last executing test programs:

2m40.304895247s ago: executing program 0 (id=730):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x25dfdbfb, {0x26}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x0)

2m40.234245123s ago: executing program 0 (id=731):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000001140)=ANY=[@ANYBLOB="85000000ae00000025000000000000009500000000000000afcd48d6493790710000000000080000b2c6161dba392176dd2963038e1d69ba7ea94c500dc4ef2fad96ed406f21caf5adcf920569c00cc1199684fa7c93836d9ea2cfb0e60436e05425cc4686b066707de94a4f4d5fc79c987d669f381faca0f9d9924be41a9169bdfaf16da915b2e249f21c6eee84309e7a23c19a39484809539fcb4e0b6eab1aa7d55545a34effa077faa55c59e88254f54077f799bf168301000000bfb1c0e6b1244d35b213bda84cc172afcc2e47a7d8b85a5e3d77ac463920e231b7ae0da8616d2b7958f91f5da6c025d060ab186d94af98af1da2b5952eb15855933a212304e035f7a35dfc72c81256a55a25f8fe3b28d7e53c78fbb888b0255f347160ec83070000000000004015cf10453f6c0b973b81a484ebad04859d928365a7ea3fab2e4b380a00d72bc0480f94479757306720399379d9271cf555c14d56b51c2298237bebfc08e0d5976a942b844139f1111f2dc5e46ac1c60a9b030074bfbcd4b09012175484135f0e519f0b1e4aaa026d570ecb5e8cddbed65ff702000000a3ff4f8a4cf796b07a6ff61c5552417fd703f7f14d8b78a602ca3cdf6a662d8bc9c89c9120072a5d00dcdd8595356c9b2492aaf1264d4ef4a410c882834867bcd2b6e558d17879570c8ad943e392955f4f979ea13201bafe4f0f6ea508000000a0c548552b571bed5647323478a99681cbb17d9f37282462f0e9c147c0d497c61433c6ccc35601eef97ee611be8c97f4151fcda6cb799c6e924966a7f90bf8fd1e75ee76bd72346cfbb526890aa7fe5e68949a3b304723177d356c46e83efceefd78a2533659edc8bef9cb85451c6a145074343caea5c4bf690441974b155f5adc681a03c0bbb8358856175e2ce8b0cbbbe3c033e54ffcebde1d9d3d350000000000000000e0f209150a07682c4e14e3a83558df6f3fc97f1730a136bdee07e98cb984b2e2304a1b63afefdb636e56bbaae4e62136574bc6371a0bb2be1a962aae9c1258da6ef590e1d85ea9e12b3025f43e7e08ccffc5064dea4c39cf4b98e1fc6efb5978f51e16b678eca0b658a56008948e5a61561a9845e4ff29e2bd43b5b923b272341c5e093fd66a2946501559335781092cf8ce987c56cd31121624d7455f2a3666276c3c0e812b28e2f30d035cee5d0e77a3c72208ec651cc0ae637fa474816bc59d2e2a00092419304b338a987e9d3044d856ce24f370030be3b5f79f030b8d3ebcef5af469abe753314fae31a09c3a041a1e7b55c4e81dba1e12289ee34463aaf28345bde0c195bc9f022ca8ce37ed85464c31679053e7f9d04bb5cb51da0b7958989fd70f241262d0af3246eb4fc4bda345360200000001fbddeacd3adaa4d2715e21c772ccd44341f7fd53df58ae791ee8b489a7c9efe3625a9d971b5997485d6a063dc6f7359e2eccc2fb39d419de1a7b5c9dc22c96295a0600adf59d44e58eb1c60b3475be31a9b7cf42b6402312d2725b8d9fa7000008000000000000117ca65fc86c2dce97aa03279a66ec87122219b0f796ab92b1adecae50fdb408c8a80f7f02f750d6c977a1919f9f69a6cfefdf879d447df53f3b9b70d10355b07466d1ef0056b5af553d18a6cd50feeb7bfad9b7be3283b6450d264e7712d2f1d7004548b19162cef04d18d4f5987baab97a9bfbd8f185b5a71e0d7696caba172745c7dd919ffb631820420b75b6522c0e21c882c66f4f25ffb6d95e07e068000000000000eb5b63e45d5d80fe52734093ae5aa3c0b4f3f45bfff201000000000000002e31560e5b741445ea2a1acee2e98c9f3427834ba0a765d20b30f87af976a46f9a9a1ac7dea1ea6845f9aa66237e0dacc107f532348cc2116473381e961f3d9c8c21578fe3245097c280abe51427b9f6cd72b5da6d0252803c66730cd5eac907f09b9695906313f8873522608c6f0100000000000000f721303e6b89e5c54d680ac66d09af90dbf50ee69a39265964279d174b0000000000000000000000fa08ad0731ba49fbf981f8265e7f1f4c2d97f4680b135f8790c95dde218446a1f1eca93bd115e986c228ce69418a282b6caa2481a0df1774fa7d94944bb92d2b89f73f0e8b63f6316c5762f3288bc970720f48b5647dd177db6810fae0533496b6d58da50ee80a6b9a7438978c5465113f668eb4484350048289d07dbef325d3221a7cb35f812f257941a9781e3214c2a3dcf89d99844b762a9cf17548c54fccad2c7ae8072b82e0880815daf966bd5343c1635e123f868a7167cfcff33320253af570f4ef9c0254afdd89ac3943562b530dd88da8a94013bbaf204bebc38055adc39f07f7c22711f4d1f6dcc928d1578a093c072e0b92babc76f47ee367e745a024a2278319d9a4d1378482b74c516647652bfb6e93002494a5cd74e2a9a4734487062437da23e1efa6ef7674108aaa3ffac859c3577c2637bb3bdc69bc365b1f20dba96b8acca62f3f80045318de0facf2ed44b814e842c2a520159bb6c320cec0910c0b8bd3d547bdfba2e09d24d117ed0388afd37affbad2f9c77c9c1314a16ffe64f5e3744a2fffd7039670f5706e589a4c3868db06fd892d68a547477f8ef686ff0dba7b8c18c94d5a89b0567a851750a35d9cc2217db890d89385fcaa00f0f2e524672e6f4c8bedfd5da5b157709b8265cf511dc5846ab1d85916c4a6b2d1b408575982e11230cbac0a9c6eaa03c945645581f678403c2a936c53ae72940aa92bcf22b82c6bc028e0acdddf9fef595f0f7a9f80c0e4c659ced769ec463d26a81e468846761a8e1efd6a031ab7adc8665e267be0065cc315aa23012423ec8b8492d9b50fa4d8c5891959b761eec6dc988532782fda13239c63737039350db5"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48)

2m40.233218558s ago: executing program 0 (id=733):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x149002, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x8c36, 0x3c00, 0x2, 0xbfdffffa}, &(0x7f0000000000)=<r2=>0x0, &(0x7f00000001c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x0, 0x0, 0x0)
write$P9_RSTATu(r0, &(0x7f0000000700)={0x233, 0x7d, 0x0, {{0x500, 0xf2, 0x0, 0x5000000, {}, 0x40000, 0x0, 0x0, 0x0, 0x20, 'vfox\x92\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00Y\x15j\\\xe0\x99\xac\x81\xe0', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05\xf7\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x06\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300, 0xffffffffffffffff}}, 0x233)

2m40.12207907s ago: executing program 0 (id=735):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000100), 0x1, 0x599, &(0x7f0000000540)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x2000, 0x1e1)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x200000d, 0x12, r0, 0x0)

2m40.084063503s ago: executing program 0 (id=737):
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c01803001d000b63d25a80648c2594f90124fc60100c030002a60000053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1, 0x0, 0x0, 0x4000}, 0x3500000000000000)

2m39.595685884s ago: executing program 0 (id=741):
r0 = socket(0x10, 0x80002, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000200)={'ip6_vti0\x00', 0x0})

2m39.48842154s ago: executing program 32 (id=741):
r0 = socket(0x10, 0x80002, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000200)={'ip6_vti0\x00', 0x0})

44.344302817s ago: executing program 3 (id=2044):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x82)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)="10eba9", 0x3}], 0x1)

44.344168585s ago: executing program 3 (id=2045):
syz_emit_ethernet(0x7e, &(0x7f00000006c0)={@local, @random="a15cc14e96b3", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @rand_addr, {[@timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@multicast2}, {@empty}, {@loopback}]}, @cipso={0x86, 0x21, 0x0, [{0x0, 0xd, "34abeec8d03ff1a8b8835e"}, {0x0, 0xe, "4ef661e96b4014469f350a42"}]}]}}}}}}}, 0x0)

44.343778836s ago: executing program 3 (id=2046):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001c40)=ANY=[], 0x0}, 0x94)
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000200)=@multiplanar_userptr={0x9, 0x1, 0x4, 0x100004, 0x4, {0x0, 0x2710}, {0x0, 0xc, 0xf8, 0x7, 0x6, 0x0, "3b051c46"}, 0x10000, 0x2, {0x0}, 0x1})
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000040)={0xf0f046})

44.193248788s ago: executing program 3 (id=2047):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000001540)='./file0\x00', 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='iocharset=ascii,discard,dmask=00000000000000000000007,uid=', @ANYRESHEX=0x0, @ANYBLOB=',dmask=00000000000000000000152,iocharset=iso8859-1,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c616c6c6f775f7574696d653d30303030303030303030303030303030303030303030372c646973636172642c00214b3cf244ea5fb7437f2c69f67a093e240a6e978fa4cd2d"], 0x1, 0x14fe, &(0x7f0000002a80)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSEhL2/9J78L5v7/f1ff/e/993fbN+17Wv2WvuZ61n3bPmmue+n+ua57ueo+q1qF+7GRGJPwT+/CVFCBEjhBgmhLhOCBEIISrFV4q/fLyAgpQ/9iTs3+vh9KvdAbuaeP55G88/b+P55208/7yN55+38fzzNp5/3sbzZywv2z6n2PW88u7i9//zMn79/18kt/zkrzaWv7HXfyOF55+38fzzNp5/3sbzz9t4/nkbz/9/v1r/yTGef97G82csL9sOWoj/Ae9D87o662r//jHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYyxvO+Su0EOKv+6vdF2OMMcYYY4wxxv59fP6r3QFjjDHGGGOMMcb+3wMhhRJaBCKfyC9iRAERK64RceJaUVBcJyLiehEvbhCFxI2isCgiiopiIkEUFyWEESisIBGKkqKUiIqbRGlxs0gUZURZUU44UV4kiVtEBXGrqChuE5XE7aKyuENUEVVFNVFd3ClqiLtETVFL1BZ3izqirqgn6ot7RANxr2go7hONxP2isXhANBEPiqbiIdFMPCyai0dEC/GoaCkeE61Ea9FGtBXt/q/yXxJ9xcuin+gvUsQAMVC8IgaJwWKIGCqGiVfFcPGaGCFeF6lipBgl3hCjxZtijHhLjBXjxHjxtpggJopJYrKYIqaKNPGOmCbeFdPFe2KGmClmidkiXcwRc8X7Yp6YLxaID8RC8aFYJBaLJWKpyBAfiUyxTGSJj8Vy8YnIFivESrFKrBZrxFqxTqwXG8RGsUlsFlvEVrFNbBefih1ip9gldos9Yq/YJz4T+8Xn4oD4QuSIL/+b+Wf/Kb8XCBAgQYIGDfkgH8RADMRCLMRBHBSEghCBCMRDPBSCQlAYCkNRKAoJkAAloAQgIBAQlISSEIUolIbSkAiJUBbKggMHSZAEFeBWqAgVoRJUgspQGapAVagK1aE61IAaUBNqQm2oDXWgDtSDenAP3AP3QkNoCI2gETSGxtAEmkBTaArNoBk0h+bQAlpAS2gJraAVtIE20A7aQXtoDx2gA3SCTtAZOkMX6ALJkAxdoSt0g27QHbpDD+gBPaEn9ILe0BtegpfgZXgZ+kMdOQAGwkAYBINgCAyFofAqDIfX4DV4HVJhJIyCN+ANeBPGwBkYC+NgPIyHGnIiTILJQHIqpEEaTINpMB2mwwyYCTNhNqTDHJgLc2EezIf58AEshA/hQ1gMi2EpZEAGZMIyyIIsWA5nIRtWwEpYBathDayGdbAe1sFG2AQbYQtsgW2wDT6FT2En7ITdsBv2wl74DD6Dz+FzSIUcyIGDcBAOwSE4DIchF3LhCByBo3AUjsExOA7H4QSchFNwEk7DaTgDZ+EcnIPzcB4uwAsJ3zTfW2ZDqpCXaallPplPxsgYGStjZZyMkwVlQRmRERkv42UhWUgWloVlUVlUJsgEWUKWkChRkgxlSVlSRmVUlpalZaJMlGVlWemkk0kySVaQFWRFWVFWkrfLyvIOWUVWlR1ddVld1pCdXE1ZS9aWtWUdWVfWk/VlfdlANpANZUPZSDaSjWVj2UQ+KJvKATAEHpaXJ9NCjoSWchS0kq1lG9lWvgmPy/ZyDHSQHWUn+aQcB2Ohi2zvkuUzsqucBN3kc3IyPC97yKnQU74oe8neso98SfaVHVw/2V/OgAFyoJwNg+RgOUQOlfOgrrw8sXrydZkqR8pR8g25FN6UY+RbcqwcJ8fLt+UEOVFOkpPlFDlVpsl35DT5rpwu35Mz5Ew5S86W6XKOnCvfl/PkfLlAfiAXyg/lIrlYLpFLZYb8SGbKZTJLfiyXy09ktlwhV8pVcrVcI9fKdXK93CA3yk1ys9wit8ptcrv8VO6QO+UuuVvukXvlPvmZ3C8/lwfkFzJHfikPyj/JQ/IreVh+LXPlN/KI/FYeld/JY/J7eVz+IE/Ik/KU/FGelj/JM/KsPCd/luflL/KCvCgvSS+FAiWVUloFKp/Kr2JUARWrrlFx6lpVUF2nIup6Fa9uUIXUjaqwKqKKqmIqQRVXJZRRqKwiFaqSqpSKqptUaXWzSlRlVFlVTjlVXiWpW1QFdauqqG5TldTtqrK6Q1VRVVU1VV3dqWqou1RNVUvVVnerOqquqqfqq3tUA3WvaqjuU43U/aqxekA1UQ+qpuoh1Uw9rJqrR1QL9ahqqR5TrVRr1Ua1Ve3U46q9ekJ1UB1VJ/Wk6qyeUl3U0ypZPaO6qmdVN/Wc6q6eVz3UC6qnelH1Ur1VH3VRXVJe9VP9VYoaoAaqV9QgNVgNUUPVMPWqGq5eUyPU6ypVjVSj1BtqtHpTjVFvqbFqnBqv3lYT1EQ1SU1WU9RUlabeUdPUu2q6ek/NUDPVLDVbpas5ashfKi34L+S/+y/yR/z67NvUdvWp2qF2ql1qt9qj9qp9ap/ar/arA+qAylE56qA6qA6pQ+qwOqxyVa46oo6oo+qoOqaOqePquDqhTqqf1Y/qtPpJnVFn1Vn1szqvzqsLf/kZCA1aaqW1DnQ+nV/H6AI6Vl+j4/S1uqC+Tkf09Tpe36AL6Rt1YV1EF9XFdIIurktoo1FbTTrUJXUpHdU36dL6Zp2oy+iyupx2urxO0rf84fzf66+dbqfb6/a6g+6gO+lOurPurLvoLjpZJ+uuuqvuprvp7rq77qF76J66p+6le+k+uo/uq/vqfrqfTtEpeqB+RQ/Sg/UQPVQP06/q4Xq4HqFH6FSdqkfpUXq0Hq3H6DF6rB6rx+vxeoKeoCfpSXqKnqLTdJqepqfp6Xq6nqFn6Fl6lk7X6Xqunqvn6Xl6gV6gF+qFepFepJfoJTpDZ+hMnamzdJZerpfrbL1Cr9Cr9Cq9Rq/R6/Q6vUFv0Jv0Jr1Fb9HZervernfoHXqX3qX36D16n96n9+v9+oA+oHN0jj6oD+pD+pA+rA/rXJ2rj+gj+qg+qo/pY/q4Pq5P6BP6lD6lT+vT+ow+o8/pc/q8Pq8v6Av6kr50+bIvkIEMdKCDfEG+ICaICWKD2CAuiAsKBgWDSBAJ4oP4oFBwY1A4KBIUDYoFCUHxoERgAgxsQEEYlAxKBdHgpqB0cHOQGJQJygblAheUD5KCW4IKwa1BxeC2oFJwe1A5uCOoUkAE1YLqwZ1BjeCuoGZQK6gd3B3UCeoG9YL6wT1Bg+DeoGFwX9AouD9oHDwQNAkeDJoGDwXNgoeD5sEjQYvg0aBl8FjQKmgdtAnaBu3+uX5Q9Q/U9/5MkSdcP9PfpJgBZqB5xQwyg80QM9QMM6+a4eY1M8K8blLNSDPKvGFGmzfNGPOWGWvGmfHmbTPBTDSTzGQzxUw1aeYdM828a6ab98wMM9PMMrNNuplj5pr3zTwz3ywwH5iF5kOzyCw2S8xSk2E+MplmmckyH5vl5hOTbVaYlWaVWW3WmLVmnVlvNpiNZpPZbLaYrWab2W4+NTvMTrPL7DZ7zF6zz3xm9pvPzQHzhckxX5qD5k/mkPnKHDZfm1zzjTlivjVHzXfmmPneHDc/mBPmpDllfjSnzU/mjDlrzpmfzXnzi7lgLppLxl++uL/88o4aNebDfBiDMRiLsRiHcVgQC2IEIxiP8VgIC2FhLIxFsSgmYAKWwBJ4GSFhSSyJUYxiaSyNiZiIZbEsOnSYhElYAStgRayIlbASVsbKWAWrYDWshnfinXgX3oW1sBbejXdjXayL9bE+NsAG2BAbYiNshI2xMTbBJtgUm2IzbIbNsTm2wBbYEltiK2yFbbANtsN22B7bYwfsgJ2wE3bGztgFu2AyJmNX7IrdsBt2x+7YA3tgT+yJvbAX9sE+2Bf7Yj/shymYggNxIA7CQTgEh+AwHIbDcTiOwBGYiqk4CkfhaByNY3AMjsVxOB7fxgk4ESfhZJyCUzEN03AaTsPpOB1n4AychbMwHdNxLs7FeTgPF+ACXIgLcREuwiW4BDMwAzMxE7MwC5fjcszGbFyJK3E1rsa1uBbX43rciBtxM27GrbgVt+N23IE7cBfuwj24B/fhPtyP+/EAHsAczMGDeBAP4SE8jIcxF3PxCB7Bo3gUj+ExPI7H8QSewFN4Ck/jaTyDZ/AcnsPz+AtewIt4CT3GWCli7TU2zl5rC9rrbIwtYP8+LmqL2QRb3Jawxha2Rf4hRmttoi1jy9py1tnyNsne8pu4iq1qq9nq9k5bw95la/4mbmDvtQ3tfbaRvd/Wt/f8Q9zYPmCb2EdtU/uYbWZb2+a2rW1hH7Ut7WO2lW1t29i2trN9ynaxT9tk+4ztap/9TZxpl9n1doPdaDfZ/fZze87+bI/a7+x5+4vtZ/vbYfZVO9y+ZkfY122qHfmbeLx9206wE+0kO9lOsVN/E8+ys226nWPn2vftPDv/N3GG/cgutFl2kV1sl9ilv8aXe8qyH9vl9hObbVfYlXaVXW3X2LV23d96XWW32K12m91nP7M77E67y+62e+zeX+PL53HAfmFz7Jf2iP3WHrJf2cP2mM213/waXz6/Y/Z7e9z+YE/Yk/aU/dGetj/ZM/bsr+d/+dx/tBftJeutICBJijQFlI/yUwwVoFi6huLoWipI11GErqd4uoEK0Y1UmIpQUSpGCVScSpAhJEtEIZWkUhSlm6g03UyJVIbKUjlyVJ6S6BaqQLdSRbqNKtHtVJnuoCpUlapRdbqTatBdVJNqUW26m+pQXapH9ekeakD3UkO6jxrR/dSYHqAm9CA1pYeoGT1MzekRakGPUkt6jFpRa2pDbakdPU7t6QnqQB2pEz1Jnekp6kJPUzI9Q13pWepGz1F3ep560AvUk16kXtSb+tBL1Jdepn7Un1JoAA2kV2gQDaYhNJSG0as0nF6jEfQ6pdJIGkVv0Gh6k8bQWzSWxtF4epsm0ESaRJNpCk2lNHqHptG7NJ3eoxk0k2bRbEqnOTSX3qd5NJ8W0Ae0kD6kRbSYltBSyqCPKJOWURZ9TMvpE8qmFbSSVtFqWkNraR2tpw20kTbRZtpCW2kbbadPaQftpF20m/bQXtpHn9F++pwO0BeUQ1/SQfoTHaKv6DB9Tbn0DR2hb+kofUfH6Hs6Tj/QCTpJp+hHOk0/0Rk6S+foZzpPv9AFukiXyJMIIZShCnUYhPnC/GFMWCCMDa8J48Jrw4LhdWEkvD6MD28IC4U3hoXDImHRsFiYEBYPS4QmxNCGFIZhybBUGA1vCkuHN4eJYZmwbFgudGH5MCm8JawQ3hpWDG8LK4W3h5XDO8IqYdXw0furh3eGNcK7wpphrbB2eHdYJ6wb1gvrh/eEDcJ7w4bhfWGj8P6wYvhA2CR8MGwaPhQ2Cx8Om4ePhC3CR8OW4WNhq7B12CZsG7YLHw/bh0+EHcKOYafwybBz+FTYJXw6TA6fCbuGz/7u8ZRwQDgwfCV8JfT+PrUkujSaEf0omhldFs2KfhxdHv0kmh1dEV0ZXRVdHV0TXRtdF10f3RDdGN0U3RzdEt0a3Rb1vn5+4cBJp5x2gcvn8rsYV8DFumtcnLvWFXTXuYi73sW7G1whd6Mr7Iq4oq6YS3DFXQlnHDrryIWupCvlou4mV9rd7BJdGVfWlXPOlXdJrq1r59q59u4J18F1dJ3ck+5J95R7yj3tnnbPuK7uWdfNPee6u+ddD/eCe8G96Hq53q6Pe8n1dS+7fq6/S3EpbqAb6Aa5QW6IG+KGuWFuuBvuRrgRLtWlulFulBvtRrsxbowb68a68W68m+AmuElukpviprg0l+amuWluupvuZrgZbpab5dJdupvr5rp5bp5b4Ba4hYkL3SK3yC1xS1yGy3CZLtNluSy33C132S7brXQr3Wq32q11a916t95tdBvdZrfZbXVb3Xa33e1wO9wut8vtcXvcPrfP7Xf73QF3wOW4HHfQHXSH3CF32H3tct037oj71h1137lj7nt33P3gTriT7pT70Z12P7kz7qw75352590v7oK76C4579Ii70SmRd6NTI+8F5kRmRmZFZkdSY/MicyNvB+ZF5kfWRD5ILIw8mFkUWRxZElkaSQj8lEkM7IskhX5OLI88kkkO7IisjKyKrI6sibiffEdoS/pS/mov8mX9jf7RF/Gl/XlvPPlfZK/xVfwt/qK/jZfyd/uK/s7fBVf1Vfzj/lWvrVv49v6dv5x394/4Tv4jr6Tf9J39k/5Lv5pn+yf8V39s76bf85398/7Hv4F39O/6Hv53r6Pf8n39S/7fr6/T/ED/ED/ih/kB/shfqgf5l/1w/1rfoR/3af6kX6Uf8OP9m/6Mf4tP9aP8+P9236Cn+gn+cl+ip/q0/w7fpp/10/37/kZfqaf5Wf7dD/Hz/Xv+3l+vl/gP/AL/Yd+kV/sl/ilPsN/5DP9Mp/lP/bL/Sc+26/wK/0qv9qv8Wv9Or/eb/Ab/Sa/2W/xW/02v91/6nf4nX6X3+33+L1+n//M7/ef+wP+C5/jv/QH/Z/8If+VP+y/9rn+G3/Ef+uP+u/8Mf+9P+5/8Cf8SX/K/+hP+5/8GX/Wn/M/+/P+F3/BX/SX+H/WGGOMMcb+S9TvHB/wL74n/7IuGyiEuHZnsdx/rrm58J/3g2VC54gQ4pn+PR/+66pTJyUl5S+PzVYiKLVYCBG5kp9PXIlXiE7iKZEsOooK/7K/wbL3efqd+tHbhYj9W+dCxIi/xn9f/9b/oP7jT47PrByei/9P6i8WIrHUlZwC4kp8pX7F/6B+kfa/03+Br9KE6PB3OXHiSnylfpJ4Qjwrkv/hkYwxxhhjjDHG2J8NltW6/9798+X78wR9JSe/uBL/3v05Y4wxxhhjjDHGrr7ne/d5+vHk5I7decMb3vDmb5ur/ZeJMcYYY4wx9u925aL/anfCGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4zlXf8/Pk7sap8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdrX9nwAAAP//JhA6YA==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

