last executing test programs:

4m17.683055457s ago: executing program 0 (id=2443):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)='\\', 0x1)
ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0)

4m17.546108561s ago: executing program 0 (id=2445):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000004700)=""/4097, 0x1001}, {&(0x7f0000003700)=""/4064, 0xfe0}], 0x2}, 0x0)

4m17.395096527s ago: executing program 0 (id=2447):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x200}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000080)={r0, 0xfffffffffffffecf, &(0x7f00000000c0)}, 0x10)

4m17.336056739s ago: executing program 0 (id=2449):
syz_mount_image$nilfs2(&(0x7f0000000a00), &(0x7f0000000080)='./file0\x00', 0x800408, &(0x7f0000000500)=ANY=[@ANYBLOB="00c1d143753d2c083ee422f83383b46202c4de2de291601c80052445e264d4679b97678c14da06e79245374cfb5a59ebaeff670caadb5694b952eb30672a383ac36fadcd60e27a35d7"], 0x1, 0xa0e, &(0x7f00000020c0)="$eJzs3c9vXEcdAPB5G/+MU3tNCpimTQy0JBXUcRwjlQt1Siv1VPUUReJUhTSNcFMgXFpVasofgIKqXiMCAXooAqRwyAGp4oAoByTEhWPVUyUU1EoICVBqFHtmvTv24+36x3rX+/lIX4/fm/Gbed71vtnn2ZkADKza6tfFxZkihLduv/nUiwenxosQwrFGiXpTubWt4RBC0fLz696PGXc/fu38ZmkRFla/pu3w7J3Gz06EEK6G2fBuqIeZ6/WxW+88c/vG0vGz55479+QunX5DsdsVAABAD/juX+7+5tEP3/vK9H9+dXQpjDb2p/55PW5PxH7/fOwo5/3/oiktNulPj2TlDsTI3z8cyMoNZfUMldQ3nB1nuKTcSEV9B5r2bXaeALAfrN/XK2pzLdu12tzc2nX/nvdHR4q5y5eWX7iyRw0FAHbMP58IISwJIYQQYpBiZWqveyAAwKDLxwtvcHVnR+o2jjbWXv13ztQ2/3nYAd1+/qu/v+q/+YZXHHbOfn02pfNKf0dpHEM+jvBA9nOd/v3XsuMMddjOsnGF/TLesKyd+e+1V5W1v9PHca+UtT8fD9urytqfj9PtVWXtH+1yO7aqrP1jXW7HVpW1f7zL7ehXD8U0/R6PZvnN18/8Nb1fXuMBgFb/Nv5PCDHoMdIDbRCiy/H6XndAAICek8+PsxKl/Hw+njw/n4cnz8/nBcrzRyvyxyryAYCNTt+6+Mtrxfr/+bc7Hi6NuzgY04kO25OPR+y0/u2Oe9pu/f0ybgmAwfbyDxeffm/pzIG1+X/Xr2WfZPP/prl6r8XtNF7wULbdmPt3trWeWkm5Q7txUgDA/5Wuv5vO/9v0IaiZMFy8cGn5wnzcnozpH0eHR+/tP9XNRgMA29Lu/P8zoXX+/0ON/cO15n7B1Pr+orlfUM/2L5TsPx23p2P64uj46v658y8vf2unTx4ABtT1s08f/ugPl8Pa/f/1/3+n+//pNn49jrX7KBZI/YT7Qut24/7/idZ6JsvKzbeWmyor93hruXpWbjhGPu9GPj5wPPu5NE4hjXtI/Z1062O6rD3ZBBkjWbmhGPdl7ZnM2rPhfOdb25PPQ5Pqr2f783EPqdx0AICNrrzy6refX16+8D3f+MY