS-fs (loop1): build fault injection attr: rate: 4, type: 0x7ffff
[  164.853290][ T8413] F2FS-fs (loop1): Image doesn't support compression
[  164.860241][ T8413] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x2ac
[  164.876406][ T8413] F2FS-fs (loop1): invalid crc value
[  164.892452][ T8413] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_page of __get_meta_page+0x156/0x580
[  164.905570][ T8413] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x644/0x920
[  164.923577][ T8413] F2FS-fs (loop1): Found nat_bits in checkpoint
[  164.971806][ T8413] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x644/0x920
[  164.988280][ T8413] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x644/0x920
[  165.005957][ T8413] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_page of __get_meta_page+0x156/0x580
[  165.021209][   T11] bond0 (unregistering): Released all slaves
[  165.064775][ T8413] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  165.090206][ T8413] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_page of f2fs_get_read_data_page+0xc0/0x5c0
[  165.103344][ T8413] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_page of f2fs_new_node_page+0x13a/0x910
[  165.117313][ T8413] F2FS-fs (loop1): inject alloc nid in f2fs_alloc_nid of f2fs_new_inode+0xff/0x1020
[  165.154968][ T8281] 8021q: adding VLAN 0 to HW filter on device bond0
[  165.188239][ T5765] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_page of f2fs_grab_meta_page+0x67/0x210
[  165.197718][ T8281] 8021q: adding VLAN 0 to HW filter on device team0
[  165.206730][ T8419] ax25_connect(): syz.3.985 uses autobind, please contact jreuter@yaina.de
[  165.217984][ T5777] Bluetooth: hci0: command tx timeout
[  165.225681][ T8419] ax25_connect(): syz.3.985 uses autobind, please contact jreuter@yaina.de
[  165.342853][ T2882] bridge0: port 1(bridge_slave_0) entered blocking state
[  165.350095][ T2882] bridge0: port 1(bridge_slave_0) entered forwarding state
[  165.447868][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  165.455071][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  165.543511][ T8251] 8021q: adding VLAN 0 to HW filter on device batadv0
[  166.009145][ T8281] 8021q: adding VLAN 0 to HW filter on device batadv0
[  166.061989][ T8440] input: syz1 as /devices/virtual/input/input16
[  166.232230][ T8427] loop3: detected capacity change from 0 to 32768
[  166.247123][ T8427] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.989 (8427)
[  166.252515][ T8251] veth0_vlan: entered promiscuous mode
[  166.277695][ T8427] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  166.306087][ T8427] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  166.321979][ T8251] veth1_vlan: entered promiscuous mode
[  166.337089][ T8427] BTRFS info (device loop3): setting nodatacow, compression disabled
[  166.364040][ T8427] BTRFS info (device loop3): max_inline at 0
[  166.383259][ T8427] BTRFS info (device loop3): turning off barriers
[  166.395145][ T8251] veth0_macvtap: entered promiscuous mode
[  166.404216][ T8427] BTRFS info (device loop3): force zlib compression, level 3
[  166.419878][ T8427] BTRFS info (device loop3): doing ref verification
[  166.426601][ T8427] BTRFS info (device loop3): force clearing of disk cache
[  166.436901][ T8251] veth1_macvtap: entered promiscuous mode
[  166.446563][ T8427] BTRFS info (device loop3): enabling ssd optimizations
[  166.463203][ T8427] BTRFS info (device loop3): max_inline at 4096
[  166.471209][ T8251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.482125][ T8427] BTRFS info (device loop3): using free space tree
[  166.489897][ T8251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.500773][ T8251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  166.511671][ T8251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.523255][ T8251] batman_adv: batadv0: Interface activated: batadv_slave_0
[  166.538426][ T8251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  166.549021][ T8251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.559178][ T8251] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  166.570460][ T8251] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  166.582200][ T8251] batman_adv: batadv0: Interface activated: batadv_slave_1
[  166.601423][ T8251] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  166.610339][ T8251] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  166.619801][ T8251] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  166.629842][ T8251] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  166.645506][ T8427] BTRFS info (device loop3): auto enabling async discard
[  166.663785][ T8427] BTRFS info (device loop3): rebuilding free space tree
[  166.713724][ T8281] veth0_vlan: entered promiscuous mode
[  166.806714][ T8281] veth1_vlan: entered promiscuous mode
[  166.816747][ T5763] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  166.877150][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.902356][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.930327][ T8281] veth0_macvtap: entered promiscuous mode
[  166.952775][ T8281] veth1_macvtap: entered promiscuous mode
[  167.030398][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  167.039762][ T8281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.052316][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  167.062936][ T8281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.075487][ T8281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.097867][ T8281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.107744][ T8281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  167.138605][ T8281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.155542][ T8281] batman_adv: batadv0: Interface activated: batadv_slave_0
[  167.167167][ T8281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.197590][ T8281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.218372][ T8281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.231514][ T8281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.241664][ T8281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  167.252742][ T8281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  167.277393][ T8281] batman_adv: batadv0: Interface activated: batadv_slave_1
[  167.312913][ T8281] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  167.339339][ T8281] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  167.348207][ T8281] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  167.357170][ T8281] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  167.582246][   T48] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  167.616819][   T48] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  167.683392][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  167.713552][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  167.804001][ T8469] loop3: detected capacity change from 0 to 32768
[  167.823910][ T8469] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.992 (8469)
[  167.861606][ T8482] loop1: detected capacity change from 0 to 1024
[  167.875299][ T8469] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  167.887044][ T8482] EXT4-fs: inline encryption not supported
[  167.900921][ T8483] loop5: detected capacity change from 0 to 512
[  167.908167][ T8469] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  167.917444][ T8469] BTRFS info (device loop3): using free space tree
[  167.938333][ T8483] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  167.955604][ T8482] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.011752][ T8483] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.025682][ T8483] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.047896][ T8469] BTRFS info (device loop3): enabling ssd optimizations
[  168.054907][ T8469] BTRFS info (device loop3): auto enabling async discard
[  168.110199][ T8281] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.128780][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.163951][   T28] kauditd_printk_skb: 1 callbacks suppressed
[  168.163964][   T28] audit: type=1800 audit(1751521419.847:62): pid=8469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.992" name="bus" dev="loop3" ino=263 res=0 errno=0
[  168.316562][ T5763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  168.860785][ T8509] loop4: detected capacity change from 0 to 32768
[  168.905033][ T8509] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  168.929960][   T28] audit: type=1800 audit(1751521420.607:63): pid=8509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1002" name="file1" dev="loop4" ino=17058 res=0 errno=0
[  169.177398][ T8509] syz.4.1002 (8509) used greatest stack depth: 18544 bytes left
[  169.230799][ T8251] ocfs2: Unmounting device (7,4) on (node local)
[  169.544452][ T8526] loop5: detected capacity change from 0 to 32768
[  169.568154][ T8526] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.1007 (8526)
[  169.616030][ T8526] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  169.635312][ T8526] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  169.645448][ T8526] BTRFS info (device loop5): enabling auto defrag
[  169.653154][ T8526] BTRFS info (device loop5): doing ref verification
[  169.683405][ T8526] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8)
[  169.718019][ T8526] BTRFS info (device loop5): use lzo compression, level 0
[  169.725211][ T8526] BTRFS info (device loop5): force clearing of disk cache
[  169.750968][ T8526] BTRFS info (device loop5): max_inline at 4096
[  169.757287][ T8526] BTRFS info (device loop5): disabling free space tree
[  169.878271][ T8526] BTRFS info (device loop5): enabling ssd optimizations
[  169.905142][ T8526] BTRFS info (device loop5): auto enabling async discard
[  169.949167][ T8526] BTRFS info (device loop5): rebuilding free space tree
[  169.954277][ T8568] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1015'.
