last executing test programs:

1m29.680006733s ago: executing program 2 (id=138):
r0 = io_uring_setup(0x1530, &(0x7f0000000480)={0x0, 0xd498, 0x800, 0x8000002, 0x1d5})
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000008020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1m29.545148673s ago: executing program 2 (id=140):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f0000000780)=ANY=[@ANYBLOB="b702000004000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff1d6405000000000065040400210000000404000001e37c60b7040000000000006a0a00fe000000008500000032000000b70000000000000095000000000000000ce0de7621e5e832249c04112cf7af2b75d0d1f034b1b3fb6bd3ce8fa62c7941272ff49142d860010ab162aa2264ab67e55a00000000000000edfe0969a9ddc125b686a1e83c8790c893d713b3295dad0ea697181d1e85b64126b5d72f204754d1d4a93f24215dee354e93cfc3f50ff23f8432c72012f021c84c59a9d4c142f439d3040cfee621589fb3a2f1407c7cbed48e7026f8d52d4bca2608c79aa4a73732028f88ce07ed1075da4a2ef44e3d8b88873f0b1de87dfb6d15936ec0a27cb554def9e27396df6b7851ffa26237ea6730880f06371beb3b290b7d8629a6f0373fefa0acb60888fc14ad2b83ca03ac2aee792482ced58af4140cc4ce3efef26e00c5b2200a91cb80c6065a697d6fc8aa8b65aee0783b04cff0218ce82c9687b4474da89c474c23727555fc5e5f8ad0f2f7a261140440fce1f12cc6df312accd011d888384283092d987c40bbb46f68c2431b97906f00000000349834fa147bd5923bbd4e606708034931a8f1a89bdf77093a0000427aab8e21e1a33d3fe093547532fce6549dd648ad233e05a7b3ea178007c1c32e871ac81f287c4aabbd153390b16d1d41ee433e3aee000000000009e106d6b5289f0000000000000000000000f7bc9f46cb71f6b889d37807865e3b4e9916dd0f72c9d58ea333b90f8886dcbf5ddda0e42ca08e3303632401f2f5212b40c0e88c957fd767dbfc80b07ad668b4f6f92fb209d7c2dbac597843c8eb7bf92fe6d0bb0b72549795c2ed19e441eb69869844152ba9da0588e42cdbc5fcd245ce5e3ef0dca64931276702a312db7956f0a75eb9caa17d47a6331c7c963cbf86a845ce27c26b7136d3e7207318b1df7a6320c64f18ccd926eaeddcde8d5006d6c38db117fb1115221a66169172720ccca770bff37e59511b2606138377eda44b2f288b491ab8aae0e11a98303b0e407e0f9d21f4a3ebbd3fabf6da9a1a1f869a339fab465d8322b7280b0734fd115a19b33c8644fff71b3c62f2e1b827e2663e06a751182e968c8ab05fb1d0115d4b11d944f2c06acc023a02b7416a9a10218d21503cda13bb5df6c992e52e1c01793b728eac000058ab3b3900d279297dadc127e2f38fc60c23af2e1fefa5a83456647191ba1953d320f59aa261fe79613df6bf43884e9649691e32680d75a541c27ffe74f9d13340f2cf1c7dc2b7db01213216cd4ecfd30efe137641471987289b7e23482e026b26eacd1b97443e2ea2d1d6e31a01ee0ae7fa195a2152b2338b086423a3883f2ce3e2f84e04f4d52c985eac4b46336908599564b47db0e6aa97ee51a360f4382fd99745725d44c77d097f69d19fe86f71c38a0226d44ebe0ecbd959f14b540745cd03b8c9f02b825ba45ca85706c73115f70871db9d2a1bc2a517b39f9648123917a5db07ba4e27f961373767e1ea8f7cc558e483abef1a9923c5cfa2081e430680950b7d7c377726b557ad31fdee17ba7057741f39d29d8ab295222f96297a777bb235416e72c84afef2bdb08fb375147b028b89f15af45bc8976b91158c13c9876daa71e7db0f5a17376be39ea79ce1246c547c740e31c64e5d293e0e5a544dd166010061d6ccae46c173b8e11721e4bce22c16af00000021f80ac6c3971006db853e3c40a5417d6eac09eb0e01ac6bd4c6dacdcb1d6d2ef9c8bdea91c984022821e961236d08f8b9072ec6cb5d5a68833fd5b4e80a5ac2bc6ff323f5ce612b59ce8177956c1affcc8baf4c8b59ab959aff9a7bd81f7c7c1f1bb92ddbeed6bce8041c7f0c1c584e6ae027678ce3cfbfea938aecc3c5119c5875b7fb35dc20f5c7aaae1e276104f607a73fe501c1045873a2b1eb80e95c87f099d98028dc82bdc7ef08c871fb3061c3c5ebd613e6e5e8cf099bb6e8c0441a133c85138b36a02c47fbedf7ed1d3ce74c9ec2c676c0b2d4b5eca61dbf5769b483c2a9f6bec666dae4e81960e9bad7f17cfc3d5bcc7b7f437110ca8ffa908c12086b2227eb202a8d56e0925ba994b05c98c39de44d25932449ddf08e5377814a40877eab4440ca01b3f50d2014a61a7d32105254b424238122386424efa3a7041254f686a5faac120942287f75e8e3db569ce47b120059d774a37e11d013be50cd2cbb00f6d2a23af61ec7d30bb7dc33a92f900b6ff1d29dc61cc40b846040dbafd00c6bcfbcf700"/1664], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffffe}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x702, 0xfffffffffffffe62, 0x0, &(0x7f0000000080)="e864334470b8d480eb00c15286f9", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1m29.407976126s ago: executing program 2 (id=141):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r0, 0x40384708, &(0x7f0000000040)={0x9, 0x0, 0x20, 0x3, 0xe, "3eccd8fd0000000000000010000000040100"})

1m29.339562017s ago: executing program 2 (id=142):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x11)
mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0xc00, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000240)='./file0/../file0\x00')
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00')

1m29.248589518s ago: executing program 2 (id=143):
syz_mount_image$btrfs(&(0x7f0000000300), &(0x7f00000015c0)='./file0\x00', 0x1000004, &(0x7f0000000600)={[{@clear_cache}, {@user_subvol_rm}, {@nodiscard}, {@noautodefrag}, {@autodefrag}, {@autodefrag}, {@max_inline={'max_inline', 0x3d, [0x7, 0x38, 0x35, 0x39, 0x32, 0x70, 0x78, 0x2d, 0x2d, 0x37]}}, {@space_cache}]}, 0x0, 0x55b4, &(0x7f00000042c0)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcFYhKDFawiW4wUosky4xBC50ILiIh0WRGkOEfCmbYZVjGMn5sc4uxWUGpNEu2gZo1jhhdeu99bu89l9tembNOXy/SnvPcz3me+9yT88d93/KcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcTc9+d0fXisZE1X77/Hz+e+OiGn4zfdWDL4Vvu23j/grMjbtoxq6F33bTm+es3NB5teXr/nFujKJHul8j2v+3ab9XfeeNt360OAy5bmNnW1pZ6ykzXU5nG8IIH+/oV/iyPoqgqNkBldvtqdqeiYIDcblPxgAN6p21RdPfkeZN2dz41bklyYXfxS6dP9VBPYKhkr6vu/mspmf5dETsi18679BIFl2imf/yC+1ReBADwscxMpTe5t6PZt7i5dku8HmsnY+3WWDu8Q2jNb1yMzLjDS81zUrw+RPNMZqLCiJLzjNWz5z/XTsX7x9qxqPEx5ll4aDbSVJea55pYfajmCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBZMvbEsdXLdz+y575fttccfff9OVc+8KX2I7sXnxx59dIV21dP+emsht5105rnr9/QeLTl6f1zbo2i2nS/RKZ74mTr5b9NjZ3ftW/cG027nqvprcyOG7bD8g6OXg87s0ZH0Yq8SncY9q81UZQqLKSb0fbiwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Qtiu6ePG/S7s6nxi1JLuy++PFSJcZLXnC8XLu2/yeRF4xD/I2P118PhzYVjTOw+IjxPH/pmDFvvzW5fvLXp8194oZnRnV1/t+TMzan/lhX88IV1/fUP3tdUf6vHTj/hzMn/wMAAPCfkP/j4wxssPx/x9Kpm1//xbCVv25rfOJQ/fY/t33nmR2LTnff8KPel6cmb3/06lkNvX0pvj//Typ4yqL8H2Yc8n9FdHH5HwAAAD7L/tv5P1k0zsAGy/+NZ3tn/+DQa3Xtf5+zeM+vHrpi8bkzf5t/etfO4avvaF1X99CVRX//n1le/h+WP+3w4O/ChFeNjqKZ5Z9UAAAAoED4u3v/Rwshr2c+OYjn9Wv/eVXL/ps/+OY3HrznT2++/ZvjB2dPWrutbuahl2+q/7Dye9u6ivJ/srz8X/XpvFwAAACgDM8fWzF33onu84+fe6Hz1JFdPadmPHl2bXPvmbZLWlet3Hj8taL8nyov/48YmpcDAAAAXMC9dz63fNOrL/U+cOCusVO6K65quiRxy9btU5snfNRxac/l27YU5f9l5eX/kdltduVDplNH+F8IbaOjqLpvZ02mcDhqvSZXAAAAAD4hIadv+WB5w9gdY3vGnzjzWM3hN47M/suajjkbrumq6trU0dB0WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cSTid1vvbfyq+cPnh+z4MD3r9+4tr6n554JL/3+h3+Y/lF1Uf5vKS//V+ZvP8nv/wMAAICL8L/2/X9Li8YZ2GD3/2+u6G1cuXbf9FWb12xemGg4WH36wVX73l+w+l9Tb36+uea6g0X5v7W8/B+2o/JfXns4PxtHR9H4vp3s3QR/Hqa7KlbYW5VXyJz4WI8bQ49sYe+IvELamliPr42Oosl9Oy2xwv+HQmuscK4mW9gZKxwPhez1kCvsiRXaw5W2tSY73XjhxVDILrDYG1ZQjMotiYj1eK9Uj77CBXt05p4cAADgCyWE52yWrSpsRvEouzcx2AEjBzugYrADKgc7YFjsgPiBpR6PlhUWwuO3dzyyfmPjlOQrD8997GdvPts0Yf/jl9X1bPrwla33TtwxvXVqUf7fWV7+D6dieGZTav1/FNb/Z7/XMLf+f1ko1MYKe0MhFb9jQCo8RybsPhyeozaV7XFufK4AAAAAn2vhc4HKIZ4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAv9m79zipqjtB4KebftBN07RxIppxko4a0Iw0ja1hGBxFjdGoSDOrjpuMBgINIo0QHqsgagPqjEP8jK+dNRMdQUFkV/0Q42owGImLmFEnUUx8AD7W0XVd36MSo5mwn+5bp6i61WUXAko73+8fXafqd563Hl3n3lvnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8B/DvQe/fNLQhbP/4cOGcy9ZXTV10f/oGH3ZH6761hef+sdli/4tzP/FiDO3zDvowuPmL5j2Lx3LVx9xRgitXeXKkuJlz13x1Yda9zru2TsGbpx54631W6oy9WbioV/nn/LMnYtjqy/2D+HushAq0oEhdUmgMnO/Lta3b10Ie4RtgWyJttqkRLrh8EBNCEvCtkC2qtU1IdTlBE7ZcP99l3cmrqkJ4SshhOp0G89UJ23UpAODqpJAbTowvSIJ/HZrIhv4SXkSgB0W3wzZF/2q1vwMDd2XK/L6q9xpHft0pYfXJyYaiud7/ahd3KkcVekHWnfoaSuojp0i/XYoeHus9W7rBe+2gu18hact94tU5hvK1m2h6lA+sW3S+Dnts+Mj5aGpqU+xmnbR8/z02/MnbE+617wOYwcadsrr8NLHVkzvt2z0pVdv/tWYDWfVHLCj3XwqZ5Pmpne16pB5zfWa5zEa5fOkF7z9Cr4lNfrSFULYeu7ZM74+Z+LZR/S55cl1rz74YN2Ws+cs+MWZE89bdPHJG/59/ksF8/+Gj57/x5dzvC3Pyx1b/bA+mZvHR+pi4s36ZG4OAAAAvUZv2Gu68vzX/+r1769tnbno9G+/dfC5H+7V+usR9w+oOuCNdU2t52/8/CsF8//G0o7/x0P+dbmjXRvCqK7EogEh7N31eBJYGbvz3QEhfLkr1ZofOCoVWBvCPl2Jg7JVpUr0jSUaU4GX6zOBUanA+hhoTQWWx8AVqcDFMbAqFZgQA2tTgaNjIEzJH8dX6zPjKDlQEwPjko24Kp6F8E59bC21rTZlqwIAANhJMrPDyvy7Oec67GiGOL1cVdNThngGdtEM1aka0jPY7LSqaA0VPdVQ3lMN2XF3fPTwC2ou66nmgtMwyvIz3LjmL+9b9OJhXxi718TPLx56wZSfjQ9nvX131ePNS158a98jbl5XMP9v/uj5f3U3HSkrOP4fwtiuvzF3eSbSno2Pa83LAAAAAOyAi/74L/aofXnIAQ2b3i+7d/7aJx5d8cvNe5xy+vvjjn/9h4fXNN5bMP8fVdr5/3GfSJ+czOGRuBti6oAQmvMDSbUjCwPJUe9+mQAAAAD0Btnj8dlj4VMyt8kp2un5dGH+1u3MHw/8j+o2/+/v+Z+1d2z91xfLLvjuuSNqBiz9p1c7Jpxw8tG3HP+td/apOOCX5QXz/9bSzv+vzb9NOrE+9uLqASH0zQk8GHvZGejSGAPPH5kfyIx/fdwAi2NVmRMTslUtjiXGxUBzKrCkWIlHsyX2zg9knqxs44uy45iSKZETAAAAgE9c3B0Qj8vH8/9bzhhx2l9/b9bfLnzlwfNWX3DJXw3vmD/ypPuf/rBh7pVLw6Y3jyiY/4/bvvP/u+bBBaf3t/cLYWhFCH3SPwx4pDZZGDAG6soyiXtrk7r6pKtaWBvCyM6Bpat6IbP+f0V6jcHHa5KqYmDv/W55e1BnYllNCENzA098e+lhnYk5qUC28dNqQvhS52jTjd/VN2m8Mt34tX1D+GJOIFvVhL4hdDZWla7qf1VnrmOQrmpVdQh75gSyVQ2vDmFuAKC3iv9LJ+Y+OGvuvKnj29vbZu7CRNyJXxMmTWlva5owvX1idZE+TUz1OW8dowWFYyr10jebMmsULV45ubKUdPaHgs25bWV25BecOZi5H78MVXaN85DKvLst6SEfuH9hEyHnq1SxIZfv4iHX5lay7UksqD/mrwr9Qt85s9pmNp03fvbsmcOSv6VmPyT5G48zJdtqWHpb1XbXtxJeHkWXy0r5uNtqUG4lQ2dPmzF01tx5Q6ZMGz+5bXLbOS2H/lnLiOHDvzZiaOegmpO/PYx0UHc1p0a6dWmJw9qJI/1CRU4ln8SHhoSERG9L7PdfNj88es/151z/s9d+fH6/b552795HzvzhoVdNfah638MX3z7kwIL5/4yPnv/HT534wZ9Zn6HY8f+GeJg/eXzbYf5xMbCk1OP/DcWO5mdPDGhMBTpioMNhfgAAAD4b4u7IuDcz7pTefMv6dRuXtMz9QcM7LbeuaV960033nfqTOwee8KXBYa8N153wuYL5f0dpv//fSev/Z5euP6HYMv8HxRLNxdb/Ty/zn13/v6PY+v/pZf6z6/8v+RTW/5+TDaQ2yTvW/wcAAD4LPrn1/3tc3j99gYCCDD0u75++QEBBhh6X8S/1AgHbvf7/mgf/+itV/cbc8Sctv6m/5LW/u+ew1iPXbZ75J1/aun7ifdeNvWVNwfz/itLm/xbuBwAAgN3Hf77smoqjz777jpZ1UzeOe3Pwu0++tWRQnw8qjn64feQLA9+49byC+f+S0ub/n/z6f6HY+f+NxQKtxRYGtP4fAAAAvVSx9f/uGdrS+Icx/f/w9LDfLH/w5tE/feTnv1++389P/Fn5PguOfX7mZZMK5v+rSpv/x9MuyvNyx958WJ+saRdy1rTrKvlmffYnAwAAANA7lIempsoS8+YtjHrUx2/z6cxSoB+VzvW9V649e/ML0497/PR1f1dzwuA9J0y7YFXj3ww/8M7Pj7pkz6WbTi2Y/68tbf6f97uMSx9bMb3fstGXfnj15l+N2XBWzQHbjv8DAAAAu06p+yUAAAAAAAAAAAAAAIBP37kdiy98ZNmx733z9r/Y/4glrw6+7a4Dfzek30tXXPXApFVvnDn56wW//w9ju8oV+/1/vO5f/H3BH+Xljq12t/5fl+z6f5n7p5x4+9yuJQsfqQ9h/9zA1IVT9wiZa/MPzg3cd8ZBAzsTC9Ml1jx79Eudie+kA8cP+dyWzsThqcC4uEjiPulAvKrilv6pQFxe8fF0IG6PVelAVSZwWf9kHGXpbfVKXbKtytLbamNdCANyAtltdXdd0kZZeoDXpALZAX4vHYgDPDkTKE/36vZ+Sa9ioC4WvaFf0isAAHZb8VtgZZg0pb2tOX6Fj7dfqMi/jfKWLFtQWG1Zic1vyixNtnjl5MpS0n3S30W3XWu8MlR3DmFYwdfV3CxlXaPcObX0sOn+qMiQe1rtrbxIubTt3XRVxUdUk4yoacL09omVPQ68pecsh1T0mGVYwWQnN0t51yYtoZYS+lLCiErcNiV0Od4vD01NfVK5/jwGG0Kenl4Rpf5eP3edv2Kvgtw8tx165VtfPuanz33wz59/ov83Tqu5fdb33z3x16/ff+AhR1w3oWnNloL5f0Np8//q3HFtyVwMoCNeWW/kgBDGlTgiAAAA+Oy77aJb7zh9+vpXJq2tePKxx6aWjzm9cuv8O+fPu2TjvYuPv+zgFTsaP+ys337/N4P3/7dnr3rppyP3eeCGm//Pk4c9/ue/f/hHD71Tt7LP2PcK5v+Npc3/4x6szKHgZG/H2nj9/0UDQui6tH5DElgZh/vdASF8uSvVGkskF9Q/IZZoTgIr4w6Tg2KJca35VfWNgVWpwMv1mcDaVGB9DGT2UtwSMrtyrqwP4bCu1Nj8EjNiiYZUYEwMNKYCTTHQnAr0j4FRqcBr/TOB1lTg4RgIU/K31Y/7Z7YVAADA9sjMsyrz74b0PG9VRU8ZynrKUNtThvKeMlT3lKHYKOL9O2KGytTJK2U5mSrTtdakainIEC+Gv939KsgQHs3PmS5Y0HQ8/yB7vkFZfoYrf/DsqesHT39o9eZjvjbwtn8csufBzdPr3ltww1O/HXPOdc//6aCC+X9zafP/2vzbpPX1cf6/7fp/SeDB2L2r46njjTHw/JH5gcyOgfVxsrs4W1VrpkRm0r44lhgVA42pwIwYGJUKjBubCSwZmB/IzLSzjS/KNj4lUyInAAAAAJ+4uIMg7qaJ8/8bj/rB1e8PmLhl2byZ949teeLk0d+4+q4f3bv/sjvfXTF4wLj3vlMw/x9V2vw/ttcvt7GLY29e7B/C3WXbepMNDKlLAnE/Rl38efy+dSHskbODI1uirTYpUZVqODxQk/xCvSpd1eqaZI2BeP+UDfffd3ln4pqaEL6Ss/cl28Yz1UkbNenAoKokUJsOTK9IAnHPTyZQE35SngRgh2X3CsYXVOZUl6yG7ssVef19Vq4Jmh5ewT7QbvJ195urXaU6/UBmn2rW9j1tBdWxSxS8PdZ6t/XGd1uDd1vuF6nMN5St20LVoXxi26Txc9pnx0dyf8laYBc9z7m/Ui0lvRNehx0fv7c9q053oDn18dHcfbnuX4dlsbpLH1sxvd+y0ZdevflXYzacVXNAyd0oIv5Q+Edb/nflUzmbd1erDpnXXK/7PGn1edIb/w00etpCCJddf8y+S9799X7P3fDcqevKbhz76l/OumfT8r+pPHzUuvefHDr68oL5f2tp8/+K1G2X38WNOWtACAfmbNxH4uY/ZkDyOZgTSD4l9ywMJIfc/7W+6CcnAAAA7GzZ3R3Z/QVTMrfJCeHpeXJh/tbtzB/3V4zqNn+p/T523caVJw1947oD/vaCE9/4+2sPf+qh6y8rW7f8v4/9YPWayxe/90TB/H/cR8//+6a66fh/7vH/4Pg/O4/j/93a3XdF900/0LFDu6ILqmOXcPy/W7v7u83x/245/u/4f3cc/++B4//d2t2ftoJvSTN86eqcBF9/589/N/GmD+Y27nfwSU89c+jE6/7pqpa77zrllf927nnTXvvW5oL5/4zS5v/W/+t+0b7s+n/jiq3/N6PY+n8d1v8DAAB2qSILzaXneQWr9xVkSK/eV5ChxwUCe1xi0Pp/273+38KR/37RhT98vuXad+4cd/maTcee+erT61Y/M2vFceee/1brXXe1Fsz/O0qb/8eXQ7/c1nvL+n+NY4tUdUUMzLAwIAAAALujYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HQdeto771/y9X9oG/SLFTf//a3/7/8+W7v2gW9+46bhv5zyp2eUrdlwzYgzt8w76MLj5i+Y9i8dy1cfcUYIU7rKlSXFy5674qsPte513LN3DNw488Zb67dUZ+qtzNz+cV7u2OqH9SEsyXmkLiberO+8sy1wyom3z63oTDxSH8L+uYGpC6fu0ZlYXh/C4NzAfWccNLAzsTBdYs2zR7/UmfhOOnD8kM9t6UwcngmUpbt7Xf+ku2Xp7l7eP4QBOYFsd8/un19Vto3jMoHydBsr6pI2YqAuFr22LmkjBtpjiSl9QxhaEUKfdFX/XJ1U1Sdd1T3VSVV90lVdVB3CyBBCRbqq56qSqirSI3+0KqkqBvbe75a3B3UmllaFMDQ38MS3lx7WmZiZCmQb/09VIXyp8yWTbvzHlUnjlenG/2tlCF8MIVSlS7xXkZSoSpd4oSKEPXMC2zZiRQhzA58N8dNnYu6Ds+bOmzq+vb1t5i5MVGXaqgmTprS3NU2Y3j6xOtWnYspy0lsXfPyxb3p7/oTO28UrJ1eWkq7IlKvs6vIhlXl3W3b33sd+1eZWsu35KKg/5q8K/ULfObPaZjadN3727JnDkr+lZj8k+dsnE0221bDesq0G5VYydPa0GUNnzZ03ZMq08ZPbJred03Lon7WMGD78ayOGdg6qOfm7M0a69JMf6Rcqcir5JN7/EhISvS1Rnvfp1ry7f44XfNHf1tHKUN31AV0wrcjNUtY1yp0x6KM+5og/zteUHkc0rGDiUJDlkJ6ztBRMJrZlqUmydH2tK5gc5tZU3rVJ4/3y0NTUp9h2aMi/m7t5X9+Bzft0ZtOVmgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P+zAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswLEAAAAAgDB/6zB6NgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgUgAAAP//JSMYQA==")