44.170448532s ago: executing program 3 (id=2048):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000080)={r0, &(0x7f00000002c0), &(0x7f0000000040)=@tcp6, 0x2}, 0x20)

43.852656356s ago: executing program 3 (id=2051):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257030bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317c8de5e5c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1786eda2b20"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r0, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
sendto(r1, &(0x7f0000000040)="5afa3fd29bffffffe50000000000", 0xe, 0x4000846, &(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x8000}, 0x80)

43.805530423s ago: executing program 33 (id=2051):
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000780)=ANY=[@ANYBLOB="7a0af8ff75257030bfa100000000000007010000f8ffffffb702000005000000bf130000000000008500000006000000b700000000000000950000ff00000000b25952850a84a70002b2ab3d6ffaa6ead0169191d54f8196217fc563e2fc91f6da4dad4fdc2eb1b5986fc44bc25fb591cf77b9dfb379a3f611dbc2a364916f098dab10b1a297cf528666d1ddd73f30f2382f6cda4bfdd45be583823c0f092248a57d48621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000800db583620ce7243d1aebdb638d91dbef6619358399aa9c2acd068c03efefd8bc77edf2d34b12cd48a1b20fb7dd843267e0331759f4ec6b5b0af58e604f494eff289026d5045ef08000000000000007718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681000000263b6233e1c0fe30e384c3cb07b74a72291a1a2b523dd81b6651b1ee48e999bb004823ebcd8c65743f31f84b263ab9b3426692d01ad194f302d7a658e9e54687d3c56d7bedb6b2f25ddb8c640bb321a402058c9221b6870814cf4ee23ddb79fff5eb156e0a000000000000f2bd1d4a178d86d6935eb8b75bc4eb680d10e8b6a54c6c8674caf63ff76622939a20d4aadf85db40179c2cf83ee07e30a279d8f9f3bc282deb43a03409f8e6972f3f720d045923702cede0f3e91411f3f1b16f065624f280a7dcce8db910f93c49b9e0b6dd7356aa79d5fabb5c0d0da6d719d7e0efb2bb713d18242cd5df6ca53307a4cdd91be4587f90e317c8de5e5c3933fd5d5bf38f6b9fc39fc829dcfe4af8ac5fbb7314a7a433e0182767d1786eda2b20"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000100)={0x0, 0x7}, 0x4)
setsockopt$packet_int(r0, 0x107, 0x16, &(0x7f0000000000)=0x4, 0x4)
r1 = socket$packet(0x11, 0x3, 0x300)
sendto(r1, &(0x7f0000000040)="5afa3fd29bffffffe50000000000", 0xe, 0x4000846, &(0x7f0000000100)=@qipcrtr={0x2a, 0x4, 0x8000}, 0x80)

3.103983156s ago: executing program 1 (id=2541):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
pipe(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
write$RDMA_USER_CM_CMD_BIND_IP(r3, &(0x7f0000000500)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e21, 0x8, @mcast2, 0x2}}}, 0x30)
pipe(&(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
splice(r4, 0x0, r6, 0x0, 0xf3a, 0x0)
write$binfmt_misc(r6, &(0x7f0000000980), 0xfdef)
splice(r2, 0x0, r6, 0x0, 0x80, 0x4)
timer_settime(r1, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
read$FUSE(r5, &(0x7f0000000980)={0x2020}, 0x2020)

2.214076249s ago: executing program 1 (id=2543):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c757365725f78617474722c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303031362c646973636172642c6e6f61636c2c6673796e635f6d6f64653d706f7369782c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c6163746976655f6c6f67733d322c6661756c745f747970653d30303030303030303030303031363737373231342c0028f473678e481c01a5166a7bba2191211dbeb315e64c646781d182bb6fc08ed1a9b878f5270212fd44f2e7a4a4114856d260ffcb3200f4f6de3d730463"], 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
truncate(&(0x7f00000022c0)='./file2\x00', 0x20000000004)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x101442, 0x0)

1.773926157s ago: executing program 1 (id=2545):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000000), r0)
sendmsg$NFC_CMD_START_POLL(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x24, r1, 0x1, 0x127, 0x234, {}, [@NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x20}, @NFC_ATTR_DEVICE_INDEX={0x8}]}, 0x24}}, 0x24000040)

1.490137048s ago: executing program 1 (id=2546):
syz_usb_connect(0x0, 0x38, &(0x7f0000000080)=ANY=[@ANYBLOB="120120020e13e5088d1a0d109e300102030109022600010755e001090406fe02ffff025c09050f070000020905021109"], &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0})

1.323606471s ago: executing program 4 (id=2550):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x64, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}, @WGDEVICE_A_PEERS={0x3c, 0x8, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x5}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}, @WGPEER_A_PROTOCOL_VERSION={0x8, 0xa, 0x7ffffffe}]}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000)

1.27440436s ago: executing program 4 (id=2551):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000040)="1b0000001e006bcd9e3fe3dc6e0800000a0000dd600000007ea608", 0x1b}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1.274108228s ago: executing program 4 (id=2552):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
get_mempolicy(&(0x7f0000000040), &(0x7f00000001c0), 0x3, &(0x7f0000ffb000/0x4000)=nil, 0x4)

1.223391801s ago: executing program 4 (id=2553):
syslog(0x4, &(0x7f0000000140)=""/179, 0xb3)

1.163807279s ago: executing program 4 (id=2554):
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x7f, 0x5d, 0x1e, 0x20, 0x4cb, 0x13d, 0xa442, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x86, 0x58, 0x48}}]}}]}}, 0x0)

703.552143ms ago: executing program 2 (id=2557):
mlockall(0x7)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000540)={0x0, 0xd4bb, 0x80, 0x2, 0x1dd}, &(0x7f0000000380)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048011}, 0x8010)
syz_io_uring_submit(r1, r2, &(0x7f0000000340)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x400})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xd}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x10, 0x1c, &(0x7f0000000040)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3, 0x9, 0x0, 0x1, 0x3801}, {0x2c}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff8, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0xc}, {0x18, 0x2, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

444.38591ms ago: executing program 2 (id=2558):
syz_mount_image$erofs(&(0x7f0000000440), &(0x7f0000000200)='./file0\x00', 0x810410, &(0x7f0000000480)=ANY=[], 0x1, 0x1e6, &(0x7f00000006c0)="$eJzsmbGLE0EUxr+ZzW3uDhFsbC0MeKK32d1TuCZIBHshKtoZzCrRjZFkhSQgGGxsLC0EW/8BC4tUFnZ2tlqoIFiY0k4YmdnJ7rCblSyJNr4f3Lsvb2bem3mZfYEEBEH8t3z98vPzs4uHV84COIIaqtr/3UrncGP+pxcPzzxvXHr5+uOrd/ePPppl41VL5pdp3jYtRNjRHiHM8ZqyrCJ3UdO+q+A4vSTWTXBc0zoAww2t7xq6v0gTBs6tfti53Q0DVxpPGl+aAzNmBcB8ytABsK12JwQzxofjyb12GAaDrNgSizy5obLiT/VT+2tyNJLqCSHfr+tPn0zZ43Sea9TPA4en9QEYWlofogrHcdKSGOfnLI1vrXL+jQlLChtA+eXH9svluqCEvGx/7zhriJ1NXCYSAct65N1OPMfns/f5Vd/Wz87+2SOTEapxAcgNfdiVgi0bWknY+kTL5thpf5IP1CmjP1WUN6Ye9R7Uh+PJfrfXvhMsvOdc97xfV40otrm+9yvpf9uqP+0a8bcKeqXNbIzaUTTwRkA08JLXfmyNjtt60/+h1nDV/zj2TsYxZLHU0Qo+6Jj+4+q/VHtWwXYIgiAIgiAIgiAIgiAIgiBKcgJMfQuqf6gSBfiX1ezfAQAA///GNllf")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x0)