[  170.003363][ T8526] BTRFS info (device loop5): disabling free space tree
[  170.037346][ T8526] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  170.058407][ T8526] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  170.407503][ T8281] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  170.543751][ T5873] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  170.759846][ T5873] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  170.777391][ T5873] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  170.793713][ T5873] usb 5-1: config 0 interface 0 has no altsetting 0
[  170.801380][ T5873] usb 5-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[  170.821690][ T5873] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.830157][ T8582] netlink: 'syz.5.1022': attribute type 10 has an invalid length.
[  170.840452][ T5873] usb 5-1: config 0 descriptor??
[  171.260032][ T5873] hid-alps 0003:044E:120B.0006: unknown main item tag 0x0
[  171.270597][ T5873] hid-alps 0003:044E:120B.0006: unknown main item tag 0x0
[  171.278042][ T5873] hid-alps 0003:044E:120B.0006: unknown main item tag 0x0
[  171.285311][ T5873] hid-alps 0003:044E:120B.0006: unknown main item tag 0x0
[  171.300891][ T5873] hid-alps 0003:044E:120B.0006: unknown main item tag 0x0
[  171.324372][ T5873] hid-alps 0003:044E:120B.0006: unknown main item tag 0x0
[  171.337942][ T5873] hid-alps 0003:044E:120B.0006: unknown main item tag 0x0
[  171.361115][ T5873] hid-alps 0003:044E:120B.0006: unknown main item tag 0x0
[  171.379212][ T5873] hid-alps 0003:044E:120B.0006: unknown main item tag 0x0
[  171.389612][ T5873] hid-alps 0003:044E:120B.0006: item fetching failed at offset 9/11
[  171.411373][ T5873] hid-alps 0003:044E:120B.0006: parse failed
[  171.417494][ T5873] hid-alps: probe of 0003:044E:120B.0006 failed with error -22
[  171.517886][  T786] usb 5-1: USB disconnect, device number 2
[  171.763730][ T8609] loop1: detected capacity change from 0 to 2048
[  171.784732][ T8609] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  171.839330][ T8609] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  171.884704][ T8609] EXT4-fs error (device loop1): ext4_find_dest_de:2115: inode #12: block 9: comm syz.1.1035: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=13, rec_len=21, size=56 fake=0
[  171.908488][ T8615] loop5: detected capacity change from 0 to 2048
[  171.916263][ T8609] EXT4-fs (loop1): Remounting filesystem read-only
[  171.943958][ T8615] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  171.969205][ T8615] ext4 filesystem being mounted at /12/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  171.970190][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.114677][ T8281] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  172.568420][ T8608] loop3: detected capacity change from 0 to 65536
[  172.603570][ T8608] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  172.660555][ T8608] XFS (loop3): Ending clean mount
[  172.775060][ T8608] XFS (loop3): Metadata CRC error detected at xfs_agf_read_verify+0x191/0x250, xfs_agf block 0x1 
[  172.800241][ T8608] XFS (loop3): Unmount and run xfs_repair
[  172.806031][ T8608] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  172.846705][ T8608] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  172.866556][ T8608] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  172.881337][ T8608] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04  ................
[  172.910115][ T8608] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  172.932362][ T8608] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  172.945972][ T8608] 00000050: 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00  ................
[  172.957395][ T8608] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  172.971279][ T8608] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  172.980827][ T8608] XFS (loop3): metadata I/O error in "xfs_read_agf+0x27e/0x590" at daddr 0x1 len 1 error 74
[  173.018399][ T8631] loop5: detected capacity change from 0 to 40427
[  173.022247][ T8608] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x518/0x8a0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  173.026464][ T8631] F2FS-fs (loop5): Invalid Fs Meta Ino: node(3) meta(0) root(3)
[  173.051168][ T8631] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  173.054822][ T8608] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  173.064978][ T8631] F2FS-fs (loop5): heap/no_heap options were deprecated
[  173.084403][ T8631] F2FS-fs (loop5): invalid crc value
[  173.100990][ T8631] F2FS-fs (loop5): Found nat_bits in checkpoint
[  173.171325][ T8631] F2FS-fs (loop5): Start checkpoint disabled!
[  173.178963][ T5763] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  173.188438][ T8631] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[  173.228141][ T8631] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  173.536076][ T1086] kworker/u4:6: attempt to access beyond end of device
[  173.536076][ T1086] loop5: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  173.550561][ T1086] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  173.557712][ T1086] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  173.570566][ T1086] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  173.738077][ T5804] usb 2-1: new full-speed USB device number 11 using dummy_hcd
[  173.932431][ T5804] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  173.957957][ T5804] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  173.988794][ T5804] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  174.012433][ T5804] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  174.033740][ T8657] loop4: detected capacity change from 0 to 32768
[  174.034317][ T5804] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  174.060821][ T5804] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  174.070569][ T5804] usb 2-1: Manufacturer: syz
[  174.084166][ T5804] usb 2-1: config 0 descriptor??
[  174.479234][ T8674] loop4: detected capacity change from 0 to 512
[  174.481934][ T5804] rc_core: IR keymap rc-hauppauge not found
[  174.492076][ T8674] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  174.501904][ T5804] Registered IR keymap rc-empty
[  174.502028][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.527947][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.528127][ T8674] EXT4-fs (loop4): 1 truncate cleaned up
[  174.553284][ T8674] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  174.558666][ T5804] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  174.603065][ T5804] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input17
[  174.631051][ T8251] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  174.668268][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.721843][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.741293][ T5873] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  174.768209][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.798016][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.839320][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.852854][ T8672] loop5: detected capacity change from 0 to 32768
[  174.861314][ T8672] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.1057 (8672)
[  174.875821][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.884403][ T8684] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2
[  174.898482][ T8672] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  174.910737][   T11] Bluetooth: hci4: Frame reassembly failed (-84)
[  174.925334][ T8672] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  174.936058][ T8672] BTRFS info (device loop5): enabling auto defrag
[  174.944903][ T8672] BTRFS info (device loop5): use no compression
[  174.951987][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.958127][ T5873] usb 4-1: Using ep0 maxpacket: 16
[  174.959441][ T8672] BTRFS info (device loop5): force clearing of disk cache
[  174.970931][ T5873] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  174.971856][ T8672] BTRFS info (device loop5): max_inline at 4096
[  174.987762][ T5873] usb 4-1: config 0 interface 0 has no altsetting 0
[  174.989196][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  174.995155][ T5873] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  175.002734][ T8672] BTRFS info (device loop5): turning on sync discard
[  175.012145][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.029381][ T8672] BTRFS info (device loop5): disabling free space tree
[  175.033174][ T5873] usb 4-1: config 0 descriptor??