1m28.922132136s ago: executing program 2 (id=145):
syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000043c0)=ANY=[@ANYBLOB="003b09000000e9"], 0x2, 0x1a2, &(0x7f0000000440)="$eJzs0L9rE2Ecx/H397knPypUiYpDBRuweF6oJndVB6fgFCEHDi6CQUMam2KippfBlha6SEGq/Rd0qqMKOokoOBcHwUHPpZs0Q3EQB4nk8kTwb/B5Dfe57wfunodvK+pGGeD3/mqDMgmHg3xE0MC0jDqlRvnazN9Nbo2CS2beNPnM5FS0vHK73m43l/IX8+T+KYAfSfe3il5wTNEXysjn/dVGXW6GDMp01HxIrkrhEU6NrveYKT3J0Rs4DNxNLiu64lbhULHXuVeMllfOLHbqC82F5p0gmLtQOlcqnQ+KtxbbzdIrxHsoiies4YVkQia8NVI1HuzoA8wK4rVU7EihT7rG1o5z+uRsH+XtMUB45/bJfNWtvLrKKbLXh5evcER4ihMyU2VCoUkOqiBX1Evx9Sf9M6XIrjvO2cbd9vzGNSW/0ttl2cuKv0vK9QkKPnPD1XCY92zEzMRUYrZjdr8xLW+Gp4z3qteHz+dmOs4JSHO/3ust+Wn4IDokcEOCHEwmv1PJvXLw1nxjgi/jF8uyLMuyLMuyLOs/8CcAAP//o/hj9Q==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x80)
open_by_handle_at(r0, &(0x7f0000000000)=@reiserfs_2={0x8, 0x2, {0x2, 0x5}}, 0x202400)

1m28.700134549s ago: executing program 32 (id=145):
syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f00000043c0)=ANY=[@ANYBLOB="003b09000000e9"], 0x2, 0x1a2, &(0x7f0000000440)="$eJzs0L9rE2Ecx/H397knPypUiYpDBRuweF6oJndVB6fgFCEHDi6CQUMam2KippfBlha6SEGq/Rd0qqMKOokoOBcHwUHPpZs0Q3EQB4nk8kTwb/B5Dfe57wfunodvK+pGGeD3/mqDMgmHg3xE0MC0jDqlRvnazN9Nbo2CS2beNPnM5FS0vHK73m43l/IX8+T+KYAfSfe3il5wTNEXysjn/dVGXW6GDMp01HxIrkrhEU6NrveYKT3J0Rs4DNxNLiu64lbhULHXuVeMllfOLHbqC82F5p0gmLtQOlcqnQ+KtxbbzdIrxHsoiies4YVkQia8NVI1HuzoA8wK4rVU7EihT7rG1o5z+uRsH+XtMUB45/bJfNWtvLrKKbLXh5evcER4ihMyU2VCoUkOqiBX1Evx9Sf9M6XIrjvO2cbd9vzGNSW/0ttl2cuKv0vK9QkKPnPD1XCY92zEzMRUYrZjdr8xLW+Gp4z3qteHz+dmOs4JSHO/3ust+Wn4IDokcEOCHEwmv1PJvXLw1nxjgi/jF8uyLMuyLMuyLOs/8CcAAP//o/hj9Q==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000200)='.\x00', 0x0, 0x80)
open_by_handle_at(r0, &(0x7f0000000000)=@reiserfs_2={0x8, 0x2, {0x2, 0x5}}, 0x202400)

1.38272577s ago: executing program 0 (id=797):
r0 = syz_open_procfs(0x0, &(0x7f00000010c0)='timers\x00')
pread64(r0, &(0x7f0000000480)=""/177, 0xb1, 0x38)
preadv(r0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/38, 0x26}], 0x1, 0x5, 0xfff)

1.310998218s ago: executing program 0 (id=798):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00'})
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000140))
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000380)={[], [{@fsmagic={'fsmagic', 0x3d, 0x4}}]}, 0xf, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000001740)=""/192, &(0x7f0000000140)=""/92})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000001500)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=""/57, 0x0, &(0x7f0000003100)=""/4102, 0xeeef0000})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

710.26639ms ago: executing program 3 (id=804):
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, 0x0, 0x1, 0x0, 0x0, 0x20040844}, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000000)=""/126, &(0x7f0000000080)=0x7e)

649.662056ms ago: executing program 1 (id=805):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x80, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000180)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x20000, 0x0, 0x1, 0x18e48b, 0x7f7d4})

649.453688ms ago: executing program 3 (id=806):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x4810, &(0x7f0000000140)={[{@journal_dev={'journal_dev', 0x3d, 0x8}}, {@data_err_ignore}, {@noinit_itable}, {@sysvgroups}, {@errors_remount}]}, 0x0, 0x4ec, &(0x7f0000000c40)="$eJzs3ElvHMUeAPB/j5fEL8mzX957QBbIQEBYIOLYWQ8cCAIpFyQkEApHYztRiJOg2EhJZBGzKEgcQPkEAW5IfAJOcEGAOIC4EsERIUXIBxw4oEE10zOMPTPe4iWxfz9pnKru6q6q7q64lmkHsGEV048sYmtE/BgR3ZXozATFyj+3piaG/piaGMqiVHrht6ycbnpq4sNq0upxW/JIbyGi8E4Wu5rkO3bp8pnB0dGRC5Xo2zfGC/mes4OnRk6NnBs4evTgga4jhwcOLUs9U5mmd75xfveO4y9fe27oxLVXvv40lbeU75+emhiaeUTPInNoa9hSjOLMa1nnkUWe/U63rS6ctaefhbUrDAuWntp0uzrK7b872sqxiu549q1aImDdKZVKpU0NW2sNfrJUL8sqBwDrRKZJwwa0ve43/vRUGqlODDWOg9e3m8eiPAJK9b6Vfyp72ssj2GJPZWzUsUL5/y8iTkz+eT19ouk8BADA8vr8WETp5987Ur+j+qnsKcQ9den+na8N9UTEfyIi9R3/m/df/h9RTntvRNxXd0zqUW6eJ//irHhj/+f7rjyQuqxLrmcrqf/3ZL62NbP/V1u/6GnLY9vK9e/ITp4eHdmfX5Pe6NiU4v2Np65Nq33xzA8ftMq/WNf/S5+Uf7UvmJfj1/ZZE3TDg+ODt1vvqptvli/slcb6Z9GeVUMROyJi5xLOn67Z6cc+2d1qf63+bXH9RKpnQ/3fb33y9iUUaJbSRxGPVu7/ZMyqf9KZh/rGz77WN3bp8hOn69cn+48cHjjUtzlGR/b3VZ+KRt98d/X5PNgwjJj//q+sdP//1fT5r61c9mT167Vji8/j6o13W45plvr8d2YvlsOd+baLg+PjF/ojOrPJxu0D/xx7cbBrRvpU/969zdv/9oi/qovbuyIiPcT3R8QDEbEnL/uDEfFQROydo/5fPf3wq62GkHfC/R9e1P1vFXjq24jmu9rOfPlZQ8bvFRdY/3T/D5ZDvfmW4cHx+X6txFwlrQ/c9gUEAACAu8CeiNgaWWFfPse5NQqFffsittRmUMbGHz95/vVzw5V3BHqio1Cd6equmw/tz+eGUzwdNVAXT/sPlOeNS6VSqSvF0/h9dNvaVh02vC0t2n/yi+/9w/q3qHW0Vm+0AXelpa+jL/8XMoDVtQzfowHuUto/bFwLbv8r9RYcsGaatf8rEbfWoCjAKmvW/l9ag3IAq8/4HzYu7R82Lu0fNqQFvSS/hMD247O31OWVta9Mpq0DhZj7rwD0RFS3VL/gOPcJfypELE8J25a1pl0z7mmhaZrNsRx5RWHeNO2L+EMMqxso3BnFqAQ2RcQ8T2/tYbtSDVxe6YKVG8HHa/u/EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwO37OwAA//8GPdEz")
removexattr(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)=@known='system.posix_acl_access\x00')

648.138605ms ago: executing program 1 (id=807):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000005c0)={'ipvlan0\x00', &(0x7f00000004c0)=@ethtool_rxfh={0x1, 0x4, 0x7, 0x0, 0x7, "677c01", 0x80}})

552.923129ms ago: executing program 1 (id=808):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000006c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r0, 0x5452, &(0x7f0000005f80)={0x0, 0x0, {0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct}})

552.570182ms ago: executing program 3 (id=809):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
syz_mount_image$exfat(0x0, &(0x7f0000000040)='./bus\x00', 0x3a21820, 0x0, 0x0, 0x0, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$ext4(0x0, &(0x7f00000000c0)='./bus/file0\x00', 0x3188808, 0x0, 0x0, 0x0, &(0x7f0000000000))
rename(&(0x7f0000000000)='./bus/file0\x00', &(0x7f0000000080)='./file0\x00')

492.442227ms ago: executing program 1 (id=810):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000140)={@fallback=r0, 0x4, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

462.962541ms ago: executing program 1 (id=811):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_RESET_OWNER(r0, 0x8008af26, 0x0)

462.632933ms ago: executing program 0 (id=812):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r0 = gettid()
tkill(r0, 0x16)

372.860638ms ago: executing program 0 (id=813):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_LOOPBACK(r0, 0x65, 0x3, 0x0, 0x0)

372.479242ms ago: executing program 1 (id=814):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000180)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c696e6f646536342c00655d9e4bfc7653603c61402ea595826c43b900e2426c63ec8f2848ba9bf63fa83ccd1540b5629c7bd796df672ec26f60"], 0x1, 0x4421, &(0x7f0000004500)="$eJzs3c9PHGUfAPBnBt63UNsKtYeamLiJTTRqCPSk0kRKaSm0WFNtY7xsF9i26MI2sBgPPeCtiScTD8ZDo4k3Tg0Hr/VP8OKxnpvowYuJSSNmd2eBGXbDSliwzeeTlNl5fu9+d5595jB94kTl9txSbm4pV1jIlWduLp3OfVYuLc8XQ7xPDrp/2tOJOIn9wbly7sIH10+H8NPsL4/X19fXQ1V3aGpoy+s//7g7s/XYEGfqVNtt3tpe+TiEcGLbuKq6Qggf/RhCFEI4m6SNJsfeEMKxUM+7fvfLG7k9Gs2DR8Uz+SdT99aGT02u3l9r/d6jEL4tvfjmrfnfXuka/vX1PeoeAAAAAAAAAAAAAAAAAICn3PjVK9feHxwKD6PQvRptf153PDm2ej52fc+83Pk3CwAAAAAAAAAAAAAAAAAAAP9Rm8//56LjTZ7/H0uOIy3qr7/b+THSORPvXRk7PziU7P8ebct/K0n6/WxX6G+y73t2//ezmfrN93/f3s9uNcbX6LcvRPFA6jyOBwZC+D7Z+P1kdDgulZcqb9wsLy/M7tkwnlrp+Nd3709FJ9nQv934j2ba7/z+/y9s+zZVz2/s3VfsmZaOf1fLcj98EbUV/3OZevsRf3YvHf/uWlrv1gIj9QmgGv+vuneO/1im/U7F/1gIIRdVx5pLzQDVNUw1vdV6hbR0/P9XS0tNnckH2er6/ysT//OZ9g9q/l/J/hDRVDr+/6+l9aRKbF7//fHO1/+FTPsHEf/q+Ff8/rclHf9D9cTuVJHaJ9nu/D+eab9T8b8WJ+M8FqW+AatRPb3V/1dHWjr+PdvyN+//4rbWfxcz9ffr/q/Rb+P+rzH9vxbV7/9oLh3/3pbl2r3+JzL1Oj3/j9TWf+xWOv6Ha2nptXNf7W+78Z/MtN+p+NdWJT2N+G/OJ38fqqd/Z/3XlnT8n6snxltLrNT+1tZ/0c7r/0uZ9g9i/Vcd/0rc2V6fFen4H2lZrhr/n9v4/b+cqdf5+IcwaK2/a+n4H21Zrnb99+wc/6lMvU7H/9VONg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFBhNjn0higdS53E8MBDCueT8ZDgcTRdm89Ol8synSyGMJem5cDy6VSpPF0r5uYXybDFfKJXKMyGcT/JPhJ5oqVSu5OcLdy5stNUb3S4WFivTxUIlhDCepL8Ujjbamp6rzBfuhBAubuQ9H5cX79wuLORn5xbfGRwcHAwTG2Poj4qfV4oLlXrv9dwQJjfq9kVbBlfLvrQxliPRJ+XlxYVCqZZ+eUudUnmmUNpSZyrJ+zr0R5XF5YWZQqWYL5VvNfo7SCPJcWzi6odXLw9ty78R1Y+j+zssAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6lh8NvfxNC6K6fxSGEXJS8iJJ/KQ8eFc/kn0zdWxs+Nbl6f+1xszIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXfpHaSCI4gD8Ziy09BhWy25nu6KIFq4InkCP4WH0KF7CO1ikSJsiBJJZCPsHtkmq72sezI+Z92AeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyz2+de+vdROR4mp7GfH7+fd/nD+X+n03ff/iDDNyOk8v3f1D3ZR/T6P8thyt2rxPN+uvj5iovZ/Bngz36WDcZ2hu3+bm6/teR8pVRLQlv0k5V9WytwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//z8QH1I=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0xb9cbbe05c791f09e)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f00000005c0)='\"', 0x1, 0x4fed0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x11, r2, 0x0)
read(r2, &(0x7f0000001400)=""/4096, 0x1000)
r3 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x42, 0x0)
fallocate(r3, 0x0, 0x8004, 0x8000c62)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
sendfile(r0, r4, 0x0, 0xff7e82)

311.9646ms ago: executing program 0 (id=815):
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/clear_refs\x00', 0x1, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000980)=ANY=[@ANYRESOCT], 0x219)

311.777954ms ago: executing program 0 (id=816):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ncm(0x6, 0x6e, &(0x7f0000000540)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x11, 0x20, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xdf}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x0, 0x3, 0x5}, {0x6, 0x24, 0x1a, 0x401, 0x14}}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x6, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xf1, 0x2, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x20, 0x26, 0xd, 0x7}}}}}}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x40085507, 0x0)

182.904636ms ago: executing program 3 (id=817):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6gre0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="10031412e4ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)

212.659µs ago: executing program 3 (id=818):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000023c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

0s ago: executing program 3 (id=819):
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r0, 0x6, 0xd, 0x0, 0x0)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876)

kernel console output (not intermixed with test programs):