333.596107ms ago: executing program 1 (id=2559):
syz_mount_image$jfs(&(0x7f0000000080), &(0x7f0000000140)='./file0\x00', 0x20108c0, &(0x7f0000000400)=ANY=[@ANYBLOB="646973636172642c696f636861727365743d63703835352c6572726f72733d72656d6f756e742d726f2c696e746567726974792c6e6f646973636172642c646973636172643d3078303030303030303030303030303030382c6572726f72733d636f6e74696e7565006969736f383835392d342c756d61736b3d3078303030303030303030303030303038312c696f6368617257fd743d6d6163677265656b2c71756f74612c6572726f1729def7e35bcb756e742d726f2c726573697a653d3078303030303030303030181829303030303030312c756d61736b3d3078303030303030303030303032303034352c66736d616769633d307830dcb1c47cb87a74ac1a3030303030303030303030303030392c646566636f6e746578743d726f6f742c66736e616d653d757d407d587d5b2d292b2c000d1c13f7c892c8615d265c6376539175380511bac765713e83a65e4fdf011c705fc6838005120385ac61b970f45d1492a0612eb8000000000000808fc76f91b7b9a5ce77887858ea333961d1ef1e4eabd4c87181dbf575c47e9b8eea9d6806fa159e0525146f6312b4931cffed0000", @ANYRES32, @ANYRES64, @ANYBLOB="a783c89422e31c30d6bf831c4426922089e2b8944eda733c7bed9440aee9df8636110f251ff75794e847bbad8f5979c9d55434d5344bc268e61948fc8a8ffe2d27c14972f79c1c977c01b4a8a4e35f14d116c59482add0c31e922b29fb4c24948818edc636cced878ca31c24c6a3a31bcdca27864f7611d3163d21939c3c5afb70", @ANYRESOCT], 0xfa, 0x61ee, &(0x7f0000012cc0)="$eJzs3c1vHGcdB/DfvvolNLV6qEqEkJuWl1KaxEkJgQJtD3Dg0gPKFSVy3SoiBZQElFYWceULB078BSAkjghxRBz6B/TAlRsnTkSykUA9MWi8zxPPbna7No531p7PR3JmfvPMeJ/xd2dfsjP7BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ3//eD9ZaEXHj52nBSsRnohPRjlgq69WIWFpdyet3I+K52GuOZyOitxBRbr/3z9MRr0bEx2cjdnY318vFlw/Yj+/+8W+/++GZt/76h97F//zpXue1Sevdv/+rf//5wdH2GQAAAJqmKIqild7mn0vv79t1dwoAmIn8/F8kefmpr3/9j7f+Mk/9UavVarV6BnVVMd6DahERW9VtytcMPo4HgBNmKz6puwvUSP6N1o2IM3V3Aphrrbo7wLHY2d1cb6V8W9Xng9VBez4XZCj/rdaj6zsmTacZPcdkVvev7ejEMxP6szSjPsyTnH97NP8bg/Z+Wu+485+VSfn3B5c+NU7OvzOa/4jTk397bP5NlfPvHir/jvwBAAAAAGCO5f//X6n589+Fo+/KgXza57+rM+oDAAAAAAAAADxpRx3/7xHj/wEAAMDcKt+rl35zdn/ZpO9iK5dfb0U8NbI+0DAfDSbLdfcDAAAAAAAAAAAAAJqkOziH93orohcRTy0vF0VR/lSN1od11O1PuqbvPzRZ3Q/yAAAw8PHZkWv5WxGLEXE92nvf9ddbXl4uisWl5WK5WFrIr2f7C4vFUuV9bZ6Wyxb6B3hB3O0X5S9brGxXNe398rT20d9X3la/6BygY09IL/01JzTXFDYAJINnox3PSKdMUTw96cUHDHH8n0IrsVL3/Yr5V/fdFAAAADh+RVEUrTTM37k0vl+77k4BADORn/9HPxc4UB0xvr19yPXVarVarVbPpK4qxntQLSJiq7pN+ZrBcPwAcMJsxSd1d4Eayb/RuhHxXN2dAOZaq+4OcCx2djfXWynfVvX5YHXQns8FGcp/q7W3Xd5+3HSa0XNMZnX/2o5OPDOhP8/OqA/zJOffHs3/xqC9n9Y77vxnZVL+/b1L5pon598ZzX/E6cm/PTb/psr5dw+Vf0f+AAAAAAAwx/L//6/4/DfvMgAAAAAAAACcODu7m+v5utf8+f/nxqzn+s/TKeffOmz+S2le/idazr89kv+XR9brVOYfvrl//P9rd3P99/f++dk8PWj+C3mmle5ZrXSPaKVbanXT9Ch797jtXqdf3lKv1e500zk/Re+duBW3YyMuDa3bTn+P/fa1ofayp72h9stD7d3H2q8MtffS9w4US7n9QqzHT+J2vL3XXrYtTNn/xSntxZT2nH/H438j5fy7lZ8y/+XU3hqZlh5+2H7suK9Ox93OG7c+/8tLx787U21H59G+VZX7d76G/uz9Tc7042d3N+5cuH/z3r07a5EmQ0svR5o8YTn/3t7Pwv7j/wuD9vy4Xz1eH37YP3T+82I7uhPzf6EyX+7vSzPuWx1y/v30k/N/O7WPP/5Pcv6Tj/+Xa+gPAAAAAAAAAAAAAAAAfJqiKPYuEX0jIq6m63/qujYTAJit/PxfJHm5Wq1Wq9Xq01dXFeO9Xi0i4qPqNuVrhl+M+2UAwDz7b0T8ve5OUBv5N1j+vr9y+mLdnQFm6u77H/zo5u3bG3fu1t0TAAAAAAAAAOD/lcf/XK2M//xiRKyMrDc0/uubsXrU8T+7eebRAKNPeKDvCbbb/U67Mtz487E3PveFSeN/n4/Hx//OY+J2qvsxQW9Ke39K+8KU9sWxS/fTGnuhR0XO//nKeOdl/udGhl9vwvivo2PeN0HO/3zl/lzm/6WR9ar5F7+du/y3DrridrSH8r94772fXrz7/gev3Hrv5rsb7278+Mra2qUrV69eu3bt4ju3bm9cGvx7PL2eAzn/PPa180CbJeefM5d/s+T8v5Bq+TdLzv+LqZZ/s+T88+s9+TdLzj+/95F/s+T8X0q1/Jsl5/+VVMu/WXZ2NxfK/F9OtfybJR//X021/Jsl5/9KquXfLDn/C6mWf7Pk/C+m+gD5+3r4UyTnnz/hcvw3S85/LdXyb5ac/+VUy79Zcv5XUi3/Zsn5v5pq+TdLzv9rqZZ/s+T8r6Za/s2S8/96quXfLDn/a6mWf7Pk/L+Ravk3S87/m6mWf7Pk/F9LtfybJef/rVTLv1ly/t9OtfybJef/nVTLv1ly/q+nWv7Nsv/9/2bMmDGTZ+p+ZAIAAAAAAAAAAAAARs3idOK69xEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7EDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzdXYxcZ30G8DPrXXvtEGIgBCc1sElMCMmSXduJP2hTTCBAA5QCCYV+4LjetVnwF167BIpk00CJhFFRRdX0oi2gqI1UVUQVF7SiNBdVP65Ke0FvKqpKSI0qgwIqUlvRbDVz3vf1zOzszNg7Xp897+8n2f/dmTNzzpw5M7vP2s8eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDdrW+e/1yjKIrmn9ZfW4viRc2PN09tbV32hmu9hQAAAMBq/V/r7+dvSBccGOJGbcv83av+8etLS0tLxQc2/O7El5aW0hVTRTGxqSha10XP/PsHG+3LBI8Xk42xts/HBqx+w4DrxwdcPzHg+o0Drt804PrJAdcv2wHLbC5/HtO6sx2tD7eWu7S4sZhoXbejx60eb2waG4s/y2lptG6zNHGkWCiOFfPFbMfy5bKN1vLfvLW5rrcXcV1jbeva3jxCfvipw3EbGmEf7+hY16X7jL7/pmLqRz/81OE/PnPx5l5z4G7ouL9yO++8rbmdnwmXlNvaKDalfRK3c6xtO7f3eE42dGxno3W75sfd2/n8kNu54dJmrqnu53yyGGt9/O3Wfhpv/7Fe2k/bw2X/fXtRFOcvbXb3MsvWVYwVWzouGbv0/EyWR2TzPpqH0kuL8cs6Tm8d4jhtzrkdncdp92siPv+3htuNr7AN7U/T9z+9cdnzfrnHadR81Cu9VrqPwVG/VqpyDMbj4tutB/1Ez2NwR3j8n7pj5WOw57HT4xhMj7vtGLxt0DE4tnFDa5vTk9Bo3ebSMbizY/kNrTU1WvO5O/ofgzNnjp+aWfzEJ1+/cPzQ0fmj8yd279w5u3vPnn379s0cWTg2P1v+fYV7u/q2FGPpNXBb2HfxNfDarmXbD9Wlr4zudTjZ53W4tWvZUb8Ox7sfXGNtXpDLj+nytfFwc6dPXhgrVniNtZ6fu1b/OkyPu+11ON72Ouz5NaXH63B8iNdhc5lTdw33Pct4259e23C1vhZsbTsGu78f6T4GR/39SFWOwclwXPzrXSt/LdgetveJ6cv9fmTDsmMwPdzw3tO8JH2/P7mvNXodl7c0r7huY3F2cf70PY8dOnPm9M4ijDXxsrZjpft43dL2mIplx+vYZR+vBxZe9cQtPS7fGvbV5Oubf02u+Fw1l7n3nv7PVeurW+/92XHpriKMEVvr/dnrq3lzf6Ys2Wd/Npf5zMzqvxdPubTt/XdihfffmPtfKNeX7urxDRPj5et3Q9o7Ex3vx51P1XjrvavRWvfzM8O9H0+EP2v9fnxjn/fjbV3Ljvr9eKL7wcX348agn3asTvfzORmOk2Oz/d+Pm8ts23W5x+R43/fj28NshP3/upAUUi5qO3ZWOm7TusbHJ8LjGo9r6DxOd3csPxGyWXNdT++6suP0ztvL+9qQHt0la3WcTnUtO+rjNL1frXScNgb99O3KdD+fk+G4uHF3/+O0ucyz967+vXNz/LDtvXPjoGNwYsPG5jZPpIOwfL9f2hyPwXuKw8XJ4lgx17p2Y+t4arTWNX3fcMfgxvBnrd8rt/U5Bu/sWnbUx2D6OrbSsdcYX/7gR6D7+ZwMx8WT9/U/BpvLvGXvaL93vTNckpZp+961++drK/3M65au3XQ1f+bV3M6/2dv/Z7PNZY7tu9yc2X8/3R0uua7Hfup+/a70mpor1mY/bQvbeXHfyvupuT3NZb60f8jj6UBRFOc+9kDr573h31f+/Ox3vt7x7y69/k3n3Mce+MH1R/72crYfgPXvhXJsKb/Wtf3L1DD//g8AAACsCzH3j4WZyP8AAABQGzH3x/8Vnsj/AAAAUBsx94+HmWSS/7e95eLCC+eK1MxfCuL1aTc8VC4XO66z4fOppUualz/w1PyP//LccOseK4riJw/9Rs/ltz0Ut6s0FbbzmQc7L19+w3NDrf/RRy4t195f/3K4//h4hj0MelVwZ4ui+OYNX2itZ+qDF1rz2Ycebc33nn/i8eYyz+8vP4+3f+5l5fJ/EMq/B44c6rj9c2E/fC/M2Xf03h/xdl+78Lrte99/aX3xdo3bXtx62E9+qLzf+Htyvvh4uXzczytt/199/umvNZd/7DW9t//cWO/tfzrc71MPXlxoHnH/88py+fbnoPl5vN1nw/bH9T0Vbn/PV7/Vc/uf+Vy5/Km3lss9GmZc/53h8x1vvbjQvr8eaxzqeFzF28rl4vpnv/Pbrevj/cX7797+yYMXOvZH9/Hx7D+X9zPTtXy8PK4n+ouu9Tfvp/34jOt/+rce7djPg9b/zHufe2XzfrvXf3fXchu6bt/9G5v+8LNf6Lm+uD0H/uxUx+M58J7wOg7rf/JD4XgM1//vM1/oWG/06Hs633/i8l/eeq7j8URv/1G5/mfeeLQ1/2Pqx79/3Yuuf/H5Vzf3XVF8+33l/Q1a/9E/Otmx/V+56a7W8xGvjx397vWvJK7/9MenT5xcPLsw17ZXW787553l9mya3Lylub03hPfW7s8Pnjzz4fnTU7NTs0UxVd9foXfFvhrmD8px/nJvf9cj4fm85fe+ueWOf/p8vPxfHi4vv/CO8uvWa8NyXwyXby2fv6XGKtf/5K03tV7fjWfLzzt67COwfcd/7htqwfD4u78viMf7qZd/uLUfmte1vm7E1/Uqt/+7c+X9fCPs16Xwm5lvu+nS+tqXj78b4cL7ytf7qvdfeJuLz+ufhOf7Xd8r7z9uV3y83w3fx3xrW+f7XTw+vnFurPv+W7/F43x4PynOl9fHpeL+vvD8TT03L/4ekuL8za3Pfyfdz82X9TBXsviJxZljCyfOPjZzZn7xzMziJz558PjJsyfOHGz9Ls+DHxl0+0vvT1ta709z83vuLWY3F0Vxsphdgzesq7P9zY+G2/5Tjxye2zt7x9z8kUNnj5x55NT86aOHFxcPz88t3nHoyJH5jw+6/cLc/Tt37d+9d9f00YW5+/ft3797//TCiZPNzSg3aoA9sx+dPnH6YOsmi/ffu3/nfffdOzt9/OTc/P17Z2enzw66fetr03Tz1r8+fXr+2KEzC8fnpxcXPjl//879e/bsGvjbAI+fOrI4NXP67ImZs4vzp2fKxzJ1pnVx82vfoNtTT4v/Vn4/261R/iK+4t1370m/n7XpqU+veFflIl2/QPRi+F00//CSU/uG+Tzm/okwk0zyPwAAAOQg5v6NYSbyPwAAANRGzP2bwkzkfwAAAKiNmPsnw0wyyf/6//r/w/X/y+tH2f/v1Z8v9P8r1f8/9bGyV7re+/+xP6//n4dr3P9f9fr1//X/69f/H74/v963X/9f/5/lqtb/j7l/c1Fkmf8BAAAgBzH3bwkzkf8BAACgNmLuvy7MRP4HAACA2oi5/0VhJpnkf/3/ofr/uwYVrurf/x/9+f/1//X/16T/H58c/f9sXHb//v0Pd3yq/x/o/+v/6//r/+v/s2oTK15zrfr/MfdfH2aSSf4HAACAHMTc/+IwE/kfAAAAaiPm/hvCTOR/AAAAqI2Y+7eGmWSS//X/nf9f/1//v9b9/9We/79tY/T/1wfn/+9P/3+AK+7/T+r/r8f+/8Rot7/a/f+Bm6//z1VRtfP/x9z/kjCTTPI/AAAA5CDm/peGmcj/AAAAUBsx978szET+BwAAgNqIuf/GMJNM8v9q+v+xc63/r/+v/1/S/y/Vqv/f9/z/5Uf6/9Wi/9+f/v8Azv+fV/9/xNtf7f7/qM//P/Fg9+31/+mlav3/mPtfHmaSSf4HAACAHMTcf1OYifwPAAAAtRFz/yvCTOR/AAAAqI2Y+7eFmWSS/53/X/9f/1//X/+/9/oH9/9L+v/Vov/fn/7/APr/+v/6/8P1/3t886v/Ty9V6//H3H9zmEkm+R8AAAByEHP/LWEm8j8AAADURsz9PxVmIv8DAABAbcTcvz3MJJP8r/+v/6//n1f//+6N+v/6//Wm/9+f/v8A+v/6//r/Q57/f7nL6f9vGnRn1EbV+v8x978yzCST/A8AAAA5iLn/VWEm8j8AAADURsz9rw4zkf8BAACgNmLunwozyST/6//Xq///p3/95KsL/X/9/wHrr2n/Px4G+v+Z0//vT/9/AP1//X/9/zXp/5OPqvX/Y+6/Ncwkk/wPAAAAOYi5/7YwE/kfAAAAaiPm/tvDTOR/AAAAqI2Y+3eEmWSS//X/69X/j/T/9f/7rb+m/f9E/z9v+v89tL1I9f8H0P/X/8++/x+/+9X/ZzSq1v+Puf81YSaZ5H8AAADIQcz9d4SZyP8AAABQGzH3vzbMRP4HAACA2oi5/84wk0zyv/6//r/+v/6//n/v9ev/r0/rq/+/adklVTv//0b9f/1//f/M+v/O/89oVa3/H3P/68JMMsn/AAAAkIOY++8KM5H/AQAAoDbi/7wr/9+r/A8AAAB1FHP/dJhJJvlf/1//P6f+f0P/X/9f/7/21lf/f7mq9f+d/1//X/9f/1//n9WoWv8/5v7Xh5lkkv8BAAAgBzH33xNmIv8DAABAbcTcPxNmIv8DAABAbcTcPxtmkkn+1//X/8+p/+/8//r/+v/1p//fn/7/APr/+v916/8Xhf4/11TV+v8x9+8MM8kk/wMAAEAOYu7fFWYi/wMAAEBtxNy/O8xE/gcAAIDaiLn/3jCTTPK//r/+v/5/Jfr/8S70//X/9f9XSf+/P/3/AfT/16Y/3+sbp/W0/SuoZP/f+f+5xqrW/4+5/74wk0zyPwAAAOQg5v49YSbyPwAAANRGzP17w0xC/r9K/z0JAAAAWEMx9+8LM8nk3//1/2vS///Nv+9Yt/7/uuv/r8Pz/2/W/w9T/79aatr/735ZXDH9/wH0/69af74YG8kmXrPt1//X/+fKVK3/H3P//jCTTPI/AAAA5CDm/jeEmcj/AAAAUBsx9/90mIn8DwAAALURc//PhJlkkv/1/2vS/++i/6//32/9zv+v/19nNe3/j0yt+v9j+v/rqf8/TH9+vW+//r/+P8td/f5//Gi4/n/M/feHmWSS/wEAACAHMff/bJiJ/A8AAAC1EXP/G8NM5H8AAACojZj7D4SZZJL/9f/1//X/9f+vTv//jUW3Kvb/mweP/n+9VLj/PzHM+vX/nf9f/39Ntr/7S81Itl//X/+f5ap2/v+Y+98UZpJJ/gcAAIAcxNz/QJiJ/A8AAAC1EXP/m8NM5H8AAACojZj73xJmkkn+1//X/9f/1/93/v/e69f/X58q3P8fiv6//r/+//rdfv1//X+Wq1r/P+b+B8NMMsn/AAAAkIOY+98aZiL/AwAAQG3E3P+2MBP5HwAAAGoj5v63h5lkkv/1//X/9f/1//X/e69f/3990v/vT/9/AP1//X/9f/1/Rqpq/f+Y+38uzCST/A8AAAA5iLn/oTAT+R8AAABqI+b+d4SZyP8AAABQGzH3vzPMJJP8r/+v/6//r/+v/997/fr/65P+f3/6/wPo/+v/6//r/zNSVev/x9z/rjCTTPI/AAAA5CDm/p8PM5H/AQAAoDZi7n93mIn8DwAAALURc/8vhJlkkv/1//X/q9X/XzrXfjv9f/3/YlT9/+aN9P+zoP/fn/7/AD36/5v0//X/9f/1/7liVev/x9z/njCTTPI/AAAA5CDm/veGmcj/AAAAUBsx978vzET+BwAAgNqIuf/hMJNM8r/+f5b9//SQq9f/d/5//X/n/9f/Xx39//70/wdw/n/9f/1//X9Gqmr9/5j7HwkzyST/AwAAQA5i7n9/mIn8DwAAALURc/8vhpnI/wAAAFAbMfd/IMwkk/yv/59l/7/C5/+vW/9/vOP4yKn/P9n2fKbjUv9f/38N6P/3p/8/gP6//n+V+//haN68wu31/6miqvX/Y+7/YJhJJvkfAAAAchBz/y+Fmcj/AAAAUBsx9/9ymIn8DwAAALURc/+vhJlkkv9r2P8/X+j/6/9Xpv/feXzk1P93/v/l9P/Xhv5/f/r/A+j/6/9Xuf8/gP4/VVS1/n/M/b8aZrJi8PvBfw3xMAEAAIAKibn/Q2Emmfz7PwAAAOQg5v6DYSbyPwAAANRGzP2Phplkkv9r2P9f5fn/4xlV9f/1/0fd/x/T/9f/1/9fA6Pr/7/i+qLQ/9f/1//X/9f/1/9nNarW/4+5/1CYSSb5HwAAAHIQc/+vhZnI/wAAAFAbMfcfDjOR/wEAAKDyxlMjuL+Y++fCTDLJ/9ew/z9Rzf5/3c7/3wj3ffX7/z/R/3f+/0D/vzf9/7Xh/P/96f8PoP+v/6//r//PSFWt/x9z/3yYSSb5HwAAAGos/Tg45v4jYSbyPwAAANRGzP1Hw0zkfwAAAKiNmPs/HGaSSf53/v+69/+d/7+a/f/xjuX1/0v6//r/o6D/35/+/wD6//r/+v/6/4xU1fr/MfcvhJlkkv8BAAAgBzH3fyTMRP4HAACA2oi5/6NhJvI/AAAA1EbM/cfCTDLJ//r/+v+59/8bRXHe+f/1/3utX/9/fdL/70//fwD9f/1//X/9f0aqav3/mPuPh5lkkv8BAPh/9u6jSa6ziuPwtVFcwUdgzYolrMxHYMuOKtZkk4MscgaTczAZkzMm2OScczY5R2OCoUqUpXOONNOtezWanul73/d5NsdSedQ91kjUn6lfXQB6kLv/fnGL/Q8AAADNyN1//7jF/gcAAIBm5O5/QNzSyf7X/+v/e+//h608/3/nv6//P0f/r//fhJX+/sj6f+9iUfhF+/+73u3qe+v/9f/6/1H6f/2//p/d5tb/5+5/YNzSyf4HAACAHuTuf1DcYv8DAABAM3L3Pzhusf8BAACgGbn7r45bOtn/+n/9v/5/Ef3/FflrHHj/f5P+X/+/bJ7/P07/P0H/r//X/+v/2ai59f+5+x8St3Sy/wEAAKAHufsfGrfY/wAAANCM3P0Pi1vsfwAAAGhG7v6Hxy2d7H/9v/5f/7+I/v/WG04d8/z/XZ+P/l//v47+f5z+f4L+X/+v/9f/s1Fz6/9z9z8ibulk/wMAAEAPcvc/Mm6x/wEAAKAZufsfFbfY/wAAANCM3P2Pjls62f/6f/2//n+D/f/pYRgOrP8f9P+7Ph/9v/5/neuG838n6P9X6f8nTPT/w6D/H3PJ/fz6T2857/8i9P/6f1bNrf/P3f+YuOUew3Dscj9JAAAAYFZy9z82bunk+/8AAADQg9z9p+IW+x8AAACakbv/mrilk/2v/9f/6/+X8vx//b/+X/9/KTz/f9z++/+73Om+9+m3//f8/3Ge/7/p/v/2rwz9P8s2t/4/d//puKWT/Q8AAAA9yN3/uLjF/gcAAIBm5O5/fNxi/wMAAEAzcvc/IW7pZP/r/1vr/++w4+Mu6P/P1i76f/3/5fT/R+tX0v/Pr/8/Mv3CndH/j/P8/wln/5o7WT/U/+v/Pf9f/8/+zK3/z93/xLilk/0PAAAAPcjd/6S4xf4HAACAZuTuf3LcYv8DAABAM3L3PyVu6WT/6/9b6/93fpzn/+v/172+5/+31P9Pv25v9P/j9P8TWnn+/2V+1Wy7n9+vbb9//b/+n1Vz6/9z9z81bulk/wMAAEAPcvc/LW6x/wEAAKAZufufHrfY/wAAANCM3P3PiFs62f/6f/3/Mvr/fAX9v/7/4Pv/pP9fJv3/OP3/hFb6/8u07X5+6e9f/6//Z9Xc+v/c/c+MWzrZ/wAAANCD3P3PilvsfwAAAGhG7v5nxy32PwAAADQjd/9z4pZO9r/+X/+/jP7f8//1/57/r/+/NPr/cfr/Cfp//b/+X//PRs2t/8/df23c0sn+BwAAgB7k7n9u3GL/AwAAQDNy9z8vbtnL/j+66XcFAAAAbFLu/ufHLZ18/1//r//X/+v/9f/rX1//v0z6/3H6/wmd9//DNfp//b/+n82aUf9/wUedGF4Qt3Sy/wEAAKAHuftfGLfY/wAAANCM3P0vilvsfwAAAGhG7v4Xxy2d7P/2+v/jS+3/z+Z8bfX/J4dh6Lv/P7rr66On/v/kBb+f9XWp/9f/HwL9/zj9/4TO+/9t9/NLf//6f/0/q2bU/5/9ce7+l8Qtnex/AAAA6EHu/pfGLfY/AAAANCN3/8viFvsfAAAAmpG7/+VxSyf7v73+3/P/h9n0/57/v/vro6f+3/P/V+n/D4f+f5z+f4L+X/+v/9f/s1Fz6/9z978ibjp29LI/RQAAAGBmcve/Mm7p5Pv/AAAA0IPc/a+KW+x/AAAAWKhrV34md/+r45ZO9r/+f7P9/7ELfk7/r//f/fWh/9f/6/8Pnv5/nP5/gv5f/6//1/+zUXPr/3P3vyZu6WT/AwAAQA9y918Xt9j/AAAA0Izc/a+NW+x/AAAAaEbu/tfFLZ3sf/2/5//r//X/U/3/+ceh6v/1//On/x+n/5+g/9f/b7f/P37+H/X/tGEP/f+ZM2dOHXj/n7v/9XFLJ/sfAAAAepC7/w1xi/0PAAAAzcjd/8a4xf4HAACAZuTuf1Pc0sn+1/932v/nl/qy+v9rhkH/7/n/+n/9/zj9/zj9/wT9v/7f8//1/2zU3J7/n7v/zXFLJ/sfAAAAepC7/y1xi/0PAAAAzcjdf33cYv8DAABAM3L3vzVu6WT/6/877f89/1//r/8/7P7/tkH/fygW0f+fvPjrz73/P63/1/+P6K7/v+fdd/xQ/6//Z9Xc+v/c/W+LWzrZ/wAAANCD3P1vj1vsfwAAAGhG7v53xC32PwAAADQjd/8746Yjnex//b/+X/+v/9f/r3/9Q37+/7FhGPT/G7CI/n/E3Pv/zTz/f/ef8vP0//r/Jb9//b/+n1Vz6/9z978rbulk/wMAAEAPcve/O26x/wEAAKAZufvfE7fY/wAAANCM3P3vjVs62f/6f/2//l//33z/f3oR/b/n/2+I/n/cPPr/i2uj/z8yDPp//b/+X//PqG31/7n73xe3dLL/AQAAoAe5+98ft9j/AAAA0Izc/R+IW+x/AAAAaEbu/g/GLZ3sf/2//n8v/X++T/1/W/3/8dn1/yd2/HqdPP9f/78h+v9x+v8Jnv+v/9f/X6v/Z5Pm9vz/3P0fils62f8AAADQg9z9N8St/+vW/gcAAIBm5O7/cNxi/wMAAEAzcvd/JG7pZP/r//X/nv+v/2/++f/6/67o/8fp/yfo//X/+n/P/2ej5tb/5+7/aNzSyf4HAACAHuTu/1jcYv8DAABAM3L33xi32P8AAADQjNz9N8Utnex//b/+X/+v/9f/n/s91P+3Qf8/7nD6/5P6f/1/9fNXxJ8C/b/+f+rjadPc+v/c/R+PWzrZ/wAAANCD3P2fiFvsfwAAAGhG7v5Pxi32PwAAACzSkTU/l7v/U3FLJ/tf/6//1//r//X/619f/79MW+n/84tiVv3/uv9l8vz/Sfr/Pfbzd97xo6U9/3/3nxL9v/6fzZtb/5+7/9NxSyf7HwAAAHqQu/8zcYv9DwAAAM3I3f/ZuMX+BwAAgGbk7v9c3NLJ/tf/6//1//p//f/619f/L5Pn/4/T/0/Q/2/1+flLf//6f/0/q+bW/+fu/3zc0sn+BwAAgB7k7v9C3GL/AwAAQDNy938xbrH/AQAAoBlnd3/GZR3uf/2//l//r//X/69/ff3/Mun/x+n/J+j/9f/6f/0/GzW3/v9LZz/qxPDluKWT/Q8AAAA9yN3/lbjF/gcAAIBm5O7/atxi/wMAAEAzcvd/LW7pZP/r//X/y+j/z5w5c0r/r//f+fmc7/9v1v9T9P/j9P8T9P/6f/2//p+Nmlv/n7v/63FLJ/sfAAAAepC7/xtxi/0PAAAAzcjd/824xf4HAACAZuTu/1bc0sn+1//PoP8/of/3/H/9/+D5/6v9/5Xn/lLW/++N/n+c/n9Ci/3/iUv/9Lfdz+/Xtt+//l//z6q59f+5+78dt3Sy/wEAAKAHufu/E7fY/wAAANCM3P3fjVvsfwAAAGhG7v7vxS2d7H/9/+H1/7f/t+vl+f8nh/XvX/+v/9f/e/7/QdP/j9P/T2ix/9+DbffzS3//+n/9P6vm1v/n7v9+3LJz+B3d22cJAAAAzEnu/h/ELZ18/x8AAAB6kLv/h3GL/Q8AAADNyN3/o7ilk/2v/5/B8/8b7P89/3/914f+f9b9/5X6/zbo/8fp/yfo//X/+v8N9f/51az/793c+v/c/T+OWzrZ/wAAANCD3P0/iVvsfwAAAGhG7v6fxi32PwAAADQjd//NccsF+39d290K/b/+X/+v/9f/r399/f8y6f/HXWr/f3zYX/+f9P/6f/1/r/2/5/9zztz6/9z9P4tbfP8fAAAAFufoRX4+d//P4xb7HwAAAJqRu/8XcYv9DwAAAM3I3f/LuOWWK7f1lg6V/l//r//X/+v/17++/n+Z9P/jZvn8/+tvrH/U/zfR/1+l/2+j/x8G/T/7N7f+P3f/r+IW3/8HAACAZuTu/3XcYv8DAABAM3L3/yZusf8BAACgGbn7fxu3dLL/9f/6/332/2fTTP3/Ofr/c/T/6+n/D4f+f9ws+/8L6P+b6P89/7+R/t/z/9mEufX/uft/F7d0sv8BAACgB7n7fx+32P8AAADQjNz9f4hb7H8AAABoRu7+P8Ytnez/rfX/8Z9a/7/4/t/z//X/+n/9/6zo/8fp/yfo//X/+n/9Pxs1t/4/d/+f4pZO9j8AAAD0IHf/n+MW+x8AAACakbv/L3GL/Q8AAADNyN3/17ilk/3v+f/6f/2//l//v/719f/LpP8fp/9fr36j9P/6f/2//p+Nmlv/n7v/b3FLJ/sfAAAAepC7/+9xi/0PAAAAzcjdf0vcYv8DAABAM3L3/yNu6WT/6//1//p//b/+f/3r6/+XSf8/bpv9/73uOP2ynv+/9f4/34L+X/+v/2cj5tb/5+6/NW7pZP8DAABAD3L3/zNusf8BAACgGbn7/xW32P8AAADQjNz9/45bOtn/E/3/8foX9f+j9P8737/+f/3Xh/5f/6//P3j6/3HLef5/fLz+fwfP/5/3+9f/6/9ZNbf+P3f/f+KWTvY/AAAA9CB3/21xi/0PAAAAzcjd/9+4xf4HAACAZuTu/1/c0sn+9/z/JfX/V+n/9f/6f/2//n+C/n/ccvp/z/9fR/8/7/ev/9f/s2pu/X/u/v8HAAD//8r1Pfg=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
listxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

333.447711ms ago: executing program 2 (id=2560):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x6, 0x4, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x23}, [@call={0x85, 0x0, 0x0, 0x63}]}, &(0x7f0000000100)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x6f, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94)

274.081308ms ago: executing program 2 (id=2561):
syz_mount_image$cramfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x2208000, &(0x7f0000000040), 0x1, 0x147, &(0x7f0000000240)="$eJzs0L9LOnEcx/HXfe++EqX9IAMLMqGhIzHPE2tq0EgSsoPCpUmwiwLFSChHI9oaglYHS2gS/wXLWiyFsH+ixS1oLM6PIEZL++uxHPd8v3kPH7W1ug4PIENYy2aOjs1cztzzbBvx6M57rRa2ug3A0MBc7N+HgQPrqwCdM8DKjw5g/zBtLqWyaeu/EwZUAJER0TWI3WGrOUUL9Jo6D9SnRNN/acFem1GAyFj/3tcNsGDdm+jf+wCQL3qrleetZiPmW7yblXER885NSoPdbV7q0emy3SUjYT7dItKdv/kbvld/tdJuNeObRtxoBXV9OagFNC3UNl6asVDhCsqG/QTY/XHPBpdbSQDnEnDdnXUeJAeAeunTyIyulHpvXTiVPYCUL6aSrv/lpHP8H2QVEoiIiIiIiIiIiIiIiIiIiP7qOwAA//8GrWWV")

214.126833ms ago: executing program 2 (id=2562):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r4, r1, 0x25, 0x0, @val=@tcx={@void, @value=r4}}, 0x1c)
syz_emit_ethernet(0x3a, &(0x7f0000002240)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4e20, 0x18, 0x0, @wg=@data={0x4, 0x8, 0x4}}}}}}, 0x0)

213.901666ms ago: executing program 2 (id=2563):
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x1200, 0x30, 0x3)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x2)
r2 = dup(r1)
r3 = open(&(0x7f0000000040)='./bus\x00', 0x40d00, 0x20)
sendfile(r2, r3, 0x0, 0x8000fffffffe)

113.103939ms ago: executing program 1 (id=2564):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = syz_io_uring_setup(0x10a, &(0x7f0000000140)={0x0, 0x5883, 0x1000, 0x3}, &(0x7f0000000040)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000340)='\x00', &(0x7f0000000380)='./file0\x00', 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 4 (id=2565):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x400, &(0x7f00000029c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x8001}}, {@journal_dev={'journal_dev', 0x3d, 0x9676}}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'ext4\x00'}}, {@fsname={'fsname', 0x3d, 'minixdf'}}], 0x2c}, 0x84, 0x45a, &(0x7f0000000480)="$eJzs20tvG1UbAOB3xknv/ZKvlEsvQKAgIi5Jkxbogg0IpG6QkGBRliFJq9K0QU2QaFXRgFBZov4CYInEL2AFGwSsQGxhj5Aq1A2FBRo09kzrJnaIL6mT+nkkt+d4jn3e1zMnPjNnHEDfGsn/SSJ2RcQvETFUq97eYKT2343rl6b/un5pOokse/2PpNruz+uXpsum5et2FpXRNCL9KIkDDfpduHDxzNTc3Oz5oj6+ePad8YULF585fXbq1Oyp2XOTx44dPTLx/HOTz3Ylz915rPvfnz+47/ibV1+dPnH1re+/zOPdVWyvz6NmuOM+R2Lk9s+yzuMdv/vGsruunAz0MBBaUomIfHcNVsf/UFTi1s4bilc+7GlwwLrKsizbuuLZSllYyoC7WBK9jgDojfKLPj//LR93cPrRc9derJ0A5XnfKB61LQORFm0Gl53fdtNIRJxY+vvT/BENr0MAAHTX1/n85+lG87807qtr979ibWg4Iv4fEXsi4p6I2BsR90ZU294fEQ+02P/IsvrK+c9P29tKbI3y+d8LxdrW7fO/cvYXw5Witrua/2By8vTc7OHiMxmNwa15fWKVPr55+edPmm2rn//lj7z/ci5YxPH7wLILdDNTi1Od5Fzv2gcR+wca5Z/cXAlIImJfROxv4/23RcTpJ7842Gz7f+e/ii6sM2WfRzxR2/9LsSz/UrL6+uT4tpibPTxeHhUr/fDjldea9d9R/l2Q7/8dDY//m/kPJ/XrtQut93Hl14+bntO0e/xvSd6olrcUz703tbh4fiJiS7K08vnJW68t62X7PP/RQ43H/56Ifz4rXncgIvKD+MGIeCgiHi5ifyQiHo2IQ6vk/91Lj73dfv7rK89/pqX933qhcubbr5r1v7b9f7RaGi2emZnKsuzy6nmtNcDOPj0AAADYHNLqPfBJOnaznKZjY7V7+PfGjnRufmHxqZPz756bqd0rPxyDaXmla6jueuhEcW24rE8uqx+pXjfOsizbXq2PTc/PrdeaOrA2O5uM/9xvlV5HB6y7ltbRmv2iDdiU/F4T+pfxD/3L+If+ZfxD/2o0/i9H3OhBKMAd5vsf+pfxD/3L+If+1f74dzMQbGKd/K5/tcKe4+v1zndbobIxwmi5EOmGCKO9QroxwqgVtkbEWhtfjjsVWK//MgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTHvwEAAP//H0rrgQ==")

kernel console output (not intermixed with test programs):