[  175.047973][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  175.072742][ T8672] BTRFS info (device loop5): enabling ssd optimizations
[  175.078167][ T5804] mceusb 2-1:0.0: Error: mce write submit urb error = -90
[  175.088573][ T8672] BTRFS info (device loop5): rebuilding free space tree
[  175.106645][ T8672] BTRFS info (device loop5): disabling free space tree
[  175.113683][ T8672] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  175.121049][ T5804] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  175.123456][ T8672] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  175.142620][ T5804] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  175.153985][ T5804] usb 2-1: USB disconnect, device number 11
[  175.249597][ T8281] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  175.471514][ T5873] nzxt-smart2 0003:1E71:2009.0007: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.3-1/input0
[  175.886748][ T5804] usb 4-1: USB disconnect, device number 10
[  176.193276][ T8725] loop1: detected capacity change from 0 to 1024
[  176.224478][ T8725] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  176.236765][ T8725] ext4 filesystem being mounted at /319/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.264294][ T8725] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  176.284233][ T8725] EXT4-fs (loop1): Remounting filesystem read-only
[  176.322112][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  176.544414][ T8737] loop5: detected capacity change from 0 to 64
[  176.587468][ T8737] hfs: small file entry
[  176.695220][ T5084] Bluetooth: hci1: ISO packet too small
[  176.699060][   T28] audit: type=1326 audit(1751521428.367:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8744 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394ed8e929 code=0x7ffc0000
[  176.748109][   T28] audit: type=1326 audit(1751521428.397:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8744 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394ed8e929 code=0x7ffc0000
[  176.771136][   T28] audit: type=1326 audit(1751521428.397:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8744 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f394ed8e929 code=0x7ffc0000
[  176.817937][   T28] audit: type=1326 audit(1751521428.397:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8744 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394ed8e929 code=0x7ffc0000
[  176.852622][   T28] audit: type=1326 audit(1751521428.397:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8744 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394ed8e929 code=0x7ffc0000
[  176.888519][ T5777] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  176.896574][ T5084] Bluetooth: hci4: command 0x1003 tx timeout
[  176.935654][ T8750] loop5: detected capacity change from 0 to 2048
[  176.942439][   T28] audit: type=1326 audit(1751521428.407:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8744 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f394ed8e929 code=0x7ffc0000
[  176.966469][ T8750] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  177.008367][ T8754] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  177.047496][   T28] audit: type=1326 audit(1751521428.407:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8744 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394ed8e929 code=0x7ffc0000
[  177.088266][   T28] audit: type=1326 audit(1751521428.407:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8744 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394ed8e929 code=0x7ffc0000
[  177.121573][   T28] audit: type=1326 audit(1751521428.407:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8744 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7f394ed8e929 code=0x7ffc0000
[  177.152964][   T28] audit: type=1326 audit(1751521428.407:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8744 comm="syz.5.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f394ed8e929 code=0x7ffc0000
[  177.367955][  T787] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  177.547720][ T8776] loop3: detected capacity change from 0 to 512
[  177.560159][  T787] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  177.569259][  T787] usb 5-1: config 0 has no interface number 0
[  177.579322][  T787] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  177.591546][  T787] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.600647][  T787] usb 5-1: Product: syz
[  177.605045][  T787] usb 5-1: Manufacturer: syz
[  177.605262][ T8776] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  177.614073][  T787] usb 5-1: SerialNumber: syz
[  177.641848][  T787] usb 5-1: config 0 descriptor??
[  177.647749][ T8776] ext4 filesystem being mounted at /253/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  177.732545][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  177.855605][  T787] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  177.874898][  T787] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  177.887341][  T787] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  177.899613][  T787] usb 5-1: media controller created
[  177.943865][  T787] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  178.249599][ T8785] loop3: detected capacity change from 0 to 32768
[  178.258064][ T8785] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.1098 (8785)
[  178.271429][ T8787] loop1: detected capacity change from 0 to 256
[  178.282792][ T8785] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  178.285993][ T8787] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d)
[  178.293501][ T8785] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  178.315318][ T8785] BTRFS info (device loop3): enabling auto defrag
[  178.322177][ T8785] BTRFS info (device loop3): use no compression
[  178.329751][ T8785] BTRFS info (device loop3): force clearing of disk cache
[  178.337047][ T8785] BTRFS info (device loop3): max_inline at 4096
[  178.343879][ T8785] BTRFS info (device loop3): turning on sync discard
[  178.351018][ T8785] BTRFS info (device loop3): disabling free space tree
[  178.384717][ T8787] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000008)
[  178.395127][ T8787] exFAT-fs (loop1): Filesystem has been set read-only
[  178.402212][ T8785] BTRFS info (device loop3): enabling ssd optimizations
[  178.402681][ T8787] exFAT-fs (loop1): error, failed to bmap (inode : ffff88805eae1b60 iblock : 8, err : -5)
[  178.422534][ T8785] BTRFS info (device loop3): rebuilding free space tree
[  178.426777][ T8787] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000008)
[  178.452305][ T8785] BTRFS info (device loop3): disabling free space tree
[  178.453809][ T8787] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000008)
[  178.459444][ T8785] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  178.459469][ T8785] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  178.489318][ T8787] exFAT-fs (loop1): error, failed to bmap (inode : ffff88805eae1b60 iblock : 8, err : -5)
[  178.500702][ T8787] exFAT-fs (loop1): error, invalid access to FAT free cluster (entry 0x00000008)
[  178.585540][ T5763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  178.788528][ T8808] No such timeout policy "syz1"
[  179.035293][ T8817] loop3: detected capacity change from 0 to 512
[  179.050136][  T787] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[  179.066182][ T8817] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  179.106419][ T8817] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  179.110942][  T787] usb 5-1: USB disconnect, device number 3
[  179.148009][ T8817] ext4 filesystem being mounted at /257/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  179.256482][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  179.555574][ T8841] loop3: detected capacity change from 0 to 512
[  179.564457][ T8841] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  179.579048][ T8841] EXT4-fs (loop3): 1 truncate cleaned up
[  179.585554][ T8841] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  179.608673][ T8841] EXT4-fs error (device loop3): ext4_get_verity_descriptor_location:298: inode #15: comm syz.3.1115: verity file has no extents
[  179.624511][ T8841] EXT4-fs (loop3): Remounting filesystem read-only
[  179.631266][ T8841] fs-verity (loop3, inode 15): Error -117 getting verity descriptor size
[  179.660771][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  180.944369][ T8869] netlink: 108 bytes leftover after parsing attributes in process `syz.4.1128'.
[  180.983022][ T8871] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1129'.