3vml8s9evTMBuO/n9l75z8sorrz526aXnL164eOHyqfmFhfnF01/92qmTq/f1Tzbf3QcA9oP1Tv9etwQAAAAAAAAAAAAAACiTf/r3kR+v7d/JjxPv9TkCAK3+8UQIYUmIwYjDPdAGIYTohVhZyVf8BQDork7X29+uxtHifP5p3YOUHnrsr9P3IhW7c6a1v2T9YnZSt5//6u+v+m++sbP1N9YXafv1r9Z6gNnNjvp6Zb0//dHf/tRc/wNDbdafn/+Jyqo2dTOr/3hor/6VG1n9W5wa92dZ/QfbrH/D+T++tfp/Huu/P26f+GK79bc+/mm9nbQcznh2PhMl9f8iO/+0tl/H5z/WwUk3eTvWDwCDqLbXDdglqZeQ+tGpH9K8Pl9oWmcvZOXb7f/XsuPk6/VtVTpu6gd9Pm6n7k5aNzBf77DT9qf1CSez4xZt9mvLnj/98l+lsvbv1OO428ran68H2avK2j/S5XZsVVn787/LXlXW/i2+req6svaPd7kd/epITMuuh+n6Mxnz0nY9257Y5LHYr30LAOh33/j6nx++9uWhb66t/z+y4X1nehs4Ed9Tvx238/e9yXjWdyyy8l+I6Q9i+pOY/j6mH2TH293/tgHAYPrQ5/+EEEKIgYtB//yf+wsMskF//g/6+Q/2q7/Hv0p6fuT38ZOhivzhivyRivzRLD9/vMYq8u/PjrsSpfxPV+R/piL/sxX5MxX5UxX5D1TkH6nIf7Ai/2hF/rGKfAD60+di6vUdAAZH+tyX6z8ADI40sY7rPwAMjk/FtOz6/1BFPgDQfw7H1PUdAAZIsflMj9udtwfoH2l+6fR3HpcDCQ/H9JGYfimmab2ULS6/AvSA//7rd3+/VqzP93cky293Pvmi1vrJu3z9n0fbbE/++b1O57Ovt1nPbtU/vc36AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiu2urXxcWZIoS3br/51IMfXPltEUI41ihRbyq3tjXctD3bcpwQfl2spXc/fu18c/pJTIuwEIpQNPaHZ+80apoIIVwNs+HdUA8z1+tjt9555vaNpeNnzz137sld/BWEtXYBAADA/vW/AAAA//8xrzgs")
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

4m16.795460158s ago: executing program 0 (id=2451):
r0 = syz_open_dev$dri(&(0x7f0000000280), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000000200)={0x2, 0x0, &(0x7f0000000300)=[0x0, <r1=>0x0]})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f00000003c0)={&(0x7f0000001280), 0x0, r1, 0x0, '\x00', 0x1ffffffffffffd64, 0x20})

4m16.179370369s ago: executing program 0 (id=2456):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
unshare(0x400)
fcntl$lock(r0, 0x5, &(0x7f0000000380)={0x1, 0x0, 0x20000000000103ff, 0x800000000})

4m15.704394355s ago: executing program 32 (id=2456):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
unshare(0x400)
fcntl$lock(r0, 0x5, &(0x7f0000000380)={0x1, 0x0, 0x20000000000103ff, 0x800000000})