 0 descriptor??
[   94.660451][  T793] ath6kl: Failed to submit usb control message: -71
[   94.663228][  T793] ath6kl: unable to send the bmi data to the device: -71
[   94.668336][  T793] ath6kl: Unable to send get target info: -71
[   94.673335][  T793] ath6kl: Failed to init ath6kl core: -71
[   94.681903][  T793] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71
[   94.696692][  T793] usb 2-1: USB disconnect, device number 6
[   94.839418][ T6447] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   94.959616][ T5912] HID 045e:07da: Invalid code 65791 type 1
[   94.980877][ T5912] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0004/input/input8
[   95.046605][ T5912] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0
[   95.078795][   T33] audit: type=1326 audit(1755605674.519:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6785 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7ffc0000
[   95.087670][   T33] audit: type=1326 audit(1755605674.519:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6785 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7ffc0000
[   95.094339][   T33] audit: type=1326 audit(1755605674.529:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6785 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fbb2098ebe9 code=0x7ffc0000
[   95.101121][   T33] audit: type=1326 audit(1755605674.529:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6785 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7ffc0000
[   95.115427][   T33] audit: type=1326 audit(1755605674.529:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6785 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7ffc0000
[   95.164037][ T6765] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   95.168166][ T6765] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   95.185214][ T5912] usb 1-1: USB disconnect, device number 8
[   95.495435][ T6793] loop1: detected capacity change from 0 to 32768
[   95.777069][ T6806] loop3: detected capacity change from 0 to 32768
[   95.786763][ T6806] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.232 (6806)
[   95.806820][ T6811] loop1: detected capacity change from 0 to 4096
[   95.809145][ T6806] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   95.812510][ T6806] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[   95.831462][ T6806] BTRFS info (device loop3): using free-space-tree
[   95.916418][  T611] BTRFS warning (device loop3): checksum verify failed on logical 5341184 mirror 1 wanted 0x0a5a7a5ae10eed219743b156b36184dc5a58d72503dc57b157a62f9528df24e9 found 0xff549293dea1dbaf9b0a1f0ee28e0a88db67a3e97fd64b068aed23a93a8eb1b1 level 0
[   95.934719][ T6806] BTRFS error (device loop3): failed to load root free space
[   95.977900][ T6806] BTRFS error (device loop3): open_ctree failed: -5
[   96.237367][ T6846] mmap: syz.0.237 (6846) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   96.318190][ T6849] loop0: detected capacity change from 0 to 512
[   96.344894][ T6849] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.349937][ T6849] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   97.218244][  T793] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[   97.267690][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.388273][  T793] usb 2-1: unable to get BOS descriptor or descriptor too short
[   97.392210][  T793] usb 2-1: not running at top speed; connect to a high speed hub
[   97.397477][  T793] usb 2-1: config 1 has an invalid interface descriptor of length 5, skipping
[   97.401060][  T793] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   97.406865][ T6866] loop3: detected capacity change from 0 to 32768
[   97.410229][  T793] usb 2-1: config 1 has 3 interfaces, different from the descriptor's value: 19
[   97.413382][ T6866] (syz.3.244,6866,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   97.415920][  T793] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 59, changing to 4
[   97.419587][ T6866] (syz.3.244,6866,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   97.424065][  T793] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[   97.449062][ T6866] JBD2: Ignoring recovery information on journal
[   97.456255][  T793] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   97.459924][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   97.463191][  T793] usb 2-1: Product: syz
[   97.471053][  T793] usb 2-1: Manufacturer: syz
[   97.472964][  T793] usb 2-1: SerialNumber: syz
[   97.495227][ T6866] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   97.505343][ T6866] (syz.3.244,6866,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC.
[   97.581112][ T6866] (syz.3.244,6866,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xdf8356d3, computed 0xb8c23ae4. Applying ECC.
[   97.586626][ T6866] (syz.3.244,6866,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0xdf8356d3, computed 0x2acb7e3c
[   97.591697][ T6866] (syz.3.244,6866,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5
[   97.595448][ T6866] (syz.3.244,6866,1):ocfs2_quota_read:201 ERROR: status = -5
[   97.598627][ T6866] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota
[   97.602655][ T6866] (syz.3.244,6866,1):ocfs2_acquire_dquot:890 ERROR: status = -5
[   97.683958][ T6447] ocfs2: Unmounting device (7,3) on (node local)
[   97.727330][  T793] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[   97.786738][  T793] usb 2-1: USB disconnect, device number 7
[   97.837763][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   97.892628][   T33] audit: type=1326 audit(1755605677.329:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.248" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7ffc0000
[   97.907418][   T33] audit: type=1326 audit(1755605677.329:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.248" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7ffc0000
[   97.934666][   T33] audit: type=1326 audit(1755605677.329:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.248" exe="/syz-executor" sig=0 arch=c000003e syscall=282 compat=0 ip=0x7fbb2098ebe9 code=0x7ffc0000
[   97.951654][ T6882] netlink: 340 bytes leftover after parsing attributes in process `syz.0.250'.
[   97.960413][   T33] audit: type=1326 audit(1755605677.329:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.248" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7ffc0000
[   97.961650][ T6882] netlink: 48 bytes leftover after parsing attributes in process `syz.0.250'.
[   97.971889][   T33] audit: type=1326 audit(1755605677.329:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6879 comm="syz.3.248" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7ffc0000
[   98.045871][ T6888] loop3: detected capacity change from 0 to 256
[   98.079780][ T6888] FAT-fs (loop3): Directory bread(block 64) failed
[   98.082165][ T6888] FAT-fs (loop3): Directory bread(block 65) failed
[   98.085356][ T6888] FAT-fs (loop3): Directory bread(block 66) failed
[   98.087932][ T6888] FAT-fs (loop3): Directory bread(block 67) failed
[   98.090567][ T6888] FAT-fs (loop3): Directory bread(block 68) failed
[   98.093100][ T6888] FAT-fs (loop3): Directory bread(block 69) failed
[   98.097494][ T6888] FAT-fs (loop3): Directory bread(block 70) failed
[   98.100036][ T6888] FAT-fs (loop3): Directory bread(block 71) failed
[   98.102591][ T6888] FAT-fs (loop3): Directory bread(block 72) failed
[   98.105348][ T6888] FAT-fs (loop3): Directory bread(block 73) failed
[   98.593842][  T793] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   98.634892][ T6915] tmpfs: Bad value for 'mpol'
[   98.768307][  T793] usb 4-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55
[   98.771624][  T793] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.785310][  T793] usb 4-1: Product: syz
[   98.786941][  T793] usb 4-1: Manufacturer: syz
[   98.788648][  T793] usb 4-1: SerialNumber: syz
[   98.809109][  T793] usb 4-1: config 0 descriptor??
[   98.819955][  T793] gspca_main: sonixb-2.14.0 probing 0c45:60a8
[   98.847231][ T6924] IPVS: ovf: UDP 224.0.0.2:0 - no destination available
[   98.851160][ T5878] IPVS: starting estimator thread 0...
[   98.944745][ T6927] IPVS: using max 36 ests per chain, 86400 per kthread
[   99.121480][ T6938] loop1: detected capacity change from 0 to 512
[   99.127582][ T6938] EXT4-fs: Ignoring removed i_version option
[   99.152632][ T6938] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   99.195604][ T6938] EXT4-fs (loop1): 1 truncate cleaned up
[   99.220116][ T6938] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   99.221746][  T793] input: sonixb as /devices/platform/dummy_hcd.3/usb4/4-1/input/input9
[   99.313879][ T6938] EXT4-fs warning (device loop1): ext4_group_extend:1886: will only finish group (8193 blocks, 7937 new)
[   99.325773][ T6938] EXT4-fs warning (device loop1): ext4_group_extend:1891: can't read last block, resize aborted
[   99.386112][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.446548][ T5912] usb 4-1: USB disconnect, device number 4
[   99.461903][ T4829] Bluetooth: hci3: Frame reassembly failed (-84)
[   99.761381][ T1091] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  100.258044][ T6961] loop0: detected capacity change from 0 to 32768
[  100.264484][ T6961] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.275 (6961)
[  100.283714][ T6962] loop3: detected capacity change from 0 to 32768
[  100.286863][ T6962] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.276 (6962)
[  100.288465][ T6961] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  100.299863][ T6962] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  100.306282][ T6961] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  100.314147][ T6962] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  100.316075][ T6961] BTRFS info (device loop0): using free-space-tree
[  100.322976][ T6962] BTRFS info (device loop3): using free-space-tree
[  100.437973][ T6961] BTRFS info (device loop0): rebuilding free space tree
[  100.491278][   T33] audit: type=1800 audit(1755605679.929:35): pid=6962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.276" name="file1" dev="loop3" ino=260 res=0 errno=0
[  100.524899][   T33] audit: type=1800 audit(1755605679.969:36): pid=6962 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.276" name="file1" dev="loop3" ino=260 res=0 errno=0
[  100.632014][ T6447] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  100.635480][ T5843] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  101.527422][   T55] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  101.842254][ T7023] overlay: Unknown parameter '\'
[  102.138685][ T7027] loop0: detected capacity change from 0 to 32768
[  102.144330][ T7027] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.282 (7027)
[  102.159785][ T7027] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  102.164330][ T7027] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  102.168188][ T7027] BTRFS info (device loop0): using free-space-tree
[  102.221016][   T33] audit: type=1800 audit(1755605681.659:37): pid=7027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.282" name="file1" dev="loop0" ino=260 res=0 errno=0
[  102.324950][ T5843] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  102.330823][ T7057] loop1: detected capacity change from 0 to 4096
[  102.333672][ T5912] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  102.460703][   T26] ntfs3(loop1): ino=5, mi_enum_attr
[  102.503621][ T5912] usb 4-1: Using ep0 maxpacket: 32
[  102.508155][ T5912] usb 4-1: config 0 has an invalid interface number: 89 but max is 0
[  102.511152][ T5912] usb 4-1: config 0 has no interface number 0
[  102.513264][ T5912] usb 4-1: config 0 interface 89 has no altsetting 0
[  102.546125][ T5912] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e
[  102.548921][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.551330][ T5912] usb 4-1: Product: syz
[  102.552624][ T5912] usb 4-1: Manufacturer: syz
[  102.583891][ T5912] usb 4-1: SerialNumber: syz
[  102.595220][ T5912] usb 4-1: config 0 descriptor??
[  102.606209][ T5912] em28xx 4-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89)
[  102.610984][ T5912] em28xx 4-1:0.89: Video interface 89 found: bulk
[  102.739473][ T7071] loop1: detected capacity change from 0 to 2048
[  102.743319][ T7071] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  102.760879][ T7072] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  102.764669][ T7071] syz.1.289: attempt to access beyond end of device
[  102.764669][ T7071] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  102.807245][ T7071] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  102.819606][ T7071] Remounting filesystem read-only
[  102.822182][ T7071] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  102.830576][ T7071] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16)
[  102.836638][   T33] audit: type=1800 audit(1755605682.279:38): pid=7071 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.289" name="file3" dev="loop1" ino=16 res=0 errno=0
[  103.130558][ T7090] loop0: detected capacity change from 0 to 128
[  103.231137][ T5912] em28xx 4-1:0.89: unknown em28xx chip ID (0)
[  103.320138][ T7079] loop1: detected capacity change from 0 to 40427
[  103.335605][ T7079] F2FS-fs (loop1): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  103.345660][ T7079] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  103.360801][ T7079] F2FS-fs (loop1): Fix alignment : done, start(4096) end(16896) block(12288)
[  103.365749][ T7079] F2FS-fs (loop1): invalid crc value
[  103.471985][ T7079] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  103.659922][ T7079] F2FS-fs (loop1): Start checkpoint disabled!
[  103.723080][ T7079] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  103.740645][ T7079] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  104.357568][ T7111] loop1: detected capacity change from 0 to 40427
[  104.360280][ T7111] F2FS-fs: heap/no_heap options were deprecated
[  104.363193][ T7111] F2FS-fs (loop1): build fault injection rate: 19
[  104.365877][ T7111] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[  104.370487][ T7111] F2FS-fs (loop1): invalid crc value
[  104.378154][ T7111] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  104.417261][ T7111] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  104.419382][ T5912] em28xx 4-1:0.89: reading from i2c device at 0xa0 failed (error=-5)
[  104.423090][ T7111] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  104.429371][ T7111] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  104.435217][ T5912] em28xx 4-1:0.89: board has no eeprom
[  104.436744][ T7111] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  104.456039][ T5845] syz-executor: attempt to access beyond end of device
[  104.456039][ T5845] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  104.461415][ T5845] CPU: 1 UID: 0 PID: 5845 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  104.461429][ T5845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  104.461434][ T5845] Call Trace:
[  104.461439][ T5845]  <TASK>
[  104.461444][ T5845]  dump_stack_lvl+0x189/0x250
[  104.461463][ T5845]  ? __pfx_dump_stack_lvl+0x10/0x10
[  104.461473][ T5845]  ? __pfx_queue_work_on+0x10/0x10
[  104.461483][ T5845]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  104.461496][ T5845]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  104.461512][ T5845]  f2fs_handle_critical_error+0x37c/0x540
[  104.461530][ T5845]  f2fs_write_end_io+0x886/0xb60
[  104.461547][ T5845]  __submit_merged_bio+0x27a/0x6a0
[  104.461563][ T5845]  __submit_merged_write_cond+0x255/0x530
[  104.461578][ T5845]  f2fs_write_data_pages+0x261d/0x3000
[  104.461608][ T5845]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  104.461649][ T5845]  ? folios_put_refs+0x559/0x640
[  104.461664][ T5845]  ? __pfx_folios_put_refs+0x10/0x10
[  104.461672][ T5845]  ? rcu_is_watching+0x15/0xb0
[  104.461686][ T5845]  ? __lock_acquire+0xab9/0xd20
[  104.461708][ T5845]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  104.461720][ T5845]  do_writepages+0x32e/0x550
[  104.461738][ T5845]  ? do_raw_spin_unlock+0x4d/0x240
[  104.461750][ T5845]  filemap_fdatawrite+0x199/0x240
[  104.461762][ T5845]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  104.461797][ T5845]  ? do_raw_spin_unlock+0x4d/0x240
[  104.461814][ T5845]  f2fs_sync_dirty_inodes+0x31f/0x830
[  104.461831][ T5845]  f2fs_write_checkpoint+0x95a/0x1df0
[  104.461852][ T5845]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  104.461885][ T5845]  ? kill_f2fs_super+0x298/0x6c0
[  104.461896][ T5845]  kill_f2fs_super+0x2c3/0x6c0
[  104.461908][ T5845]  ? __pfx_kill_f2fs_super+0x10/0x10
[  104.461915][ T5845]  ? radix_tree_delete_item+0x2b6/0x400
[  104.461931][ T5845]  ? shrinker_free+0x2ce/0x3e0
[  104.461942][ T5845]  deactivate_locked_super+0xbc/0x130
[  104.461954][ T5845]  cleanup_mnt+0x425/0x4c0
[  104.461965][ T5845]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.461978][ T5845]  task_work_run+0x1d4/0x260
[  104.461991][ T5845]  ? __pfx_task_work_run+0x10/0x10
[  104.462002][ T5845]  ? __x64_sys_umount+0x122/0x160
[  104.462017][ T5845]  ? exit_to_user_mode_loop+0x40/0x110
[  104.462032][ T5845]  exit_to_user_mode_loop+0xec/0x110
[  104.462043][ T5845]  do_syscall_64+0x2bd/0x3b0
[  104.462054][ T5845]  ? lockdep_hardirqs_on+0x9c/0x150
[  104.462064][ T5845]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.462072][ T5845]  ? exc_page_fault+0x9f/0xf0
[  104.462084][ T5845]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  104.462092][ T5845] RIP: 0033:0x7f3af378ff17
[  104.462101][ T5845] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  104.462108][ T5845] RSP: 002b:00007ffc64e51058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  104.462118][ T5845] RAX: 0000000000000000 RBX: 00007f3af3811c05 RCX: 00007f3af378ff17
[  104.462124][ T5845] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc64e51110
[  104.462129][ T5845] RBP: 00007ffc64e51110 R08: 0000000000000000 R09: 0000000000000000
[  104.462134][ T5845] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc64e521a0
[  104.462139][ T5845] R13: 00007f3af3811c05 R14: 0000000000019793 R15: 00007ffc64e521e0
[  104.462154][ T5845]  </TASK>
[  104.462158][ T5845] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  104.514827][ T5912] em28xx 4-1:0.89: Identified as Terratec Grabby (card=67)
[  104.514859][ T5912] em28xx 4-1:0.89: analog set to bulk mode.
[  104.526093][  T793] em28xx 4-1:0.89: Registering V4L2 extension
[  104.580718][ T7123] loop0: detected capacity change from 0 to 64
[  104.640018][ T5912] usb 4-1: USB disconnect, device number 5
[  104.670930][ T5912] em28xx 4-1:0.89: Disconnecting em28xx
[  104.727900][  T793] em28xx 4-1:0.89: Config register raw data: 0xffffffed
[  104.730561][  T793] em28xx 4-1:0.89: AC97 chip type couldn't be determined
[  104.732748][  T793] em28xx 4-1:0.89: No AC97 audio processor
[  104.745588][  T793] usb 4-1: Decoder not found
[  104.747446][  T793] em28xx 4-1:0.89: failed to create media graph
[  104.752633][  T793] em28xx 4-1:0.89: V4L2 device video103 deregistered
[  104.786298][  T793] em28xx 4-1:0.89: Registering snapshot button...
[  104.807030][  T793] input: em28xx snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.89/input/input10
[  104.843905][  T793] em28xx 4-1:0.89: Remote control support is not available for this card.
[  104.848879][ T5912] em28xx 4-1:0.89: Closing input extension
[  104.852189][ T5912] em28xx 4-1:0.89: Deregistering snapshot button
[  104.896685][ T5912] em28xx 4-1:0.89: Freeing device
[  105.211696][ T7144] loop1: detected capacity change from 0 to 256
[  105.231761][ T7144] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  105.249358][ T7144] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  105.266686][ T7144] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  105.303815][   T33] audit: type=1800 audit(1755605684.739:39): pid=7144 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.311" name="file1" dev="loop1" ino=1048598 res=0 errno=0
[  105.444218][ T7155] input: syz1 as /devices/virtual/input/input11
[  105.496006][ T7145] loop0: detected capacity change from 0 to 32768
[  105.499348][ T7145] XFS: noikeep mount option is deprecated.
[  105.563977][ T7145] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  105.592419][ T7145] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  105.603237][ T7145] XFS (loop0): Starting recovery (logdev: internal)
[  105.854127][ T7145] XFS (loop0): Ending recovery (logdev: internal)
[  105.945666][ T5843] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  106.262548][ T7171] loop0: detected capacity change from 0 to 32768
[  106.268774][ T7171] 
[  106.268774][ T7171]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  106.268774][ T7171] 
[  106.288204][ T7171] ERROR: (device loop0): diWrite: ixpxd invalid
[  106.288204][ T7171] 
[  106.293899][ T7171] ERROR: (device loop0): txCommit: 
[  106.293899][ T7171] 
[  106.302609][ T7171] ERROR: (device loop0): diWrite: ixpxd invalid
[  106.302609][ T7171] 
[  106.361159][ T7171] ERROR: (device loop0): txCommit: 
[  106.361159][ T7171] 
[  106.369203][ T7171] 
[  106.369203][ T7171]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  106.369203][ T7171] 
[  106.378035][ T7171] 
[  106.378035][ T7171]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  106.378035][ T7171] 
[  106.384983][ T7171] ERROR: (device loop0): diWrite: ixpxd invalid
[  106.384983][ T7171] 
[  106.388482][ T7171] ERROR: (device loop0): txCommit: 
[  106.388482][ T7171] 
[  106.408882][ T5843] ERROR: (device loop0): diFree: wmap shows inode already free
[  106.408882][ T5843] 
[  106.427094][ T5843] 
[  106.427094][ T5843]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  106.427094][ T5843] 
[  106.433325][ T5843] 
[  106.433325][ T5843]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  106.433325][ T5843] 
[  106.495477][ T7175] loop3: detected capacity change from 0 to 4096
[  106.631929][ T7177] netlink: 'syz.1.324': attribute type 4 has an invalid length.
[  106.640323][ T7177] netlink: 'syz.1.324': attribute type 3 has an invalid length.
[  106.657563][ T7177] netlink: 132 bytes leftover after parsing attributes in process `syz.1.324'.
[  106.815396][ T7187] syz.3.328 uses obsolete (PF_INET,SOCK_PACKET)
[  106.988257][ T7185] loop0: detected capacity change from 0 to 40427
[  106.999425][ T7185] F2FS-fs (loop0): build fault injection rate: 771
[  107.008564][ T7185] F2FS-fs (loop0): invalid crc value
[  107.086473][ T7185] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  107.095422][ T7185] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  107.181739][ T7193] loop1: detected capacity change from 0 to 32768
[  107.186072][ T7193] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.331 (7193)
[  107.215393][ T7193] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  107.218821][ T7193] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  107.232951][ T7193] BTRFS info (device loop1): using free-space-tree
[  107.291618][ T7191] loop3: detected capacity change from 0 to 40427
[  107.305997][ T7191] F2FS-fs (loop3): build fault injection rate: 19
[  107.314371][ T7191] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  107.331376][ T7191] F2FS-fs (loop3): invalid crc value
[  107.359371][ T7191] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  107.435534][ T5845] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  107.491895][ T7191] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  107.527910][ T7191] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  107.539984][ T7217] loop0: detected capacity change from 0 to 512
[  107.551701][ T7191] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  107.584766][ T7217] EXT4-fs: Ignoring removed nomblk_io_submit option
[  107.592525][ T7217] EXT4-fs: old and new quota format mixing
[  107.639022][ T7191] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  107.672848][ T7191] F2FS-fs (loop3): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x249/0x1cf0
[  107.693684][ T7191] F2FS-fs (loop3): inconsistent node block, node_type:1, nid:10, node_footer[nid:10,ino:10,ofs:0,cpver:0,blkaddr:0]
[  107.809995][ T6447] syz-executor: attempt to access beyond end of device
[  107.809995][ T6447] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  107.818214][ T6447] CPU: 0 UID: 0 PID: 6447 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  107.818230][ T6447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  107.818236][ T6447] Call Trace:
[  107.818240][ T6447]  <TASK>
[  107.818245][ T6447]  dump_stack_lvl+0x189/0x250
[  107.818265][ T6447]  ? __pfx_dump_stack_lvl+0x10/0x10
[  107.818280][ T6447]  ? __pfx_queue_work_on+0x10/0x10
[  107.818292][ T6447]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  107.818310][ T6447]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  107.818330][ T6447]  f2fs_handle_critical_error+0x37c/0x540