[  181.011023][ T8873] loop5: detected capacity change from 0 to 256
[  181.303697][ T8877] loop1: detected capacity change from 0 to 128
[  181.351393][ T8877] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  181.404129][ T8877] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  181.990545][ T8849] loop3: detected capacity change from 0 to 262144
[  182.002452][ T8849] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 scanned by syz.3.1118 (8849)
[  182.034215][ T8849] BTRFS info (device loop3): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  182.044627][ T8849] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  182.053947][ T8849] BTRFS info (device loop3): doing ref verification
[  182.060607][ T8849] BTRFS info (device loop3): enabling ssd optimizations
[  182.067575][ T8849] BTRFS info (device loop3): using spread ssd allocation scheme
[  182.075284][ T8849] BTRFS info (device loop3): using free space tree
[  182.227937][ T8849] BTRFS info (device loop3): auto enabling async discard
[  182.343013][ T8890] loop1: detected capacity change from 0 to 32768
[  182.379974][ T8890] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.1136 (8890)
[  182.419072][ T8890] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  182.438675][ T5763] BTRFS info (device loop3): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  182.442712][ T8890] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  182.478074][ T8890] BTRFS info (device loop1): enabling auto defrag
[  182.486960][ T8890] BTRFS info (device loop1): doing ref verification
[  182.507159][ T8890] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8)
[  182.531086][ T8890] BTRFS info (device loop1): use lzo compression, level 0
[  182.546060][ T8890] BTRFS info (device loop1): force clearing of disk cache
[  182.553758][ T8890] BTRFS info (device loop1): max_inline at 4096
[  182.578455][ T8890] BTRFS info (device loop1): disabling free space tree
[  182.791660][ T8892] loop4: detected capacity change from 0 to 32768
[  182.795762][ T8890] BTRFS info (device loop1): enabling ssd optimizations
[  182.820219][ T8890] BTRFS info (device loop1): auto enabling async discard
[  182.828527][ T8924] loop5: detected capacity change from 0 to 2048
[  182.850801][ T8890] BTRFS info (device loop1): rebuilding free space tree
[  182.894142][ T8890] BTRFS info (device loop1): disabling free space tree
[  182.901571][ T8890] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  182.928196][ T8890] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  182.929292][ T8924] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  182.952327][    T8] Process accounting resumed
[  183.084097][ T8281] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  183.342187][ T5765] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  183.770480][   T28] kauditd_printk_skb: 2 callbacks suppressed
[  183.770494][   T28] audit: type=1326 audit(1751521435.447:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8941 comm="syz.4.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f816ef8e929 code=0x7ffc0000
[  183.846732][   T28] audit: type=1326 audit(1751521435.447:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8941 comm="syz.4.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f816ef8e929 code=0x7ffc0000
[  183.942958][   T28] audit: type=1326 audit(1751521435.447:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8941 comm="syz.4.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f816ef8e929 code=0x7ffc0000
[  183.969200][ T8940] loop5: detected capacity change from 0 to 32768
[  184.002432][   T28] audit: type=1326 audit(1751521435.447:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8941 comm="syz.4.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f816ef8e929 code=0x7ffc0000
[  184.049830][   T28] audit: type=1326 audit(1751521435.447:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8941 comm="syz.4.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f816ef8e929 code=0x7ffc0000
[  184.105391][   T28] audit: type=1326 audit(1751521435.447:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8941 comm="syz.4.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f816ef2ab19 code=0x7ffc0000
[  184.162264][   T28] audit: type=1326 audit(1751521435.447:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8941 comm="syz.4.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f816ef2ab19 code=0x7ffc0000
[  184.201374][   T28] audit: type=1326 audit(1751521435.447:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8941 comm="syz.4.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f816ef2ab19 code=0x7ffc0000
[  184.228357][   T28] audit: type=1326 audit(1751521435.447:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8941 comm="syz.4.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f816ef2ab19 code=0x7ffc0000
[  184.262188][   T28] audit: type=1326 audit(1751521435.447:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8941 comm="syz.4.1145" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f816ef2ab19 code=0x7ffc0000
[  184.316723][ T8951] 8021q: VLANs not supported on hsr0
[  184.786996][ T8973] loop4: detected capacity change from 0 to 164
[  184.808108][  T787] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  184.902168][ T8980] loop5: detected capacity change from 0 to 256
[  185.010553][  T787] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  185.022072][  T787] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  185.032833][  T787] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00
[  185.043391][  T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.054797][  T787] usb 4-1: config 0 descriptor??
[  185.147950][ T5818] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  185.271858][ T8992] Bluetooth: MGMT ver 1.22
[  185.348064][ T5818] usb 5-1: Using ep0 maxpacket: 16
[  185.373489][ T5818] usb 5-1: config 0 interface 0 has no altsetting 0
[  185.380343][ T5818] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  185.393808][ T5818] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  185.410535][ T5818] usb 5-1: config 0 descriptor??
[  185.485704][  T787] lua 0003:1E7D:2C2E.0008: item fetching failed at offset 1/5
[  185.499708][  T787] lua 0003:1E7D:2C2E.0008: parse failed
[  185.505668][  T787] lua: probe of 0003:1E7D:2C2E.0008 failed with error -22
[  185.686230][    T8] usb 4-1: USB disconnect, device number 11
[  185.799235][ T9005] loop1: detected capacity change from 0 to 256
[  185.808529][ T9005] exfat: Bad value for 'uid'
[  185.834132][ T5818] hid (null): unknown global tag 0xd
[  185.840600][ T5818] hid (null): unknown global tag 0xa7
[  185.846325][ T5818] hid (null): global environment stack underflow
[  185.857465][ T5818] hid (null): unknown global tag 0xc
[  185.869074][ T5818] hid (null): invalid report_count -1607100
[  186.040630][ T5818] usb 5-1: USB disconnect, device number 4
[  186.674667][ T9020] use of bytesused == 0 is deprecated and will be removed in the future,
[  186.684036][ T9020] use the actual size instead.
[  187.171344][ T9022] loop4: detected capacity change from 0 to 40427
[  187.192591][ T9022] F2FS-fs (loop4): invalid crc value
[  187.229227][ T9022] F2FS-fs (loop4): Found nat_bits in checkpoint
[  187.286423][ T9022] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  187.426143][ T9022] syz.4.1182: attempt to access beyond end of device
[  187.426143][ T9022] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  187.542884][ T8251] syz-executor: attempt to access beyond end of device
[  187.542884][ T8251] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  187.577907][ T8251] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  187.913753][ T9048] loop3: detected capacity change from 0 to 512
[  187.949826][ T9048] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  187.986949][ T9048] EXT4-fs (loop3): 1 truncate cleaned up
[  188.003468][ T9048] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  188.059946][ T9048] fscrypt (loop3, inode 18): Direct key flag not allowed with different contents and filenames modes
[  188.124390][ T9053] loop4: detected capacity change from 0 to 128
[  188.136234][ T9053] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  188.161510][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.174562][ T9053] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  188.243704][ T9055] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1195'.