3m17.511910046s ago: executing program 5 (id=2888):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x40, r2, 0x1, 0x70bd29, 0x0, {{0x2}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0xb, 0x5f}}}}, [@chandef_params=[@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9b2}], @chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x40}, 0x1, 0x0, 0x0, 0x20000004}, 0x0)

3m17.145282699s ago: executing program 5 (id=2891):
syz_mount_image$jfs(&(0x7f0000000700), &(0x7f0000000000)='./file0\x00', 0x802, &(0x7f0000000100)=ANY=[], 0x1, 0x6107, &(0x7f0000008180)="$eJzs3c1vHGcdB/Dfvnj9UppaPVQlQshNeSuleS0hUKDpAQ5cOKBcUSLXrSJcQElAaRURV75w4I8AIXFEiCMn/oAeuHLjDyBSggTqiUFjP489nqyzDo531n4+H8mZ/c0zs34m3x3vy8zsEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA/OD7P7rQi4jrv0wzliM+E4OIfsRiXa9ExOLKcl5+GBEvx1ZzvBQRc/MR9fpb/7wQ8WZEfHIq4uGje6v17IsH7Mf3/vT33//4uR/+7Y9z5/7z5zuDt/Zb7u7d3/z7L/cPt80AAABQmqqqql56m386vb/vd90pAGAq8vN/leT5x6EeNbZjFvqjVm8Vo90ZM9Ef9RTr9YXmnO77o1Y/XjdV491vFhGx0Vynfs3gcDwAHDMb8WnXXaBD8i/aMCKe67oTwEzrdd0BjsTDR/dWeynfXvP5YGW7PZ8Lsif/jd7O9R37TSdpn2MyrcfXZgzixX36szilPsySnH+/nf/17fZ8bO2o85+W/fIfbV/6VJyc/6Cdf8vJyb8/Nv9S5fyHT5X/QP4AAAAAADDD8uf/yx0f/50//KYcyJOO/64c7C6uPus+AQAAAAAAAMBhHXb8vx3G/wMAAICZVb9Xr/321O68/U5wr9/iX+tFPN9aHihMulhmqet+AAAAAAAAAAAAAEBJhtvn8F7rRcxFxPNLS1VV1T9N7fppHXb946707YeSdf1HHgAAtn1yqnUtfy9iISKupe/6m1taWqqqhcWlaqlanM+vZ0fzC9Vi431tntbz5kcHeEE8HFX1nS001mua9H55Unv7/urfNaoGB+jYdHQYOABExPaz0UPPSCdMVb0QXb/K4Xiw/5889n8OouvHKQAAAHD0qqqqeunrvE+nY/79rjsFAExFfv5vHxdQ/9/1oDlrBvqjVqvVavXY4/7VePebRURsNNepXzMYjh8AjpmN+LTrLtAh+RdtGBEvd90JYKb1uu4AR+Lho3urvZRvr/l8kMZ3z+eC7Ml/o7e1Xl5/3HSS9jkm03p8bcYgXtynPy9NqQ+zJOffb+d/fbt9lJbbk09v/9wPmH+v9THi1OyXf72dyx30p2s5/0E7/5aj3v+nZTP6Y/MvVc5/+FT5D+QPAAAAAAAzLH/+v+z4b95kAAAAAAAAADh2Hj66t5qve83H/z83ZjnXf55MOf+e/IuU8++38v9Ka7lB4/aDd3bz/9eje6t/uPPPz+bpQfOfzzd66ZHVS4+IXvpNvWGaHmbrHrc5Nxhtb+v2Ha9ERDX3XtyM9ViL83uW7af/j932C3va657O7Wm/uKd9+Fj7pT3tc+l7B6rF3H42VuNnsR7vbrXXbfMTtn9hQns1oT3nP7D/FynnP2z81PkvpfZea1p78HH/sf2+OR33e67e/Pyvzx/95ky0GYOdbWuqt+9MB/3Z+j95bhS/uL126+zdG3fu3LoQabJn7sVIk2cs5z+Xfnb+/r+63Z7/7jf31wcfj546/1mxGcN983+1cbve3tem3Lcu5PxH6Sfn/25qH7//H+f899//X++gPwAAAAAAAAAAAAAAAPAkVVVtXSJ6NSIup+t/uro2EwCYrvz8XyV5vrqkemFn7mz0R61Wq9VHVTdV473dLCLir8116tcMvxp3ZwDALPtvRPyj607QGfkXLH/f33D3G3mBQtz+8KOf3FhfX7t1e/fTXwAAAAAAAADgeMnjf640xn/+QkQst5bbM/7rO7Fy2PE/h/nGzgCjz3ig731s9keDfmO48VfiyeN/n4knj/89nPD75ia0jya0Tzora9I5G2Mv9GjI+b/SGO+8zv90a/j1EsZ/bY95X4Kc/5nG47nO/8ut5Zr5V787zvn39+R/7s4HPz93+8OP3rj5wY33195f++mlCxfOX7p8+cqVK+feu7m+dn773w57fLRy/nns65w/Zcj558zlX5ac/xdTLf+y5Py/lGr5lyXnn1/vyb8sOf/83kf+Zcn5v5Zq+Zcl5//VVMu/LDn/11Mt/7Lk/L+WavmXJef/RqoPlv/gyPvFdOT8z6ba/l+WnP+5VMu/LDn/fIRL/mXJ+eczG+Rflpz/xVTLvyw5/0upln9Zcv5vplr+Zcn5fz3V8i9Lzv9yquVflpz/N1It/7Lk/K+kWv5lyfl/M9XyL0vO/1upln9Zcv5vpVr+Zcn5fzvV8i9Lzv87qR6Tv4P9J1jO/7uptv+XJef/dqrlX5bd7/93w43jciMiNmagGyf6Rtd/mQAAAAAAAAAAAACAtimdrQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFvXuNkau87wd+dr1rr83NCYS/4W/I2jjGmIVdX/AlrYtDCKGQS7mloRds17s2m/iG126AItkRSYMUR42qtOVNm4tQy5sqVpUXaUUjXvSiSJVC+yJ9E6WqFKmoIhGJVCmNWraaM8/z7MzsXHbt2fXMOZ+PBD925sycM2fOXL67fGcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB6xoYPTn1hIMuyyj/5v9Zm2dWV/149ujY/7f1XegsBAACAy/W/+b/fvi6dsH8BF6pZ5h9v/d63ZmdnZ7NPrvij4a/MzqYzRrNseFWW5edFF//9yYHaZYIXs5GBwZqfBzusfkWH84c6nD/c4fyVHc5f1eH8kQ7nz9sB86yu/j4mv7JN+X+ure7S7IZsOD9vU5NLvTiwanAw/i4nN5BfZnb4SDadHcumsom65avLDuTLv7ahsq4Hs7iuwZp1ra8cIT994XDchoGwjzfVrWvuOqMffyAb/dlPXzj852feuqnZ7Lgb6q6vup1bNla283PhlOq2DmSr0j6J2zlYs53rm9wnK+q2cyC/XOW/G7fz7QVu54q5zVxWjff5SDaY//cb+X4aqv21XtpP68NpP78ty7Lzc5vduMy8dWWD2Zq6Uwbn7p+R6hFZuY7KofTubGhRx+mGBRynlTm5qf44bXxMxPt/Q7jcUIttqL2bfvzZlfPu98Uep1HlVrd6rDQeg91+rPTKMRiPizfyG/1S02NwU7j9L2xufQw2PXaaHIPpdtccgxvTMbi6+TYPrlyRb3O6Ewbyy8wdg9vqll+Rr2kgn29ubn8Mjp85fmp85rnn75o+fujo1NGpEzu2bZvYsWvXnj17xo9MH5uaqP77kvZ1P1iTDabHwMaw7+Jj4PaGZWsP1dmvd+9xONLmcbi2YdluPw6HGm/cwPI8IOcf09XHxuOVnT5yYTBr8RjL75+tl/84TLe75nE4VPNa0PQ1pcnjcGgBj8PKMqe2Luw9y1DNP822YaleC9bWHION70caj8Fuvx/plWNwJBwXP9ja+rVgfdjel8YW+35kxbxjMN3c8NxTOSW93x/Zk49mx+XNlTOuWpmdnZk6ffezh86cOb0tC2NZXF9zrDQer2tqblM273gdXPTxun/61pdubnL62rCvRu6q/Guk5X1VWWbn3e3vq/zVrfn+rDt1exZGly33/mz2al7ZnylLttmflWU+N37578VTLq15/h1u8fwbc/871fWlq3pxxfBQ9fG7Iu2d4brn4/q7aih/7hrI1/32+MKej4fDP8v9fHxDm+fjdQ3Ldvv5eLjxxsXn44FOv+24PI3350g4To5NtH8+riyzbvtij8mhts/Ht4U5EPb/HSEppFxUc+y0Om7TuoaGhsPtGoprqD9Od9QtPxyyWWVdr26/tON0