[  107.818354][ T6447]  f2fs_write_end_io+0x886/0xb60
[  107.818380][ T6447]  __submit_merged_bio+0x27a/0x6a0
[  107.818397][ T6447]  __submit_merged_write_cond+0x255/0x530
[  107.818412][ T6447]  f2fs_write_data_pages+0x261d/0x3000
[  107.818423][ T6447]  ? __lock_acquire+0xab9/0xd20
[  107.818468][ T6447]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  107.818520][ T6447]  ? __mod_zone_page_state+0xd7/0x140
[  107.818539][ T6447]  ? folios_put_refs+0x560/0x640
[  107.818555][ T6447]  ? __pfx_folios_put_refs+0x10/0x10
[  107.818562][ T6447]  ? rcu_is_watching+0x15/0xb0
[  107.818577][ T6447]  ? __lock_acquire+0xab9/0xd20
[  107.818597][ T6447]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  107.818609][ T6447]  do_writepages+0x32e/0x550
[  107.818627][ T6447]  ? do_raw_spin_unlock+0x4d/0x240
[  107.818640][ T6447]  filemap_fdatawrite+0x199/0x240
[  107.818652][ T6447]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  107.818707][ T6447]  ? do_raw_spin_unlock+0x4d/0x240
[  107.818721][ T6447]  f2fs_sync_dirty_inodes+0x31f/0x830
[  107.818738][ T6447]  f2fs_write_checkpoint+0x95a/0x1df0
[  107.818760][ T6447]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  107.818793][ T6447]  ? kill_f2fs_super+0x298/0x6c0
[  107.818805][ T6447]  kill_f2fs_super+0x2c3/0x6c0
[  107.818816][ T6447]  ? __pfx_kill_f2fs_super+0x10/0x10
[  107.818823][ T6447]  ? radix_tree_delete_item+0x2b6/0x400
[  107.818839][ T6447]  ? shrinker_free+0x2ce/0x3e0
[  107.818851][ T6447]  deactivate_locked_super+0xbc/0x130
[  107.818864][ T6447]  cleanup_mnt+0x425/0x4c0
[  107.818875][ T6447]  ? lockdep_hardirqs_on+0x9c/0x150
[  107.818889][ T6447]  task_work_run+0x1d4/0x260
[  107.818903][ T6447]  ? __pfx_task_work_run+0x10/0x10
[  107.818912][ T6447]  ? __x64_sys_umount+0x122/0x160
[  107.818926][ T6447]  ? exit_to_user_mode_loop+0x40/0x110
[  107.818943][ T6447]  exit_to_user_mode_loop+0xec/0x110
[  107.818954][ T6447]  do_syscall_64+0x2bd/0x3b0
[  107.818966][ T6447]  ? lockdep_hardirqs_on+0x9c/0x150
[  107.818976][ T6447]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.818985][ T6447]  ? exc_page_fault+0x9f/0xf0
[  107.818997][ T6447]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  107.819005][ T6447] RIP: 0033:0x7fbb2098ff17
[  107.819016][ T6447] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  107.819024][ T6447] RSP: 002b:00007ffd57b53438 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  107.819035][ T6447] RAX: 0000000000000000 RBX: 00007fbb20a11c05 RCX: 00007fbb2098ff17
[  107.819041][ T6447] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd57b534f0
[  107.819047][ T6447] RBP: 00007ffd57b534f0 R08: 0000000000000000 R09: 0000000000000000
[  107.819052][ T6447] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd57b54580
[  107.819058][ T6447] R13: 00007fbb20a11c05 R14: 000000000001a3f9 R15: 00007ffd57b545c0
[  107.819073][ T6447]  </TASK>
[  107.820244][ T6447] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  108.177093][ T7231] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  108.293809][ T2260] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  108.359501][ T7239] netlink: 'syz.3.341': attribute type 10 has an invalid length.
[  108.363568][ T7239] veth0_macvtap: left promiscuous mode
[  108.381386][ T7239] batman_adv: batadv0: Adding interface: macvtap0
[  108.384342][ T7239] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.394884][ T7239] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active
[  108.447054][ T2260] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  108.451375][ T2260] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  108.535216][ T2260] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  108.542103][ T2260] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  108.550687][ T2260] usb 1-1: config 0 descriptor??
[  108.704597][ T7241] loop3: detected capacity change from 0 to 32768
[  108.731860][ T7241] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  108.775132][   T33] audit: type=1800 audit(1755605688.219:40): pid=7241 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.342" name="file1" dev="loop3" ino=17058 res=0 errno=0
[  108.822364][ T7243] loop1: detected capacity change from 0 to 32768
[  108.831955][ T7243] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.343 (7243)
[  108.843311][ T7243] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  108.846752][ T7243] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  108.849806][ T7243] BTRFS info (device loop1): using free-space-tree
[  108.998499][ T2260] kovaplus 0003:1E7D:2D50.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.0-1/input0
[  109.188210][ T5845] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  109.192657][ T5876] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  109.392765][ T7227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  109.404566][ T7227] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  109.426371][ T2260] kovaplus 0003:1E7D:2D50.0005: couldn't init struct kovaplus_device
[  109.442993][ T2260] kovaplus 0003:1E7D:2D50.0005: couldn't install mouse
[  109.457078][ T2260] kovaplus 0003:1E7D:2D50.0005: probe with driver kovaplus failed with error -71
[  109.461730][ T2260] usb 1-1: USB disconnect, device number 9
[  109.508367][ T6447] ocfs2: Unmounting device (7,3) on (node local)
[  109.657093][ T7270] loop1: detected capacity change from 0 to 1024
[  109.715959][ T7272] loop3: detected capacity change from 0 to 512
[  109.728529][   T40] hfsplus: b-tree write err: -5, ino 4
[  109.760647][ T7272] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  109.777450][ T7272] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  109.840715][ T7279] capability: warning: `syz.1.349' uses deprecated v2 capabilities in a way that may be insecure
[  109.881695][ T6447] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  110.030715][ T7286] loop3: detected capacity change from 0 to 4096
[  110.043553][ T7286] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  110.071445][ T7286] ntfs3(loop3): ino=4, mi_enum_attr
[  110.085572][ T7286] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  110.092873][ T7286] ntfs3(loop3): Failed to load $AttrDef (-22)
[  110.352734][ T7301] ptrace attach of "/syz-executor exec"[6447] was attempted by "ߖ鷴)Qo  \x0dvҢ9T{-92\x0ap_3j nޭOa)bkߟ.\x0aK~򜛱تKOkF^3B3){\x5crHBd,X\x09\x0b3c\x22&W\x22\x1bTL'\x09!_Nhٹ=n>a (G6茷A+&ϋЈUߍa{@{\x0b[ɸYacAzÂGl:d<]u~v!9,?Ŵ>\x22ar\x1blKڬY*VS8ȁ6]kK.=`#\x07x!gMDR*OLK\x0c}oKbA>{@aMdnQj̖5)];r,L\x0c=\x0dWAE n`>Ɵs-3`yfeH^/$L1&NP\x0d1D<\x07cPd(EdtaE!ҭ \x09@ݞHG~H<D$\x0crX`-ͪ/IFEtI;{*W\x0c\x0a:ÈV'\x0c8sejke~ɫRLB*\x0b-r@\x07VMšv%OymWGܕ|ʤ=tU?hK0uӣٜ0G 'b,\x22ߊ;2Ո'G/޳7Wd\x5c!w%xg\x22x[4!NlQ(\x0a@[+ ؐǬ[[zN sB&X>%3{- ^Qǚ4e3\x0b>sF̗H]+\x0
[  110.815633][ T7290] loop1: detected capacity change from 0 to 32768
[  111.159563][ T7303] loop0: detected capacity change from 0 to 8192
[  111.612229][ T7309] loop1: detected capacity change from 0 to 32768
[  111.626058][ T7309] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.358 (7309)
[  111.810996][ T7319] loop0: detected capacity change from 0 to 32768
[  111.849656][ T7319] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  111.880080][ T7319] XFS (loop0): Ending clean mount
[  111.886118][ T7319] XFS (loop0): Quotacheck needed: Please wait.
[  111.919140][ T7319] XFS (loop0): Quotacheck: Done.
[  111.953045][ T5843] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  112.513360][ T7311] loop3: detected capacity change from 0 to 262144
[  112.520868][ T7311] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.363 (7311)
[  112.527643][ T7309] BTRFS info (device loop1): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  112.530785][ T7311] BTRFS info (device loop3): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  112.530896][ T7309] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  112.535262][ T7311] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  112.535302][ T7311] BTRFS info (device loop3): using free-space-tree
[  112.561575][ T7309] BTRFS info (device loop1): using free-space-tree
[  113.140295][ T6447] BTRFS info (device loop3): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  113.197159][ T5845] BTRFS info (device loop1): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  113.613663][ T5899] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  113.617758][ T7372] loop1: detected capacity change from 0 to 40427
[  113.621402][ T7372] F2FS-fs (loop1): build fault injection rate: 7
[  113.623368][ T7372] F2FS-fs (loop1): build fault injection type: 0x7698c
[  113.632768][ T7372] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  113.637650][ T7372] F2FS-fs (loop1): invalid crc value
[  113.640984][ T7372] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1cb/0x970
[  113.647597][ T7372] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  113.651872][ T7372] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1cb/0x970
[  113.659293][ T7372] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x18f/0xaa0
[  113.663207][ T7372] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1cb/0x970
[  113.681517][ T7372] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x18f/0xaa0
[  113.695517][ T7372] CPU: 1 UID: 0 PID: 7372 Comm: syz.1.370 Not tainted syzkaller #0 PREEMPT(full) 
[  113.695542][ T7372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  113.695584][ T7372] Call Trace:
[  113.695590][ T7372]  <TASK>
[  113.695599][ T7372]  dump_stack_lvl+0x189/0x250
[  113.695629][ T7372]  ? __pfx_dump_stack_lvl+0x10/0x10
[  113.695649][ T7372]  ? __pfx_queue_work_on+0x10/0x10
[  113.695665][ T7372]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  113.695685][ T7372]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  113.695711][ T7372]  f2fs_handle_critical_error+0x37c/0x540
[  113.695741][ T7372]  f2fs_get_meta_folio_retry+0x84/0xa0
[  113.695766][ T7372]  f2fs_build_free_nids+0x896/0x11c0
[  113.695809][ T7372]  ? __pfx_f2fs_build_free_nids+0x10/0x10
[  113.695827][ T7372]  ? f2fs_build_node_manager+0x1bc7/0x2db0
[  113.695842][ T7372]  ? f2fs_fill_super+0x4462/0x6ff0
[  113.695857][ T7372]  f2fs_fill_super+0x4462/0x6ff0
[  113.695889][ T7372]  get_tree_bdev_flags+0x40e/0x4d0
[  113.695910][ T7372]  ? __pfx_f2fs_fill_super+0x10/0x10
[  113.695920][ T7372]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  113.695938][ T7372]  vfs_get_tree+0x92/0x2b0
[  113.695952][ T7372]  do_new_mount+0x2a2/0x9e0
[  113.695969][ T7372]  ? ns_capable+0x8a/0xf0
[  113.695978][ T7372]  ? __pfx_do_new_mount+0x10/0x10
[  113.695989][ T7372]  ? path_mount+0x61c/0xfe0
[  113.696000][ T7372]  ? user_path_at+0x44/0x60
[  113.696015][ T7372]  __se_sys_mount+0x317/0x410
[  113.696030][ T7372]  ? __pfx___se_sys_mount+0x10/0x10
[  113.696045][ T7372]  ? do_syscall_64+0xbe/0x3b0
[  113.696057][ T7372]  ? __x64_sys_mount+0x20/0xc0
[  113.696069][ T7372]  do_syscall_64+0xfa/0x3b0
[  113.696080][ T7372]  ? lockdep_hardirqs_on+0x9c/0x150
[  113.696091][ T7372]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.696101][ T7372]  ? exc_page_fault+0x9f/0xf0
[  113.696118][ T7372]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.696131][ T7372] RIP: 0033:0x7f3af379038a
[  113.696146][ T7372] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.696161][ T7372] RSP: 002b:00007f3af4621e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  113.696179][ T7372] RAX: ffffffffffffffda RBX: 00007f3af4621ef0 RCX: 00007f3af379038a
[  113.696194][ T7372] RDX: 0000200000000000 RSI: 0000200000000040 RDI: 00007f3af4621eb0
[  113.696200][ T7372] RBP: 0000200000000000 R08: 00007f3af4621ef0 R09: 0000000000000008
[  113.696207][ T7372] R10: 0000000000000008 R11: 0000000000000246 R12: 0000200000000040
[  113.696213][ T7372] R13: 00007f3af4621eb0 R14: 0000000000005530 R15: 0000200000000100
[  113.696229][ T7372]  </TASK>
[  113.696236][ T7372] F2FS-fs (loop1): Stopped filesystem due to reason: 2
[  113.801746][ T7372] F2FS-fs (loop1): NAT is corrupt, run fsck to fix it
[  113.807318][ T7372] F2FS-fs (loop1): Failed to initialize F2FS node manager (-117)
[  113.813789][ T5899] usb 4-1: Using ep0 maxpacket: 8
[  113.817368][ T5899] usb 4-1: unable to get BOS descriptor or descriptor too short
[  113.820652][ T5899] usb 4-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  113.824106][ T5899] usb 4-1: config 8 interface 0 altsetting 7 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  113.834155][ T5899] usb 4-1: config 8 interface 0 altsetting 7 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  113.837622][ T5899] usb 4-1: config 8 interface 0 altsetting 7 endpoint 0x8F has invalid wMaxPacketSize 0
[  113.853754][ T5899] usb 4-1: config 8 interface 0 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  113.863013][ T5899] usb 4-1: config 8 interface 0 has no altsetting 0
[  113.868175][ T5899] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5
[  113.871216][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=66, SerialNumber=3
[  113.879434][ T5899] usb 4-1: Product: syz
[  113.880761][ T5899] usb 4-1: Manufacturer: syz
[  113.882171][ T5899] usb 4-1: SerialNumber: syz
[  114.107243][ T5899] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  114.123999][ T5899] usb 4-1: selecting invalid altsetting 0
[  114.277921][ T5899] snd-usb-audio 4-1:8.0: probe with driver snd-usb-audio failed with error -12
[  114.281812][ T7390] sp0: Synchronizing with TNC
[  114.293848][ T5899] usb 4-1: USB disconnect, device number 6
[  114.360254][ T5856] udevd[5856]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:8.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  114.585031][  T793] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  114.653728][ T5912] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  114.736401][  T793] usb 1-1: Using ep0 maxpacket: 16
[  114.742754][  T793] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  114.749154][  T793] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  114.753373][  T793] usb 1-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  114.759408][  T793] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  114.766204][  T793] usb 1-1: config 0 descriptor??
[  114.826042][ T5912] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  114.831370][ T5912] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  114.847634][ T5912] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  114.850785][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  114.862275][ T5912] usb 2-1: Product: syz
[  114.865016][ T5912] usb 2-1: Manufacturer: syz
[  114.866659][ T5912] usb 2-1: SerialNumber: syz
[  114.953567][ T7412] netlink: 'syz.3.387': attribute type 13 has an invalid length.
[  114.956245][ T7412] netlink: 'syz.3.387': attribute type 17 has an invalid length.
[  114.962544][ T7412] gretap0: refused to change device tx_queue_len
[  114.966962][ T7412] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  115.067497][ T7416] loop3: detected capacity change from 0 to 4096
[  115.081336][ T7416] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  115.083260][ T5912] usb 2-1: 0:2 : does not exist
[  115.095172][ T5912] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  115.098532][ T5984] udevd[5984]: incorrect nilfs2 checksum on /dev/loop3
[  115.103661][ T7416] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096)
[  115.118354][ T7417] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  115.126113][ T5912] usb 2-1: USB disconnect, device number 8
[  115.158411][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  115.179488][  T793] hid-multitouch 0003:1FD2:6007.0006: item fetching failed at offset 2/5
[  115.206796][  T793] hid-multitouch 0003:1FD2:6007.0006: probe with driver hid-multitouch failed with error -22
[  115.390758][ T5912] usb 1-1: USB disconnect, device number 10
[  115.513724][ T5899] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  115.664817][ T5899] usb 4-1: Using ep0 maxpacket: 8
[  115.668108][ T5899] usb 4-1: config 0 has an invalid interface number: 148 but max is 0
[  115.670822][ T5899] usb 4-1: config 0 has no interface number 0
[  115.677081][ T5899] usb 4-1: New USB device found, idVendor=0d46, idProduct=2012, bcdDevice=4d.36
[  115.679894][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.683719][ T5899] usb 4-1: Product: syz
[  115.685090][ T5899] usb 4-1: Manufacturer: syz
[  115.686542][ T5899] usb 4-1: SerialNumber: syz
[  115.697852][ T5899] usb 4-1: config 0 descriptor??
[  115.701283][ T5899] kobil_sct 4-1:0.148: KOBIL USB smart card terminal converter detected
[  115.709034][ T5899] usb 4-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[  115.923078][ T5899] usb 4-1: USB disconnect, device number 7
[  115.938476][ T5899] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[  115.946875][ T5899] kobil_sct 4-1:0.148: device disconnected
[  116.317496][ T7437] loop1: detected capacity change from 0 to 32768
[  116.349790][ T7439] loop0: detected capacity change from 0 to 32768
[  116.356743][ T7439] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.399 (7439)
[  116.369706][ T7439] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  116.374854][ T7439] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  116.403631][ T7439] BTRFS info (device loop0): using free-space-tree
[  116.511984][ T7437] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  116.512004][ T7437]   allowing incompatible features above 0.0: (unknown version)
[  116.512010][ T7437]   features: lz4
[  116.542928][ T7462] loop3: detected capacity change from 0 to 512
[  116.570470][ T7437] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  116.594493][ T7437] bcachefs (loop1): initializing new filesystem
[  116.606717][ T7462] EXT4-fs (loop3): filesystem is read-only
[  116.625781][ T7462] EXT4-fs (loop3): filesystem is read-only
[  116.628282][ T7462] EXT4-fs (loop3): orphan cleanup on readonly fs
[  116.630941][ T7462] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.400: bad orphan inode 16
[  116.655351][ T7437] bcachefs (loop1): going read-write
[  116.673004][ T7462] ext4_test_bit(bit=15, block=3) = 0
[  116.677658][ T7462] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  116.678606][ T5843] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  116.712971][ T7437] bcachefs (loop1): marking superblocks
[  116.785467][ T6447] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.835962][ T7437] bcachefs (loop1): initializing freespace
[  116.851024][ T7437] bcachefs (loop1): done initializing freespace
[  116.868512][ T7437] bcachefs (loop1): reading snapshots table
[  116.883755][ T7437] bcachefs (loop1): reading snapshots done
[  116.940151][ T7471] loop3: detected capacity change from 0 to 512
[  116.946703][ T7437] bcachefs (loop1): done starting filesystem
[  117.008437][ T7471] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.013282][ T7471] ext4 filesystem being mounted at /77/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  117.067380][ T6447] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.110817][   T33] audit: type=1800 audit(1755605696.549:41): pid=7437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.398" name="file2" dev="loop1" ino=4098 res=0 errno=0
[  117.245427][ T5912] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  117.323340][ T5845] bcachefs (loop1): shutting down
[  117.327565][ T5845] bcachefs (loop1): going read-only
[  117.329522][ T5845] bcachefs (loop1): finished waiting for writes to stop
[  117.339002][ T5845] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2
[  117.365708][ T5845] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[  117.370315][ T5845] bcachefs (loop1): clean shutdown complete, journal seq 4
[  117.374877][ T5845] bcachefs (loop1): marking filesystem clean
[  117.394907][ T5845] bcachefs (loop1): shutdown complete
[  117.414129][ T5912] usb 1-1: Using ep0 maxpacket: 8
[  117.417674][ T5912] usb 1-1: config 0 has an invalid interface number: 128 but max is 0
[  117.420893][ T5912] usb 1-1: config 0 has no interface number 0
[  117.423387][ T5912] usb 1-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b
[  117.433354][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.442166][ T5912] usb 1-1: config 0 descriptor??
[  117.543956][  T793] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  117.649711][ T5912] usb 1-1: USB disconnect, device number 11
[  117.705181][  T793] usb 4-1: too many configurations: 9, using maximum allowed: 8
[  117.710874][  T793] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.716297][  T793] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  117.720832][  T793] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.725305][  T793] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.728811][  T793] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  117.733237][  T793] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.739055][  T793] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.742803][  T793] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  117.747508][  T793] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.751580][  T793] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.758040][  T793] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  117.762050][  T793] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.766144][  T793] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.768984][  T793] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  117.772289][  T793] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.777253][  T793] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.780066][  T793] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  117.784585][  T793] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.787824][  T793] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.790619][  T793] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  117.797425][  T793] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.800471][  T793] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9
[  117.803826][  T793] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  117.807303][  T793] usb 4-1: config 0 interface 0 has no altsetting 0
[  117.811376][  T793] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  117.814697][  T793] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  117.817329][  T793] usb 4-1: Product: syz
[  117.818595][  T793] usb 4-1: Manufacturer: syz
[  117.820154][  T793] usb 4-1: SerialNumber: syz
[  117.823287][  T793] usb 4-1: config 0 descriptor??
[  117.835930][  T793] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0
[  118.089425][    C0] usb 4-1: yurex_control_callback - control failed: -71
[  118.090488][ T5913] usb 4-1: USB disconnect, device number 8
[  118.106498][ T5913] yurex 4-1:0.0: USB YUREX #0 now disconnected
[  119.169198][ T7510] loop3: detected capacity change from 0 to 512
[  119.192084][ T7510] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  119.197201][ T7510] ext4 filesystem being mounted at /86/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  119.275690][ T7510] EXT4-fs error (device loop3): ext4_empty_dir:3084: inode #12: comm syz.3.415: Directory hole found for htree leaf block 0
[  119.285998][ T7510] EXT4-fs (loop3): Remounting filesystem read-only
[  119.323902][ T6447] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.327541][ T4829] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  119.330819][ T4829] Quota error (device loop3): write_blk: dquota write failed
[  119.333717][  T793] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  119.339363][ T4829] Quota error (device loop3): free_dqentry: Can't write quota data block 5
[  119.342847][ T4829] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  119.348733][ T4829] Quota error (device loop3): write_blk: dquota write failed
[  119.351210][ T4829] Quota error (device loop3): free_dqentry: Can't write quota data block 5
[  119.388807][ T7519] loop1: detected capacity change from 0 to 1024
[  119.488103][  T793] usb 1-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98
[  119.494110][  T793] usb 1-1: New USB device strings: Mfr=0, Product=64, SerialNumber=0
[  119.501236][  T793] usb 1-1: Product: syz
[  119.505948][  T793] usb 1-1: config 0 descriptor??
[  119.511953][  T793] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected
[  119.529144][  T793] ftdi_sio ttyUSB0: unknown device type: 0xc698
[  119.723683][  T793] usb 1-1: USB disconnect, device number 12
[  119.729826][  T793] ftdi_sio 1-1:0.0: device disconnected
[  119.775292][ T5899] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  119.925719][ T5899] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 65, using maximum allowed: 30
[  119.930075][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  119.935315][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.938938][ T5899] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 65
[  119.943160][ T5899] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.00