57][  T792] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  190.084145][  T975] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  190.090214][  T792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.094421][T10216] loop2: detected capacity change from 0 to 164
[  190.097903][  T792] usb 2-1: config 0 descriptor??
[  190.157839][T10218] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1647'.
[  190.233676][  T975] usb 4-1: Using ep0 maxpacket: 16
[  190.236843][  T975] usb 4-1: config 0 has an invalid interface number: 105 but max is 0
[  190.239591][  T975] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  190.243186][  T975] usb 4-1: config 0 has no interface number 0
[  190.255789][  T975] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  190.258885][  T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  190.261463][  T975] usb 4-1: Product: syz
[  190.262788][  T975] usb 4-1: Manufacturer: syz
[  190.294613][  T975] usb 4-1: SerialNumber: syz
[  190.302556][  T975] usb 4-1: config 0 descriptor??
[  190.308631][  T975] usb 4-1: Found UVC 0.00 device syz (046d:08f3)
[  190.310764][  T975] usb 4-1: No valid video chain found.
[  190.511736][  T975] usb 4-1: USB disconnect, device number 16
[  190.526105][  T792] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  190.776523][  T792] usb 2-1: USB disconnect, device number 31
[  191.167913][T10236] delete_channel: no stack
[  191.174547][T10235] delete_channel: no stack
[  191.461814][T10251] loop2: detected capacity change from 0 to 8192
[  191.470426][T10251] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  192.416831][T10271] netlink: 596 bytes leftover after parsing attributes in process `syz.1.1668'.
[  192.484810][T10273] loop3: detected capacity change from 0 to 512
[  192.517450][T10273] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.527155][T10273] ext4 filesystem being mounted at /323/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  192.667987][ T7644] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.982791][T10278] loop1: detected capacity change from 0 to 32768
[  192.991707][T10278] XFS: noikeep mount option is deprecated.
[  193.012628][T10278] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  193.032706][T10278] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  193.039897][T10278] XFS (loop1): Starting recovery (logdev: internal)
[  193.048028][T10278] XFS (loop1): Ending recovery (logdev: internal)
[  193.087217][ T5927] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  193.175651][T10296] loop3: detected capacity change from 0 to 32768
[  193.253311][T10296] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  193.253325][T10296]   allowing incompatible features above 0.0: (unknown version)
[  193.253358][T10296]   features: lz4
[  193.264303][T10296] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  193.267012][T10296] bcachefs (loop3): initializing new filesystem
[  193.275127][T10296] bcachefs (loop3): going read-write
[  193.281515][T10296] bcachefs (loop3): marking superblocks
[  193.292711][T10296] bcachefs (loop3): initializing freespace
[  193.297652][T10296] bcachefs (loop3): done initializing freespace
[  193.302560][T10296] bcachefs (loop3): reading snapshots table
[  193.304720][T10296] bcachefs (loop3): reading snapshots done
[  193.345070][T10296] bcachefs (loop3): done starting filesystem
[  193.433096][  T975] hid-generic 0000:0000:0000.0012: unknown main item tag 0x0
[  193.443079][  T975] hid-generic 0000:0000:0000.0012: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  193.567775][T10296] syz.3.1677 (10296) used greatest stack depth: 17448 bytes left
[  193.583070][ T7644] bcachefs (loop3): shutting down
[  193.584917][ T7644] bcachefs (loop3): going read-only
[  193.586529][ T7644] bcachefs (loop3): finished waiting for writes to stop
[  193.589105][ T7644] bcachefs (loop3): flushing journal and stopping allocators, journal seq 2
[  193.608740][ T7644] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 3
[  193.612132][ T7644] bcachefs (loop3): clean shutdown complete, journal seq 4
[  193.615187][ T7644] bcachefs (loop3): marking filesystem clean
[  193.630480][ T7644] bcachefs (loop3): shutdown complete
[  193.775723][T10324] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1685'.
[  193.778886][T10324] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1685'.
[  193.825351][T10328] loop1: detected capacity change from 0 to 512
[  193.828232][T10328] FAT-fs (loop1): bogus number of FAT sectors
[  193.830194][T10328] FAT-fs (loop1): Can't find a valid FAT filesystem
[  193.913911][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  193.915928][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  194.011233][T10332] loop1: detected capacity change from 0 to 32768
[  194.029288][T10332] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  194.035008][T10334] loop2: detected capacity change from 0 to 32768
[  194.051277][T10332] XFS (loop1): Ending clean mount
[  194.080203][ T5927] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  194.411159][T10334] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,background_target=invalid device 79,nojournal_transaction_names
[  194.411173][T10334]   allowing incompatible features above 0.0: (unknown version)
[  194.411178][T10334]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  194.425362][T10334] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  194.427969][T10334] bcachefs (loop2): initializing new filesystem
[  194.434093][T10334] bcachefs (loop2): going read-write
[  194.440122][T10334] bcachefs (loop2): marking superblocks
[  194.445760][   T10] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  194.476113][T10334] bcachefs (loop2): initializing freespace
[  194.494828][T10334] bcachefs (loop2): done initializing freespace
[  194.500760][T10334] bcachefs (loop2): reading snapshots table
[  194.505472][T10334] bcachefs (loop2): reading snapshots done
[  194.557811][T10334] bcachefs (loop2): done starting filesystem
[  194.596117][   T10] usb 2-1: Using ep0 maxpacket: 16
[  194.609710][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  194.612933][   T10] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  194.633800][   T10] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  194.642301][   T10] usb 2-1: config 0 interface 0 has no altsetting 0
[  194.648845][   T10] usb 2-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  194.651747][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.667555][   T10] usb 2-1: config 0 descriptor??
[  194.898457][T10334] syz.2.1690 (10334) used greatest stack depth: 16424 bytes left
[  194.910836][ T5920] bcachefs (loop2): shutting down
[  194.913372][ T5920] bcachefs (loop2): going read-only
[  194.922837][ T5920] bcachefs (loop2): finished waiting for writes to stop
[  194.932352][ T5920] bcachefs (loop2): flushing journal and stopping allocators, journal seq 3
[  194.995964][ T5920] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4
[  195.002377][ T5920] bcachefs (loop2): clean shutdown complete, journal seq 5
[  195.009837][ T5920] bcachefs (loop2): marking filesystem clean
[  195.089034][ T5920] bcachefs (loop2): shutdown complete
[  195.104908][   T10] kye 0003:0458:0153.0013: unexpected long global item
[  195.107978][   T10] kye 0003:0458:0153.0013: parse failed
[  195.109834][   T10] kye 0003:0458:0153.0013: probe with driver kye failed with error -22
[  195.310345][   T10] usb 2-1: USB disconnect, device number 32
[  195.718253][T10365] pim6reg1: entered promiscuous mode
[  195.720020][T10365] pim6reg1: entered allmulticast mode
[  196.015610][T10371] loop3: detected capacity change from 0 to 32768
[  196.085185][T10371] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  196.092112][T10371] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  196.124458][T10371] XFS (loop3): Ending clean mount
[  196.130464][T10371] XFS (loop3): Quotacheck needed: Please wait.
[  196.160941][T10371] XFS (loop3): Quotacheck: Done.
[  196.185326][ T7644] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  196.343699][   T10] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  196.528574][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  196.533082][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  196.553573][   T10] usb 2-1: New USB device found, idVendor=046d, idProduct=c713, bcdDevice= 0.00
[  196.567636][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  196.585843][   T10] usb 2-1: config 0 descriptor??
[  197.027021][T10387] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  197.031169][T10387] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  197.177728][   T10] hid (null): global environment stack underflow
[  197.183913][   T10] logitech-djreceiver 0003:046D:C713.0014: unexpected long global item
[  197.187376][   T10] logitech-djreceiver 0003:046D:C713.0014: logi_dj_probe: parse failed
[  197.189963][   T10] logitech-djreceiver 0003:046D:C713.0014: probe with driver logitech-djreceiver failed with error -22
[  197.318555][  T975] usb 2-1: USB disconnect, device number 33
[  198.526361][T10421] loop1: detected capacity change from 0 to 256
[  198.545736][T10421] exfat: Deprecated parameter 'namecase'
[  198.547615][T10421] exfat: Deprecated parameter 'utf8'
[  198.584847][T10421] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  198.864802][T10430] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1715'.
[  199.092238][T10432] loop1: detected capacity change from 0 to 32768
[  199.095844][T10432] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1716 (10432)
[  199.173096][T10432] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  199.183974][T10432] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  199.194004][T10432] BTRFS info (device loop1): using free-space-tree
[  199.267183][T10446] lo speed is unknown, defaulting to 1000
[  199.269528][T10446] lo speed is unknown, defaulting to 1000
[  199.283973][T10446] lo speed is unknown, defaulting to 1000
[  199.304505][T10446] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  199.331677][T10446] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  199.410076][T10446] lo speed is unknown, defaulting to 1000
[  199.413067][T10446] lo speed is unknown, defaulting to 1000
[  199.416350][T10446] lo speed is unknown, defaulting to 1000
[  199.524277][ T5927] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  199.752820][T10454] loop3: detected capacity change from 0 to 40427
[  199.772067][T10454] F2FS-fs (loop3): Wrong NAT boundary, start(2560) end(3584) blocks(512)
[  199.780812][T10454] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  199.784593][T10454] F2FS-fs (loop3): invalid crc value
[  199.837826][T10454] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  199.856284][T10454] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  199.858506][T10454] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  199.877557][   T33] audit: type=1800 audit(1755051714.209:82): pid=10454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1722" name="file1" dev="loop3" ino=10 res=0 errno=0
[  199.909746][T10465] loop1: detected capacity change from 0 to 32768
[  199.924720][T10465] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  199.932592][ T7644] syz-executor: attempt to access beyond end of device
[  199.932592][ T7644] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  199.943015][ T7644] CPU: 0 UID: 0 PID: 7644 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  199.943028][ T7644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  199.943033][ T7644] Call Trace:
[  199.943037][ T7644]  <TASK>
[  199.943041][ T7644]  dump_stack_lvl+0x189/0x250
[  199.943056][ T7644]  ? __pfx_dump_stack_lvl+0x10/0x10
[  199.943065][ T7644]  ? __pfx_queue_work_on+0x10/0x10
[  199.943074][ T7644]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  199.943083][ T7644]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  199.943097][ T7644]  f2fs_handle_critical_error+0x37c/0x540
[  199.943110][ T7644]  f2fs_write_end_io+0x886/0xb60
[  199.943129][ T7644]  __submit_merged_bio+0x27a/0x6a0
[  199.943141][ T7644]  __submit_merged_write_cond+0x255/0x530
[  199.943153][ T7644]  f2fs_write_data_pages+0x261d/0x3000
[  199.943162][ T7644]  ? __lock_acquire+0xab9/0xd20
[  199.943187][ T7644]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  199.943229][ T7644]  ? __lock_acquire+0xab9/0xd20
[  199.943267][ T7644]  ? do_raw_spin_lock+0x121/0x290
[  199.943283][ T7644]  ? do_raw_spin_unlock+0x4d/0x240
[  199.943292][ T7644]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  199.943303][ T7644]  do_writepages+0x32e/0x550
[  199.943319][ T7644]  ? do_raw_spin_unlock+0x4d/0x240
[  199.943329][ T7644]  filemap_fdatawrite+0x199/0x240
[  199.943340][ T7644]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  199.943404][ T7644]  ? do_raw_spin_unlock+0x4d/0x240
[  199.943417][ T7644]  f2fs_sync_dirty_inodes+0x31f/0x830
[  199.943435][ T7644]  f2fs_write_checkpoint+0x95a/0x1df0
[  199.943457][ T7644]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  199.943494][ T7644]  ? kill_f2fs_super+0x298/0x6c0
[  199.943507][ T7644]  kill_f2fs_super+0x2c3/0x6c0
[  199.943520][ T7644]  ? __pfx_kill_f2fs_super+0x10/0x10
[  199.943529][ T7644]  ? radix_tree_delete_item+0x2b6/0x400
[  199.943542][ T7644]  ? shrinker_free+0x2ce/0x3e0
[  199.943552][ T7644]  deactivate_locked_super+0xbc/0x130
[  199.943562][ T7644]  cleanup_mnt+0x425/0x4c0
[  199.943571][ T7644]  ? lockdep_hardirqs_on+0x9c/0x150
[  199.943581][ T7644]  task_work_run+0x1d4/0x260
[  199.943593][ T7644]  ? __pfx_task_work_run+0x10/0x10
[  199.943601][ T7644]  ? __x64_sys_umount+0x122/0x160
[  199.943614][ T7644]  ? exit_to_user_mode_loop+0x40/0x110
[  199.943627][ T7644]  exit_to_user_mode_loop+0xec/0x110
[  199.943637][ T7644]  do_syscall_64+0x2bd/0x3b0
[  199.943646][ T7644]  ? lockdep_hardirqs_on+0x9c/0x150
[  199.943654][ T7644]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.943661][ T7644]  ? exc_page_fault+0x9f/0xf0
[  199.943671][ T7644]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.943678][ T7644] RIP: 0033:0x7f37f1f8ff17
[  199.943686][ T7644] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  199.943693][ T7644] RSP: 002b:00007fff01ca7018 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  199.943702][ T7644] RAX: 0000000000000000 RBX: 00007f37f2011c05 RCX: 00007f37f1f8ff17
[  199.943708][ T7644] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff01ca70d0
[  199.943712][ T7644] RBP: 00007fff01ca70d0 R08: 0000000000000000 R09: 0000000000000000
[  199.943717][ T7644] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff01ca8160
[  199.943721][ T7644] R13: 00007f37f2011c05 R14: 0000000000030c6c R15: 00007fff01ca81a0
[  199.943735][ T7644]  </TASK>
[  200.059455][ T7644] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  200.061739][T10480] netlink: 'syz.2.1726': attribute type 1 has an invalid length.
[  200.064405][T10480] netlink: 'syz.2.1726': attribute type 2 has an invalid length.
[  200.070564][T10465] XFS (loop1): Ending clean mount
[  200.098101][ T5927] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  200.219949][T10487] netlink: 'syz.2.1730': attribute type 2 has an invalid length.
[  200.222540][T10487] netlink: 'syz.2.1730': attribute type 1 has an invalid length.
[  200.279776][T10493] netlink: 'syz.2.1732': attribute type 1 has an invalid length.
[  200.282178][T10493] netlink: 'syz.2.1732': attribute type 11 has an invalid length.
[  200.290015][T10493] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1732'.
[  200.521197][T10517] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1743'.
[  200.571950][T10500] loop2: detected capacity change from 0 to 32768
[  200.596687][T10500] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1735 (10500)
[  200.615945][T10500] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  200.619202][T10500] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  200.621900][T10500] BTRFS info (device loop2): disk space caching is enabled
[  200.636880][T10500] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  200.700841][   T27] BTRFS warning (device loop2): checksum verify failed on logical 5287936 mirror 1 wanted 0xba2f3320fe4f0dfed931d5a5c7a64dbbccc1fca522c14bbe02198145e0728966 found 0xb937183608d9deb3b5d1d57d8a08a021a222f18007389cac0d84f34558159855 level 0
[  200.728904][T10500] BTRFS warning (device loop2): failed to read root (objectid=4): -5
[  200.788982][T10500] BTRFS error (device loop2): open_ctree failed: -5
[  201.604473][T10563] tipc: Invalid UDP bearer configuration
[  201.604507][T10563] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  201.682731][T10569] loop1: detected capacity change from 0 to 512
[  205.067153][T10613] netlink: 'syz.2.1779': attribute type 1 has an invalid length.
[  205.069963][T10613] netlink: 'syz.2.1779': attribute type 4 has an invalid length.
[  205.072469][T10613] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1779'.
[  205.270415][T10617] loop1: detected capacity change from 0 to 32768
[  205.297267][T10617] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  205.335791][ T5927] ocfs2: Unmounting device (7,1) on (node local)
[  205.763871][ T5970] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  205.933854][ T5970] usb 4-1: Using ep0 maxpacket: 8
[  205.938217][ T5970] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  205.941490][ T5970] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  205.945020][ T5970] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  205.948149][ T5970] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.953255][ T5970] usb 4-1: config 0 descriptor??
[  206.512024][T10668] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1803'.
[  206.666920][ T5970] usb 4-1: USB disconnect, device number 17
[  207.019045][T10691] loop2: detected capacity change from 0 to 4096
[  207.069762][T10695] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  207.092466][   T33] audit: type=1800 audit(1755051722.420:83): pid=10691 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1813" name="file1" dev="loop2" ino=15 res=0 errno=0
[  207.298831][T10706] netlink: 'syz.2.1820': attribute type 1 has an invalid length.
[  207.308774][T10706] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1820'.
[  207.628651][T10718] loop1: detected capacity change from 0 to 16
[  207.720996][T10718] erofs (device loop1): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[  207.742017][T10718] erofs (device loop1): mounted with root inode @ nid 36.
[  208.624152][  T975] usb 4-1: new full-speed USB device number 18 using dummy_hcd
[  208.778588][  T975] usb 4-1: config 7 has an invalid interface number: 170 but max is 0
[  208.781633][  T975] usb 4-1: config 7 has no interface number 0
[  208.790057][  T975] usb 4-1: New USB device found, idVendor=0979, idProduct=0227, bcdDevice=24.83
[  208.795313][  T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.798110][  T975] usb 4-1: Product: syz
[  208.799594][  T975] usb 4-1: Manufacturer: syz
[  208.801202][  T975] usb 4-1: SerialNumber: syz
[  209.041625][  T975] gspca_main: jl2005bcd-2.14.0 probing 0979:0227
[  209.049786][  T975] command write [95] error -22
[  209.061080][T10746] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  209.065544][  T975] usb 4-1: USB disconnect, device number 18
[  209.623642][  T975] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  209.647628][T10759] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1840'.
[  209.769280][T10769] loop3: detected capacity change from 0 to 512
[  209.774157][  T975] usb 2-1: Using ep0 maxpacket: 16
[  209.775794][T10769] EXT4-fs: Ignoring removed mblk_io_submit option
[  209.778208][  T975] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  209.781912][  T975] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  209.782558][T10769] EXT4-fs: inline encryption not supported
[  209.786737][  T975] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0
[  209.790426][  T975] usb 2-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  209.794484][T10769] EXT4-fs: Ignoring removed mblk_io_submit option
[  209.795812][  T975] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  209.797178][T10769] EXT4-fs (loop3): Test dummy encryption mode enabled
[  209.799713][  T975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  209.801882][T10769] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  209.806074][  T975] usb 2-1: SerialNumber: syz
[  209.813052][  T975] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -12
[  209.827957][T10769] EXT4-fs (loop3): 1 truncate cleaned up
[  209.830434][T10769] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  209.873492][ T5991] usb 3-1: new full-speed USB device number 28 using dummy_hcd
[  209.996416][ T7644] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.035469][ T5970] usb 2-1: USB disconnect, device number 34
[  210.037300][ T5991] usb 3-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62
[  210.041548][ T5991] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  210.045528][ T5991] usb 3-1: Product: syz
[  210.047380][ T5991] usb 3-1: Manufacturer: syz
[  210.049006][ T5991] usb 3-1: SerialNumber: syz
[  210.051766][ T5991] usb 3-1: config 0 descriptor??
[  210.057220][ T5991] usb 3-1: selecting invalid altsetting 3
[  210.059356][ T5991] comedi comedi5: could not set alternate setting 3 in high speed
[  210.061785][ T5991] usbdux 3-1:0.0: driver 'usbdux' failed to auto-configure device.
[  210.067546][ T5991] usbdux 3-1:0.0: probe with driver usbdux failed with error -22
[  210.257170][ T5991] usb 3-1: USB disconnect, device number 28
[  210.836299][T10793] loop2: detected capacity change from 0 to 256
[  211.889586][T10805] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1860'.
[  211.898037][T10805] openvswitch: netlink: Unknown nsh attribute 0
[  211.900205][T10805] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  212.025039][T10815] loop1: detected capacity change from 0 to 256
[  212.040403][T10815] FAT-fs (loop1): Directory bread(block 64) failed
[  212.042703][T10815] FAT-fs (loop1): Directory bread(block 65) failed
[  212.045334][T10815] FAT-fs (loop1): Directory bread(block 66) failed
[  212.047501][T10815] FAT-fs (loop1): Directory bread(block 67) failed
[  212.049679][T10815] FAT-fs (loop1): Directory bread(block 68) failed
[  212.051805][T10815] FAT-fs (loop1): Directory bread(block 69) failed
[  212.054176][T10815] FAT-fs (loop1): Directory bread(block 70) failed
[  212.056325][T10815] FAT-fs (loop1): Directory bread(block 71) failed
[  212.058400][T10815] FAT-fs (loop1): Directory bread(block 72) failed
[  212.060430][T10815] FAT-fs (loop1): Directory bread(block 73) failed
[  212.530033][T10817] loop1: detected capacity change from 0 to 131072
[  212.532962][T10817] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[  212.535646][T10817] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  212.541353][T10817] F2FS-fs (loop1): invalid crc value
[  212.567920][T10817] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  212.571804][T10817] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  212.574261][T10817] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  212.802115][T10823] loop2: detected capacity change from 0 to 4096
[  212.810553][T10823] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  212.898189][T10827] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  212.903209][T10827] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  212.907056][T10827] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  213.214401][   T10] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  213.251019][T10836] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1872'.
[  213.378144][   T10] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  213.383507][   T10] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  213.396636][   T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  213.403960][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  213.411183][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  213.430906][   T10] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  213.435236][   T10] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  213.441405][   T10] usb 2-1: Product: syz
[  213.445160][   T10] usb 2-1: Manufacturer: syz
[  213.466825][   T10] cdc_wdm 2-1:1.0: skipping garbage
[  213.475848][   T10] cdc_wdm 2-1:1.0: skipping garbage
[  213.489812][   T10] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  213.495426][   T10] cdc_wdm 2-1:1.0: Unknown control protocol
[  213.893220][  T975] usb 2-1: USB disconnect, device number 35
[  214.073509][ T5991] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  214.223569][ T5991] usb 3-1: Using ep0 maxpacket: 16
[  214.226760][ T5991] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  214.230215][ T5991] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[  214.235484][ T5991] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  214.238575][ T5991] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  214.241304][ T5991] usb 3-1: SerialNumber: syz
[  214.448301][T10866] loop1: detected capacity change from 0 to 1024
[  214.451752][T10866] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869)
[  214.456240][T10866] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  214.460748][T10866] jbd2_journal_init_inode: Cannot locate journal superblock
[  214.463250][T10866] EXT4-fs (loop1): Could not load journal inode
[  215.143502][  T792] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  215.162983][T10895] loop1: detected capacity change from 0 to 1024
[  215.173324][T10895] hfsplus: bad catalog entry type
[  215.295355][  T792] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  215.300482][  T792] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  215.303850][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.306549][  T792] usb 4-1: Product: syz
[  215.307924][  T792] usb 4-1: Manufacturer: syz
[  215.309479][  T792] usb 4-1: SerialNumber: syz
[  215.315672][  T792] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  215.464051][  T975] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  215.518239][  T792] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter)
[  215.524431][  T792] usb 4-1: USB disconnect, device number 19
[  215.613623][  T975] usb 2-1: Using ep0 maxpacket: 8
[  215.620114][  T975] usb 2-1: config 105 has an invalid interface number: 212 but max is 0
[  215.623999][  T975] usb 2-1: config 105 has no interface number 0
[  215.627090][  T975] usb 2-1: config 105 interface 212 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1024
[  215.631414][  T975] usb 2-1: config 105 interface 212 altsetting 0 endpoint 0x5 has invalid maxpacket 431, setting to 64
[  215.639128][  T975] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=72.73
[  215.643111][  T975] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.646957][  T975] usb 2-1: Product: syz
[  215.648693][  T975] usb 2-1: Manufacturer: syz
[  215.650383][  T975] usb 2-1: SerialNumber: syz
[  215.654308][T10899] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  215.862201][  T975] port100 2-1:105.212: NFC: Could not find bulk-in or bulk-out endpoint
[  215.868152][  T975] usb 2-1: USB disconnect, device number 36
[  216.313485][  T975] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  216.463555][  T975] usb 4-1: Using ep0 maxpacket: 32
[  216.466946][  T975] usb 4-1: config 0 has an invalid interface number: 126 but max is 0
[  216.469820][  T975] usb 4-1: config 0 has no interface number 0
[  216.471971][  T975] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x6 has invalid maxpacket 1023
[  216.475644][  T975] usb 4-1: config 0 interface 126 altsetting 16 bulk endpoint 0x82 has invalid maxpacket 8
[  216.479199][  T975] usb 4-1: config 0 interface 126 has no altsetting 0
[  216.483848][  T975] usb 4-1: New USB device found, idVendor=09c4, idProduct=0011, bcdDevice=b0.1c
[  216.486960][  T975] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.489690][  T975] usb 4-1: Product: syz
[  216.491180][  T975] usb 4-1: Manufacturer: syz
[  216.492786][  T975] usb 4-1: SerialNumber: syz
[  216.498908][  T975] usb 4-1: config 0 descriptor??
[  216.501444][T10903] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  216.504182][T10903] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  216.693567][  T792] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  216.715708][  T975] ir_usb 4-1:0.126: IR Dongle converter detected
[  216.718523][  T975] usb 4-1: IRDA class descriptor not found, device not bound
[  216.723379][  T975] usb 4-1: USB disconnect, device number 20
[  216.843598][  T792] usb 2-1: Using ep0 maxpacket: 8
[  216.855376][  T792] usb 2-1: unable to get BOS descriptor or descriptor too short
[  216.858994][  T792] usb 2-1: config 82 has an invalid interface number: 96 but max is 0
[  216.861853][  T792] usb 2-1: config 82 has no interface number 0
[  216.864860][  T792] usb 2-1: config 82 interface 96 altsetting 225 has an endpoint descriptor with address 0x11, changing to 0x1
[  216.868699][  T792] usb 2-1: config 82 interface 96 altsetting 225 endpoint 0x1 has invalid maxpacket 2047, setting to 1024
[  216.872307][  T792] usb 2-1: config 82 interface 96 altsetting 225 bulk endpoint 0x1 has invalid maxpacket 1024
[  216.875978][  T792] usb 2-1: config 82 interface 96 has no altsetting 0
[  216.878118][ T5991] usb 3-1: USB disconnect, device number 29
[  216.892953][  T792] usb 2-1: New USB device found, idVendor=16ab, idProduct=7802, bcdDevice=ce.24
[  216.901546][  T792] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  216.904490][  T792] usb 2-1: Product: syz
[  216.905854][  T792] usb 2-1: Manufacturer: syz
[  216.907347][  T792] usb 2-1: SerialNumber: syz
[  216.910836][T10909] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22
[  216.938408][T10911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1905'.
[  217.059772][T10918] netlink: 'syz.2.1907': attribute type 1 has an invalid length.
[  217.132343][  T792] usb 2-1: Could not find all expected endpoints
[  217.154046][  T792] usb 2-1: USB disconnect, device number 37
[  217.658060][T10928] loop3: detected capacity change from 0 to 1024
[  217.662608][T10928] EXT4-fs: Ignoring removed i_version option
[  217.666655][T10928] EXT4-fs: Ignoring removed oldalloc option
[  217.670473][T10928] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  217.678412][T10928] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869)
[  217.682160][T10928] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  217.688135][T10928] EXT4-fs (loop3): filesystem has both journal inode and journal device!
[  217.940694][T10936] loop1: detected capacity change from 0 to 1024
[  218.044574][  T162] hfsplus: b-tree write err: -5, ino 4
[  218.150804][T10941] rtc_cmos 00:04: Alarms can be up to one day in the future
[  218.325853][T10948] loop2: detected capacity change from 0 to 40427
[  218.336106][T10948] F2FS-fs (loop2): invalid crc value
[  218.376775][T10948] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  218.379965][T10948] F2FS-fs (loop2): Start checkpoint disabled!