[  188.294392][ T9055] nbd: socks must be embedded in a SOCK_ITEM attr
[  188.455564][ T9065] loop1: detected capacity change from 0 to 256
[  188.587431][ T9070] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097152)
[  188.603535][ T9070] FAT-fs (loop1): error, corrupted file size (i_pos 196, 2097152)
[  188.645515][ T9072] loop3: detected capacity change from 0 to 256
[  188.672355][ T9072] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  188.915638][ T9082] loop1: detected capacity change from 0 to 512
[  188.963523][ T9082] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  189.008018][ T9082] ext4 filesystem being mounted at /354/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  189.101762][ T9082] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  189.198353][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.226326][ T9092] loop5: detected capacity change from 0 to 512
[  189.265843][ T9092] EXT4-fs: Ignoring removed orlov option
[  189.314395][ T9092] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  189.330919][ T9096] loop1: detected capacity change from 0 to 2048
[  189.335089][ T9092] EXT4-fs (loop5): orphan cleanup on readonly fs
[  189.380482][ T9096] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found
[  189.398981][ T9092] EXT4-fs error (device loop5): ext4_validate_block_bitmap:439: comm syz.5.1211: bg 0: block 248: padding at end of block bitmap is not set
[  189.431061][ T9096] UDF-fs: Scanning with blocksize 512 failed
[  189.445780][ T9096] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  189.476165][ T9092] __quota_error: 107 callbacks suppressed
[  189.476182][ T9092] Quota error (device loop5): write_blk: dquota write failed
[  189.493401][ T9092] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  189.508772][ T9092] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.1211: Failed to acquire dquot type 1
[  189.556498][ T9092] EXT4-fs (loop5): 1 truncate cleaned up
[  189.564668][ T9092] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  189.586869][ T9092] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended
[  189.640005][ T9092] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  189.648674][ T9092] ext4 filesystem being remounted at /66/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  189.665748][ T9092] Quota error (device loop5): write_blk: dquota write failed
[  189.675501][ T9092] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota
[  189.685836][ T9092] EXT4-fs error (device loop5): ext4_acquire_dquot:6938: comm syz.5.1211: Failed to acquire dquot type 1
[  189.750921][ T8281] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.790236][   T42] Quota error (device loop5): do_check_range: Getting block 0 out of range 1-5
[  189.810856][   T42] EXT4-fs error (device loop5): ext4_release_dquot:6974: comm kworker/u4:2: Failed to release dquot type 1
[  189.916138][ T9112] loop4: detected capacity change from 0 to 512
[  189.945433][ T9112] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  189.984684][ T9115] loop5: detected capacity change from 0 to 164
[  190.022445][ T9115] ISOFS: unable to read i-node block
[  190.037959][ T9115] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  190.225629][ T9106] loop3: detected capacity change from 0 to 32768
[  190.235652][ T9106] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.1216 (9106)
[  190.268993][ T9106] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  190.297983][ T9106] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  190.306698][ T9106] BTRFS info (device loop3): enabling auto defrag
[  190.328891][ T9106] BTRFS info (device loop3): doing ref verification
[  190.335565][ T9106] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8)
[  190.358187][ T9106] BTRFS info (device loop3): use lzo compression, level 0
[  190.365354][ T9106] BTRFS info (device loop3): force clearing of disk cache
[  190.377362][ T9106] BTRFS info (device loop3): max_inline at 4096
[  190.386147][ T9106] BTRFS info (device loop3): disabling free space tree
[  190.408579][ T5777] Bluetooth: hci0: command 0x0405 tx timeout
[  190.416333][ T9106] BTRFS info (device loop3): enabling ssd optimizations
[  190.423390][ T9106] BTRFS info (device loop3): auto enabling async discard
[  190.432530][ T9106] BTRFS info (device loop3): rebuilding free space tree
[  190.446984][ T9106] BTRFS info (device loop3): disabling free space tree
[  190.454804][ T9106] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  190.464984][ T9106] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  190.478067][ T5818] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  190.637915][    T8] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  190.646679][ T5763] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  190.657552][ T5768] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  190.689587][ T5818] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  190.699929][ T5818] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  190.710712][ T5818] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  190.723258][ T5818] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  190.732047][ T5818] usb 5-1: SerialNumber: syz
[  190.859670][ T5768] usb 6-1: Using ep0 maxpacket: 32
[  190.878846][    T8] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  190.887161][    T8] usb 2-1: config 0 has no interface number 0
[  190.899224][ T5768] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  190.908692][    T8] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  190.920049][ T5768] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.943267][ T5768] usb 6-1: config 0 descriptor??
[  190.948333][    T8] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  190.961759][ T5818] usb 5-1: 0:2 : does not exist
[  190.973214][    T8] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  190.982970][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.008124][    T8] usb 2-1: config 0 descriptor??
[  191.019506][ T5818] usb 5-1: USB disconnect, device number 5
[  191.079549][ T9147] sock: sock_timestamping_bind_phc: sock not bind to device
[  191.179486][ T5768] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  191.210427][ T5768] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  191.239027][ T5768] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  191.246263][ T5768] usb 6-1: media controller created
[  191.289523][ T5768] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  191.402522][ T5768] az6027: usb out operation failed. (-71)
[  191.418279][ T5768] az6027: usb out operation failed. (-71)
[  191.424165][ T5768] stb0899_attach: Driver disabled by Kconfig
[  191.443118][    T8] uclogic 0003:256C:006D.000A: No inputs registered, leaving
[  191.477865][ T5768] az6027: no front-end attached
[  191.477865][ T5768] 
[  191.498174][    T8] uclogic 0003:256C:006D.000A: hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.1-1/input1
[  191.517938][ T5768] az6027: usb out operation failed. (-71)
[  191.523705][ T5768] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  191.541661][ T5777] Bluetooth: hci1: command 0x0406 tx timeout
[  191.563574][ T5768] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input18
[  191.577415][ T5768] dvb-usb: schedule remote query interval to 400 msecs.
[  191.605800][ T5768] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  191.632658][ T5768] usb 6-1: USB disconnect, device number 2
[  191.669391][    T8] usb 2-1: USB disconnect, device number 12
[  191.745378][ T5768] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  192.112418][ T9168] loop3: detected capacity change from 0 to 2048
[  192.170312][ T9169] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  192.230815][ T9168] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  192.274655][ T9168] Remounting filesystem read-only
[  192.307674][ T9168] NILFS (loop3): error -2 truncating bmap (ino=16)
[  192.414873][ T5763] NILFS (loop3): discard dirty page: offset=4096, ino=6
[  192.429606][ T5763] NILFS (loop3): discard dirty block: blocknr=39, size=1024
[  192.443109][ T5763] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  192.462376][ T5763] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  192.481850][ T5763] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  192.503411][ T5763] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer
[  192.515621][ T5763] NILFS (loop3): discard dirty page: offset=0, ino=3
[  192.522846][ T5763] NILFS (loop3): discard dirty block: blocknr=42, size=1024
[  192.536648][ T5763] NILFS (loop3): discard dirty block: blocknr=43, size=1024
[  192.545543][ T5763] NILFS (loop3): discard dirty block: blocknr=44, size=1024
[  192.553118][ T5763] NILFS (loop3): discard dirty block: blocknr=18446744073709551615, size=1024
[  192.786059][ T9189] loop3: detected capacity change from 0 to 512
[  192.806586][ T9189] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  192.858331][ T9189] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.1247: couldn't read orphan inode 26 (err -116)
[  192.886118][ T9189] EXT4-fs (loop3): Remounting filesystem read-only
[  192.902037][ T9189] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.932865][ T9189] ext4 filesystem being mounted at /293/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  193.017145][ T9182] loop1: detected capacity change from 0 to 32768
[  193.041283][ T9182] (syz.1.1244,9182,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  193.063315][ T9182] (syz.1.1244,9182,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  193.080434][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.142705][ T9182] JBD2: Ignoring recovery information on journal
[  193.214124][ T9182] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  193.411642][ T5765] ocfs2: Unmounting device (7,1) on (node local)
[  193.682694][ T5084] Bluetooth: hci0: unexpected event for opcode 0x042f
[  193.792643][ T9206] loop1: detected capacity change from 0 to 512
[  193.860913][ T9206] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.881079][ T9206] ext4 filesystem being mounted at /363/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  194.032345][ T9195] loop3: detected capacity change from 0 to 40427
[  194.046966][ T5765] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  194.148181][ T9195] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  194.155976][ T9195] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  194.204526][ T9195] F2FS-fs (loop3): invalid crc value
[  194.235755][ T9220] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1256'.
[  194.250838][ T9195] F2FS-fs (loop3): Found nat_bits in checkpoint
[  194.263274][ T9220] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1256'.