[  119.947308][ T5899] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.952890][ T5899] usb 2-1: config 0 descriptor??
[  119.966417][ T5913] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  120.113641][ T5913] usb 4-1: Using ep0 maxpacket: 16
[  120.120745][ T5913] usb 4-1: New USB device found, idVendor=5fc9, idProduct=0063, bcdDevice=93.52
[  120.124919][ T5913] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  120.128349][ T5913] usb 4-1: Product: syz
[  120.130081][ T5913] usb 4-1: Manufacturer: syz
[  120.132067][ T5913] usb 4-1: SerialNumber: syz
[  120.136768][ T5913] usb 4-1: config 0 descriptor??
[  120.282604][ T7532] loop0: detected capacity change from 0 to 512
[  120.324835][ T7532] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.329855][ T7532] ext4 filesystem being mounted at /152/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  120.353019][ T5913] usb 4-1: USB disconnect, device number 9
[  120.386079][ T5899] cmedia_hs100b 0003:0D8C:0014.0007: item fetching failed at offset 5/7
[  120.390105][ T5899] cmedia_hs100b 0003:0D8C:0014.0007: probe with driver cmedia_hs100b failed with error -22
[  120.399903][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.575621][ T5913] usb 2-1: USB disconnect, device number 9
[  120.620610][ T7545] loop0: detected capacity change from 0 to 512
[  120.626813][ T7545] EXT4-fs: Ignoring removed mblk_io_submit option
[  120.628756][ T7545] EXT4-fs: inline encryption not supported
[  120.630604][ T7545] EXT4-fs: Ignoring removed mblk_io_submit option
[  120.637703][ T7545] EXT4-fs (loop0): Test dummy encryption mode enabled
[  120.639831][ T7545] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  120.645024][ T7545] EXT4-fs (loop0): 1 truncate cleaned up
[  120.648090][ T7545] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  120.685272][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.170812][ T7553] loop3: detected capacity change from 0 to 128
[  121.201575][ T7553] FAT-fs (loop3): FAT read failed (blocknr 33568)
[  121.899847][ T7547] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  122.160866][ T7565] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  122.169373][ T7565] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  122.199127][ T7565] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  122.214579][ T7565] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  122.217549][ T7565] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  122.241720][ T7565] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  122.275422][ T7565] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  122.283615][ T7565] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  122.307603][ T7565] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  122.908922][ T7576] loop1: detected capacity change from 0 to 256
[  122.929101][ T7576] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d)
[  123.103849][ T7580] 9pnet_fd: Insufficient options for proto=fd
[  123.114094][ T7580] lo speed is unknown, defaulting to 1000
[  123.116451][ T7580] lo speed is unknown, defaulting to 1000
[  123.133418][ T7580] lo speed is unknown, defaulting to 1000
[  123.156687][ T7580] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  123.195427][ T7580] infiniband 3yz0: RDMA CMA: cma_listen_on_dev, error -98
[  123.274747][ T7580] lo speed is unknown, defaulting to 1000
[  123.278104][ T7580] lo speed is unknown, defaulting to 1000
[  123.280804][ T7580] lo speed is unknown, defaulting to 1000
[  123.323308][ T7583] atomic_op ffff888106f18998 conn xmit_atomic 0000000000000000
[  123.430534][ T7572] loop0: detected capacity change from 0 to 32768
[  123.785323][ T7592] netlink: 'syz.3.448': attribute type 1 has an invalid length.
[  123.788138][ T7592] netlink: 'syz.3.448': attribute type 1 has an invalid length.
[  123.790880][ T7592] netlink: 'syz.3.448': attribute type 1 has an invalid length.
[  123.796780][ T7592] block nbd0: shutting down sockets
[  123.813332][ T7594] bond0: (slave bond_slave_1): Releasing backup interface
[  123.893564][  T793] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  123.948853][ T7598] affs: No valid root block on device nullb0
[  124.040247][ T7601] netlink: 8 bytes leftover after parsing attributes in process `syz.0.452'.
[  124.057499][  T793] usb 2-1: Using ep0 maxpacket: 8
[  124.069236][  T793] usb 2-1: unable to get BOS descriptor or descriptor too short
[  124.079528][  T793] usb 2-1: config 7 has an invalid interface number: 67 but max is 0
[  124.082231][  T793] usb 2-1: config 7 has no interface number 0
[  124.097817][  T793] usb 2-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16
[  124.100746][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.103716][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  124.107603][  T793] usb 2-1: Product: syz
[  124.109324][  T793] usb 2-1: Manufacturer: syz
[  124.118000][  T793] usb 2-1: SerialNumber: syz
[  124.257698][ T7603] Bluetooth: MGMT ver 1.23
[  124.263845][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  124.343808][   T55] Bluetooth: hci2: command 0x0405 tx timeout
[  124.455266][ T7589] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  124.457663][ T7589] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  124.477062][ T7589] vhci_hcd vhci_hcd.0: Device attached
[  124.501605][ T7604] vhci_hcd: connection closed
[  124.512819][   T12] vhci_hcd: stop threads
[  124.521909][  T793] usb 2-1: USB disconnect, device number 10
[  124.527480][   T12] vhci_hcd: release socket
[  124.540715][   T12] vhci_hcd: disconnect device
[  125.827763][ T7641] netlink: 8 bytes leftover after parsing attributes in process `syz.3.469'.
[  126.116091][ T7649] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  126.193598][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  126.345653][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  126.433540][   T55] Bluetooth: hci2: command 0x0405 tx timeout
[  126.969412][ T7677] loop0: detected capacity change from 0 to 512
[  126.983894][ T7677] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  126.987296][ T7677] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842c01c, mo2=0002]
[  126.989773][ T7677] System zones: 1-12
[  126.991197][ T7677] EXT4-fs (loop0): Can't support bigalloc feature without extents feature
[  126.991197][ T7677] 
[  126.995758][ T7677] EXT4-fs (loop0): Skipping orphan cleanup due to unknown ROCOMPAT features
[  126.999796][ T7677] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  127.143783][ T5912] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  127.313676][ T5912] usb 2-1: Using ep0 maxpacket: 8
[  127.328701][ T5912] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  127.331366][ T5912] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  127.337160][ T5912] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  127.341231][ T5912] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  127.349128][ T5912] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  127.353290][ T5912] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  127.360546][ T5912] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  127.367780][ T5912] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.402611][ T5912] usbtmc 2-1:16.0: probe with driver usbtmc failed with error -22
[  127.563284][ T7681] loop3: detected capacity change from 0 to 2048
[  127.660246][ T5848] Alternate GPT is invalid, using primary GPT.
[  127.662915][  T792] usb 2-1: USB disconnect, device number 11
[  127.663813][ T5848]  loop3: p2 p3 p7
[  127.789622][ T7681] Alternate GPT is invalid, using primary GPT.
[  127.792752][ T7681]  loop3: p2 p3 p7
[  127.992406][ T5848] udevd[5848]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  127.993916][ T6048] udevd[6048]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[  128.008494][ T5984] udevd[5984]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  128.106147][ T5848] udevd[5848]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  128.107195][ T5984] udevd[5984]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  128.116569][ T6048] udevd[6048]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[  128.214321][ T5848] udevd[5848]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory
[  128.216074][ T5984] udevd[5984]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  128.236368][ T6048] udevd[6048]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory
[  128.263987][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  128.318479][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.425009][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  128.503712][   T55] Bluetooth: hci2: command 0x0405 tx timeout
[  128.520758][ T7687] loop1: detected capacity change from 0 to 32768
[  128.533399][ T7687] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  128.566845][ T7687] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  128.610023][ T5845] ocfs2: Unmounting device (7,1) on (node local)
[  128.681102][ T7693] loop0: detected capacity change from 0 to 32768
[  128.684266][ T7693] XFS: ikeep mount option is deprecated.
[  128.714254][ T7693] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  128.720232][ T7693] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  128.756803][ T7693] XFS (loop0): Internal error !uuid_equal(&mp->m_sb.sb_uuid, &head->h_fs_uuid) at line 254 of file fs/xfs/xfs_log_recover.c.  Caller xlog_header_check_mount+0x93/0xe0
[  128.762492][ T7693] CPU: 0 UID: 0 PID: 7693 Comm: syz.0.489 Not tainted syzkaller #0 PREEMPT(full) 
[  128.762517][ T7693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  128.762528][ T7693] Call Trace:
[  128.762535][ T7693]  <TASK>
[  128.762552][ T7693]  dump_stack_lvl+0x189/0x250
[  128.762581][ T7693]  ? __pfx_dump_stack_lvl+0x10/0x10
[  128.762603][ T7693]  ? __phys_addr+0xd3/0x180
[  128.762626][ T7693]  ? __kasan_kmalloc_large+0x85/0xa0
[  128.762649][ T7693]  ? is_vmalloc_addr+0x52/0xb0
[  128.762671][ T7693]  xfs_corruption_error+0x122/0x170
[  128.762691][ T7693]  ? xlog_header_check_mount+0x93/0xe0
[  128.762713][ T7693]  xlog_header_check_mount+0xc6/0xe0
[  128.762738][ T7693]  ? xlog_header_check_mount+0x93/0xe0
[  128.762760][ T7693]  xlog_find_verify_log_record+0x32e/0x500
[  128.762787][ T7693]  xlog_find_zeroed+0x327/0x410
[  128.762803][ T7693]  xlog_find_head+0x5f/0x700
[  128.762813][ T7693]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.762829][ T7693]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  128.762845][ T7693]  xlog_find_tail+0x3d/0x840
[  128.762859][ T7693]  ? try_to_wake_up+0x7f5/0x12b0
[  128.762874][ T7693]  xlog_recover+0x4b/0x3e0
[  128.762887][ T7693]  xfs_log_mount+0x253/0x3e0
[  128.762904][ T7693]  xfs_mountfs+0xe5e/0x2330
[  128.762926][ T7693]  ? __pfx_xfs_mountfs+0x10/0x10
[  128.762946][ T7693]  ? xfs_setup_dax_always+0x20f/0x290
[  128.762957][ T7693]  xfs_fs_fill_super+0x11b3/0x1600
[  128.762970][ T7693]  get_tree_bdev_flags+0x40e/0x4d0
[  128.762985][ T7693]  ? __pfx_xfs_fs_fill_super+0x10/0x10
[  128.762994][ T7693]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  128.763011][ T7693]  vfs_get_tree+0x92/0x2b0
[  128.763024][ T7693]  do_new_mount+0x2a2/0x9e0
[  128.763038][ T7693]  ? ns_capable+0x8a/0xf0
[  128.763046][ T7693]  ? __pfx_do_new_mount+0x10/0x10
[  128.763058][ T7693]  ? path_mount+0x61c/0xfe0
[  128.763068][ T7693]  ? user_path_at+0x44/0x60
[  128.763085][ T7693]  __se_sys_mount+0x317/0x410
[  128.763113][ T7693]  ? __pfx___se_sys_mount+0x10/0x10
[  128.763138][ T7693]  ? do_syscall_64+0xbe/0x3b0
[  128.763159][ T7693]  ? __x64_sys_mount+0x20/0xc0
[  128.763182][ T7693]  do_syscall_64+0xfa/0x3b0
[  128.763233][ T7693]  ? lockdep_hardirqs_on+0x9c/0x150
[  128.763256][ T7693]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.763272][ T7693]  ? exc_page_fault+0x9f/0xf0
[  128.763295][ T7693]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  128.763309][ T7693] RIP: 0033:0x7f7ae1d9038a
[  128.763320][ T7693] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  128.763333][ T7693] RSP: 002b:00007f7adfff5e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  128.763353][ T7693] RAX: ffffffffffffffda RBX: 00007f7adfff5ef0 RCX: 00007f7ae1d9038a
[  128.763366][ T7693] RDX: 0000200000000500 RSI: 0000200000000040 RDI: 00007f7adfff5eb0
[  128.763399][ T7693] RBP: 0000200000000500 R08: 00007f7adfff5ef0 R09: 000000000300c880
[  128.763412][ T7693] R10: 000000000300c880 R11: 0000000000000246 R12: 0000200000000040
[  128.763423][ T7693] R13: 00007f7adfff5eb0 R14: 000000000000970d R15: 0000200000000080
[  128.763448][ T7693]  </TASK>
[  128.763457][ T7693] XFS (loop0): Corruption detected. Unmount and run xfs_repair
[  128.877165][ T7693] XFS (loop0): log has mismatched uuid - can't recover
[  128.880017][ T7693] XFS (loop0): empty log check failed
[  128.882036][ T7693] XFS (loop0): log mount/recovery failed: error -117
[  128.925460][ T7693] XFS (loop0): log mount failed
[  128.983421][ T7691] loop3: detected capacity change from 0 to 32768
[  129.001834][ T7691] jfs_mount: Mount Failure: File System Dirty.
[  129.026414][ T7691] Mount JFS Failure: -22
[  129.174299][   T33] audit: type=1326 audit(1755605708.609:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7704 comm="syz.1.490" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3af378ebe9 code=0x0
[  129.535541][ T7715] vxlan0: entered promiscuous mode
[  129.537630][ T7715] vxlan0: entered allmulticast mode
[  129.541536][ T5876] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  129.550015][ T5876] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  129.554881][ T5876] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  129.560236][   T12] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  129.603603][    T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  129.788145][    T9] usb 4-1: Using ep0 maxpacket: 16
[  129.797368][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  129.814136][    T9] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  129.817694][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  129.831536][    T9] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  129.835991][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  129.855821][    T9] usb 4-1: config 0 descriptor??
[  130.082966][ T7713] loop3: detected capacity change from 0 to 512
[  130.293439][   T55] Bluetooth: hci0: unexpected event for opcode 0x1005
[  130.319489][    T9] hid (null): unknown global tag 0xd
[  130.321266][    T9] hid (null): invalid report_count 33026
[  130.322913][    T9] hid (null): unknown global tag 0xe
[  130.343077][    T9] hid (null): global environment stack underflow
[  130.346589][    T9] hid (null): invalid report_size 30046
[  130.348634][    T9] hid (null): unknown global tag 0xe
[  130.350359][    T9] hid (null): unknown global tag 0xe
[  130.353127][    T9] hid (null): global environment stack underflow
[  130.362740][    T9] hid (null): unknown global tag 0xc
[  130.364617][    T9] hid (null): unknown global tag 0xe
[  130.367557][    T9] hid (null): unknown global tag 0x7a
[  130.370133][    T9] hid (null): invalid report_count 1147629863
[  130.436506][ T5899] hid-generic 0000:0000:0000.0009: unknown main item tag 0x0
[  130.449496][ T5899] hid-generic 0000:0000:0000.0009: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  130.531942][ T5899] usb 4-1: USB disconnect, device number 10
[  130.544532][  T792] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  130.686008][ T1091] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  130.705655][  T792] usb 2-1: Using ep0 maxpacket: 32
[  130.714457][  T792] usb 2-1: unable to get BOS descriptor or descriptor too short
[  130.726078][  T792] usb 2-1: config 1 interface 0 has no altsetting 0
[  130.730659][  T792] usb 2-1: string descriptor 0 read error: -22
[  130.732868][  T792] usb 2-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.40
[  130.744317][  T792] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.964248][  T792] usbhid 2-1:1.0: can't add hid device: -71
[  130.966571][  T792] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  130.971593][  T792] usb 2-1: USB disconnect, device number 12
[  131.003644][    T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  131.165964][    T9] usb 1-1: unable to get BOS descriptor or descriptor too short
[  131.175829][    T9] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  131.179203][    T9] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  131.184112][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  131.190872][    T9] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  131.194799][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.199139][    T9] usb 1-1: Product: syz
[  131.200843][    T9] usb 1-1: Manufacturer: syz
[  131.202582][    T9] usb 1-1: SerialNumber: syz
[  131.421020][    T9] usb 1-1: 0:2 : does not exist
[  131.442429][    T9] usb 1-1: USB disconnect, device number 13
[  131.521708][ T5848] udevd[5848]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  131.671616][  T793] IPVS: starting estimator thread 0...
[  131.774175][ T7751] IPVS: using max 61 ests per chain, 146400 per kthread
[  132.459636][ T7770] overlayfs: lowerdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  132.510486][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.512914][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  132.565099][ T7765] loop0: detected capacity change from 0 to 32768
[  132.572170][ T7765] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.515 (7765)
[  132.587798][ T7765] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  132.591098][ T7765] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  132.597116][ T7765] BTRFS info (device loop0): disk space caching is enabled
[  132.599995][ T7765] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  132.821513][ T7765] BTRFS info (device loop0): rebuilding free space tree
[  132.859652][ T7765] BTRFS info (device loop0): disabling free space tree
[  132.862099][ T7765] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  132.877231][ T7765] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  132.900593][ T7795] sctp: [Deprecated]: syz.1.521 (pid 7795) Use of struct sctp_assoc_value in delayed_ack socket option.
[  132.900593][ T7795] Use struct sctp_sack_info instead
[  132.956612][ T5843] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  133.298548][ T7792] loop3: detected capacity change from 0 to 32768
[  133.334160][ T7792] XFS: ikeep mount option is deprecated.
[  133.338855][ T7792] XFS: ikeep mount option is deprecated.
[  133.344120][ T7792] XFS: noikeep mount option is deprecated.
[  133.406211][ T7792] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  133.411016][ T7812] ieee802154 phy0 wpan0: encryption failed: -22
[  133.466978][ T7792] XFS (loop3): Ending clean mount
[  133.482108][ T7801] loop1: detected capacity change from 0 to 32768
[  133.498887][ T7801] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  133.536591][ T7801] XFS (loop1): Ending clean mount
[  133.580162][ T5845] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  133.594720][ T6447] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  133.653253][ T7827] loop0: detected capacity change from 0 to 2048
[  133.772125][ T7829] loop3: detected capacity change from 0 to 256
[  133.789313][ T7829] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  133.793338][ T7829] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  133.838630][ T7829] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  133.928898][ T7829] exFAT-fs (loop3): error, invalid access to FAT (entry 0xffffffff)
[  133.947516][ T7829] exFAT-fs (loop3): Filesystem has been set read-only
[  133.954965][ T7829] exFAT-fs (loop3): error, invalid access to FAT (entry 0xffffffff)
[  133.958321][ T7829] exFAT-fs (loop3): error, invalid access to FAT (entry 0xffffffff)
[  134.432355][ T7835] loop0: detected capacity change from 0 to 32768
[  134.440329][ T7835] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section downgrade: downgrade entry with mismatched major version (0 != 1)
[  134.440329][ T7835] downgrade (size 2912):
[  134.440329][ T7835] version:	0.0: (unknown version)
[  134.440329][ T7835] recovery passes:	
[  134.440329][ T7835] errors:	sb_clean_missing
[  134.440329][ T7835] version:	0.0: (unknown version)
[  134.440329][ T7835] recovery passes:	snapshots_read
[  134.440329][ T7835] errors:	
[  134.440329][ T7835] version:	0.0: (unknown version)
[  134.440329][ T7835] recovery passes:	set_fs_needs_rebalance
[  134.440329][ T7835] errors:	
[  134.440329][ T7835] version:	0.0: (unknown version)
[  134.440329][ T7835] recovery passes:	alloc_read,check_inodes,delete_dead_inodes,set_fs_needs_rebalance
[  134.440329][ T7835] errors:	(unknown error 512)
[  134.440329][ T7835] version:	0.5: (unknown version)
[  134.440329][ T7835] recovery passes:	
[  134.440329][ T7835] errors:	
[  134.440329][ T7835] version:	0.0: (unknown version)
[  134.440329][ T7835] recovery passes:	
[  134.440329][ T7835] errors:	
[  134.440329][ T7835] version:	0.0: (unknown version)
[  134.440329][ T7835] recovery passes:	fs_freespace_init,bucket_gens_init,check_inodes,delete_dead_inodes
[  134.440329][ T7835] errors:	
[  134.440329][ T7835] version:	0.0: (unknown version)
[  134.440329][ T7835] recovery passes:	
[  134.440329][ T7835] errors:	
[  134.440329][ T7835] version:	0.6: (unknown version)
[  134.440329][ T7835] recovery passes:	check_subvols
[  134.440329][ T7835] errors:	
[  134.440329][ T7835] version:	0.33: (unknown version)
[  134.440329][ T7835] recovery passes:	check_snapshots
[  134.440329][ T7835] errors:	
[  134.440329][ T7835] version:	0.0: (unknown version)
[  134.496994][ T7835] bcachefs: bch2_fs_get_tree() error: invalid_sb_downgrade
[  134.644278][  T793] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  134.793633][  T793] usb 4-1: Using ep0 maxpacket: 32
[  134.798324][  T793] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  134.802588][  T793] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  134.807176][  T793] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  134.814434][  T793] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.822162][  T793] usb 4-1: config 0 descriptor??
[  134.953599][    T9] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  134.960280][ T7854] loop1: detected capacity change from 0 to 128
[  134.973394][ T7854] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  134.979361][ T7854] ext4 filesystem being mounted at /163/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  135.103655][    T9] usb 1-1: Using ep0 maxpacket: 32
[  135.110369][    T9] usb 1-1: config 0 has no interfaces?
[  135.116204][    T9] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  135.119861][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  135.123164][    T9] usb 1-1: Product: syz
[  135.127285][    T9] usb 1-1: Manufacturer: syz
[  135.128925][    T9] usb 1-1: SerialNumber: syz
[  135.134811][    T9] usb 1-1: config 0 descriptor??
[  135.466763][ T5899] usb 1-1: USB disconnect, device number 14
[  135.512108][  T793] savu 0003:1E7D:2D5A.000A: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  135.597820][  T792] usb 4-1: USB disconnect, device number 11
[  135.875315][ T5845] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  136.103367][ T7868] loop0: detected capacity change from 0 to 764
[  136.562373][ T7879] binder: 7878:7879 ioctl c00c620f 200000000040 returned -22
[  136.682158][ T7884] loop1: detected capacity change from 0 to 256
[  136.728856][ T7884] FAT-fs (loop1): Directory bread(block 64) failed
[  136.731409][ T7884] FAT-fs (loop1): Directory bread(block 65) failed
[  136.734802][ T7884] FAT-fs (loop1): Directory bread(block 66) failed
[  136.737412][ T7884] FAT-fs (loop1): Directory bread(block 67) failed
[  136.739673][ T7884] FAT-fs (loop1): Directory bread(block 68) failed
[  136.741987][ T7884] FAT-fs (loop1): Directory bread(block 69) failed
[  136.759541][ T7884] FAT-fs (loop1): Directory bread(block 70) failed
[  136.763222][ T7888] netlink: 424 bytes leftover after parsing attributes in process `syz.0.555'.
[  136.764011][ T7884] FAT-fs (loop1): Directory bread(block 71) failed
[  136.768418][ T7884] FAT-fs (loop1): Directory bread(block 72) failed
[  136.770948][ T7884] FAT-fs (loop1): Directory bread(block 73) failed
[  136.776537][ T7888] netlink: 'syz.0.555': attribute type 1 has an invalid length.
[  136.889434][ T7894] loop0: detected capacity change from 0 to 1764
[  137.137950][ T7897] bond0: entered promiscuous mode
[  137.140496][ T7897] bond_slave_0: entered promiscuous mode
[  137.166298][ T7897] bond_slave_1: entered promiscuous mode
[  137.459565][ T7905] loop3: detected capacity change from 0 to 4096
[  138.517029][ T7918] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  138.725805][ T7919] loop1: detected capacity change from 0 to 32768
[  138.729233][ T7919] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.565 (7919)