[  218.383367][T10948] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  218.393553][   T24] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  218.411660][   T27] kworker/u10:0: attempt to access beyond end of device
[  218.411660][   T27] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  218.417079][   T27] CPU: 0 UID: 0 PID: 27 Comm: kworker/u10:0 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  218.417093][   T27] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  218.417098][   T27] Workqueue: writeback wb_workfn (flush-7:2)
[  218.417112][   T27] Call Trace:
[  218.417116][   T27]  <TASK>
[  218.417120][   T27]  dump_stack_lvl+0x189/0x250
[  218.417132][   T27]  ? __pfx_dump_stack_lvl+0x10/0x10
[  218.417141][   T27]  ? __pfx_queue_work_on+0x10/0x10
[  218.417149][   T27]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  218.417158][   T27]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  218.417171][   T27]  f2fs_handle_critical_error+0x37c/0x540
[  218.417184][   T27]  f2fs_write_end_io+0x886/0xb60
[  218.417202][   T27]  __submit_merged_bio+0x27a/0x6a0
[  218.417215][   T27]  __submit_merged_write_cond+0x255/0x530
[  218.417227][   T27]  f2fs_write_data_pages+0x261d/0x3000
[  218.417252][   T27]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  218.417268][   T27]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  218.417314][   T27]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  218.417324][   T27]  ? look_up_lock_class+0x74/0x170
[  218.417338][   T27]  ? trace_f2fs_writepages+0x7f/0x200
[  218.417347][   T27]  ? f2fs_write_node_pages+0x478/0x6e0
[  218.417365][   T27]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  218.417380][   T27]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  218.417390][   T27]  do_writepages+0x32e/0x550
[  218.417403][   T27]  ? reacquire_held_locks+0x127/0x1d0
[  218.417410][   T27]  ? writeback_sb_inodes+0x384/0x1010
[  218.417424][   T27]  __writeback_single_inode+0x145/0xff0
[  218.417433][   T27]  ? do_raw_spin_unlock+0x4d/0x240
[  218.417444][   T27]  writeback_sb_inodes+0x6c7/0x1010
[  218.417466][   T27]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  218.417495][   T27]  ? rcu_is_watching+0x15/0xb0
[  218.417507][   T27]  wb_writeback+0x43b/0xaf0
[  218.417520][   T27]  ? queue_io+0x371/0x590
[  218.417531][   T27]  ? __pfx_wb_writeback+0x10/0x10
[  218.417544][   T27]  ? _raw_spin_unlock_irq+0x23/0x50
[  218.417554][   T27]  wb_workfn+0x409/0xef0
[  218.417569][   T27]  ? __pfx_wb_workfn+0x10/0x10
[  218.417579][   T27]  ? __lock_acquire+0xab9/0xd20
[  218.417595][   T27]  ? process_scheduled_works+0x9ef/0x17b0
[  218.417605][   T27]  ? _raw_spin_unlock_irq+0x23/0x50
[  218.417612][   T27]  ? process_scheduled_works+0x9ef/0x17b0
[  218.417619][   T27]  ? process_scheduled_works+0x9ef/0x17b0
[  218.417626][   T27]  process_scheduled_works+0xae1/0x17b0
[  218.417648][   T27]  ? __pfx_process_scheduled_works+0x10/0x10
[  218.417684][   T27]  worker_thread+0x8a0/0xda0
[  218.417706][   T27]  kthread+0x711/0x8a0
[  218.417716][   T27]  ? __pfx_worker_thread+0x10/0x10
[  218.417723][   T27]  ? __pfx_kthread+0x10/0x10
[  218.417734][   T27]  ? _raw_spin_unlock_irq+0x23/0x50
[  218.417741][   T27]  ? lockdep_hardirqs_on+0x9c/0x150
[  218.417748][   T27]  ? __pfx_kthread+0x10/0x10
[  218.417758][   T27]  ret_from_fork+0x3fc/0x770
[  218.417767][   T27]  ? __pfx_ret_from_fork+0x10/0x10
[  218.417778][   T27]  ? __switch_to_asm+0x39/0x70
[  218.417786][   T27]  ? __switch_to_asm+0x33/0x70
[  218.417794][   T27]  ? __pfx_kthread+0x10/0x10
[  218.417804][   T27]  ret_from_fork_asm+0x1a/0x30
[  218.417821][   T27]  </TASK>
[  218.419079][   T27] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  218.530727][  T792] usb 2-1: new high-speed USB device number 38 using dummy_hcd
[  218.548534][   T24] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  218.551280][   T24] usb 4-1: config 0 has no interface number 0
[  218.557232][   T24] usb 4-1: config 0 interface 255 has no altsetting 0
[  218.563492][   T24] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  218.567521][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.571593][   T24] usb 4-1: config 0 descriptor??
[  218.578431][   T24] cp210x 4-1:0.255: cp210x converter detected
[  218.684934][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10
[  218.689369][  T792] usb 2-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00
[  218.693685][  T792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.698428][  T792] usb 2-1: config 0 descriptor??
[  218.930318][T10958] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  218.934142][T10958] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  219.083958][T10952] Bluetooth: hci0: unsupported parameter 4096
[  219.086171][T10952] Bluetooth: hci0: invalid len left 4, exp >= 243
[  219.103792][   T24] cp210x 4-1:0.255: failed to get vendor val 0x000e size 3: -32
[  219.146632][ T5970] rtc_cmos 00:04: Alarms can be up to one day in the future
[  219.154073][ T5970] rtc_cmos 00:04: Alarms can be up to one day in the future
[  219.157143][  T792] usbhid 2-1:0.0: can't add hid device: -71
[  219.159586][  T792] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  219.164084][ T5970] rtc_cmos 00:04: Alarms can be up to one day in the future
[  219.167950][ T5970] rtc_cmos 00:04: Alarms can be up to one day in the future
[  219.170910][ T5970] rtc rtc0: __rtc_set_alarm: err=-22
[  219.174462][  T792] usb 2-1: USB disconnect, device number 38
[  219.313177][   T24] cp210x 4-1:0.255: GPIO initialisation failed: -19
[  219.317583][   T24] usb 4-1: cp210x converter now attached to ttyUSB0
[  219.517794][   T24] usb 4-1: USB disconnect, device number 21
[  219.562529][   T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  219.566319][   T24] cp210x 4-1:0.255: device disconnected
[  219.591953][T10960] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1926'.
[  219.599336][T10960] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1926'.
[  219.637597][T10962] loop1: detected capacity change from 0 to 128
[  219.884857][  T792] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  219.908507][T10983] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  220.045156][  T792] usb 3-1: Using ep0 maxpacket: 16
[  220.051477][  T792] usb 3-1: config 0 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  220.055240][  T792] usb 3-1: config 0 interface 0 has no altsetting 0
[  220.057414][  T792] usb 3-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.00
[  220.068086][  T792] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.075715][  T792] usb 3-1: config 0 descriptor??
[  220.400055][ T5970] kernel write not supported for file /934/loginuid (pid: 5970 comm: kworker/0:4)
[  220.490204][  T792] logitech 0003:046D:C295.0015: unknown main item tag 0x0
[  220.492742][  T792] logitech 0003:046D:C295.0015: unknown main item tag 0x0
[  220.495931][  T792] logitech 0003:046D:C295.0015: unknown main item tag 0x0
[  220.498284][  T792] logitech 0003:046D:C295.0015: unknown main item tag 0x0
[  220.500880][  T792] logitech 0003:046D:C295.0015: unknown main item tag 0x0
[  220.508983][  T792] logitech 0003:046D:C295.0015: hidraw0: USB HID v0.05 Device [HID 046d:c295] on usb-dummy_hcd.2-1/input0
[  220.516347][  T792] logitech 0003:046D:C295.0015: no inputs found
[  220.699762][ T5970] usb 3-1: USB disconnect, device number 30
[  220.837947][T11010] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  220.874855][T11012] netlink: 'syz.1.1949': attribute type 5 has an invalid length.
[  221.263495][T11017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1951'.
[  221.505726][T11026] loop2: detected capacity change from 0 to 512
[  221.518646][T11026] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.1955: invalid indirect mapped block 4294967295 (level 1)
[  221.535831][T11026] EXT4-fs (loop2): Remounting filesystem read-only
[  221.539627][T11026] EXT4-fs (loop2): 2 truncates cleaned up
[  221.562612][T11026] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.640091][ T5920] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.123363][T11037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1958'.
[  222.130175][T11037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1958'.
[  222.132999][T11037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1958'.
[  222.536027][T11043] loop2: detected capacity change from 0 to 128
[  222.643802][T11043] FAT-fs (loop2): error, corrupted directory (invalid i_start)
[  222.646550][T11043] FAT-fs (loop2): Filesystem has been set read-only
[  222.887314][  T975] lo speed is unknown, defaulting to 1000
[  223.264144][T11066] futex_wake_op: syz.2.1969 tries to shift op by 32; fix this program
[  224.028406][   T33] audit: type=1326 audit(1755051739.360:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11081 comm="syz.3.1975" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f37f1f8ebe9 code=0x0
[  224.843512][  T975] usb 2-1: new high-speed USB device number 39 using dummy_hcd
[  224.890196][T11089] loop2: detected capacity change from 0 to 40427
[  224.916428][T11089] F2FS-fs (loop2): invalid crc value
[  224.985514][T11089] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  224.994984][T11089] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  224.995569][  T975] usb 2-1: config 0 has an invalid interface number: 156 but max is 0
[  225.000884][  T975] usb 2-1: config 0 has no interface number 0
[  225.002979][  T975] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  225.010861][  T975] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  225.020997][  T975] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  225.026928][  T975] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  225.029769][  T975] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.035683][  T975] usb 2-1: config 0 descriptor??
[  225.042496][  T975] gspca_main: spca561-2.14.0 probing abcd:cdee
[  225.097874][ T5920] syz-executor: attempt to access beyond end of device
[  225.097874][ T5920] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  225.113129][ T5920] CPU: 1 UID: 0 PID: 5920 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  225.113142][ T5920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  225.113147][ T5920] Call Trace:
[  225.113150][ T5920]  <TASK>
[  225.113154][ T5920]  dump_stack_lvl+0x189/0x250
[  225.113168][ T5920]  ? __pfx_dump_stack_lvl+0x10/0x10
[  225.113182][ T5920]  ? __pfx_queue_work_on+0x10/0x10
[  225.113206][ T5920]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  225.113215][ T5920]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  225.113228][ T5920]  f2fs_handle_critical_error+0x37c/0x540
[  225.113240][ T5920]  f2fs_write_end_io+0x886/0xb60
[  225.113258][ T5920]  __submit_merged_bio+0x27a/0x6a0
[  225.113269][ T5920]  __submit_merged_write_cond+0x255/0x530
[  225.113280][ T5920]  f2fs_write_data_pages+0x261d/0x3000
[  225.113303][ T5920]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  225.113330][ T5920]  ? __mod_zone_page_state+0xd7/0x140
[  225.113344][ T5920]  ? folios_put_refs+0x560/0x640
[  225.113358][ T5920]  ? __lock_acquire+0xab9/0xd20
[  225.113371][ T5920]  ? do_raw_spin_lock+0x121/0x290
[  225.113384][ T5920]  ? do_raw_spin_unlock+0x4d/0x240
[  225.113393][ T5920]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  225.113403][ T5920]  do_writepages+0x32e/0x550
[  225.113417][ T5920]  ? do_raw_spin_unlock+0x4d/0x240
[  225.113427][ T5920]  filemap_fdatawrite+0x199/0x240
[  225.113436][ T5920]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  225.113464][ T5920]  ? do_raw_spin_unlock+0x4d/0x240
[  225.113475][ T5920]  f2fs_sync_dirty_inodes+0x31f/0x830
[  225.113492][ T5920]  f2fs_write_checkpoint+0x95a/0x1df0
[  225.113511][ T5920]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  225.113540][ T5920]  ? kill_f2fs_super+0x298/0x6c0
[  225.113552][ T5920]  kill_f2fs_super+0x2c3/0x6c0
[  225.113564][ T5920]  ? __pfx_kill_f2fs_super+0x10/0x10
[  225.113573][ T5920]  ? radix_tree_delete_item+0x2b6/0x400
[  225.113585][ T5920]  ? shrinker_free+0x2ce/0x3e0
[  225.113594][ T5920]  deactivate_locked_super+0xbc/0x130
[  225.113603][ T5920]  cleanup_mnt+0x425/0x4c0
[  225.113611][ T5920]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.113620][ T5920]  task_work_run+0x1d4/0x260
[  225.113631][ T5920]  ? __pfx_task_work_run+0x10/0x10
[  225.113639][ T5920]  ? __x64_sys_umount+0x122/0x160
[  225.113651][ T5920]  ? exit_to_user_mode_loop+0x40/0x110
[  225.113663][ T5920]  exit_to_user_mode_loop+0xec/0x110
[  225.113673][ T5920]  do_syscall_64+0x2bd/0x3b0
[  225.113681][ T5920]  ? lockdep_hardirqs_on+0x9c/0x150
[  225.113688][ T5920]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.113695][ T5920]  ? exc_page_fault+0x9f/0xf0
[  225.113704][ T5920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  225.113710][ T5920] RIP: 0033:0x7ff70558ff17
[  225.113718][ T5920] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  225.113724][ T5920] RSP: 002b:00007fffd955e6c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  225.113733][ T5920] RAX: 0000000000000000 RBX: 00007ff705611c05 RCX: 00007ff70558ff17
[  225.113738][ T5920] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffd955e780
[  225.113742][ T5920] RBP: 00007fffd955e780 R08: 0000000000000000 R09: 0000000000000000
[  225.113746][ T5920] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffd955f810
[  225.113751][ T5920] R13: 00007ff705611c05 R14: 0000000000036eb6 R15: 00007fffd955f850
[  225.113762][ T5920]  </TASK>
[  225.220552][    C1] vkms_vblank_simulate: vblank timer overrun
[  225.331723][T11114] input: syz1 as /devices/virtual/input/input14
[  225.338764][ T5920] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  225.354603][  T975] spca561 2-1:0.156: probe with driver spca561 failed with error -22
[  225.360036][  T975] usb 2-1: Quirk or no altset; falling back to MIDI 1.0
[  225.362368][  T975] usb 2-1: MIDIStreaming interface descriptor not found
[  225.390182][  T975] usb 2-1: USB disconnect, device number 39
[  225.486216][T11118] loop3: detected capacity change from 0 to 256
[  225.500650][T11118] FAT-fs (loop3): Directory bread(block 64) failed
[  225.502862][T11118] FAT-fs (loop3): Directory bread(block 65) failed
[  225.507950][T11118] FAT-fs (loop3): Directory bread(block 66) failed
[  225.510257][T11118] FAT-fs (loop3): Directory bread(block 67) failed
[  225.512549][T11118] FAT-fs (loop3): Directory bread(block 68) failed
[  225.515552][T11118] FAT-fs (loop3): Directory bread(block 69) failed
[  225.518164][T11118] FAT-fs (loop3): Directory bread(block 70) failed
[  225.520331][T11118] FAT-fs (loop3): Directory bread(block 71) failed
[  225.522495][T11118] FAT-fs (loop3): Directory bread(block 72) failed
[  225.525518][T11118] FAT-fs (loop3): Directory bread(block 73) failed
[  225.575306][T11120] loop3: detected capacity change from 0 to 1024
[  225.588841][T11122] loop2: detected capacity change from 0 to 256
[  225.600418][T11122] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d)
[  225.615286][T11122] exFAT-fs (loop2): start_clu is invalid cluster(0x0)
[  225.682385][T11127] loop2: detected capacity change from 0 to 128
[  226.213681][   T47] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  226.363508][   T47] usb 4-1: Using ep0 maxpacket: 16
[  226.367318][   T47] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  226.371261][   T47] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  226.376096][   T47] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  226.379969][   T47] usb 4-1: config 0 interface 0 has no altsetting 0
[  226.382658][   T47] usb 4-1: New USB device found, idVendor=0458, idProduct=0153, bcdDevice= 0.00
[  226.386403][   T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.391661][   T47] usb 4-1: config 0 descriptor??
[  226.804973][   T47] kye 0003:0458:0153.0016: unknown main item tag 0x0
[  226.807256][   T47] kye 0003:0458:0153.0016: unknown main item tag 0x0
[  226.809611][   T47] kye 0003:0458:0153.0016: unknown main item tag 0x0
[  226.812334][   T47] kye 0003:0458:0153.0016: unknown main item tag 0x0
[  226.814675][   T47] kye 0003:0458:0153.0016: unknown main item tag 0x0
[  226.816808][   T47] kye 0003:0458:0153.0016: unknown main item tag 0x0
[  226.819273][   T47] kye 0003:0458:0153.0016: unknown main item tag 0x0
[  226.821609][   T47] kye 0003:0458:0153.0016: unknown main item tag 0x0
[  226.823967][   T47] kye 0003:0458:0153.0016: unknown main item tag 0x0
[  226.828950][   T47] kye 0003:0458:0153.0016: unknown main item tag 0x0
[  226.838687][   T47] kye 0003:0458:0153.0016: hidraw0: USB HID v0.00 Device [HID 0458:0153] on usb-dummy_hcd.3-1/input0
[  226.859418][T11163] loop1: detected capacity change from 0 to 16
[  226.862967][T11163] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  226.868435][T11163] cramfs: wrong endianness
[  226.932305][T11169] loop2: detected capacity change from 0 to 2048
[  226.955124][ T5933]  loop2: [POWERTEC]
[  226.966356][T11169]  loop2: [POWERTEC]
[  227.005180][  T792] usb 4-1: USB disconnect, device number 22
[  227.539312][T11200] tipc: Enabled bearer <eth:vlan0>, priority 10
[  227.574990][T11205] Bluetooth: hci0: Opcode 0x0c20 failed: -22
[  227.697701][T11219] loop3: detected capacity change from 0 to 512
[  227.700514][T11219] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  227.706089][T11219] EXT4-fs (loop3): 1 truncate cleaned up
[  227.712465][T11219] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  227.723504][T11219] EXT4-fs error (device loop3): ext4_find_dest_de:2052: inode #2: block 13: comm syz.3.2023: bad entry in directory: '.' directory cannot be the last in data block - offset=0, inode=2, rec_len=1024, size=1024 fake=1
[  227.748071][ T7644] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  227.785188][T11228] bond0: (slave rose0): Error: Device is in use and cannot be enslaved
[  228.158567][T11231] loop3: detected capacity change from 0 to 32768
[  228.186170][T11231] (syz.3.2025,11231,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  228.206523][T11231] (syz.3.2025,11231,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  228.312712][T11231] (syz.3.2025,11231,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  228.319047][T11231] JBD2: Ignoring recovery information on journal
[  228.339044][T11231] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  228.536427][T11231] (syz.3.2025,11231,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x2c7b5077, computed 0x28030c75. Applying ECC.
[  228.542052][T11231] (syz.3.2025,11231,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x2c7b5077, computed 0x28d1d8ae
[  228.551076][T11231] (syz.3.2025,11231,0):ocfs2_read_quota_phys_block:160 ERROR: status = -5
[  228.568291][T11231] (syz.3.2025,11231,0):ocfs2_quota_read:201 ERROR: status = -5
[  228.571125][T11231] Quota error (device loop3): find_next_id: Can't read quota tree block 5
[  228.574693][T11231] (syz.3.2025,11231,0):ocfs2_get_next_id:921 ERROR: status = -5
[  228.598953][ T7644] ocfs2: Unmounting device (7,3) on (node local)
[  228.656142][   T24] tipc: Node number set to 3610272986
[  228.851838][T11278] netlink: 'syz.1.2031': attribute type 1 has an invalid length.
[  228.855012][T11278] netlink: 216 bytes leftover after parsing attributes in process `syz.1.2031'.
[  229.497821][  T792] usb 2-1: new high-speed USB device number 40 using dummy_hcd
[  229.583702][ T5922] Bluetooth: hci0: command tx timeout
[  229.643498][  T792] usb 2-1: Using ep0 maxpacket: 16
[  229.646602][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  229.650252][  T792] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  229.655379][  T792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.665730][  T792] usb 2-1: config 0 descriptor??
[  229.775758][T11315] loop3: detected capacity change from 0 to 256
[  229.788236][T11315] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d)
[  230.086704][  T792] mcp2221 0003:04D8:00DD.0017: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  230.140473][ T5919] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.232007][ T5919] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.302144][    C0] usb 2-1: input irq status -75 received
[  230.314410][   T33] audit: type=1326 audit(1755051745.650:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11323 comm="syz.2.2053" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff70558ebe9 code=0x0
[  230.323965][ T5919] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.346072][   T54] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  230.351346][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  230.355599][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  230.359343][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  230.375882][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  230.378528][ T5919] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  230.413051][T11326] lo speed is unknown, defaulting to 1000
[  230.517136][  T975] usb 2-1: USB disconnect, device number 40
[  230.871513][ T5919] bond0 (unregistering): Released all slaves
[  230.918778][T11326] chnl_net:caif_netlink_parms(): no params data found
[  230.966563][ T5919] tipc: Disabling bearer <eth:vlan0>
[  230.977015][ T5919] tipc: Left network mode
[  231.174591][T11326] bridge0: port 1(bridge_slave_0) entered blocking state
[  231.178049][T11326] bridge0: port 1(bridge_slave_0) entered disabled state
[  231.180756][T11326] bridge_slave_0: entered allmulticast mode
[  231.184869][T11326] bridge_slave_0: entered promiscuous mode
[  231.246919][T11326] bridge0: port 2(bridge_slave_1) entered blocking state
[  231.249352][T11326] bridge0: port 2(bridge_slave_1) entered disabled state
[  231.251882][T11326] bridge_slave_1: entered allmulticast mode
[  231.256405][T11326] bridge_slave_1: entered promiscuous mode
[  231.289213][T11346] lo speed is unknown, defaulting to 1000
[  231.350586][T11326] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  231.380640][T11326] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  231.443946][  T975] usb 2-1: new high-speed USB device number 41 using dummy_hcd
[  231.446950][ T5919] hsr_slave_0: left promiscuous mode
[  231.459461][ T5919] hsr_slave_1: left promiscuous mode
[  231.482101][ T5919] veth1_macvtap: left promiscuous mode
[  231.484178][ T5919] veth0_macvtap: left promiscuous mode
[  231.486095][ T5919] veth1_vlan: left promiscuous mode
[  231.487932][ T5919] veth0_vlan: left promiscuous mode
[  231.573702][  T975] usb 2-1: device descriptor read/64, error -71
[  231.818093][  T975] usb 2-1: new high-speed USB device number 42 using dummy_hcd
[  231.963627][  T975] usb 2-1: device descriptor read/64, error -71
[  232.073801][  T975] usb usb2-port1: attempt power cycle
[  232.428461][  T975] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  232.444343][  T975] usb 2-1: device descriptor read/8, error -71
[  232.475517][   T54] Bluetooth: hci1: command tx timeout
[  232.683540][  T975] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  232.691675][T11326] team0: Port device team_slave_0 added
[  232.705417][  T975] usb 2-1: device descriptor read/8, error -71
[  232.757328][T11326] team0: Port device team_slave_1 added
[  232.830067][  T975] usb usb2-port1: unable to enumerate USB device
[  232.849494][T11326] batman_adv: batadv0: Adding interface: batadv_slave_0
[  232.851910][T11326] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  232.862323][T11326] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  232.868650][T11326] batman_adv: batadv0: Adding interface: batadv_slave_1
[  232.870947][T11326] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  232.879326][T11326] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  232.946267][T11326] hsr_slave_0: entered promiscuous mode
[  232.949620][T11326] hsr_slave_1: entered promiscuous mode
[  232.952632][T11326] debugfs: 'hsr0' already exists in 'hsr'
[  232.955465][T11326] Cannot create hsr debugfs directory
[  233.268933][T11326] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  233.300056][T11326] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  233.318150][T11326] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  233.327675][T11326] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  233.441156][T11326] 8021q: adding VLAN 0 to HW filter on device bond0
[  233.457701][T11326] 8021q: adding VLAN 0 to HW filter on device team0
[  233.461236][T11374] loop2: detected capacity change from 0 to 4096
[  233.473624][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  233.477665][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  233.488567][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[  233.490998][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[  233.710083][T11326] 8021q: adding VLAN 0 to HW filter on device batadv0
[  233.726064][T11391] netlink: 76 bytes leftover after parsing attributes in process `syz.2.2061'.
[  233.867607][T11326] veth0_vlan: entered promiscuous mode
[  233.873467][T11326] veth1_vlan: entered promiscuous mode
[  233.898639][T11326] veth0_macvtap: entered promiscuous mode
[  233.902841][T11326] veth1_macvtap: entered promiscuous mode
[  233.919803][T11326] batman_adv: batadv0: Interface activated: batadv_slave_0
[  233.929366][T11326] batman_adv: batadv0: Interface activated: batadv_slave_1
[  233.958176][ T5919] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  233.963204][ T5919] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  233.968970][ T5919] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  233.972728][ T5919] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.007835][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.010496][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.034161][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.037362][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.093132][T11420] loop4: detected capacity change from 0 to 256
[  234.107340][T11420] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  234.111615][T11420] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  234.133980][T11420] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  234.188138][T11430] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.2069'.
[  234.381988][   T33] audit: type=1326 audit(1755051749.710:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11443 comm="syz.2.2075" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff70558ebe9 code=0x0
[  234.560031][   T54] Bluetooth: hci1: command tx timeout
[  234.610678][T11455] block device autoloading is deprecated and will be removed.
[  234.680977][T11460] loop1: detected capacity change from 0 to 16
[  234.690562][T11460] erofs (device loop1): mounted with root inode @ nid 36.
[  235.365363][T11511] loop1: detected capacity change from 0 to 512
[  235.367983][T11511] EXT4-fs: Ignoring removed nomblk_io_submit option
[  235.371986][T11511] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  235.380381][T11511] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a842c018, mo2=0002]
[  235.386145][T11511] System zones: 0-1, 15-15, 18-18, 34-34
[  235.388090][T11511] EXT4-fs (loop1): orphan cleanup on readonly fs
[  235.398968][T11511] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #16: comm syz.1.2096: casefold flag without casefold feature
[  235.405259][T11515] tmpfs: Group quota block hardlimit too large.
[  235.432464][T11511] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.2096: couldn't read orphan inode 16 (err -117)
[  235.438946][T11511] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  235.483779][ T5927] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.726004][T11523] loop1: detected capacity change from 0 to 32768
[  235.733185][T11523] XFS: attr2 mount option is deprecated.
[  235.790984][T11523] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  235.800702][T11523] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  235.811895][T11523] XFS (loop1): Ending clean mount
[  235.821163][T11523] XFS (loop1): Quotacheck needed: Please wait.
[  236.086136][T11523] XFS (loop1): Quotacheck: Done.
[  236.122393][T11547] loop2: detected capacity change from 0 to 32768
[  236.139944][T11547] (syz.2.2105,11547,0):ocfs2_load_local_alloc:339 ERROR: inconsistent detected, clean journal with unrecovered local alloc, please run fsck.ocfs2!
[  236.139944][T11547] found = 2, set = 0, taken = 0, off = 0
[  236.147362][T11547] (syz.2.2105,11547,0):ocfs2_load_local_alloc:356 ERROR: status = -22
[  236.149994][T11547] (syz.2.2105,11547,0):ocfs2_check_volume:2404 ERROR: status = -22
[  236.152532][T11547] (syz.2.2105,11547,0):ocfs2_check_volume:2432 ERROR: status = -22
[  236.155171][T11547] (syz.2.2105,11547,0):ocfs2_mount_volume:1764 ERROR: status = -22
[  236.163725][T11547] (syz.2.2105,11547,0):ocfs2_fill_super:1177 ERROR: status = -22
[  236.179797][ T5927] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  236.247892][T11556] bridge_slave_1: left allmulticast mode
[  236.250245][T11556] bridge_slave_1: left promiscuous mode
[  236.273773][T11556] bridge0: port 2(bridge_slave_1) entered disabled state
[  236.300599][T11556] bridge_slave_0: left allmulticast mode
[  236.302568][T11556] bridge_slave_0: left promiscuous mode
[  236.314042][T11556] bridge0: port 1(bridge_slave_0) entered disabled state
[  236.628458][   T54] Bluetooth: hci1: command tx timeout
[  237.563533][ T5970] usb 2-1: new full-speed USB device number 45 using dummy_hcd
[  237.611430][T11590] loop2: detected capacity change from 0 to 256
[  237.622129][T11590] FAT-fs (loop2): Directory bread(block 64) failed
[  237.629021][T11590] FAT-fs (loop2): Directory bread(block 65) failed
[  237.631459][T11590] FAT-fs (loop2): Directory bread(block 66) failed
[  237.633950][T11590] FAT-fs (loop2): Directory bread(block 67) failed
[  237.636240][T11590] FAT-fs (loop2): Directory bread(block 68) failed
[  237.638239][T11590] FAT-fs (loop2): Directory bread(block 69) failed
[  237.640379][T11590] FAT-fs (loop2): Directory bread(block 70) failed
[  237.642380][T11590] FAT-fs (loop2): Directory bread(block 71) failed
[  237.645756][T11590] FAT-fs (loop2): Directory bread(block 72) failed
[  237.647804][T11590] FAT-fs (loop2): Directory bread(block 73) failed
[  237.660263][T11590] syz.2.2123: attempt to access beyond end of device
[  237.660263][T11590] loop2: rw=524288, sector=1160, nr_sectors = 4 limit=256
[  237.666210][T11590] syz.2.2123: attempt to access beyond end of device
[  237.666210][T11590] loop2: rw=0, sector=1160, nr_sectors = 4 limit=256
[  237.670566][   T33] audit: type=1800 audit(1755051753.000:87): pid=11590 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2123" name="file0" dev="loop2" ino=1048712 res=0 errno=0
[  237.725454][ T5970] usb 2-1: unable to get BOS descriptor or descriptor too short
[  237.728349][ T5970] usb 2-1: not running at top speed; connect to a high speed hub
[  237.731856][ T5970] usb 2-1: config 6 has an invalid interface number: 208 but max is 0
[  237.734871][ T5970] usb 2-1: config 6 has no interface number 0
[  237.736824][ T5970] usb 2-1: config 6 interface 208 has no altsetting 0