[  194.365154][ T9195] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  194.388065][ T9195] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  194.431061][ T9195] syz.3.1248: attempt to access beyond end of device
[  194.431061][ T9195] loop3: rw=2049, sector=45096, nr_sectors = 88 limit=40427
[  194.481172][ T9195] syz.3.1248: attempt to access beyond end of device
[  194.481172][ T9195] loop3: rw=2049, sector=45184, nr_sectors = 40 limit=40427
[  194.514024][ T9195] syz.3.1248: attempt to access beyond end of device
[  194.514024][ T9195] loop3: rw=2049, sector=45096, nr_sectors = 88 limit=40427
[  194.579181][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  194.585555][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  194.946814][ T9228] loop1: detected capacity change from 0 to 32768
[  194.989558][ T9228] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  195.067921][    T8] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  195.085211][ T9228] XFS (loop1): Ending clean mount
[  195.106283][ T9228] XFS (loop1): Quotacheck needed: Please wait.
[  195.176287][ T9228] XFS (loop1): Quotacheck: Done.
[  195.189944][ T9177] syz.4.1242 (9177): drop_caches: 1
[  195.266759][ T9247] io-wq is not configured for unbound workers
[  195.280041][    T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  195.302056][    T8] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  195.312961][    T8] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  195.327643][    T8] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.349008][    T8] usb 6-1: config 0 descriptor??
[  195.349123][ T5765] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  195.356753][    T8] hub 6-1:0.0: USB hub found
[  195.558430][    T8] hub 6-1:0.0: 1 port detected
[  195.764050][    T8] hub 6-1:0.0: hub_hub_status failed (err = -71)
[  195.778236][    T8] hub 6-1:0.0: config failed, can't get hub status (err -71)
[  195.799264][    T8] usbhid 6-1:0.0: can't add hid device: -71
[  195.805332][    T8] usbhid: probe of 6-1:0.0 failed with error -71
[  195.863823][    T8] usb 6-1: USB disconnect, device number 3
[  195.895432][ T9263] program syz.4.1274 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  196.702104][ T9267] loop3: detected capacity change from 0 to 32768
[  196.751072][ T9267] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  196.782237][   T28] audit: type=1800 audit(1751521448.467:193): pid=9267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1275" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  196.927086][ T9277] loop5: detected capacity change from 0 to 32768
[  197.012207][   T28] audit: type=1800 audit(1751521448.687:194): pid=9277 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1280" name="bus" dev="loop5" ino=4096 res=0 errno=0
[  197.059071][ T9267] syz.3.1275 (9267) used greatest stack depth: 18288 bytes left
[  197.115131][ T5763] ocfs2: Unmounting device (7,3) on (node local)
[  197.334938][ T9291] loop3: detected capacity change from 0 to 128
[  197.342278][ T9291] EXT4-fs: Ignoring removed nobh option
[  197.361474][ T9291] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  197.376579][ T9291] ext4 filesystem being mounted at /299/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  197.468301][ T5763] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  197.479188][   T27] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  197.554196][ T9299] loop3: detected capacity change from 0 to 2048
[  197.561922][ T9299] EXT4-fs: Ignoring removed nobh option
[  197.603015][ T9299] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.631871][ T9299] ext4 filesystem being mounted at /300/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  197.667948][   T27] usb 5-1: Using ep0 maxpacket: 16
[  197.684066][   T27] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  197.705588][   T27] usb 5-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[  197.719578][ T5763] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.727889][   T27] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.739845][   T27] usb 5-1: config 0 descriptor??
[  197.984034][ T9313] loop3: detected capacity change from 0 to 4096
[  198.037910][ T5818] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  198.160569][   T27] creative-sb0540 0003:041E:3100.000B: unknown main item tag 0x0
[  198.176394][   T27] creative-sb0540 0003:041E:3100.000B: item fetching failed at offset 3/5
[  198.196426][ T9310] loop1: detected capacity change from 0 to 32768
[  198.203770][   T27] creative-sb0540 0003:041E:3100.000B: parse failed
[  198.211696][   T27] creative-sb0540: probe of 0003:041E:3100.000B failed with error -22
[  198.237730][ T9310] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  198.246929][ T5818] usb 6-1: Using ep0 maxpacket: 16
[  198.255564][ T5818] usb 6-1: config 0 interface 0 has no altsetting 0
[  198.267982][ T5818] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  198.283395][ T5818] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.299531][ T5818] usb 6-1: config 0 descriptor??
[  198.308231][   T28] audit: type=1800 audit(1751521449.977:195): pid=9310 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1292" name="file1" dev="loop1" ino=17058 res=0 errno=0
[  198.370773][  T786] usb 5-1: USB disconnect, device number 6
[  198.750010][ T5818] hid (null): invalid report_size 41201
[  198.755672][ T5818] hid (null): unknown global tag 0xe
[  198.777883][ T5818] hid (null): unknown global tag 0xe
[  198.783367][ T5818] hid (null): bogus close delimiter
[  198.840638][ T5765] ocfs2: Unmounting device (7,1) on (node local)
[  198.982576][ T5818] usb 6-1: USB disconnect, device number 4
[  199.240951][ T9342] loop1: detected capacity change from 0 to 65
[  199.257012][ T9342] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  199.274128][ T9344] loop3: detected capacity change from 0 to 1024
[  199.314280][ T9344] hfsplus: catalog searching failed
[  199.357184][   T42] hfsplus: bad catalog file entry
[  199.362883][   T42] hfsplus: b-tree write err: -5, ino 3
[  200.293886][ T9348] loop5: detected capacity change from 0 to 32768
[  200.333873][ T9348] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  200.428027][   T28] audit: type=1800 audit(1751521452.097:196): pid=9348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1307" name="file1" dev="loop5" ino=17058 res=0 errno=0
[  200.533505][ T9349] loop3: detected capacity change from 0 to 40427
[  200.577073][ T9349] F2FS-fs (loop3): heap/no_heap options were deprecated
[  200.595734][ T9348] 
[  200.598118][ T9348] ======================================================
[  200.605141][ T9348] WARNING: possible circular locking dependency detected
[  200.612181][ T9348] 6.6.95-syzkaller #0 Not tainted
[  200.617208][ T9348] ------------------------------------------------------
[  200.624225][ T9348] syz.5.1307/9348 is trying to acquire lock:
[  200.630198][ T9348] ffff88805b0b42d8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}, at: ocfs2_del_inode_from_orphan+0x135/0x740
[  200.639738][ T9349] F2FS-fs (loop3): invalid crc value
[  200.643146][ T9348] 
[  200.643146][ T9348] but task is already holding lock:
[  200.643155][ T9348] ffff88805b0714a0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_dio_end_io+0x38c/0x10f0
[  200.666401][ T9348] 
[  200.666401][ T9348] which lock already depends on the new lock.