[  138.741352][ T7919] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  138.746415][ T7919] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  138.749363][ T7919] BTRFS info (device loop1): using free-space-tree
[  138.812824][ T7933] loop3: detected capacity change from 0 to 4096
[  138.865074][ T7946] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  138.894541][ T5913] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  138.925014][ T5845] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  139.073229][ T5913] usb 1-1: Using ep0 maxpacket: 16
[  139.105531][ T5913] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.114393][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  139.133601][ T5913] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  139.137065][ T5913] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  139.140110][ T5913] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  139.164639][ T5913] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  139.167624][ T5913] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  139.170333][ T5913] usb 1-1: Manufacturer: syz
[  139.203460][ T5913] usb 1-1: config 0 descriptor??
[  139.424382][ T7924] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  139.427623][ T7924] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  139.440785][ T7951] loop3: detected capacity change from 0 to 32768
[  139.512471][ T7951] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  139.553937][ T5913] rc_core: IR keymap rc-hauppauge not found
[  139.556282][ T5913] Registered IR keymap rc-empty
[  139.558280][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.566773][ T6447] ocfs2: Unmounting device (7,3) on (node local)
[  139.579986][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.604695][ T5913] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  139.610946][ T5913] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input12
[  139.629539][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.653683][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.673831][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.693678][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.713755][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.718650][ T7967] netlink: 'syz.3.578': attribute type 4 has an invalid length.
[  139.721812][ T7967] netlink: 152 bytes leftover after parsing attributes in process `syz.3.578'.
[  139.737128][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.740768][ T7967] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  139.753917][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.764298][    T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  139.773845][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.794538][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.816962][ T5913] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[  139.840547][ T5913] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  139.847486][ T5913] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  139.905730][ T5912] usb 1-1: USB disconnect, device number 15
[  139.913604][    T9] usb 2-1: Using ep0 maxpacket: 16
[  139.919058][    T9] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  139.925465][    T9] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  139.929878][    T9] usb 2-1: Product: syz
[  139.931533][    T9] usb 2-1: Manufacturer: syz
[  139.933321][    T9] usb 2-1: SerialNumber: syz
[  139.940870][    T9] usb 2-1: config 0 descriptor??
[  140.166475][    T9] usb 2-1: USB disconnect, device number 13
[  140.762577][ T7973] loop1: detected capacity change from 0 to 1024
[  140.818960][ T7973] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  140.910805][ T7973] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[  141.031916][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.199472][ T7979] loop3: detected capacity change from 0 to 32768
[  141.218645][ T7979] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.582 (7979)
[  141.319606][ T7971] loop0: detected capacity change from 0 to 131072
[  141.324018][ T7971] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[  141.327194][ T7971] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  141.335336][ T7971] F2FS-fs (loop0): invalid crc value
[  141.363635][ T7979] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  141.367137][ T7979] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  141.385754][ T7979] BTRFS info (device loop3): using free-space-tree
[  141.400402][ T7971] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  141.410771][ T7971] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  141.413688][ T7971] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  141.455153][ T7971] F2FS-fs (loop0): checksum invalid, nid = 7, ino_of_node = 7, a6222242 vs. c01be80e
[  141.470384][ T7971] F2FS-fs (loop0): checksum invalid, nid = 7, ino_of_node = 7, a6222242 vs. c01be80e
[  141.536143][ T6447] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  141.884760][ T5899] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  141.998094][ T8007] loop3: detected capacity change from 0 to 32768
[  142.044373][ T5899] usb 2-1: Using ep0 maxpacket: 32
[  142.054881][ T5899] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  142.058201][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.066538][ T5899] usb 2-1: Product: syz
[  142.068181][ T5899] usb 2-1: Manufacturer: syz
[  142.070723][ T5899] usb 2-1: SerialNumber: syz
[  142.078049][ T5899] usb 2-1: config 0 descriptor??
[  142.106192][ T5899] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  142.264287][ T8019] netlink: 28 bytes leftover after parsing attributes in process `syz.0.592'.
[  142.503852][ T2260] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  142.603935][ T8027] loop0: detected capacity change from 0 to 32768
[  142.607033][ T8027] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.596 (8027)
[  142.617303][ T8027] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  142.623651][ T8027] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  142.628372][ T8027] BTRFS info (device loop0): using free-space-tree
[  142.683664][ T2260] usb 4-1: Using ep0 maxpacket: 32
[  142.690127][ T2260] usb 4-1: config 15 has an invalid interface number: 2 but max is 0
[  142.697794][ T2260] usb 4-1: config 15 has no interface number 0
[  142.708045][ T2260] usb 4-1: config 15 interface 2 has no altsetting 0
[  142.725619][ T2260] usb 4-1: New USB device found, idVendor=1b3b, idProduct=2951, bcdDevice=83.e9
[  142.733814][ T2260] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.737010][ T2260] usb 4-1: Product: syz
[  142.738700][ T2260] usb 4-1: Manufacturer: syz
[  142.740698][ T2260] usb 4-1: SerialNumber: syz
[  142.752164][ T5843] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  143.065028][ T2260] uvcvideo 4-1:15.2: probe with driver uvcvideo failed with error -22
[  143.077450][ T8047] loop0: detected capacity change from 0 to 32768
[  143.083724][ T2260] usb 4-1: USB disconnect, device number 12
[  143.084613][ T8047] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.598 (8047)
[  143.119545][ T8047] BTRFS info (device loop0): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  143.123056][ T8047] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  143.126516][ T8047] BTRFS info (device loop0): using free-space-tree
[  143.315729][ T5899] gspca_ov534_9: reg_w failed -71
[  143.332003][ T5843] BTRFS info (device loop0): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  143.595836][ T8072] loop3: detected capacity change from 0 to 1024
[  143.633376][   T26] hfsplus: b-tree write err: -5, ino 4
[  143.654466][ T5899] gspca_ov534_9: Unknown sensor 0000
[  143.655582][ T5899] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22
[  143.676051][ T5899] usb 2-1: USB disconnect, device number 14
[  143.741997][ T8078] loop3: detected capacity change from 0 to 512
[  143.754282][ T8078] EXT4-fs: Ignoring removed nomblk_io_submit option
[  143.758714][ T8078] EXT4-fs: inline encryption not supported
[  143.761984][ T8078] EXT4-fs (loop3): can't mount with both data=journal and delalloc
[  143.955402][ T8075] loop0: detected capacity change from 0 to 32768
[  143.965757][ T8075] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.604 (8075)
[  144.009949][ T8075] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  144.020198][ T8075] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  144.028926][ T8075] BTRFS info (device loop0): using free-space-tree
[  144.366026][ T5843] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  144.762597][ T8086] loop3: detected capacity change from 0 to 32768
[  144.919431][ T8086] JBD2: Ignoring recovery information on journal
[  145.061517][ T8086] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  145.157114][ T6447] ocfs2: Unmounting device (7,3) on (node local)
[  146.340415][ T8127] lo speed is unknown, defaulting to 1000
[  146.463663][ T5912] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  146.618362][ T5912] usb 4-1: config 0 has no interfaces?
[  146.636154][ T5912] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  146.639073][ T5912] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.641870][ T5912] usb 4-1: Product: syz
[  146.643399][ T5912] usb 4-1: Manufacturer: syz
[  146.647076][ T5912] usb 4-1: SerialNumber: syz
[  146.661422][ T5912] usb 4-1: config 0 descriptor??
[  146.933713][ T5912] usb 4-1: USB disconnect, device number 13
[  147.254003][    T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  147.415432][    T9] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  147.419076][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.426027][    T9] usb 1-1: config 0 descriptor??
[  147.440772][    T9] cp210x 1-1:0.0: cp210x converter detected
[  147.560402][ T8151] loop1: detected capacity change from 0 to 32768
[  147.573596][ T8151] (syz.1.629,8151,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  147.584858][ T8151] (syz.1.629,8151,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  147.617101][ T8151] JBD2: Ignoring recovery information on journal
[  147.661415][ T8151] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  147.761642][ T5845] ocfs2: Unmounting device (7,1) on (node local)
[  147.806634][ T8153] loop3: detected capacity change from 0 to 32768
[  147.843888][ T8153] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  147.847913][    T9] cp210x 1-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  147.869686][ T8153] XFS (loop3): Ending clean mount
[  147.872441][    T9] usb 1-1: cp210x converter now attached to ttyUSB0
[  147.906013][ T8153] XFS (loop3): User initiated shutdown received.
[  147.908797][ T8153] XFS (loop3): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:476).  Shutting down filesystem.
[  147.914324][ T8153] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  147.928886][ T6447] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  148.055187][ T2260] usb 1-1: USB disconnect, device number 16
[  148.061912][ T2260] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  148.085529][ T2260] cp210x 1-1:0.0: device disconnected
[  148.757789][ T8177] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  150.092670][ T8192] loop1: detected capacity change from 0 to 32768
[  150.097633][ T8192] Mount JFS Failure: -5
[  150.303641][    T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  150.463719][    T9] usb 4-1: Using ep0 maxpacket: 8
[  150.470118][    T9] usb 4-1: config 0 has an invalid interface number: 175 but max is 0
[  150.474138][    T9] usb 4-1: config 0 has no interface number 0
[  150.480327][    T9] usb 4-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=bc.ed
[  150.486584][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.489959][    T9] usb 4-1: Product: syz
[  150.491787][    T9] usb 4-1: Manufacturer: syz
[  150.494478][    T9] usb 4-1: SerialNumber: syz
[  150.499274][    T9] usb 4-1: config 0 descriptor??
[  150.558219][ T8212] netlink: 'syz.1.650': attribute type 10 has an invalid length.
[  150.562519][ T8212] netlink: 'syz.1.650': attribute type 10 has an invalid length.
[  150.567277][ T8212] bond0: left promiscuous mode
[  150.569407][ T8212] bond_slave_0: left promiscuous mode
[  150.571843][ T8212] bond_slave_1: left promiscuous mode
[  150.577895][ T8212] 8021q: adding VLAN 0 to HW filter on device bond0
[  150.585465][ T8212] team0: Port device bond0 added
[  150.654998][ T8214] loop1: detected capacity change from 0 to 512
[  150.730250][    T9] usbserial_generic 4-1:0.175: The "generic" usb-serial driver is only for testing and one-off prototypes.
[  150.734951][    T9] usbserial_generic 4-1:0.175: Tell linux-usb@vger.kernel.org to add your device to a proper driver.
[  150.743247][    T9] usbserial_generic 4-1:0.175: device has no bulk endpoints
[  150.762030][    T9] usb 4-1: USB disconnect, device number 14
[  151.085293][ T8221] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  151.901826][ T8242] tmpfs: Bad value for 'mpol'
[  151.950622][ T8244] loop1: detected capacity change from 0 to 47
[  152.054190][ T8246] loop3: detected capacity change from 0 to 1764
[  152.392540][ T8256] loop3: detected capacity change from 0 to 4096
[  152.404896][ T8256] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  152.552509][ T8256] ntfs3(loop3): ino=1a, mi_enum_attr
[  152.556537][ T8256] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[  152.586181][ T8256] ntfs3(loop3): ino=1e, "file1" ntfs3_write_inode failed, -22.
[  152.597860][ T5913] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  152.763678][ T5913] usb 2-1: Using ep0 maxpacket: 32
[  152.771663][ T5913] usb 2-1: config 0 has an invalid interface number: 23 but max is 0
[  152.780239][ T5913] usb 2-1: config 0 has no interface number 0
[  152.782747][ T5913] usb 2-1: config 0 interface 23 has no altsetting 0
[  152.796818][ T5913] usb 2-1: New USB device found, idVendor=0557, idProduct=2002, bcdDevice=b6.ad
[  152.805367][ T5913] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.806430][ T8238] loop0: detected capacity change from 0 to 262144
[  152.808491][ T5913] usb 2-1: Product: syz
[  152.811582][ T8238] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.660 (8238)
[  152.830291][ T5913] usb 2-1: Manufacturer: syz
[  152.832220][ T5913] usb 2-1: SerialNumber: syz
[  152.836981][ T8238] BTRFS info (device loop0): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  152.839598][ T5913] usb 2-1: config 0 descriptor??
[  152.840330][ T8238] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  152.846388][ T8238] BTRFS info (device loop0): using free-space-tree
[  152.966088][ T8271] misc userio: No port type given on /dev/userio
[  153.072718][ T1091] BTRFS warning (device loop0): checksum verify failed on logical 22036480 mirror 1 wanted 0x23e101be1e001a29 found 0x09049c5cc74d15fb level 0
[  153.087739][ T5913] kaweth 2-1:0.23: Firmware present in device.
[  153.094365][ T8238] BTRFS info (device loop0): read error corrected: ino 0 off 22036480 (dev /dev/loop0 sector 43040)
[  153.098828][ T8238] BTRFS info (device loop0): read error corrected: ino 0 off 22040576 (dev /dev/loop0 sector 43048)
[  153.104291][ T8238] BTRFS info (device loop0): read error corrected: ino 0 off 22044672 (dev /dev/loop0 sector 43056)
[  153.108715][ T8238] BTRFS info (device loop0): read error corrected: ino 0 off 22048768 (dev /dev/loop0 sector 43064)
[  153.277369][ T5913] kaweth 2-1:0.23: Statistics collection: 0
[  153.279475][ T5913] kaweth 2-1:0.23: Multicast filter limit: 0
[  153.281480][ T5913] kaweth 2-1:0.23: MTU: 0
[  153.282643][ T5843] BTRFS info (device loop0): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  153.282971][ T5913] kaweth 2-1:0.23: Read MAC address 00:00:00:00:00:00
[  153.892320][ T5913] kaweth 2-1:0.23: Error setting receive filter
[  153.905433][ T5913] kaweth 2-1:0.23: probe with driver kaweth failed with error -5
[  153.930809][ T5913] usb 2-1: USB disconnect, device number 15
[  154.215108][ T8281] loop3: detected capacity change from 0 to 512
[  154.218290][ T8281] EXT4-fs: Ignoring removed mblk_io_submit option
[  154.238774][ T8281] EXT4-fs: Ignoring removed mblk_io_submit option
[  154.241406][ T8281] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  154.268533][ T8281] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  154.275437][ T8281] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.674: corrupted in-inode xattr: e_value size too large
[  154.277206][ T8285] netlink: 'syz.0.673': attribute type 3 has an invalid length.
[  154.281110][ T8281] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.674: couldn't read orphan inode 15 (err -117)
[  154.291300][ T8281] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  154.311302][ T8281] EXT4-fs (loop3): shut down requested (1)
[  154.327607][ T6447] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.614412][ T5912] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  154.738462][   T33] audit: type=1326 audit(1755605734.179:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.3.682" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7fc00000
[  154.753026][   T33] audit: type=1326 audit(1755605734.179:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.3.682" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7fc00000
[  154.766147][   T33] audit: type=1326 audit(1755605734.189:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.3.682" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7fc00000
[  154.783651][   T33] audit: type=1326 audit(1755605734.189:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.3.682" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7fc00000
[  154.791809][   T33] audit: type=1326 audit(1755605734.189:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.3.682" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbb2098ebe9 code=0x7fc00000
[  154.802292][ T5912] usb 1-1: config 0 has an invalid descriptor of length 160, skipping remainder of the config
[  154.807890][ T5912] usb 1-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  154.810869][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.813382][ T5912] usb 1-1: Product: syz
[  154.814825][ T5912] usb 1-1: Manufacturer: syz
[  154.816396][ T5912] usb 1-1: SerialNumber: syz
[  154.821362][ T5912] usb 1-1: config 0 descriptor??
[  154.828169][ T5912] ims_pcu 1-1:0.0: Missing CDC union descriptor
[  154.830517][ T5912] ims_pcu 1-1:0.0: probe with driver ims_pcu failed with error -22
[  154.863672][  T792] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  155.013568][  T792] usb 2-1: Using ep0 maxpacket: 32
[  155.017984][  T792] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  155.020868][  T792] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 183, using maximum allowed: 30
[  155.026982][ T5878] usb 1-1: USB disconnect, device number 17
[  155.035764][  T792] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 183
[  155.040518][  T792] usb 2-1: config 0 interface 0 has no altsetting 1
[  155.047937][  T792] usb 2-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00
[  155.050675][  T792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  155.054171][  T792] usb 2-1: SerialNumber: syz
[  155.057770][  T792] usb 2-1: config 0 descriptor??
[  155.060795][  T792] usb-storage 2-1:0.0: USB Mass Storage device detected
[  155.079146][  T792] usb-storage 2-1:0.0: Quirks match for vid 152d pid 0539: 4000000
[  155.266774][  T792] usb 2-1: USB disconnect, device number 16
[  155.412284][   T33] audit: type=1326 audit(1755605734.849:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.3.682" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbb2092add9 code=0x7fc00000
[  155.420038][   T33] audit: type=1326 audit(1755605734.849:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.3.682" exe="/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7fbb2092ae9f code=0x7fc00000
[  155.427310][   T33] audit: type=1326 audit(1755605734.849:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8300 comm="syz.3.682" exe="/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fbb2098ebe9 code=0x7fc00000
[  155.517936][ T8313] loop3: detected capacity change from 0 to 2048
[  155.536163][ T8314] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  155.601754][ T8314] NILFS (loop3): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  155.606952][ T8314] NILFS error (device loop3): nilfs_bmap_propagate: broken bmap (inode number=4)
[  155.612446][ T8314] Remounting filesystem read-only
[  155.618530][ T6447] NILFS (loop3): disposed unprocessed dirty file(s) when stopping log writer
[  155.874705][ T8331] netlink: 8 bytes leftover after parsing attributes in process `syz.1.694'.
[  155.883789][ T8331] netlink: 8 bytes leftover after parsing attributes in process `syz.1.694'.
[  156.037275][ T8339] program syz.1.697 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  156.098474][ T8342] loop1: detected capacity change from 0 to 256
[  156.145701][ T8340] netlink: 28 bytes leftover after parsing attributes in process `syz.0.695'.
[  156.171690][ T8342] syz.1.698: attempt to access beyond end of device
[  156.171690][ T8342] loop1: rw=2049, sector=256, nr_sectors = 100 limit=256
[  156.205248][ T8344] netlink: 28 bytes leftover after parsing attributes in process `syz.0.695'.
[  156.242286][ T8348] loop6: detected capacity change from 0 to 63
[  156.310565][ T5984] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.320818][ T5984] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.338390][ T5984] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.610326][ T5984] Buffer I/O error on dev loop6, logical block 0, async page read
[  156.618257][ T5984] Buffer I/O error on dev loop6, logical block 0, async page read
[  157.245687][   T33] audit: type=1400 audit(1755605736.689:51): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=":(%#{//(@\)//&@},['%%&\#*" pid=8363 comm="syz.3.707"
[  157.340042][ T8367] sctp: [Deprecated]: syz.3.708 (pid 8367) Use of struct sctp_assoc_value in delayed_ack socket option.
[  157.340042][ T8367] Use struct sctp_sack_info instead
[  157.385052][ T5878] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  157.543768][ T5878] usb 2-1: Using ep0 maxpacket: 32
[  157.558275][ T5878] usb 2-1: config 0 interface 0 has no altsetting 0
[  157.570936][ T5878] usb 2-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  157.576871][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.579680][ T5878] usb 2-1: Product: syz
[  157.581293][ T5878] usb 2-1: Manufacturer: syz
[  157.582935][ T5878] usb 2-1: SerialNumber: syz
[  157.597113][ T5878] usb 2-1: config 0 descriptor??
[  158.038585][ T5878] gs_usb 2-1:0.0: Configuring for 1 interfaces
[  158.329411][ T8369] loop3: detected capacity change from 0 to 32768
[  158.441670][ T5878] gs_usb 2-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  158.447707][ T5878] gs_usb 2-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  158.451913][ T5878] gs_usb 2-1:0.0: probe with driver gs_usb failed with error -22
[  158.457317][ T5878] usb 2-1: USB disconnect, device number 17
[  159.273613][ T5899] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  159.397223][ T8393] loop3: detected capacity change from 0 to 2048
[  159.405279][ T8393] udf: Unknown parameter 'GzubAZWσ'
[  159.473678][ T5912] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  159.531153][ T5899] usb 2-1: Using ep0 maxpacket: 32
[  159.540087][ T5899] usb 2-1: config 0 has an invalid interface number: 196 but max is 0
[  159.542672][ T5899] usb 2-1: config 0 has no interface number 0
[  159.545380][ T5899] usb 2-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528
[  159.548539][ T5899] usb 2-1: config 0 interface 196 has no altsetting 0
[  159.552718][ T5899] usb 2-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  159.556317][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.558867][ T5899] usb 2-1: Product: syz
[  159.560149][ T5899] usb 2-1: Manufacturer: syz
[  159.561967][ T5899] usb 2-1: SerialNumber: syz
[  159.564974][ T5899] usb 2-1: config 0 descriptor??
[  159.567474][ T8377] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  159.653843][ T5912] usb 1-1: Using ep0 maxpacket: 16
[  159.709523][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  159.719150][ T5912] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  159.737176][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.850469][ T5912] usb 1-1: config 0 descriptor??
[  159.872615][ T5899] ipheth 2-1:0.196: ipheth_get_macaddr: usb_control_msg: -71
[  159.875497][ T5899] ipheth 2-1:0.196: probe with driver ipheth failed with error -71
[  159.926959][ T5899] usb 2-1: USB disconnect, device number 18
[  159.959527][   T33] audit: type=1400 audit(1755605739.399:52): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=8396 comm="syz.3.722"