[  237.740841][ T5970] usb 2-1: New USB device found, idVendor=1410, idProduct=9010, bcdDevice=23.c2
[  237.744812][ T5970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  237.747538][ T5970] usb 2-1: Product: syz
[  237.748870][ T5970] usb 2-1: Manufacturer: syz
[  237.750383][ T5970] usb 2-1: SerialNumber: syz
[  237.837196][T11598] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[  237.840154][T11598] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check.
[  237.907974][T11604] netlink: 4388 bytes leftover after parsing attributes in process `syz.2.2130'.
[  237.961430][T11608] loop2: detected capacity change from 0 to 512
[  237.962919][ T5970] qmi_wwan 2-1:6.208: invalid descriptor buffer length
[  237.968652][ T5970] qmi_wwan 2-1:6.208: probe with driver qmi_wwan failed with error -22
[  237.977906][T11608] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  237.979104][ T5970] usb 2-1: USB disconnect, device number 45
[  237.982400][T11608] ext4 filesystem being mounted at /644/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  238.038571][ T5920] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.313548][  T975] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  238.463661][  T975] usb 3-1: Using ep0 maxpacket: 32
[  238.467301][  T975] usb 3-1: config 0 interface 0 has no altsetting 0
[  238.471447][  T975] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  238.475379][  T975] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  238.478050][  T975] usb 3-1: Product: syz
[  238.479365][  T975] usb 3-1: Manufacturer: syz
[  238.480805][  T975] usb 3-1: SerialNumber: syz
[  238.485859][  T975] usb 3-1: config 0 descriptor??
[  238.703904][   T54] Bluetooth: hci1: command tx timeout
[  238.895258][  T975] gs_usb 3-1:0.0: Configuring for 2 interfaces
[  239.037631][T11629] netlink: 'syz.4.2140': attribute type 10 has an invalid length.
[  239.096140][  T975] gs_usb 3-1:0.0: Couldn't get bit timing const for channel 0 (-EPROTO)
[  239.098920][  T975] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -71
[  239.104990][  T975] usb 3-1: USB disconnect, device number 31
[  239.303504][  T792] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  239.445118][T11637] loop1: detected capacity change from 0 to 764
[  239.455214][  T792] usb 5-1: Using ep0 maxpacket: 8
[  239.459315][  T792] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7
[  239.472565][  T792] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  239.482366][  T792] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  239.485829][  T792] usb 5-1: Product: syz
[  239.493494][  T792] usb 5-1: Manufacturer: syz
[  239.494987][  T792] usb 5-1: SerialNumber: syz
[  239.712397][  T792] usb 5-1: palm_os_3_probe - error -71 getting connection information
[  239.721725][  T792] visor 5-1:1.0: probe with driver visor failed with error -71
[  239.729059][  T792] usb 5-1: USB disconnect, device number 2
[  240.548960][T11662] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  241.604918][T11676] loop1: detected capacity change from 0 to 4096
[  241.670353][T11676] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  241.865295][T11685] loop4: detected capacity change from 0 to 8
[  241.868455][T11685] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  241.884131][T11685] cramfs: Error -3 while decompressing!
[  241.886065][T11685] cramfs: ffffffff99be7628(26)->ffff88812788f000(4096)
[  241.888180][T11685] cramfs: bad data blocksize 3489655184
[  241.890010][T11685] cramfs: Error -3 while decompressing!
[  241.891698][T11685] cramfs: ffffffff99be7628(26)->ffff88812788f000(4096)
[  241.932503][   T33] audit: type=1800 audit(1755051757.260:88): pid=11685 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2163" name="file2" dev="loop4" ino=348 res=0 errno=0
[  241.991004][T11698] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[  242.024134][T11702] loop4: detected capacity change from 0 to 1024
[  242.100246][T11705] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma?
[  242.111536][   T33] audit: type=1800 audit(1755051757.440:89): pid=11705 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2170" name="file1" dev="loop4" ino=20 res=0 errno=0
[  242.201238][T11707] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2171'.
[  243.203138][T11709] loop1: detected capacity change from 0 to 32768
[  243.259129][T11709] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  243.291367][ T5927] ocfs2: Unmounting device (7,1) on (node local)
[  243.372035][T11732] loop4: detected capacity change from 0 to 16
[  243.391268][T11734] loop1: detected capacity change from 0 to 256
[  243.402342][T11732] erofs (device loop4): unidentified incompatible feature 1000000, please upgrade kernel
[  243.573549][ T5970] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  243.597450][T11751] IPv6: sit1: Disabled Multicast RS
[  243.609868][T11751] sit1: entered allmulticast mode
[  243.673221][T11755] loop4: detected capacity change from 0 to 256
[  243.686875][T11755] exfat: Deprecated parameter 'utf8'
[  243.700138][T11755] exfat: Deprecated parameter 'namecase'
[  243.708426][T11755] exfat: Deprecated parameter 'namecase'
[  243.710263][T11755] exfat: Deprecated parameter 'utf8'
[  243.718482][T11755] exFAT-fs (loop4): failed to load upcase table (idx : 0x00012153, chksum : 0xc9bffad0, utbl_chksum : 0xe619d30d)
[  243.725410][ T5970] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  243.733315][ T5970] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3
[  243.740106][ T5970] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00
[  243.749713][ T5970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.760225][ T5970] usb 3-1: config 0 descriptor??
[  244.167710][ T5970] Bluetooth: Can't get version to change to load ram patch err
[  244.171245][ T5970] Bluetooth: Loading patch file failed
[  244.173170][ T5970] ath3k 3-1:0.0: probe with driver ath3k failed with error -71
[  244.176568][ T5970] usb 3-1: USB disconnect, device number 32
[  244.660992][T11775] loop4: detected capacity change from 0 to 1024
[  244.664133][T11775] hfsplus: Bad value for 'umask'
[  244.697210][T11775] loop4: detected capacity change from 0 to 2048
[  244.709998][T11777] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  244.721555][T11777] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  244.730192][T11777] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4)
[  244.736551][T11777] Remounting filesystem read-only
[  244.780736][T11780] loop2: detected capacity change from 0 to 512
[  244.783756][T11780] EXT4-fs: Ignoring removed nobh option
[  244.786844][T11780] EXT4-fs (loop2): Test dummy encryption mode enabled
[  244.805851][T11780] EXT4-fs error (device loop2): __ext4_iget:5464: inode #11: block 1: comm syz.2.2198: invalid block
[  244.815313][T11780] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.2198: couldn't read orphan inode 11 (err -117)
[  244.823694][T11780] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  244.877496][ T5920] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.891796][  T792] usb 2-1: new full-speed USB device number 46 using dummy_hcd
[  245.059554][  T792] usb 2-1: unable to get BOS descriptor or descriptor too short
[  245.066160][  T792] usb 2-1: not running at top speed; connect to a high speed hub
[  245.074471][  T792] usb 2-1: config 5 has an invalid interface number: 246 but max is 0
[  245.077397][  T792] usb 2-1: config 5 has an invalid descriptor of length 0, skipping remainder of the config
[  245.080949][  T792] usb 2-1: config 5 has no interface number 0
[  245.083680][  T792] usb 2-1: config 5 interface 246 altsetting 4 endpoint 0x3 has invalid maxpacket 255, setting to 64
[  245.087157][  T792] usb 2-1: config 5 interface 246 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  245.091241][  T792] usb 2-1: config 5 interface 246 has no altsetting 0
[  245.098707][  T792] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=f5.e4
[  245.101914][  T792] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  245.113962][  T792] usb 2-1: Product: syz
[  245.115611][  T792] usb 2-1: Manufacturer: syz
[  245.117269][  T792] usb 2-1: SerialNumber: syz
[  245.387729][  T792] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  245.390260][   T13] usb 2-1: Failed to submit usb control message: -71
[  245.400437][   T13] usb 2-1: unable to send the bmi data to the device: -71
[  245.401548][  T792] usb 2-1: USB disconnect, device number 46
[  245.407747][   T13] usb 2-1: unable to get target info from device
[  245.410592][   T13] usb 2-1: could not get target info (-71)
[  245.413074][   T13] usb 2-1: could not probe fw (-71)
[  246.126143][T11326] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer
[  246.179801][T11808] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2203'.
[  246.319087][T11820] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2206'.
[  246.750021][T11837] loop1: detected capacity change from 0 to 256
[  246.757242][T11837] exfat: Deprecated parameter 'namecase'
[  246.759508][T11837] exfat: Deprecated parameter 'utf8'
[  246.780265][T11837] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  246.944623][T11845] loop1: detected capacity change from 0 to 16
[  246.981048][T11845] erofs (device loop1): mounted with root inode @ nid 36.
[  247.016343][T11845] erofs (device loop1): readahead error at folio 6 @ nid 36
[  247.027747][T11845] erofs (device loop1): readahead error at folio 4 @ nid 36
[  247.040246][T11845] erofs (device loop1): invalid logical cluster 0 at nid 36
[  247.050529][T11845] erofs (device loop1): readahead error at folio 0 @ nid 36
[  247.063888][T11845] syz.1.2215: attempt to access beyond end of device
[  247.063888][T11845] loop1: rw=524288, sector=296, nr_sectors = 16 limit=16
[  247.070990][T11845] syz.1.2215: attempt to access beyond end of device
[  247.070990][T11845] loop1: rw=524288, sector=1049264, nr_sectors = 16 limit=16
[  247.079055][T11845] syz.1.2215: attempt to access beyond end of device
[  247.079055][T11845] loop1: rw=524288, sector=8, nr_sectors = 16 limit=16
[  247.085978][T11845] syz.1.2215: attempt to access beyond end of device
[  247.085978][T11845] loop1: rw=524288, sector=720, nr_sectors = 16 limit=16
[  247.091098][T11845] erofs (device loop1): invalid logical cluster 0 at nid 36
[  247.115264][T11845] syz.1.2215: attempt to access beyond end of device
[  247.115264][T11845] loop1: rw=0, sector=296, nr_sectors = 8 limit=16
[  247.119449][T11845] erofs (device loop1): read error -5 @ 0 of nid 36
[  247.121627][T11845] erofs (device loop1): failed to readdir of logical block 0 of nid 36
[  247.154286][T11850] erofs (device loop1): invalid logical cluster 0 at nid 36
[  247.156723][T11850] syz.1.2215: attempt to access beyond end of device
[  247.156723][T11850] loop1: rw=0, sector=296, nr_sectors = 8 limit=16
[  247.175136][T11850] erofs (device loop1): read error -5 @ 0 of nid 36
[  247.177368][T11850] erofs (device loop1): failed to readdir of logical block 0 of nid 36
[  247.320219][T11857] loop2: detected capacity change from 0 to 1024
[  247.346689][T11857] hfsplus: found bad thread record in catalog
[  247.746265][T11883] loop4: detected capacity change from 0 to 1024
[  247.755200][T11883] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  247.776055][T11883] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.2224: Invalid block bitmap block 0 in block_group 0
[  247.784350][T11883] Quota error (device loop4): write_blk: dquota write failed
[  247.786819][T11883] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  247.789990][T11883] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2224: Failed to acquire dquot type 0
[  247.794394][T11883] EXT4-fs error (device loop4): ext4_free_blocks:6696: comm syz.4.2224: Freeing blocks not in datazone - block = 0, count = 4096
[  247.799139][T11883] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.2224: Invalid inode bitmap blk 0 in block_group 0
[  247.803235][T11883] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  247.806964][T11883] EXT4-fs (loop4): 1 orphan inode deleted
[  247.809539][T11883] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.826446][   T28] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-7
[  247.829527][   T28] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u9:1: Failed to release dquot type 0
[  247.839737][T11326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.894103][ T2295] usb 3-1: new full-speed USB device number 33 using dummy_hcd
[  248.047664][ T2295] usb 3-1: unable to get BOS descriptor or descriptor too short
[  248.050929][ T2295] usb 3-1: not running at top speed; connect to a high speed hub
[  248.054686][ T2295] usb 3-1: config 14 has an invalid interface number: 90 but max is 0
[  248.057385][ T2295] usb 3-1: config 14 has no interface number 0
[  248.059425][ T2295] usb 3-1: config 14 interface 90 has no altsetting 0
[  248.063757][ T2295] usb 3-1: New USB device found, idVendor=041e, idProduct=400a, bcdDevice=8c.6a
[  248.066614][ T2295] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.069255][ T2295] usb 3-1: Product: syz
[  248.070554][ T2295] usb 3-1: Manufacturer: syz
[  248.072092][ T2295] usb 3-1: SerialNumber: syz
[  248.263457][  T792] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  248.283508][ T2295] gspca_main: spca500-2.14.0 probing 041e:400a
[  248.290870][ T2295] usb 3-1: USB disconnect, device number 33
[  248.423508][  T792] usb 5-1: Using ep0 maxpacket: 8
[  248.427462][  T792] usb 5-1: config index 0 descriptor too short (expected 548, got 36)
[  248.429961][  T792] usb 5-1: config 250 has no interfaces?
[  248.433037][  T792] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07
[  248.436159][  T792] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59
[  248.438722][  T792] usb 5-1: Product: syz
[  248.440061][  T792] usb 5-1: SerialNumber: syz
[  248.647985][ T2295] usb 5-1: USB disconnect, device number 3
[  248.806573][T11902] loop2: detected capacity change from 0 to 512
[  248.829516][T11902] EXT4-fs (loop2): 1 orphan inode deleted
[  248.832211][T11902] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.837211][T11902] ext4 filesystem being mounted at /677/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.846146][   T36] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  248.849827][   T36] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u10:1: Failed to release dquot type 1
[  248.864969][ T5920] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.902664][ T2295] hid-generic 0005:16C0:5505.0018: item fetching failed at offset 0/2
[  248.907819][ T2295] hid-generic 0005:16C0:5505.0018: probe with driver hid-generic failed with error -22
[  249.371459][T11918] loop4: detected capacity change from 0 to 8
[  249.388965][T11918] SQUASHFS error: lzo decompression failed, data probably corrupt
[  249.391925][T11918] SQUASHFS error: Failed to read block 0x91: -5
[  249.394133][T11918] SQUASHFS error: Unable to read metadata cache entry [8f]
[  249.396564][T11918] SQUASHFS error: Unable to read inode 0x11f
[  249.796262][T11927] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  250.227342][T11930] loop4: detected capacity change from 0 to 32768
[  250.407251][T11946] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  250.432900][T11948] netdevsim netdevsim4 netdevsim0: entered promiscuous mode
[  251.023676][ T5922] Bluetooth: hci3: command 0x1003 tx timeout
[  251.025501][   T54] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  251.045890][T11963] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow
[  251.733652][   T47] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  251.886420][   T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  251.891020][   T47] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  251.896182][   T47] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  251.899974][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  251.904824][   T47] usb 5-1: config 0 descriptor??
[  252.010833][T11979] loop8: detected capacity change from 0 to 7
[  252.024741][T11979] Dev loop8: unable to read RDB block 7
[  252.026555][T11979]  loop8: unable to read partition table
[  252.028495][T11979] loop8: partition table beyond EOD, truncated
[  252.030508][T11979] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5)
[  252.065141][T11983] tipc: Started in network mode
[  252.066831][T11983] tipc: Node identity ac141425, cluster identity 4711
[  252.069675][T11983] tipc: New replicast peer: 0.0.0.0
[  252.073265][T11983] tipc: Enabled bearer <udp:syz2>, priority 10
[  252.077246][T11983] tipc: New replicast peer: 10.1.1.0
[  252.322639][   T47] pyra 0003:1E7D:2CF6.0019: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.4-1/input0
[  252.333740][T11987] loop2: detected capacity change from 0 to 32768
[  252.353968][T11987] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  252.361502][T11356] (kworker/u8:4,11356,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len is smaller than minimal - offset=0, inode=348545186005064, rec_len=0, name_len=1
[  252.390657][T11987] (syz.2.2265,11987,1):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  252.426846][ T5920] ocfs2: Unmounting device (7,2) on (node local)
[  252.719857][T12001] loop2: detected capacity change from 0 to 256
[  252.731375][T12001] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  252.742407][T12001] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  253.193548][ T2295] tipc: Node number set to 2886997029
[  253.319096][   T47] pyra 0003:1E7D:2CF6.0019: couldn't init struct pyra_device
[  253.321428][   T47] pyra 0003:1E7D:2CF6.0019: couldn't install mouse
[  253.325604][   T47] pyra 0003:1E7D:2CF6.0019: probe with driver pyra failed with error -71
[  253.330203][   T47] usb 5-1: USB disconnect, device number 4
[  253.403567][  T792] usb 3-1: new full-speed USB device number 34 using dummy_hcd
[  253.555349][  T792] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  253.559539][  T792] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  253.567389][  T792] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 10
[  253.571859][  T792] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 65535, setting to 64
[  253.577304][  T792] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  253.581662][  T792] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 213, setting to 64
[  253.586714][  T792] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  253.595233][  T792] usb 3-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  253.599169][  T792] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.602443][  T792] usb 3-1: Product: syz
[  253.603022][T12028] loop1: detected capacity change from 0 to 40427
[  253.605032][  T792] usb 3-1: Manufacturer: syz
[  253.608425][T12028] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  253.610890][T12028] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  253.614953][  T792] usb 3-1: SerialNumber: syz
[  253.617775][T12028] F2FS-fs (loop1): invalid crc value
[  253.620861][  T792] usb 3-1: config 0 descriptor??
[  253.622944][T12019] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  253.625865][T12019] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  253.650047][T12028] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  253.656065][T12028] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  253.658409][T12028] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  253.851663][T12038] loop1: detected capacity change from 0 to 256
[  253.859779][T12038] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  253.912229][T12042] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2288'.
[  254.783721][  T792] rc_core: IR keymap rc-snapstream-firefly not found
[  254.788495][  T792] Registered IR keymap rc-empty
[  254.801309][  T792] rc rc0: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  254.808612][  T792] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input16
[  255.194656][  T975] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  255.348258][ T1361] ieee802154 phy0 wpan0: encryption failed: -22
[  255.350692][ T1361] ieee802154 phy1 wpan1: encryption failed: -22
[  255.369124][  T975] usb 5-1: Using ep0 maxpacket: 16
[  255.382554][  T975] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  255.383897][  T792] input: syz syz mouse as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input17
[  255.410435][  T975] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  255.418472][  T792] usb 3-1: USB disconnect, device number 34
[  255.420617][    C0] ati_remote 3-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19
[  255.441550][  T975] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  255.450347][  T975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.459977][  T975] usb 5-1: Product: syz
[  255.461462][  T975] usb 5-1: Manufacturer: syz
[  255.466076][  T975] usb 5-1: SerialNumber: syz
[  255.500695][  T975] usb 5-1: config 0 descriptor??
[  255.526335][  T975] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  255.534613][  T975] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class)
[  256.132135][  T975] em28xx 5-1:0.0: chip ID is em2710/2820
[  256.233562][  T792] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  256.335579][  T975] em28xx 5-1:0.0: Config register raw data: 0xfffffffb
[  256.340296][  T975] em28xx 5-1:0.0: AC97 chip type couldn't be determined
[  256.342672][  T975] em28xx 5-1:0.0: No AC97 audio processor
[  256.347256][  T975] usb 5-1: USB disconnect, device number 5
[  256.350718][  T975] em28xx 5-1:0.0: Disconnecting em28xx
[  256.358703][  T975] em28xx 5-1:0.0: Freeing device
[  256.395502][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  256.399589][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  256.402900][  T792] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  256.406269][  T792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.410173][  T792] usb 2-1: config 0 descriptor??
[  256.820735][  T792] hid_parser_main: 1239 callbacks suppressed
[  256.820749][  T792] playstation 0003:054C:0DF2.001A: unknown main item tag 0x0
[  256.832206][  T792] playstation 0003:054C:0DF2.001A: unknown main item tag 0x0
[  256.835942][  T792] playstation 0003:054C:0DF2.001A: unknown main item tag 0x0
[  256.838327][  T792] playstation 0003:054C:0DF2.001A: unknown main item tag 0x0
[  256.840741][  T792] playstation 0003:054C:0DF2.001A: unknown main item tag 0x0
[  256.847527][  T792] playstation 0003:054C:0DF2.001A: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0
[  256.875578][T12091] loop2: detected capacity change from 0 to 512
[  256.884189][T12091] EXT4-fs (loop2): Test dummy encryption mode enabled
[  256.886392][T12091] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  256.910516][T12091] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.2308: bad orphan inode 131083
[  256.918426][T12091] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  256.998930][T12091] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  257.017314][  T792] playstation 0003:054C:0DF2.001A: Invalid reportID received, expected 9 got 0
[  257.020293][  T792] playstation 0003:054C:0DF2.001A: Failed to retrieve DualSense pairing info: -22
[  257.027008][  T792] playstation 0003:054C:0DF2.001A: Failed to get MAC address from DualSense
[  257.030117][  T792] playstation 0003:054C:0DF2.001A: Failed to create dualsense.
[  257.032781][ T5920] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.061679][  T792] playstation 0003:054C:0DF2.001A: probe with driver playstation failed with error -22
[  257.225676][  T792] usb 2-1: USB disconnect, device number 47
[  257.250374][T12118] loop4: detected capacity change from 0 to 4096
[  257.276447][T12118] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  257.289690][T12118] ntfs3(loop4): Failed to load $UpCase (-22).
[  257.567792][T12126] loop4: detected capacity change from 0 to 256
[  257.571755][T12126] exFAT-fs (loop4): error, invalid access to FAT bad cluster (entry 0x00000005)
[  257.580714][T12126] exFAT-fs (loop4): Filesystem has been set read-only
[  257.583061][T12126] exFAT-fs (loop4): failed to count the number of clusters in root
[  257.585795][T12126] exFAT-fs (loop4): failed to recognize exfat type
[  257.618061][T12128] loop4: detected capacity change from 0 to 1024
[  257.628267][T12128] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  257.668878][T11326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  257.849438][T12142] loop4: detected capacity change from 0 to 1024
[  257.854606][T12142] hfsplus: failed to load root directory
[  258.114170][T12151] loop4: detected capacity change from 0 to 8
[  258.121666][   T47] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  258.143765][T12151] SQUASHFS error: xz decompression failed, data probably corrupt
[  258.146418][T12151] SQUASHFS error: Failed to read block 0x108: -5
[  258.148619][T12151] SQUASHFS error: Unable to read metadata cache entry [106]
[  258.151319][T12151] SQUASHFS error: Unable to read inode 0x11f
[  258.196843][   T54] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  258.200722][   T54] Bluetooth: hci1: Injecting HCI hardware error event
[  258.212385][ T5922] Bluetooth: hci1: hardware error 0x00
[  258.333886][   T47] usb 2-1: Using ep0 maxpacket: 32
[  258.339528][   T47] usb 2-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config
[  258.349581][   T47] usb 2-1: New USB device found, idVendor=04e2, idProduct=1410, bcdDevice=81.85
[  258.361838][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.366260][   T47] usb 2-1: Product: syz
[  258.367772][   T47] usb 2-1: Manufacturer: syz
[  258.369585][   T47] usb 2-1: SerialNumber: syz
[  258.374628][   T47] xr_serial 2-1:253.0: failed to claim sibling interface: -16
[  258.379051][   T47] xr_serial 2-1:253.0: probe with driver xr_serial failed with error -16
[  258.390578][T12154] 8021q: adding VLAN 0 to HW filter on device 
[  258.396977][T12154] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  258.578909][ T2295] usb 2-1: USB disconnect, device number 48
[  258.847398][T12162] netlink: 'syz.4.2338': attribute type 4 has an invalid length.
[  258.874596][T12164] comedi comedi4: bad chanlist[0]=0x04080007 chan=7 range length=2
[  259.164251][  T792] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  259.212578][T12176] loop1: detected capacity change from 0 to 128
[  259.218688][T12176] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  259.348998][  T792] usb 5-1: Using ep0 maxpacket: 16
[  259.354966][  T792] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  259.358381][  T792] usb 5-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  259.363196][  T792] usb 5-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  259.366909][  T792] usb 5-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  259.370917][  T792] usb 5-1: config 7 interface 0 has no altsetting 0
[  259.376357][  T792] usb 5-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00
[  259.379265][  T792] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.428126][T12184] Set syz0 is full, maxelem 0 reached
[  259.468807][T12188] syz_tun: entered allmulticast mode
[  259.476714][T12188] dvmrp8: entered allmulticast mode
[  259.492417][T12187] syz_tun: left allmulticast mode
[  259.495058][T12187] dvmrp8: left allmulticast mode
[  259.649384][T12204] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[  259.721067][T12210] loop2: detected capacity change from 0 to 8
[  259.728754][T12210] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  259.736305][T12210] cramfs: Error -3 while decompressing!
[  259.738173][T12210] cramfs: ffffffff99be7628(26)->ffff88801272d000(4096)
[  259.740451][T12210] cramfs: Error -3 while decompressing!
[  259.742243][T12210] cramfs: ffffffff99be7642(26)->ffff88801272c000(4096)
[  259.746523][T12210] cramfs: Error -3 while decompressing!
[  259.748371][T12210] cramfs: ffffffff99be765c(16)->ffff8880112f7000(4096)
[  259.750629][T12210] cramfs: Error -3 while decompressing!
[  259.752452][T12210] cramfs: ffffffff99be7628(26)->ffff88801272d000(4096)
[  259.761021][   T33] audit: type=1800 audit(1755051775.090:90): pid=12210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2362" name="file2" dev="loop2" ino=348 res=0 errno=0
[  259.825484][  T792] input: HID 0458:5010 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:7.0/0003:0458:5010.001B/input/input18
[  259.854682][  T792] kye 0003:0458:5010.001B: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.4-1/input0
[  259.978679][T12222] overlayfs: failed to decode file handle (len=6, type=248, flags=0, err=-61)
[  260.004896][   T47] usb 5-1: USB disconnect, device number 6
[  260.526336][ T5922] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  260.570776][T12230] loop1: detected capacity change from 0 to 32768
[  260.573750][T12230] btrfs: Unknown parameter 'seclabel'
[  260.886596][T12246] loop4: detected capacity change from 0 to 512
[  260.919861][T12246] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  260.924110][T12246] ext4 filesystem being mounted at /89/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  260.992498][T12246] Quota error (device loop4): write_blk: dquota write failed
[  260.999012][T12246] Quota error (device loop4): qtree_write_dquot: Error -28 occurred while creating quota
[  261.002284][T12246] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2377: Failed to acquire dquot type 1
[  261.062361][T11326] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  261.523255][T12285] syz.4.2389: attempt to access beyond end of device
[  261.523255][T12285] nbd4: rw=0, sector=2, nr_sectors = 2 limit=0
[  261.528565][T12285] syz.4.2389: attempt to access beyond end of device
[  261.528565][T12285] nbd4: rw=0, sector=16, nr_sectors = 2 limit=0
[  261.643502][   T24] usb 2-1: new full-speed USB device number 49 using dummy_hcd
[  261.795018][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  261.798671][   T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  261.802373][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  261.809198][   T24] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  261.812214][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.814952][   T24] usb 2-1: Product: syz
[  261.816458][   T24] usb 2-1: Manufacturer: syz
[  261.817996][   T24] usb 2-1: SerialNumber: syz
[  261.820818][   T24] usb 2-1: config 0 descriptor??
[  261.823021][T12278] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  261.827505][T12278] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  261.830586][   T24] usb 2-1: ucan: probing device on interface #0
[  262.441700][   T24] ucan 2-1:0.0 can0: registered device
[  262.532818][T12304] loop2: detected capacity change from 0 to 16
[  262.536965][T12304] erofs (device loop2): invalid lz4 cfgs, size=4
[  262.635623][   T24] ucan 2-1:0.0 can0: firmware string: unknown
[  262.642947][   T24] usb 2-1: USB disconnect, device number 49
[  262.745864][  T792] kernel read not supported for file /dsp1 (pid: 792 comm: kworker/0:2)
[  263.080814][T12339] loop4: detected capacity change from 0 to 164