[  200.666401][ T9348] 
[  200.676814][ T9348] 
[  200.676814][ T9348] the existing dependency chain (in reverse order) is:
[  200.685847][ T9348] 
[  200.685847][ T9348] -> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}:
[  200.694705][ T9348]        down_write+0x97/0x1f0
[  200.699470][ T9348]        ocfs2_create_local_dquot+0x1a4/0x1790
[  200.705618][ T9348]        ocfs2_acquire_dquot+0x7cf/0xaf0
[  200.711235][ T9348]        dqget+0x77c/0xeb0
[  200.715644][ T9348]        __dquot_initialize+0x3ba/0xcb0
[  200.721180][ T9348]        ocfs2_get_init_inode+0x13c/0x1b0
[  200.726895][ T9348]        ocfs2_symlink+0xb84/0x2550
[  200.732080][ T9348]        vfs_symlink+0x138/0x2b0
[  200.737006][ T9348]        do_symlinkat+0x1b2/0x3f0
[  200.742059][ T9348]        __x64_sys_symlink+0x7e/0x90
[  200.747336][ T9348]        do_syscall_64+0x55/0xb0
[  200.752268][ T9348]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  200.758775][ T9348] 
[  200.758775][ T9348] -> #2 (&dquot->dq_lock){+.+.}-{3:3}:
[  200.766406][ T9348]        __mutex_lock+0x129/0xcc0
[  200.771420][ T9348]        dqget+0x6fc/0xeb0
[  200.775826][ T9348]        __dquot_initialize+0x3ba/0xcb0
[  200.781359][ T9348]        ocfs2_get_init_inode+0x13c/0x1b0
[  200.787063][ T9348]        ocfs2_symlink+0xb84/0x2550
[  200.793029][ T9348]        vfs_symlink+0x138/0x2b0
[  200.797988][ T9348]        do_symlinkat+0x1b2/0x3f0
[  200.803039][ T9348]        __x64_sys_symlink+0x7e/0x90
[  200.808314][ T9348]        do_syscall_64+0x55/0xb0
[  200.813767][ T9348]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  200.820175][ T9348] 
[  200.820175][ T9348] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#6){+.+.}-{3:3}:
[  200.830678][ T9348]        down_write+0x97/0x1f0
[  200.835432][ T9348]        ocfs2_evict_inode+0x1313/0x3e60
[  200.841049][ T9348]        evict+0x486/0x870
[  200.845453][ T9348]        vfs_rmdir+0x39b/0x4d0
[  200.850203][ T9348]        do_rmdir+0x29e/0x5c0
[  200.854868][ T9348]        __x64_sys_rmdir+0x49/0x50
[  200.859966][ T9348]        do_syscall_64+0x55/0xb0
[  200.864894][ T9348]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  200.871300][ T9348] 
[  200.871300][ T9348] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]){+.+.}-{3:3}:
[  200.881655][ T9348]        __lock_acquire+0x2ddb/0x7c80
[  200.887018][ T9348]        lock_acquire+0x197/0x410
[  200.892027][ T9348]        down_write+0x97/0x1f0
[  200.896779][ T9348]        ocfs2_del_inode_from_orphan+0x135/0x740
[  200.903111][ T9348]        ocfs2_dio_end_io+0x47b/0x10f0
[  200.908567][ T9348]        dio_complete+0x254/0x710
[  200.913586][ T9348]        __blockdev_direct_IO+0x2dc8/0x3420
[  200.919475][ T9348]        ocfs2_direct_IO+0x240/0x2b0
[  200.924744][ T9348]        generic_file_direct_write+0x1d4/0x3e0
[  200.930889][ T9348]        __generic_file_write_iter+0x11b/0x230
[  200.937030][ T9348]        ocfs2_file_write_iter+0x1582/0x1d00
[  200.942997][ T9348]        do_iter_write+0x79a/0xc70
[  200.948094][ T9348]        iter_file_splice_write+0x66f/0xc50
[  200.953989][ T9348]        direct_splice_actor+0xe8/0x130
[  200.959540][ T9348]        splice_direct_to_actor+0x2f0/0x870
[  200.965430][ T9348]        do_splice_direct+0x1b7/0x2c0
[  200.970789][ T9348]        do_sendfile+0x5dc/0xf70
[  200.975715][ T9348]        __se_sys_sendfile64+0x13f/0x190
[  200.981331][ T9348]        do_syscall_64+0x55/0xb0
[  200.986259][ T9348]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  200.992667][ T9348] 
[  200.992667][ T9348] other info that might help us debug this:
[  200.992667][ T9348] 
[  201.002887][ T9348] Chain exists of:
[  201.002887][ T9348]   &ocfs2_sysfile_lock_key[args->fi_sysfile_type] --> &dquot->dq_lock --> &ocfs2_quota_ip_alloc_sem_key
[  201.002887][ T9348] 
[  201.019832][ T9348]  Possible unsafe locking scenario:
[  201.019832][ T9348] 
[  201.027267][ T9348]        CPU0                    CPU1
[  201.032616][ T9348]        ----                    ----
[  201.037965][ T9348]   lock(&ocfs2_quota_ip_alloc_sem_key);
[  201.043584][ T9348]                                lock(&dquot->dq_lock);
[  201.050506][ T9348]                                lock(&ocfs2_quota_ip_alloc_sem_key);
[  201.058646][ T9348]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]);
[  201.065743][ T9348] 
[  201.065743][ T9348]  *** DEADLOCK ***
[  201.065743][ T9348] 
[  201.073872][ T9348] 3 locks held by syz.5.1307/9348:
[  201.078968][ T9348]  #0: ffff88807b04e418 (sb_writers#18){.+.+}-{0:0}, at: do_sendfile+0x5b9/0xf70
[  201.088105][ T9348]  #1: ffff88805b071818 (&sb->s_type->i_mutex_key#30){+.+.}-{3:3}, at: ocfs2_file_write_iter+0x40b/0x1d00
[  201.099404][ T9348]  #2: ffff88805b0714a0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_dio_end_io+0x38c/0x10f0
[  201.110436][ T9348] 
[  201.110436][ T9348] stack backtrace:
[  201.116305][ T9348] CPU: 1 PID: 9348 Comm: syz.5.1307 Not tainted 6.6.95-syzkaller #0
[  201.124266][ T9348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  201.134318][ T9348] Call Trace:
[  201.137588][ T9348]  <TASK>
[  201.140507][ T9348]  dump_stack_lvl+0x16c/0x230
[  201.145180][ T9348]  ? load_image+0x3b0/0x3b0
[  201.149674][ T9348]  ? show_regs_print_info+0x20/0x20
[  201.154867][ T9348]  ? print_circular_bug+0x12b/0x1a0
[  201.160057][ T9348]  check_noncircular+0x2bd/0x3c0
[  201.164991][ T9348]  ? print_deadlock_bug+0x5d0/0x5d0
[  201.170183][ T9348]  ? lockdep_lock+0xe0/0x220
[  201.174766][ T9348]  ? _find_first_zero_bit+0xd3/0x100
[  201.180043][ T9348]  __lock_acquire+0x2ddb/0x7c80
[  201.184890][ T9348]  ? ocfs2_get_system_file_inode+0x1e3/0x7b0
[  201.190865][ T9348]  ? __lock_acquire+0x7c80/0x7c80
[  201.195885][ T9348]  ? verify_lock_unused+0x140/0x140
[  201.201077][ T9348]  ? __mutex_unlock_slowpath+0x1a2/0x6a0
[  201.206703][ T9348]  ? do_raw_spin_lock+0x121/0x2c0