[  160.293865][ T5912] mcp2221 0003:04D8:00DD.000B: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  160.461117][ T8410] loop3: detected capacity change from 0 to 40427
[  160.464153][ T8410] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  160.466666][ T8410] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  160.469674][ T8410] F2FS-fs (loop3): build fault injection rate: 8
[  160.471746][ T8410] F2FS-fs (loop3): build fault injection type: 0x3bfe8d
[  160.475066][    C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  160.479875][ T8410] F2FS-fs (loop3): invalid crc value
[  160.481851][ T8410] F2FS-fs (loop3): Failed to get valid F2FS checkpoint
[  160.749865][ T5878] usb 1-1: USB disconnect, device number 18
[  160.949491][ T8425] 8021q: adding VLAN 0 to HW filter on device batadv1
[  160.953233][ T8425] team0: Failed to send port change of device batadv1 via netlink (err -105)
[  160.958851][ T8425] team0: Failed to send options change via netlink (err -105)
[  160.961970][ T8425] team0: Port device batadv1 added
[  161.015849][ T8427] tipc: Started in network mode
[  161.018629][ T8427] tipc: Node identity 6294d9a3f2e7, cluster identity 4711
[  161.021121][ T8427] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  161.026679][ T8427] syzkaller0: MTU too low for tipc bearer
[  161.028564][ T8427] tipc: Disabling bearer <eth:syzkaller0>
[  161.346418][ T8415] orangefs_mount: mount request failed with -4
[  161.369540][ T8433] loop0: detected capacity change from 0 to 8192
[  161.716343][   T26] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  161.726004][ T8443] loop3: detected capacity change from 0 to 4096
[  161.756787][ T8443] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  161.771619][ T8443] ntfs3(loop3): try to read out of volume at offset 0x103000
[  161.784667][ T8443] ntfs3(loop3): Failed to load $Volume (-5).
[  161.812387][ T8444] syz.0.741 (8444): drop_caches: 2
[  162.036990][ T8439] loop1: detected capacity change from 0 to 65536
[  162.558250][ T8452] loop0: detected capacity change from 0 to 128
[  162.617797][ T8456] netlink: 40 bytes leftover after parsing attributes in process `syz.1.746'.
[  162.621045][ T8455] loop0: detected capacity change from 0 to 1024
[  162.626772][ T8455] EXT4-fs: Ignoring removed bh option
[  162.636637][ T8455] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  162.685505][ T8455] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  162.709599][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.775432][ T8467] loop1: detected capacity change from 0 to 2048
[  162.815252][ T8468] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  163.066325][ T8488] loop1: detected capacity change from 0 to 8
[  163.069554][ T8488] squashfs image failed sanity check
[  163.464961][ T8473] loop0: detected capacity change from 0 to 40427
[  163.473761][ T8473] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  163.482831][ T8473] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  163.517310][ T8473] F2FS-fs (loop0): invalid crc value
[  163.697684][ T8473] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  163.704141][ T8473] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  163.706835][ T8473] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  164.051565][ T8502] loop3: detected capacity change from 0 to 512
[  164.087533][ T8502] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.091987][ T8502] ext4 filesystem being mounted at /204/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.178542][ T6447] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.537912][ T8506] loop3: detected capacity change from 0 to 32768
[  164.701611][ T8508] loop1: detected capacity change from 0 to 32768
[  164.717578][ T8508] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  164.720790][ T8519] loop3: detected capacity change from 0 to 64
[  164.754676][ T8508] XFS (loop1): Ending clean mount
[  164.773361][ T5845] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  165.105267][ T8532] loop1: detected capacity change from 0 to 32768
[  165.170174][ T8532] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  165.248743][ T8532] XFS (loop1): Ending clean mount
[  165.254982][ T8532] XFS (loop1): Quotacheck needed: Please wait.
[  165.276715][ T8532] XFS (loop1): Quotacheck: Done.
[  165.443326][ T8545] comedi comedi0: Minor -2147450880 is invalid!
[  165.526846][ T5845] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  165.629755][ T8547] loop1: detected capacity change from 0 to 1024
[  165.672563][   T26] hfsplus: b-tree write err: -5, ino 4
[  165.707812][ T5912] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0
[  165.721741][ T5912] hid-generic 0000:0000:0000.000C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  165.960494][ T8530] loop3: detected capacity change from 0 to 131072
[  166.075072][ T8530] XFS (loop3): Mounting V5 Filesystem 38ffc24f-675a-4986-9d8e-4951dc618329
[  166.112101][ T8530] XFS (loop3): Ending clean mount
[  166.156484][ T6447] XFS (loop3): Unmounting Filesystem 38ffc24f-675a-4986-9d8e-4951dc618329
[  166.241976][ T8552] loop1: detected capacity change from 0 to 32768
[  166.291670][ T8552] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  166.365172][ T8559] loop0: detected capacity change from 0 to 32768
[  166.374127][ T8552] XFS (loop1): Ending clean mount
[  166.409018][ T8552] XFS (loop1): Quotacheck needed: Please wait.
[  166.420394][ T8559] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  166.453779][ T8552] XFS (loop1): Quotacheck: Done.
[  166.511301][ T5845] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  166.520572][ T5843] (syz-executor,5843,1):ocfs2_inode_is_valid_to_delete:948 ERROR: Skipping delete of system file 72
[  166.541369][ T5843] ocfs2: Unmounting device (7,0) on (node local)
[  167.090100][ T8587] loop1: detected capacity change from 0 to 40427
[  167.100490][ T8587] F2FS-fs (loop1): invalid crc value
[  167.166721][ T8587] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  167.173290][ T8587] F2FS-fs (loop1): Start checkpoint disabled!
[  167.186416][ T8587] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  167.240335][ T8591] loop0: detected capacity change from 0 to 32768
[  167.253069][ T8591] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.784 (8591)
[  167.267394][   T40] kworker/u10:2: attempt to access beyond end of device
[  167.267394][   T40] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  167.292115][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u10:2 Not tainted syzkaller #0 PREEMPT(full) 
[  167.292137][   T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  167.292146][   T40] Workqueue: writeback wb_workfn (flush-7:1)
[  167.292171][   T40] Call Trace:
[  167.292177][   T40]  <TASK>
[  167.292184][   T40]  dump_stack_lvl+0x189/0x250
[  167.292209][   T40]  ? __pfx_dump_stack_lvl+0x10/0x10
[  167.292226][   T40]  ? __pfx_queue_work_on+0x10/0x10
[  167.292241][   T40]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  167.292261][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  167.292287][   T40]  f2fs_handle_critical_error+0x37c/0x540
[  167.292315][   T40]  f2fs_write_end_io+0x886/0xb60
[  167.292344][   T40]  __submit_merged_bio+0x27a/0x6a0
[  167.292370][   T40]  __submit_merged_write_cond+0x255/0x530
[  167.292394][   T40]  f2fs_write_data_pages+0x261d/0x3000
[  167.292443][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  167.292475][   T40]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  167.292518][   T40]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  167.292538][   T40]  ? look_up_lock_class+0x74/0x170
[  167.292566][   T40]  ? trace_f2fs_writepages+0x7f/0x200
[  167.292586][   T40]  ? f2fs_write_node_pages+0x478/0x6e0
[  167.292608][   T40]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  167.292638][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  167.292660][   T40]  do_writepages+0x32e/0x550
[  167.292683][   T40]  ? reacquire_held_locks+0x127/0x1d0
[  167.292698][   T40]  ? writeback_sb_inodes+0x384/0x1010
[  167.292749][   T40]  __writeback_single_inode+0x145/0xff0
[  167.292770][   T40]  ? do_raw_spin_unlock+0x4d/0x240
[  167.292791][   T40]  writeback_sb_inodes+0x6c7/0x1010
[  167.292831][   T40]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  167.292883][   T40]  ? rcu_is_watching+0x15/0xb0
[  167.292906][   T40]  wb_writeback+0x43b/0xaf0
[  167.292931][   T40]  ? queue_io+0x321/0x590
[  167.292956][   T40]  ? __pfx_wb_writeback+0x10/0x10
[  167.292981][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  167.293002][   T40]  wb_workfn+0x409/0xef0
[  167.293029][   T40]  ? __pfx_wb_workfn+0x10/0x10
[  167.293048][   T40]  ? __lock_acquire+0xab9/0xd20
[  167.293078][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  167.293098][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  167.293114][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  167.293144][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  167.293161][   T40]  process_scheduled_works+0xae1/0x17b0
[  167.293197][   T40]  ? __pfx_process_scheduled_works+0x10/0x10
[  167.293225][   T40]  worker_thread+0x8a0/0xda0
[  167.293261][   T40]  kthread+0x711/0x8a0
[  167.293283][   T40]  ? __pfx_worker_thread+0x10/0x10
[  167.293296][   T40]  ? __pfx_kthread+0x10/0x10
[  167.293315][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  167.293331][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[  167.293348][   T40]  ? __pfx_kthread+0x10/0x10
[  167.293366][   T40]  ret_from_fork+0x3fc/0x770
[  167.293385][   T40]  ? __pfx_ret_from_fork+0x10/0x10
[  167.293404][   T40]  ? __switch_to_asm+0x39/0x70
[  167.293421][   T40]  ? __switch_to_asm+0x33/0x70
[  167.293438][   T40]  ? __pfx_kthread+0x10/0x10
[  167.293456][   T40]  ret_from_fork_asm+0x1a/0x30
[  167.293487][   T40]  </TASK>
[  167.447760][ T8591] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  167.451965][ T8591] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  167.455525][ T8591] BTRFS info (device loop0): using free-space-tree
[  167.470961][   T40] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  167.588943][ T5843] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  167.962492][ T8628] loop1: detected capacity change from 0 to 1024
[  167.982144][ T8628] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  167.983301][ T8631] loop3: detected capacity change from 0 to 256
[  167.989708][ T8631] exfat: Deprecated parameter 'utf8'
[  167.999089][ T8628] ext4 filesystem being mounted at /254/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.006606][ T8632] loop0: detected capacity change from 0 to 512
[  168.010133][ T8632] EXT4-fs: Ignoring removed mblk_io_submit option
[  168.023836][ T8631] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  168.026023][ T8632] EXT4-fs (loop0): orphan cleanup on readonly fs
[  168.031545][ T8632] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13
[  168.039060][ T8632] EXT4-fs error (device loop0): ext4_clear_blocks:876: inode #13: comm syz.0.793: attempt to clear invalid blocks 2 len 1
[  168.051421][ T8628] EXT4-fs (loop1): stripe (248) is not aligned with cluster size (16), stripe is disabled
[  168.056340][ T8632] EXT4-fs (loop0): Remounting filesystem read-only
[  168.060268][ T8632] EXT4-fs (loop0): 1 truncate cleaned up
[  168.063236][ T8628] EXT4-fs (loop1): can't enable nombcache during remount
[  168.076528][ T8632] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  168.108341][ T8632] overlayfs: cannot append lower layer
[  168.243872][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.833037][ T8652] loop0: detected capacity change from 0 to 1024
[  168.837322][ T8652] ext4: Unknown parameter 'fsmagic'
[  169.049535][ T8640] loop3: detected capacity change from 0 to 32768
[  169.184159][ T5845] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.220032][ T8656] loop1: detected capacity change from 0 to 256
[  169.235383][ T8656] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x200c26b4, utbl_chksum : 0xe619d30d)
[  169.307819][ T8660] loop3: detected capacity change from 0 to 256
[  169.312313][ T8660] exfat: Deprecated parameter 'namecase'
[  169.323390][ T8660] exfat: Deprecated parameter 'namecase'
[  169.335602][ T8660] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  169.463385][ T8670] loop3: detected capacity change from 0 to 512
[  169.496894][ T8670] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e028, mo2=0002]
[  169.500086][ T8670] System zones: 1-12
[  169.502482][ T8670] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.806: invalid indirect mapped block 8 (level 2)
[  169.510040][ T8670] EXT4-fs (loop3): Remounting filesystem read-only
[  169.512428][ T8670] EXT4-fs (loop3): 1 truncate cleaned up
[  169.516652][ T8670] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.559648][ T6447] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.852565][ T8679] loop3: detected capacity change from 0 to 32768
[  169.876245][ T8679] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  169.945353][ T6447] ocfs2: Unmounting device (7,3) on (node local)
[  170.013629][ T8687] loop1: detected capacity change from 0 to 32768
[  170.033635][ T8687] JBD2: Ignoring recovery information on journal
[  170.085344][ T8687] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  170.106180][   T33] audit: type=1800 audit(1755605749.539:53): pid=8687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.814" name="file1" dev="loop1" ino=17058 res=0 errno=0
[  170.177305][ T8687] 
[  170.178330][ T8687] ======================================================
[  170.181118][ T8687] WARNING: possible circular locking dependency detected
[  170.183876][ T8687] syzkaller #0 Not tainted
[  170.185784][ T8687] ------------------------------------------------------
[  170.189374][ T8687] syz.1.814/8687 is trying to acquire lock:
[  170.191741][ T8687] ffff888125e126c0 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_del_inode_from_orphan+0x134/0x740
[  170.196906][ T8687] 
[  170.196906][ T8687] but task is already holding lock:
[  170.199906][ T8687] ffff888113f4b1e0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io+0x389/0x10f0
[  170.204087][ T8687] 
[  170.204087][ T8687] which lock already depends on the new lock.
[  170.204087][ T8687] 
[  170.208201][ T8687] 
[  170.208201][ T8687] the existing dependency chain (in reverse order) is:
[  170.211767][ T8687] 
[  170.211767][ T8687] -> #3 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}:
[  170.215264][ T8687]        lock_acquire+0x120/0x360
[  170.217210][ T8687]        down_write+0x96/0x1f0
[  170.219022][ T8687]        ocfs2_create_local_dquot+0x19d/0x1a40
[  170.221501][ T8687]        ocfs2_acquire_dquot+0x80f/0xb30
[  170.223736][ T8687]        dqget+0x7b1/0xf10
[  170.225550][ T8687]        ocfs2_setattr+0xd72/0x1b40
[  170.227653][ T8687]        notify_change+0xb36/0xe40
[  170.229647][ T8687]        chown_common+0x40c/0x5c0
[  170.231689][ T8687]        ksys_fchown+0xea/0x160
[  170.233633][ T8687]        __x64_sys_fchown+0x7a/0x90
[  170.235643][ T8687]        do_syscall_64+0xfa/0x3b0
[  170.237557][ T8687]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.240038][ T8687] 
[  170.240038][ T8687] -> #2 (&dquot->dq_lock){+.+.}-{4:4}:
[  170.243006][ T8687]        lock_acquire+0x120/0x360
[  170.245009][ T8687]        __mutex_lock+0x187/0x1360
[  170.247021][ T8687]        dqget+0x72a/0xf10
[  170.248798][ T8687]        __dquot_initialize+0x3b3/0xcb0
[  170.251011][ T8687]        ocfs2_get_init_inode+0x13b/0x1b0
[  170.253270][ T8687]        ocfs2_mknod+0x863/0x2050
[  170.255263][ T8687]        ocfs2_create+0x1a5/0x440
[  170.257281][ T8687]        path_openat+0x14f4/0x3830
[  170.259317][ T8687]        do_filp_open+0x1fa/0x410
[  170.261313][ T8687]        do_sys_openat2+0x121/0x1c0
[  170.263403][ T8687]        __x64_sys_openat+0x138/0x170
[  170.265556][ T8687]        do_syscall_64+0xfa/0x3b0
[  170.267551][ T8687]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.270062][ T8687] 
[  170.270062][ T8687] -> #1 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  170.274188][ T8687]        lock_acquire+0x120/0x360
[  170.276136][ T8687]        down_write+0x96/0x1f0
[  170.278050][ T8687]        ocfs2_evict_inode+0x153d/0x40e0
[  170.280292][ T8687]        evict+0x504/0x9c0
[  170.282076][ T8687]        vfs_rmdir+0x3ec/0x520
[  170.283974][ T8687]        do_rmdir+0x25f/0x550
[  170.285845][ T8687]        __x64_sys_rmdir+0x47/0x50
[  170.287834][ T8687]        do_syscall_64+0xfa/0x3b0
[  170.289789][ T8687]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.292267][ T8687] 
[  170.292267][ T8687] -> #0 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}:
[  170.296269][ T8687]        validate_chain+0xb9b/0x2140
[  170.298407][ T8687]        __lock_acquire+0xab9/0xd20
[  170.300485][ T8687]        lock_acquire+0x120/0x360
[  170.302497][ T8687]        down_write+0x96/0x1f0
[  170.304395][ T8687]        ocfs2_del_inode_from_orphan+0x134/0x740
[  170.306883][ T8687]        ocfs2_dio_end_io+0x479/0x10f0
[  170.309039][ T8687]        dio_complete+0x25b/0x790
[  170.311082][ T8687]        __blockdev_direct_IO+0x2e63/0x3490
[  170.313434][ T8687]        ocfs2_direct_IO+0x25f/0x2d0
[  170.315473][ T8687]        generic_file_direct_write+0x1db/0x3e0
[  170.317896][ T8687]        __generic_file_write_iter+0x11d/0x230
[  170.320326][ T8687]        ocfs2_file_write_iter+0x157a/0x1d10
[  170.322698][ T8687]        iter_file_splice_write+0x9c9/0x10b0
[  170.324882][ T8687]        direct_splice_actor+0x101/0x160
[  170.326647][ T8687]        splice_direct_to_actor+0x5a8/0xcc0
[  170.328392][ T8687]        do_splice_direct+0x181/0x270
[  170.330021][ T8687]        do_sendfile+0x4da/0x7e0
[  170.331554][ T8687]        __se_sys_sendfile64+0x13e/0x190
[  170.333423][ T8687]        do_syscall_64+0xfa/0x3b0
[  170.335434][ T8687]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.338013][ T8687] 
[  170.338013][ T8687] other info that might help us debug this:
[  170.338013][ T8687] 
[  170.341892][ T8687] Chain exists of:
[  170.341892][ T8687]   &ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE] --> &dquot->dq_lock --> &ocfs2_quota_ip_alloc_sem_key
[  170.341892][ T8687] 
[  170.348371][ T8687]  Possible unsafe locking scenario:
[  170.348371][ T8687] 
[  170.351245][ T8687]        CPU0                    CPU1
[  170.353353][ T8687]        ----                    ----
[  170.355490][ T8687]   lock(&ocfs2_quota_ip_alloc_sem_key);
[  170.357720][ T8687]                                lock(&dquot->dq_lock);
[  170.360467][ T8687]                                lock(&ocfs2_quota_ip_alloc_sem_key);
[  170.363579][ T8687]   lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]);
[  170.366373][ T8687] 
[  170.366373][ T8687]  *** DEADLOCK ***
[  170.366373][ T8687] 
[  170.369476][ T8687] 3 locks held by syz.1.814/8687:
[  170.371414][ T8687]  #0: ffff8881095ac428 (sb_writers#22){.+.+}-{0:0}, at: direct_splice_actor+0x49/0x160
[  170.375132][ T8687]  #1: ffff888113f4b540 (&sb->s_type->i_mutex_key#29){+.+.}-{4:4}, at: ocfs2_file_write_iter+0x429/0x1d10
[  170.379377][ T8687]  #2: ffff888113f4b1e0 (&ocfs2_quota_ip_alloc_sem_key){++++}-{4:4}, at: ocfs2_dio_end_io+0x389/0x10f0
[  170.383572][ T8687] 
[  170.383572][ T8687] stack backtrace:
[  170.385841][ T8687] CPU: 1 UID: 0 PID: 8687 Comm: syz.1.814 Not tainted syzkaller #0 PREEMPT(full) 
[  170.385862][ T8687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  170.385872][ T8687] Call Trace:
[  170.385878][ T8687]  <TASK>
[  170.385885][ T8687]  dump_stack_lvl+0x189/0x250
[  170.385912][ T8687]  ? __pfx_dump_stack_lvl+0x10/0x10
[  170.385930][ T8687]  ? __pfx__printk+0x10/0x10
[  170.385952][ T8687]  ? print_lock_name+0xde/0x100
[  170.385973][ T8687]  print_circular_bug+0x2ee/0x310
[  170.385991][ T8687]  check_noncircular+0x134/0x160
[  170.386008][ T8687]  validate_chain+0xb9b/0x2140
[  170.386024][ T8687]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  170.386048][ T8687]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  170.386072][ T8687]  __lock_acquire+0xab9/0xd20
[  170.386095][ T8687]  ? ocfs2_del_inode_from_orphan+0x134/0x740
[  170.386109][ T8687]  lock_acquire+0x120/0x360
[  170.386128][ T8687]  ? ocfs2_del_inode_from_orphan+0x134/0x740
[  170.386146][ T8687]  ? do_raw_spin_unlock+0x4d/0x240
[  170.386164][ T8687]  down_write+0x96/0x1f0
[  170.386185][ T8687]  ? ocfs2_del_inode_from_orphan+0x134/0x740
[  170.386198][ T8687]  ? __pfx_down_write+0x10/0x10
[  170.386221][ T8687]  ocfs2_del_inode_from_orphan+0x134/0x740
[  170.386238][ T8687]  ? ocfs2_dio_end_io+0x389/0x10f0
[  170.386253][ T8687]  ? __pfx_ocfs2_del_inode_from_orphan+0x10/0x10
[  170.386270][ T8687]  ? down_write+0x162/0x1f0
[  170.386288][ T8687]  ? __pfx_down_write+0x10/0x10
[  170.386306][ T8687]  ? ocfs2_direct_IO+0x25f/0x2d0
[  170.386320][ T8687]  ? __generic_file_write_iter+0x11d/0x230
[  170.386336][ T8687]  ? ocfs2_file_write_iter+0x157a/0x1d10
[  170.386358][ T8687]  ? iter_file_splice_write+0x9c9/0x10b0
[  170.386378][ T8687]  ocfs2_dio_end_io+0x479/0x10f0
[  170.386395][ T8687]  ? __pfx_ocfs2_dio_end_io+0x10/0x10
[  170.386416][ T8687]  ? __lock_acquire+0xab9/0xd20
[  170.386471][ T8687]  ? do_raw_spin_lock+0x121/0x290
[  170.386492][ T8687]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  170.386508][ T8687]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.386524][ T8687]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  170.386540][ T8687]  ? __pfx_ocfs2_dio_end_io+0x10/0x10
[  170.386554][ T8687]  dio_complete+0x25b/0x790
[  170.386571][ T8687]  __blockdev_direct_IO+0x2e63/0x3490
[  170.386601][ T8687]  ? __pfx___blockdev_direct_IO+0x10/0x10
[  170.386619][ T8687]  ? __pfx_invalidate_inode_pages2_range+0x10/0x10
[  170.386640][ T8687]  ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10
[  170.386656][ T8687]  ? filemap_write_and_wait_range+0x18a/0x320
[  170.386679][ T8687]  ? __pfx_filemap_write_and_wait_range+0x10/0x10
[  170.386710][ T8687]  ? current_time+0x222/0x370
[  170.386725][ T8687]  ? __pfx_ocfs2_dio_wr_get_block+0x10/0x10
[  170.386741][ T8687]  ocfs2_direct_IO+0x25f/0x2d0
[  170.386757][ T8687]  generic_file_direct_write+0x1db/0x3e0
[  170.386773][ T8687]  ? file_update_time+0x2da/0x490
[  170.386787][ T8687]  __generic_file_write_iter+0x11d/0x230
[  170.386802][ T8687]  ? ocfs2_file_write_iter+0x1551/0x1d10
[  170.386821][ T8687]  ocfs2_file_write_iter+0x157a/0x1d10
[  170.386841][ T8687]  ? kasan_save_track+0x3e/0x80
[  170.386858][ T8687]  ? __kasan_kmalloc+0x93/0xb0
[  170.386874][ T8687]  ? __kmalloc_noprof+0x27a/0x4f0
[  170.386894][ T8687]  ? __pfx_ocfs2_file_write_iter+0x10/0x10
[  170.386927][ T8687]  ? splice_from_pipe_next+0x608/0x660
[  170.386949][ T8687]  ? __asan_memset+0x22/0x50
[  170.386965][ T8687]  iter_file_splice_write+0x9c9/0x10b0
[  170.386993][ T8687]  ? __pfx_iter_file_splice_write+0x10/0x10
[  170.387014][ T8687]  ? rcu_read_lock_any_held+0xb3/0x120
[  170.387034][ T8687]  ? __pfx_iter_file_splice_write+0x10/0x10
[  170.387054][ T8687]  direct_splice_actor+0x101/0x160
[  170.387073][ T8687]  splice_direct_to_actor+0x5a8/0xcc0
[  170.387100][ T8687]  ? __pfx_direct_splice_actor+0x10/0x10
[  170.387119][ T8687]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  170.387142][ T8687]  do_splice_direct+0x181/0x270
[  170.387162][ T8687]  ? __pfx_do_splice_direct+0x10/0x10
[  170.387181][ T8687]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  170.387205][ T8687]  ? rw_verify_area+0x255/0x4d0
[  170.387222][ T8687]  do_sendfile+0x4da/0x7e0
[  170.387235][ T8687]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.387256][ T8687]  ? __pfx_do_sendfile+0x10/0x10
[  170.387272][ T8687]  ? __se_sys_futex+0x36f/0x400
[  170.387293][ T8687]  __se_sys_sendfile64+0x13e/0x190
[  170.387317][ T8687]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  170.387338][ T8687]  ? rcu_is_watching+0x15/0xb0
[  170.387353][ T8687]  ? do_syscall_64+0xbe/0x3b0
[  170.387374][ T8687]  do_syscall_64+0xfa/0x3b0
[  170.387394][ T8687]  ? lockdep_hardirqs_on+0x9c/0x150
[  170.387412][ T8687]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.387426][ T8687]  ? exc_page_fault+0x9f/0xf0
[  170.387480][ T8687]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.387496][ T8687] RIP: 0033:0x7f3af378ebe9
[  170.387509][ T8687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.387523][ T8687] RSP: 002b:00007f3af4622038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  170.387539][ T8687] RAX: ffffffffffffffda RBX: 00007f3af39b5fa0 RCX: 00007f3af378ebe9
[  170.387550][ T8687] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000004
[  170.387559][ T8687] RBP: 00007f3af3811e19 R08: 0000000000000000 R09: 0000000000000000
[  170.387568][ T8687] R10: 0000000000ff7e82 R11: 0000000000000246 R12: 0000000000000000
[  170.387577][ T8687] R13: 00007f3af39b6038 R14: 00007f3af39b5fa0 R15: 00007ffc64e51dc8
[  170.387593][ T8687]  </TASK>
[  170.615718][ T5845] ocfs2: Unmounting device (7,1) on (node local)