y23V61qRbt2c5TpORxuW7fZxmp6vWh2nA51++3ZpGu/PkXBc3LCj/XFaWeb1nZf/3JlSYs1z58pOx+DwipWVbR5OB2H1+X52dTwG784OZyezY9lkfu7K/HiqJtKxexZ2DK4M/yz3c+W6NsfgloZlu30MptexVsfewND8G98FjffnSDguXr6n/TFYWeb+3d1977olnJKWqXnv2vj7tVa/87q5YTct5e+8Ktv5d7vb/262ssyxPYvNme33053hlKua7KfGx2+rx9Rktjz7aV3Yzrf2tN5Ple2pLPOVvQs8nvZnWXbumfvy3/eGv6/81dnvf6vu7y7N/qZz7pn7fnLNkX9YzPYD0P/eqY411de6mr9MLeTv/wAAAEBfiLl/MMxE/gcAAIDCiLk//l/hifwPAAAAhRFz/1CYSUny/7r735p+51yWmvmzQTw/7YaHqsvFjutE+Hl0dk7l9Ptemfqvvzm3sHUPZln2Pw/9XtPl1z0Ut6tqNGznxQ/Vnz7/gucWtP6DT8wtV9tf/1q4/nh7FnoYNKvgTmRZ9tp1X8rXM/rkhXy+/tDBfD56/qUXK8u8vbf6c7z8m9dXl//TUP7df+RQ3eXfDPvhR2FOPNx8f8TLffPCHet3f2JuffFyAxuvzW/2y09Vrzd+Ts6XX6wuH/dzq+3/2y+++s3K8s++r/n2nxtsvv2vhut9Jcz/vqW6fO19UPk5Xu7zYfvj+uLl7v7Gd5pu/8UvVJc/9cBb05WH88EHwnEa1r8l/Lypcn6NZwcO1d2u7MPV5eL6J77/B/n58fpOPdB8+0cOXKjbH43Hx+v/Ur2e8Ybl4+lxPdFfN6y/cj21x2dc/6u/f7BuP3da/8VH37ylcr2N67+zYblTz2zN1z93ffWf2PRnn/9S0/XF7dn/l6fqbs/+R8LjOKz/5afC8RjO/8XF6vU1frrCwUfqn3/i8l9be67u9kQP/qy6/ov3Hs3nqpHVa666+pprz7+3su+y7I3HqtfXaf1Hv3qybvu/fmN1f8TzY0e/cf2txPWf/szYiZMzZ6cna/Zq/tk5H6luT9ze68Jza+PPB06eeXrq9OjE6ESWjRb3I/Qu2TfC/El1nF/s5bc+Ee7Pm//ktTWb//mL8fR/fbx6+oWHq69bt4flvhxOXxvuv8td/8sbbswf3wOv5z8OZ7PzPy/4cqzf9J97FrRguP2N7wvi8X7qPU/n+6FyXv66ER/X9dtf//nHC/DDyer1fDvs19nwycwbb5xbX+3y8bMRLjxWfbxf7vrj01y8X/8i3N8f/VH1+uN2xdv7w/A+5jvr6p/v4vHx7XODjdeff4rH+fB8kp2vnh+Xivv7wts3Nt28+Dkk2fmb8p//MF3PTYu6ma3MPDczfmz6xNlnx89MzZwZn3nu+QPHT549ceZA/lmeBz7V6fJzz09r8uenyaldO7P82epkdSyxK739p564N8uyzZNTRw6dPXLmiVNTp48enpk5PDU5s/nQkSNTn+l0+enJfdu2792xe/vY0enJfXv27t2xd2z6xMnKZlQ3qoNdE58eO3H6QH6RmX079267556dE2PHT05O7ds9MTF2ttPl89emscqlf3fs9NSxQ2emj0+NzUw/P7Vv295du7Z3/DTA46eOzIyOnz57YvzszNTp8eptGT2Tn1x57et0eYpp5t+q72cbDVQ/iC/7+J270uezVrzy2ZZXlS/S+D7xrfBZNN9916k9C/k55v7hMJOS5H8AAAAog5j7V4aZyP8AAABQGDH3rwozkf8BAACgMGLuHwkzKUn+1//X/y9q//+dc/r/rdav/6//X2QF6/8vvr/egf5/B/r/+v+X1f8/PLl7oif7/7ONr63N6P+zFLrd/294O7ro/n/M/auzrJT5HwAAAMog5v41YSbyPwAAABRGzP1XhZnI/wAAAFAYMfdfHWZSkvyv/6//r/+v/6//33z9+v/9Sf+/Pf3/DvT/9f+L2f/3/f9cMb3W/4+5/5owk5LkfwAAACiDmPuvDTOR/wEAAKAwYu6/LsxE/gcAAIDCiLl/bZhJSfK//r/+v/6//r/+f/P16//3p0vo3/+8tiLeu/3/1Yu9qqb0