[  201.211715][ T9348]  ? mutex_unlock+0x10/0x10
[  201.216270][ T9348]  lock_acquire+0x197/0x410
[  201.220760][ T9348]  ? ocfs2_del_inode_from_orphan+0x135/0x740
[  201.226733][ T9348]  ? ocfs2_get_system_file_inode+0x1f1/0x7b0
[  201.232707][ T9348]  ? __might_sleep+0xe0/0xe0
[  201.237289][ T9348]  ? read_lock_is_recursive+0x20/0x20
[  201.242647][ T9348]  ? ocfs2_fast_symlink_read_folio+0x530/0x530
[  201.248794][ T9348]  ? do_raw_spin_unlock+0x121/0x230
[  201.254004][ T9348]  down_write+0x97/0x1f0
[  201.258235][ T9348]  ? ocfs2_del_inode_from_orphan+0x135/0x740
[  201.264204][ T9348]  ? down_read_killable+0x340/0x340
[  201.269396][ T9348]  ocfs2_del_inode_from_orphan+0x135/0x740
[  201.275193][ T9348]  ? __might_sleep+0xe0/0xe0
[  201.279794][ T9348]  ? read_lock_is_recursive+0x20/0x20
[  201.285239][ T9348]  ? ocfs2_add_inode_to_orphan+0x710/0x710
[  201.291033][ T9348]  ? __lock_acquire+0x1334/0x7c80
[  201.296135][ T9348]  ? down_write+0x162/0x1f0
[  201.300646][ T9348]  ? down_read_killable+0x340/0x340
[  201.305837][ T9348]  ocfs2_dio_end_io+0x47b/0x10f0
[  201.310767][ T9348]  ? ocfs2_dio_wr_get_block+0x17a0/0x17a0
[  201.316470][ T9348]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  201.322376][ T9348]  ? _raw_spin_unlock+0x40/0x40
[  201.327408][ T9348]  ? debug_check_no_obj_freed+0x51f/0x540
[  201.333567][ T9348]  ? mark_lock+0x94/0x320
[  201.337889][ T9348]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  201.343862][ T9348]  ? lock_chain_count+0x20/0x20
[  201.348728][ T9348]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  201.354616][ T9348]  ? lockdep_hardirqs_on+0x98/0x150
[  201.359803][ T9348]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  201.365688][ T9348]  ? ocfs2_dio_wr_get_block+0x17a0/0x17a0
[  201.371395][ T9348]  dio_complete+0x254/0x710
[  201.375891][ T9348]  __blockdev_direct_IO+0x2dc8/0x3420
[  201.381271][ T9348]  ? show_vfsstat+0x3a0/0x3a0
[  201.386022][ T9348]  ? mark_lock+0x94/0x320
[  201.390341][ T9348]  ? ocfs2_lock_get_block+0x60/0x60
[  201.395534][ T9348]  ? filemap_write_and_wait_range+0x160/0x1f0
[  201.401608][ T9348]  ? lockdep_hardirqs_on_prepare+0x400/0x760
[  201.407581][ T9348]  ? file_update_time+0x197/0x1b0
[  201.412593][ T9348]  ? ocfs2_lock_get_block+0x60/0x60
[  201.417779][ T9348]  ocfs2_direct_IO+0x240/0x2b0
[  201.422535][ T9348]  generic_file_direct_write+0x1d4/0x3e0
[  201.428159][ T9348]  __generic_file_write_iter+0x11b/0x230
[  201.433775][ T9348]  ? ocfs2_file_write_iter+0x1559/0x1d00
[  201.439393][ T9348]  ocfs2_file_write_iter+0x1582/0x1d00
[  201.444846][ T9348]  ? ocfs2_file_read_iter+0xa30/0xa30
[  201.450218][ T9348]  ? stack_trace_snprint+0xf0/0xf0
[  201.455320][ T9348]  ? kasan_set_track+0x5f/0x70
[  201.460071][ T9348]  ? aa_path_link+0xdd0/0xdd0
[  201.464735][ T9348]  ? iter_file_splice_write+0x18a/0xc50
[  201.470352][ T9348]  ? direct_splice_actor+0xe8/0x130
[  201.475540][ T9348]  ? splice_direct_to_actor+0x2f0/0x870
[  201.481083][ T9348]  ? do_splice_direct+0x1b7/0x2c0
[  201.486094][ T9348]  ? do_sendfile+0x5dc/0xf70
[  201.490669][ T9348]  ? __se_sys_sendfile64+0x13f/0x190
[  201.495940][ T9348]  ? do_syscall_64+0x55/0xb0
[  201.500521][ T9348]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  201.506582][ T9348]  ? end_current_label_crit_section+0x149/0x170
[  201.512816][ T9348]  ? common_file_perm+0x198/0x1f0
[  201.517866][ T9348]  do_iter_write+0x79a/0xc70
[  201.522478][ T9348]  ? vfs_iter_write+0xa0/0xa0
[  201.527163][ T9348]  ? __asan_memset+0x22/0x40
[  201.531759][ T9348]  ? iov_iter_bvec+0xd4/0x1b0
[  201.536426][ T9348]  ? vfs_iter_write+0x6e/0xa0
[  201.541098][ T9348]  iter_file_splice_write+0x66f/0xc50
[  201.546466][ T9348]  ? splice_from_pipe+0x150/0x150
[  201.551478][ T9348]  ? splice_shrink_spd+0xc0/0xc0
[  201.556406][ T9348]  ? common_file_perm+0x198/0x1f0
[  201.561427][ T9348]  ? splice_from_pipe+0x150/0x150
[  201.566438][ T9348]  direct_splice_actor+0xe8/0x130
[  201.571451][ T9348]  splice_direct_to_actor+0x2f0/0x870
[  201.576902][ T9348]  ? direct_file_splice_eof+0xb0/0xb0
[  201.582263][ T9348]  ? warn_unsupported+0xc0/0xc0
[  201.587105][ T9348]  ? fsnotify_perm+0x5d/0x5e0
[  201.591766][ T9348]  ? security_file_permission+0x79/0xa0
[  201.597297][ T9348]  do_splice_direct+0x1b7/0x2c0
[  201.602169][ T9348]  ? splice_direct_to_actor+0x870/0x870
[  201.607711][ T9348]  ? rcu_read_lock_any_held+0xb4/0x120
[  201.613163][ T9348]  ? do_splice_direct+0x2c0/0x2c0
[  201.618180][ T9348]  do_sendfile+0x5dc/0xf70
[  201.622586][ T9348]  ? do_pwritev+0x340/0x340
[  201.627077][ T9348]  __se_sys_sendfile64+0x13f/0x190
[  201.632172][ T9348]  ? lock_chain_count+0x20/0x20
[  201.637023][ T9348]  ? __x64_sys_sendfile64+0xb0/0xb0
[  201.642234][ T9348]  ? lockdep_hardirqs_on+0x98/0x150
[  201.647429][ T9348]  do_syscall_64+0x55/0xb0
[  201.651839][ T9348]  ? clear_bhb_loop+0x40/0x90
[  201.656510][ T9348]  ? clear_bhb_loop+0x40/0x90
[  201.661170][ T9348]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  201.667053][ T9348] RIP: 0033:0x7f394ed8e929
[  201.671455][ T9348] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  201.691052][ T9348] RSP: 002b:00007f394fb59038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  201.699455][ T9348] RAX: ffffffffffffffda RBX: 00007f394efb5fa0 RCX: 00007f394ed8e929
[  201.707414][ T9348] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[  201.715377][ T9348] RBP: 00007f394ee10b39 R08: 0000000000000000 R09: 0000000000000000
[  201.723332][ T9348] R10: 0000000000fffe82 R11: 0000000000000246 R12: 0000000000000000
[  201.731288][ T9348] R13: 0000000000000000 R14: 00007f394efb5fa0 R15: 00007ffe390db028
[  201.739253][ T9348]  </TASK>
[  201.789756][ T9349] F2FS-fs (loop3): Found nat_bits in checkpoint
[  201.835541][ T9349] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  201.844702][ T8281] ocfs2: Unmounting device (7,5) on (node local)