VM DIAGNOSIS:
12:15:49  Registers:
info registers vcpu 0

CPU#0
RAX=a0ad3def12dae100 RBX=ffffffff819683a8 RCX=a0ad3def12dae100 RDX=0000000000000001
RSI=ffffffff8be332e0 RDI=ffffffff819683a8 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa37e30 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7943f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00002000000007c0 CR3=0000000113458000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fbb20a12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=1ffffffff33bdc60 RBX=00000000000003fd RCX=0000000000000000 RDX=00000000000003fd
RSI=00000000000101f5 RDI=00000000000101f6 RBP=ffffffff99dee630 RSP=ffffc900082060d0
R8 =ffff8881082d0237 R9 =1ffff1102105a046 R10=dffffc0000000000 R11=ffffffff854efea0
R12=dffffc0000000000 R13=0000000000000000 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff17 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f3af46226c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fbb20bb7dac CR3=0000000022f38000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fbb20b87498 00007fbb20b87470 XMM03=00007fbb20b874a8 00007fbb20b874a0
XMM04=00007fbb216ed100 00007fbb20b87460 XMM05=00007fbb20b87478 00007fbb20b874c0
XMM06=00007fbb20b874b8 00007fbb20b874b0 XMM07=00007fbb20b874a8 00007fbb20b874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fbb20a12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