[  263.089136][T12339] rock: corrupted directory entry. extent=32, offset=131072, size=237
[  263.244724][T12355] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  263.551723][T12359] loop1: detected capacity change from 0 to 8192
[  263.598497][T12363] netlink: 'syz.2.2430': attribute type 2 has an invalid length.
[  264.263083][T12370] loop1: detected capacity change from 0 to 32768
[  264.275197][   T24] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  264.280591][T12370] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode.
[  264.420677][ T5927] ocfs2: Unmounting device (7,1) on (node local)
[  264.473631][   T24] usb 3-1: Using ep0 maxpacket: 16
[  264.602047][   T24] usb 3-1: unable to get BOS descriptor or descriptor too short
[  264.623818][   T24] usb 3-1: unable to read config index 0 descriptor/start: -71
[  264.647708][   T24] usb 3-1: can't read configurations, error -71
[  265.431491][T12396] loop2: detected capacity change from 0 to 16
[  265.435011][T12396] erofs: Unknown parameter '00000000000000000000017777777777777777777770177777777777777777777718446744073709551615000000000000000000000x000000000000000018446744073709551615$'
[  265.564111][   T47] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  265.723538][   T47] usb 5-1: Using ep0 maxpacket: 32
[  265.732154][   T47] usb 5-1: config 0 has an invalid interface number: 89 but max is 0
[  265.740967][   T47] usb 5-1: config 0 has no interface number 0
[  265.756470][   T47] usb 5-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68
[  265.759592][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.764201][   T47] usb 5-1: Product: syz
[  265.765642][   T47] usb 5-1: Manufacturer: syz
[  265.769762][   T47] usb 5-1: SerialNumber: syz
[  265.774095][   T47] usb 5-1: config 0 descriptor??
[  265.784509][   T47] hub 5-1:0.89: bad descriptor, ignoring hub
[  265.786619][   T47] hub 5-1:0.89: probe with driver hub failed with error -5
[  265.789542][   T47] option 5-1:0.89: GSM modem (1-port) converter detected
[  265.809249][   T47] usb 5-1: GSM modem (1-port) converter now attached to ttyUSB0
[  266.001286][T12431] loop2: detected capacity change from 0 to 2048
[  266.002107][T12432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2455'.
[  266.006229][T12431] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  266.104095][ T2295] usb 5-1: USB disconnect, device number 7
[  266.113504][ T2295] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  266.116827][ T2295] option 5-1:0.89: device disconnected
[  266.246704][T12434] loop2: detected capacity change from 0 to 40427
[  266.255435][T12434] F2FS-fs (loop2): invalid crc value
[  266.283161][T12434] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  266.287253][T12434] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  266.318871][ T5920] syz-executor: attempt to access beyond end of device
[  266.318871][ T5920] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  266.324122][ T5920] CPU: 0 UID: 0 PID: 5920 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  266.324134][ T5920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  266.324138][ T5920] Call Trace:
[  266.324142][ T5920]  <TASK>
[  266.324145][ T5920]  dump_stack_lvl+0x189/0x250
[  266.324159][ T5920]  ? __pfx_dump_stack_lvl+0x10/0x10
[  266.324168][ T5920]  ? __pfx_queue_work_on+0x10/0x10
[  266.324176][ T5920]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  266.324186][ T5920]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  266.324199][ T5920]  f2fs_handle_critical_error+0x37c/0x540
[  266.324212][ T5920]  f2fs_write_end_io+0x886/0xb60
[  266.324231][ T5920]  __submit_merged_bio+0x27a/0x6a0
[  266.324243][ T5920]  __submit_merged_write_cond+0x255/0x530
[  266.324255][ T5920]  f2fs_write_data_pages+0x261d/0x3000
[  266.324280][ T5920]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  266.324321][ T5920]  ? __lock_acquire+0xab9/0xd20
[  266.324337][ T5920]  ? __lock_acquire+0xab9/0xd20
[  266.324376][ T5920]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  266.324387][ T5920]  do_writepages+0x32e/0x550
[  266.324402][ T5920]  ? do_raw_spin_unlock+0x4d/0x240
[  266.324413][ T5920]  filemap_fdatawrite+0x199/0x240
[  266.324424][ T5920]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  266.324455][ T5920]  ? do_raw_spin_unlock+0x4d/0x240
[  266.324465][ T5920]  f2fs_sync_dirty_inodes+0x31f/0x830
[  266.324483][ T5920]  f2fs_write_checkpoint+0x95a/0x1df0
[  266.324504][ T5920]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  266.324533][ T5920]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  266.324543][ T5920]  ? kfree+0x18e/0x440
[  266.324553][ T5920]  ? kill_f2fs_super+0x298/0x6c0
[  266.324566][ T5920]  kill_f2fs_super+0x2c3/0x6c0
[  266.324579][ T5920]  ? __pfx_kill_f2fs_super+0x10/0x10
[  266.324588][ T5920]  ? radix_tree_delete_item+0x2b6/0x400
[  266.324599][ T5920]  ? shrinker_free+0x2ce/0x3e0
[  266.324609][ T5920]  deactivate_locked_super+0xbc/0x130
[  266.324619][ T5920]  cleanup_mnt+0x425/0x4c0
[  266.324627][ T5920]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.324637][ T5920]  task_work_run+0x1d4/0x260
[  266.324649][ T5920]  ? __pfx_task_work_run+0x10/0x10
[  266.324657][ T5920]  ? __x64_sys_umount+0x122/0x160
[  266.324669][ T5920]  ? exit_to_user_mode_loop+0x40/0x110
[  266.324682][ T5920]  exit_to_user_mode_loop+0xec/0x110
[  266.324692][ T5920]  do_syscall_64+0x2bd/0x3b0
[  266.324700][ T5920]  ? lockdep_hardirqs_on+0x9c/0x150
[  266.324708][ T5920]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.324716][ T5920]  ? exc_page_fault+0x9f/0xf0
[  266.324725][ T5920]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.324732][ T5920] RIP: 0033:0x7ff70558ff17
[  266.324739][ T5920] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  266.324746][ T5920] RSP: 002b:00007fffd955e6c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  266.324755][ T5920] RAX: 0000000000000000 RBX: 00007ff705611c05 RCX: 00007ff70558ff17
[  266.324760][ T5920] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffd955e780
[  266.324764][ T5920] RBP: 00007fffd955e780 R08: 0000000000000000 R09: 0000000000000000
[  266.324768][ T5920] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffd955f810
[  266.324773][ T5920] R13: 00007ff705611c05 R14: 0000000000040fd6 R15: 00007fffd955f850
[  266.324785][ T5920]  </TASK>
[  266.324789][ T5920] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  266.483574][ T2295] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  266.560148][T12447] loop4: detected capacity change from 0 to 4096
[  266.562973][T12447] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  266.636804][T12449] loop2: detected capacity change from 0 to 4096
[  266.676766][T12449] NILFS (loop2): mounting unchecked fs
[  266.678799][T12449] NILFS (loop2): recovery required for readonly filesystem
[  266.681258][T12449] NILFS (loop2): write access will be enabled during recovery
[  266.684445][ T2295] usb 2-1: New USB device found, idVendor=0e41, idProduct=4156, bcdDevice=3b.70
[  266.687573][ T2295] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  266.689048][T12449] NILFS (loop2): invalid segment: Checksum error in super root
[  266.691530][ T2295] usb 2-1: config 0 descriptor??
[  266.692636][T12449] NILFS (loop2): error -22 while loading super root
[  266.910377][  T792] usb 2-1: USB disconnect, device number 50
[  266.980612][T12461] loop4: detected capacity change from 0 to 1024
[  267.011168][ T1090] hfsplus: b-tree write err: -5, ino 4
[  267.244689][ T2295] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  267.398589][ T2295] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  267.401149][ T2295] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  267.404060][ T2295] usb 3-1: config 220 has an invalid descriptor of length 184, skipping remainder of the config
[  267.407211][ T2295] usb 3-1: config 220 has no interface number 2
[  267.409184][ T2295] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  267.413163][ T2295] usb 3-1: config 220 interface 0 has no altsetting 0
[  267.415397][ T2295] usb 3-1: config 220 interface 76 has no altsetting 0
[  267.417511][ T2295] usb 3-1: config 220 interface 1 has no altsetting 0
[  267.421645][ T2295] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  267.424702][ T2295] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.427229][ T2295] usb 3-1: Product: syz
[  267.428577][ T2295] usb 3-1: Manufacturer: syz
[  267.430020][ T2295] usb 3-1: SerialNumber: syz
[  267.668637][ T2295] usb 3-1: selecting invalid altsetting 0
[  267.670836][ T2295] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  267.673039][ T2295] usb 3-1: No valid video chain found.
[  267.695228][ T2295] usb 3-1: selecting invalid altsetting 0
[  267.697029][ T2295] usbtest 3-1:220.1: probe with driver usbtest failed with error -22
[  267.714071][ T2295] usb 3-1: USB disconnect, device number 37
[  268.319261][T12508] netlink: 'syz.2.2491': attribute type 1 has an invalid length.
[  268.321866][T12508] nbd: couldn't find a device at index 393224
[  268.453160][T12510] loop2: detected capacity change from 0 to 32768
[  268.466710][   T47] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  268.625208][   T47] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  268.628981][   T47] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  268.644468][   T47] usb 5-1: config 0 descriptor??
[  268.647294][   T47] cp210x 5-1:0.0: cp210x converter detected
[  268.852525][T12524] loop1: detected capacity change from 0 to 4096
[  268.875097][T12524] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  268.918819][T12526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2501'.
[  268.939928][T12528] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  269.002496][T12534] sch_tbf: burst 3298 is lower than device lo mtu (65550) !
[  269.054985][   T47] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  269.062478][   T47] usb 5-1: cp210x converter now attached to ttyUSB0
[  269.261331][   T47] usb 5-1: USB disconnect, device number 8
[  269.266275][   T47] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  269.273175][   T47] cp210x 5-1:0.0: device disconnected
[  269.784777][T12548] loop4: detected capacity change from 0 to 16
[  269.787683][T12548] erofs (device loop4): mounted with root inode @ nid 36.
[  269.809489][T11326] erofs (device loop4): invalid de[0].nameoff 0 @ nid 46
[  269.812859][T11326] syz-executor: attempt to access beyond end of device
[  269.812859][T11326] loop4: rw=524288, sector=8, nr_sectors = 24 limit=16
[  269.821492][T11326] erofs (device loop4): invalid de[0].nameoff 0 @ nid 89
[  269.826147][T11326] erofs (device loop4): invalid de[0].nameoff 0 @ nid 89
[  269.885999][   T33] audit: type=1400 audit(1755051785.220:91): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//&@\)//&" pid=12555 comm="syz.4.2514"
[  270.037013][T12568] netlink: 'syz.2.2520': attribute type 4 has an invalid length.
[  270.048194][ T2295] lo speed is unknown, defaulting to 1000
[  270.050036][ T2295] syz0: Port: 1 Link DOWN
[  270.080768][T12572] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2522'.
[  270.085113][T12562] loop4: detected capacity change from 0 to 32768
[  270.090792][T12562] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2517 (12562)
[  270.105962][T12562] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  270.109645][T12562] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  270.112555][T12562] BTRFS info (device loop4): using free-space-tree
[  270.169802][T12591] loop1: detected capacity change from 0 to 256
[  270.180618][T12591] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  270.194233][T11326] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  270.246252][T12596] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.2527'.
[  270.403181][   T33] audit: type=1326 audit(1755051785.720:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12605 comm="syz.4.2531" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ba8b8ebe9 code=0x0
[  270.484606][T12613] loop4: detected capacity change from 0 to 128
[  270.523594][  T975] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  270.636169][T12620] ecryptfs_validate_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  270.641252][T12620] Error validating options; rc = [-22]
[  270.698109][  T975] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  270.701247][  T975] usb 3-1: config 0 has no interface number 0
[  270.705245][  T975] usb 3-1: config 0 interface 1 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  270.709014][  T975] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  270.712437][  T975] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  270.719631][  T975] usb 3-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  270.725935][  T975] usb 3-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[  270.728916][  T975] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.735348][  T975] usb 3-1: config 0 descriptor??
[  271.147254][  T975] hid (null): report_id 35660 is invalid
[  271.359073][  T975] input: HID 28bd:0042 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:28BD:0042.001C/input/input19
[  271.460884][  T975] uclogic 0003:28BD:0042.001C: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.2-1/input1
[  271.480404][  T975] usb 3-1: USB disconnect, device number 38
[  272.117189][T12635] loop1: detected capacity change from 0 to 40427
[  272.120383][T12635] F2FS-fs (loop1): build fault injection rate: 14
[  272.122519][T12635] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  272.127211][T12635] F2FS-fs (loop1): invalid crc value
[  272.129939][    C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  272.136353][    C1] F2FS-fs (loop1): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  272.166467][T12635] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  272.169501][T12635] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  272.174285][T12635] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  272.186757][T12635] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  272.192126][   T33] audit: type=1800 audit(1755051787.520:93): pid=12635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2543" name="file1" dev="loop1" ino=10 res=0 errno=0
[  272.202304][T12635] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_get_read_data_folio+0xc1/0x7d0
[  272.218162][ T5927] syz-executor: attempt to access beyond end of device
[  272.218162][ T5927] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  272.227051][ T5927] CPU: 1 UID: 0 PID: 5927 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  272.227064][ T5927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  272.227068][ T5927] Call Trace:
[  272.227071][ T5927]  <TASK>
[  272.227075][ T5927]  dump_stack_lvl+0x189/0x250
[  272.227090][ T5927]  ? __pfx_dump_stack_lvl+0x10/0x10
[  272.227099][ T5927]  ? __pfx_queue_work_on+0x10/0x10
[  272.227107][ T5927]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  272.227117][ T5927]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  272.227130][ T5927]  f2fs_handle_critical_error+0x37c/0x540
[  272.227143][ T5927]  f2fs_write_end_io+0x886/0xb60
[  272.227161][ T5927]  __submit_merged_bio+0x27a/0x6a0
[  272.227174][ T5927]  __submit_merged_write_cond+0x255/0x530
[  272.227186][ T5927]  f2fs_write_data_pages+0x261d/0x3000
[  272.227195][ T5927]  ? __lock_acquire+0xab9/0xd20
[  272.227221][ T5927]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  272.227250][ T5927]  ? __mod_zone_page_state+0xd7/0x140
[  272.227290][ T5927]  ? folios_put_refs+0x560/0x640
[  272.227306][ T5927]  ? __lock_acquire+0xab9/0xd20
[  272.227321][ T5927]  ? do_raw_spin_lock+0x121/0x290
[  272.227335][ T5927]  ? do_raw_spin_unlock+0x4d/0x240
[  272.227343][ T5927]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  272.227353][ T5927]  do_writepages+0x32e/0x550
[  272.227368][ T5927]  ? do_raw_spin_unlock+0x4d/0x240
[  272.227379][ T5927]  filemap_fdatawrite+0x199/0x240
[  272.227390][ T5927]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  272.227421][ T5927]  ? do_raw_spin_unlock+0x4d/0x240
[  272.227432][ T5927]  f2fs_sync_dirty_inodes+0x31f/0x830
[  272.227449][ T5927]  f2fs_write_checkpoint+0x95a/0x1df0
[  272.227470][ T5927]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  272.227502][ T5927]  ? kill_f2fs_super+0x298/0x6c0
[  272.227514][ T5927]  kill_f2fs_super+0x2c3/0x6c0
[  272.227527][ T5927]  ? __pfx_kill_f2fs_super+0x10/0x10
[  272.227536][ T5927]  ? radix_tree_delete_item+0x2b6/0x400
[  272.227548][ T5927]  ? shrinker_free+0x2ce/0x3e0
[  272.227557][ T5927]  deactivate_locked_super+0xbc/0x130
[  272.227567][ T5927]  cleanup_mnt+0x425/0x4c0
[  272.227592][ T5927]  ? lockdep_hardirqs_on+0x9c/0x150
[  272.227603][ T5927]  task_work_run+0x1d4/0x260
[  272.227615][ T5927]  ? __pfx_task_work_run+0x10/0x10
[  272.227623][ T5927]  ? __x64_sys_umount+0x122/0x160
[  272.227635][ T5927]  ? exit_to_user_mode_loop+0x40/0x110
[  272.227647][ T5927]  exit_to_user_mode_loop+0xec/0x110
[  272.227657][ T5927]  do_syscall_64+0x2bd/0x3b0
[  272.227665][ T5927]  ? lockdep_hardirqs_on+0x9c/0x150
[  272.227673][ T5927]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.227680][ T5927]  ? exc_page_fault+0x9f/0xf0
[  272.227689][ T5927]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  272.227696][ T5927] RIP: 0033:0x7f5cfab8ff17
[  272.227704][ T5927] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  272.227710][ T5927] RSP: 002b:00007ffff53c5808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  272.227719][ T5927] RAX: 0000000000000000 RBX: 00007f5cfac11c05 RCX: 00007f5cfab8ff17
[  272.227724][ T5927] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff53c58c0
[  272.227728][ T5927] RBP: 00007ffff53c58c0 R08: 0000000000000000 R09: 0000000000000000
[  272.227732][ T5927] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffff53c6950
[  272.227737][ T5927] R13: 00007f5cfac11c05 R14: 00000000000426e2 R15: 00007ffff53c6990
[  272.227750][ T5927]  </TASK>
[  272.228696][ T5927] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  272.293563][ T2295] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  272.483640][ T2295] usb 3-1: Using ep0 maxpacket: 8
[  272.486990][ T2295] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  272.489723][ T2295] usb 3-1: config 179 has no interface number 0
[  272.491826][ T2295] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  272.496290][ T2295] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  272.499817][ T2295] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  272.503144][ T2295] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  272.508159][ T2295] usb 3-1: config 179 interface 65 has no altsetting 0
[  272.510626][ T2295] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  272.514087][ T2295] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.582309][T12648] delete_channel: no stack
[  272.584531][T12648] delete_channel: no stack
[  272.613058][T12650] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2548'.
[  272.703646][  T792] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  272.726053][   T24] usb 3-1: USB disconnect, device number 39
[  272.853716][  T792] usb 2-1: Using ep0 maxpacket: 8
[  272.858065][  T792] usb 2-1: unable to get BOS descriptor or descriptor too short
[  272.862367][  T792] usb 2-1: config 7 has an invalid interface number: 6 but max is 0
[  272.865626][  T792] usb 2-1: config 7 has no interface number 0
[  272.867961][  T792] usb 2-1: No eUSB2 isoc ep 15 companion for config 7 interface 6 altsetting 254
[  272.871065][  T792] usb 2-1: config 7 interface 6 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  272.876488][  T792] usb 2-1: config 7 interface 6 has no altsetting 0
[  272.881460][  T792] usb 2-1: New USB device found, idVendor=1a8d, idProduct=100d, bcdDevice=30.9e
[  272.885385][  T792] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.888925][  T792] usb 2-1: Product: syz
[  272.890712][  T792] usb 2-1: Manufacturer: syz
[  272.892520][  T792] usb 2-1: SerialNumber: syz
[  273.033570][  T975] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  273.105364][  T792] option 2-1:7.6: GSM modem (1-port) converter detected
[  273.112172][  T792] usb 2-1: USB disconnect, device number 51
[  273.117028][  T792] option 2-1:7.6: device disconnected
[  273.193493][  T975] usb 5-1: Using ep0 maxpacket: 32
[  273.196795][  T975] usb 5-1: New USB device found, idVendor=04cb, idProduct=013d, bcdDevice=a4.42
[  273.199673][  T975] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.206970][  T975] usb 5-1: config 0 descriptor??
[  273.215148][  T975] gspca_main: finepix-2.14.0 probing 04cb:013d
[  273.430678][  T975] usb 5-1: USB disconnect, device number 9
[  273.532509][T12672] loop2: detected capacity change from 0 to 16
[  273.540910][T12672] erofs (device loop2): mounted with root inode @ nid 36.
[  273.556635][T12672] erofs (device loop2): readahead error at folio 7 @ nid 36
[  273.560380][T12672] erofs (device loop2): bogus lookback distance 26160 @ lcn 6 of nid 36
[  273.563227][T12672] erofs (device loop2): readahead error at folio 6 @ nid 36
[  273.566501][T12672] erofs (device loop2): readahead error at folio 5 @ nid 36
[  273.569177][T12672] erofs (device loop2): inconsistent algorithmtype 0 for nid 36
[  273.571869][T12672] erofs (device loop2): readahead error at folio 4 @ nid 36
[  273.575033][T12672] erofs (device loop2): inconsistent algorithmtype 0 for nid 36
[  273.577792][T12672] erofs (device loop2): readahead error at folio 3 @ nid 36
[  273.580323][T12672] erofs (device loop2): inconsistent algorithmtype 0 for nid 36
[  273.582752][T12672] erofs (device loop2): readahead error at folio 1 @ nid 36
[  273.591014][T12672] erofs (device loop2): bogus lookback distance 0 @ lcn 0 of nid 36
[  273.594920][T12672] erofs (device loop2): readahead error at folio 0 @ nid 36
[  273.597850][T12672] syz.2.2558: attempt to access beyond end of device
[  273.597850][T12672] loop2: rw=524288, sector=525136, nr_sectors = 8 limit=16
[  273.602436][T12672] erofs (device loop2): bogus lookback distance 0 @ lcn 0 of nid 36
[  273.605739][T12672] erofs (device loop2): bogus lookback distance 0 @ lcn 0 of nid 36
[  273.611372][T12672] erofs (device loop2): read error -117 @ 0 of nid 36
[  273.613651][T12672] erofs (device loop2): failed to readdir of logical block 0 of nid 36
[  273.702778][T12678] loop2: detected capacity change from 0 to 16
[  273.798366][T12674] loop1: detected capacity change from 0 to 32768
[  273.971396][T12696] loop4: detected capacity change from 0 to 512
[  273.990033][T12696] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  273.993095][T12696] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.2565: invalid indirect mapped block 8 (level 2)
[  274.000798][T12696] EXT4-fs (loop4): Remounting filesystem read-only
[  274.003189][T12696] EXT4-fs (loop4): 1 truncate cleaned up
[  274.014371][  T114] ------------[ cut here ]------------
[  274.015043][T12696] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  274.016313][  T114] WARNING: CPU: 0 PID: 114 at fs/jfs/jfs_dmap.c:2875 dbAdjTree+0x454/0x4e0
[  274.016343][  T114] Modules linked in:
[  274.025445][  T114] CPU: 0 UID: 0 PID: 114 Comm: jfsCommit Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  274.029897][  T114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  274.033228][  T114] RIP: 0010:dbAdjTree+0x454/0x4e0
[  274.035167][  T114] Code: 5a ff ff ff e8 0d af 81 fe eb 05 e8 06 af 81 fe 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 ed ae 81 fe 90 <0f> 0b 90 eb e1 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c e1 fb ff ff
[  274.041561][  T114] RSP: 0000:ffffc9000242f508 EFLAGS: 00010293
[  274.043843][  T114] RAX: ffffffff833dfcc3 RBX: ffff888022eaf010 RCX: ffff888106159cc0
[  274.046447][  T114] RDX: 0000000000000000 RSI: 0000000000000155 RDI: 0000000000020056
[  274.049039][  T114] RBP: 0000000000020056 R08: ffffea00008babc7 R09: 1ffffd4000117578
[  274.051771][  T114] R10: dffffc0000000000 R11: fffff94000117579 R12: ffff888022eaf018
[  274.054559][  T114] R13: dffffc0000000000 R14: 0000000000000004 R15: 0000000000000155
[  274.054569][  T114] FS:  0000000000000000(0000) GS:ffff8880b8624000(0000) knlGS:0000000000000000
[  274.054575][  T114] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  274.054581][  T114] CR2: 00007f89fb9aef80 CR3: 000000000df36000 CR4: 00000000000006f0
[  274.054608][  T114] Call Trace:
[  274.054614][  T114]  <TASK>
[  274.054618][  T114]  ? __pfx_lock_metapage+0x10/0x10
[  274.054633][  T114]  dbJoin+0x238/0x300
[  274.054641][  T114]  ? do_read_cache_folio+0x4c6/0x590
[  274.054652][  T114]  dbFreeBits+0x4e1/0xdb0
[  274.073729][  T114]  dbFree+0x336/0x650
[  274.075065][  T114]  txFreeMap+0x9e6/0xde0
[  274.076469][  T114]  ? do_raw_spin_unlock+0x4d/0x240
[  274.078087][  T114]  xtTruncate+0xcea/0x2e70
[  274.079570][  T114]  ? __pfx_xtTruncate+0x10/0x10
[  274.081165][  T114]  ? reacquire_held_locks+0x127/0x1d0
[  274.082897][  T114]  ? __mark_inode_dirty+0x4a6/0xdf0
[  274.084731][  T114]  ? __asan_memset+0x22/0x50
[  274.086227][  T114]  ? __dquot_initialize+0x218/0xcb0
[  274.087953][  T114]  jfs_free_zero_link+0x33a/0x4a0
[  274.089631][  T114]  ? __pfx_jfs_free_zero_link+0x10/0x10
[  274.091452][  T114]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  274.093659][  T114]  jfs_evict_inode+0x363/0x440
[  274.095232][  T114]  ? evict+0x4f8/0x9c0
[  274.096619][  T114]  ? __pfx_jfs_evict_inode+0x10/0x10
[  274.098356][  T114]  evict+0x504/0x9c0
[  274.099597][  T114]  ? __pfx_evict+0x10/0x10
[  274.101003][  T114]  ? do_raw_spin_unlock+0x4d/0x240
[  274.102703][  T114]  ? _raw_spin_unlock+0x28/0x50
[  274.104546][  T114]  ? iput+0x6d8/0x9d0
[  274.105820][  T114]  jfs_lazycommit+0x43f/0xa90
[  274.107334][  T114]  ? __pfx_jfs_lazycommit+0x10/0x10
[  274.108963][  T114]  ? __pfx_default_wake_function+0x10/0x10
[  274.110793][  T114]  ? __kthread_parkme+0x7b/0x200
[  274.112579][  T114]  ? __kthread_parkme+0x1a1/0x200
[  274.114371][  T114]  kthread+0x711/0x8a0
[  274.115746][  T114]  ? __pfx_jfs_lazycommit+0x10/0x10
[  274.117461][  T114]  ? __pfx_kthread+0x10/0x10
[  274.118986][  T114]  ? _raw_spin_unlock_irq+0x23/0x50
[  274.120669][  T114]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.122350][  T114]  ? __pfx_kthread+0x10/0x10
[  274.123977][  T114]  ret_from_fork+0x3fc/0x770
[  274.125509][  T114]  ? __pfx_ret_from_fork+0x10/0x10
[  274.127140][  T114]  ? __switch_to_asm+0x39/0x70
[  274.128689][  T114]  ? __switch_to_asm+0x33/0x70
[  274.130227][  T114]  ? __pfx_kthread+0x10/0x10
[  274.131704][  T114]  ret_from_fork_asm+0x1a/0x30
[  274.133309][  T114]  </TASK>
[  274.134464][  T114] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  274.136855][  T114] CPU: 0 UID: 0 PID: 114 Comm: jfsCommit Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  274.140712][  T114] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  274.144024][  T114] Call Trace:
[  274.145139][  T114]  <TASK>
[  274.146082][  T114]  dump_stack_lvl+0x99/0x250
[  274.147547][  T114]  ? __asan_memcpy+0x40/0x70
[  274.149010][  T114]  ? __pfx_dump_stack_lvl+0x10/0x10
[  274.150713][  T114]  ? __pfx__printk+0x10/0x10
[  274.152201][  T114]  vpanic+0x281/0x750
[  274.153473][  T114]  ? __pfx__printk+0x10/0x10
[  274.155000][  T114]  ? __pfx_vpanic+0x10/0x10
[  274.156517][  T114]  ? is_bpf_text_address+0x26/0x2b0
[  274.158232][  T114]  panic+0xb9/0xc0
[  274.159512][  T114]  ? __pfx_panic+0x10/0x10
[  274.160997][  T114]  __warn+0x31b/0x4b0
[  274.162329][  T114]  ? dbAdjTree+0x454/0x4e0
[  274.163814][  T114]  ? dbAdjTree+0x454/0x4e0
[  274.165301][  T114]  report_bug+0x2be/0x4f0
[  274.166733][  T114]  ? dbAdjTree+0x454/0x4e0
[  274.168210][  T114]  ? dbAdjTree+0x454/0x4e0
[  274.169689][  T114]  ? dbAdjTree+0x456/0x4e0
[  274.171137][  T114]  handle_bug+0x84/0x160
[  274.172515][  T114]  exc_invalid_op+0x1a/0x50
[  274.174017][  T114]  asm_exc_invalid_op+0x1a/0x20
[  274.175589][  T114] RIP: 0010:dbAdjTree+0x454/0x4e0
[  274.177199][  T114] Code: 5a ff ff ff e8 0d af 81 fe eb 05 e8 06 af 81 fe 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 ed ae 81 fe 90 <0f> 0b 90 eb e1 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c e1 fb ff ff
[  274.183189][  T114] RSP: 0000:ffffc9000242f508 EFLAGS: 00010293
[  274.185182][  T114] RAX: ffffffff833dfcc3 RBX: ffff888022eaf010 RCX: ffff888106159cc0
[  274.187785][  T114] RDX: 0000000000000000 RSI: 0000000000000155 RDI: 0000000000020056
[  274.190372][  T114] RBP: 0000000000020056 R08: ffffea00008babc7 R09: 1ffffd4000117578
[  274.192959][  T114] R10: dffffc0000000000 R11: fffff94000117579 R12: ffff888022eaf018
[  274.195450][  T114] R13: dffffc0000000000 R14: 0000000000000004 R15: 0000000000000155
[  274.198028][  T114]  ? dbAdjTree+0x453/0x4e0
[  274.199509][  T114]  ? dbAdjTree+0x453/0x4e0
[  274.200977][  T114]  ? __pfx_lock_metapage+0x10/0x10
[  274.202686][  T114]  dbJoin+0x238/0x300
[  274.204014][  T114]  ? do_read_cache_folio+0x4c6/0x590
[  274.205772][  T114]  dbFreeBits+0x4e1/0xdb0
[  274.207197][  T114]  dbFree+0x336/0x650
[  274.208527][  T114]  txFreeMap+0x9e6/0xde0
[  274.209929][  T114]  ? do_raw_spin_unlock+0x4d/0x240
[  274.211629][  T114]  xtTruncate+0xcea/0x2e70
[  274.213115][  T114]  ? __pfx_xtTruncate+0x10/0x10
[  274.214729][  T114]  ? reacquire_held_locks+0x127/0x1d0
[  274.216528][  T114]  ? __mark_inode_dirty+0x4a6/0xdf0
[  274.218235][  T114]  ? __asan_memset+0x22/0x50
[  274.219782][  T114]  ? __dquot_initialize+0x218/0xcb0
[  274.221505][  T114]  jfs_free_zero_link+0x33a/0x4a0
[  274.223175][  T114]  ? __pfx_jfs_free_zero_link+0x10/0x10
[  274.224991][  T114]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[  274.226986][  T114]  jfs_evict_inode+0x363/0x440
[  274.228571][  T114]  ? evict+0x4f8/0x9c0
[  274.229855][  T114]  ? __pfx_jfs_evict_inode+0x10/0x10
[  274.231586][  T114]  evict+0x504/0x9c0
[  274.232887][  T114]  ? __pfx_evict+0x10/0x10
[  274.234373][  T114]  ? do_raw_spin_unlock+0x4d/0x240
[  274.236057][  T114]  ? _raw_spin_unlock+0x28/0x50
[  274.237674][  T114]  ? iput+0x6d8/0x9d0
[  274.239024][  T114]  jfs_lazycommit+0x43f/0xa90
[  274.240579][  T114]  ? __pfx_jfs_lazycommit+0x10/0x10
[  274.242277][  T114]  ? __pfx_default_wake_function+0x10/0x10
[  274.244190][  T114]  ? __kthread_parkme+0x7b/0x200
[  274.245835][  T114]  ? __kthread_parkme+0x1a1/0x200
[  274.247490][  T114]  kthread+0x711/0x8a0
[  274.248827][  T114]  ? __pfx_jfs_lazycommit+0x10/0x10
[  274.250507][  T114]  ? __pfx_kthread+0x10/0x10
[  274.251968][  T114]  ? _raw_spin_unlock_irq+0x23/0x50
[  274.253660][  T114]  ? lockdep_hardirqs_on+0x9c/0x150
[  274.255306][  T114]  ? __pfx_kthread+0x10/0x10
[  274.256788][  T114]  ret_from_fork+0x3fc/0x770
[  274.258254][  T114]  ? __pfx_ret_from_fork+0x10/0x10
[  274.259916][  T114]  ? __switch_to_asm+0x39/0x70
[  274.261490][  T114]  ? __switch_to_asm+0x33/0x70
[  274.263045][  T114]  ? __pfx_kthread+0x10/0x10
[  274.264535][  T114]  ret_from_fork_asm+0x1a/0x30
[  274.266098][  T114]  </TASK>
[  274.267776][  T114] Kernel Offset: disabled
[  274.269158][  T114] Rebooting in 86400 seconds..

VM DIAGNOSIS:
02:23:17  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33bcc60 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=0000000000000000 RDI=0000000000000020 RBP=ffffffff99de6770 RSP=ffffc9000242ec50
R8 =ffff888020220237 R9 =1ffff11004044046 R10=dffffc0000000000 R11=ffffffff854e7210
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99de64e0 R15=0000000000000000
RIP=ffffffff854e7287 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8624000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f89fb9aef80 CR3=0000000026ff6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffffffffffffffff ffff000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000001 RBX=00000000ffffffff RCX=0000000080000000 RDX=0000000000000000
RSI=ffffffff8d9c7f0a RDI=ffffffff8be32600 RBP=00000000ffffffff RSP=ffffc9000621f4a0
R8 =ffff888107dd3980 R9 =0000000000000004 R10=0000000000000003 R11=0000000000000000
R12=0000000000000246 R13=ffff888107dd3980 R14=ffffffff8e139f40 R15=ffff888026f2d770
RIP=ffffffff8b78b1a0 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c24000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f89fb7240a0 CR3=0000000026ff6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 0000000000000000
XMM02=000055556bb516c9 000055556bb514e0 XMM03=000055556bb4e8e4 000055556bb4e8e0
XMM04=0000000000000000 000055556bb4b498 XMM05=0112800411b41000 0288020001a78004
XMM06=1080100003800411 80040e0174c281eb XMM07=4a1fffff000001bf c774000000000000
XMM08=0000000000000000 0000000000000000 XMM09=660a79656b5f5f2e 6e6f6974656c706d
XMM10=2030323833303061 3966666666666666 XMM11=696c5f6f676c615f 7664617461622062
XMM12=5f5f2e6574616572 635f6b636f737761 XMM13=3030613966666666 666666660a79656b
XMM14=5f70636c6c5f6366 6e20622030306434 XMM15=2e6563697665645f 7265747369676572