/zvQ/9f/1//X/6ereq3/H3P/u8JMSpL/AQAAoAxi7n93mIn8DwAAAIURc//1YSbyPwAAAPSD4YUsFHP/DWEmJcn/+v/6//r/+v/6/83Xr//fn8r6/f8rF3j9+v+t5Qvq/+v/6//r/9NVvdb/j7n/PWEmJcn/AAAAUAYx998YZiL/AwAAQGHE3P//wkzkfwAAACiMmPvXhZmUJP/r/+v/6//r/+v/N1+//n9/WsL+f95I7NX+/0Lp/3eg/6//r/+v/09X9Vr/P+b+m8JMSpL/AQAAoAxi7r85zET+BwAAgMKIuf//h5nI/wAAAFAYMfevDzMpSf7X/+9q//+O2mKW/r/+f8Pxof+v/6//vwzK+v3/C6X/34H+v/6//r/+P13Va/3/mPtvCTMpSf4HAACAMoi5/9YwE/kfAAAACiPm/veGmcj/AAAAUBgx94+Gma0MZ5Qk/+v/+/5//X/9f/3/5uvX/+9P+v/t6f93sNT9/+obT/3/JXKlt1//X/+f+Xqt/x9z/4Ywk5LkfwAAACiDmPs3hpnI/wAAAFAYMfffFmYi/wMAAEBhxNy/KcykJPm/rv+/qm/6/4Otb5D+f6b/r//fYf36//r/Rda7/f9mrxTz6f8XvP/v+/+X1JXe/iXs/3+35nBvSf+fXtRr/f+Y+98XZlKS/A8AAABlEHP/5jAT+R8AAAAKI+b+28NM5H8AAAAojJj7t4SZlCT/+/5//X/9/0vo/2/9avWC+v/6//r/PadF/354oZf3/f+B/r/+v/5/L/X/ff8/favX+v8x998RZlKS/A8AAABlEHP/1jAT+R8AAAAKI+b+O8NM5H8AAAAojJj7x8JMSpL/9f/1//X/ff+//n/z9ev/96fe/f7/hdH/1//v4f7/w//R4fLF7v9f03H9+v/6/8zXa/3/mPvvCjMpSf4HAACAMoi5/+4wE/kfAAAACiPm/vEwE/kfAAAACiPm/okwk5Lk/+Xu/9fsYf1//X/9f/1//X/9/67T/2/vyvX/m71Szqf/39P9f9//34H+v/4/8/Va/z/m/m1hpnd0Jcn/AAAAUAYx928PM5H/AQAAoDBi7t8RZiL/AwAAQGHE3L8zzKQk+d/3/+v/6//r/+v/N1+//n9/aCzY6/+35/v/O9D/1//X/9f/p6t6rf8fc/89YSYlyf8AAABQBjH37wozkf8BAACgMGLu3x1mIv8DAABAYcTcvyfMpCT5X/9f/1//X/9f/7/5+vX/+5P+f3tl6f9H+v+Lc6X78/2+/fr/+v/M12v9/5j794aZlCT/AwAAQBnE3P/+MJOO+X/1Em4VAAAA0E0x9/9SmIm//wMAAEBhxNz/y2EmJcn/+v/6//r/V7b/f17/X/9f/7+r9P/bK0v/f2m+/39E/78D/X/9f/1/GvVa/z/m/n1hJiXJ/wAAAFAGMff/SpiJ/A8AAACFEXP/vWEm8j8AAAAURsz9+8NMSpL/9f/1//X/ff+//n/z9ev/9yf9//Z6t/8fH1m93P/3/f+dLq//r/+v/0+jXuv/x9z/gTCTkuR/AAAAKIOY++8LM5mf/weXb6sAAACAboq5/4NhJv7+DwAAAIURc//9YSYlyf/6//r/Lfv/lTtb/1//X/8/0f/vD/r/7fVu/7+qt7//X/+/0+X1//X/9f9p1Gv9/5j7PxRmUpL8DwAAAGUQc/8DYSbyPwAAABRGzP0fDjOR/wEAAKAwYu5/MMykJPlf/1//3/f/L1v/fyLT/y98/7/xObSW/v/y0P9vT/+/A/3/4vX/V2X6//r/XEG91v+Puf9Xw0xKkv8BAACgDGLufyjMRP4HAACAwoi5/+EwE/kfAAAACiPm/o+EmZQk/+v/6//r//v+f/3/5uv3/f/9Sf+/Pf3/DvT/i9f/9/3/+v9cUb3W/4+5/6NhJiXJ/wAAAFAGMfd/LMxE/gcAAIDCiLn/42Em8j8AAAAURsz9vxZmUpL8r/+v/6//r/+v/998/fr//Un/vz39/w70//X/9f/1/+mqXuv/x9z/SJhJSfI/AAAAlEHM/Y+Gmcj/AAAAUBgx9z8WZiL/AwAAQGHE3P94mElJ8r/+v/6//r/+v/5/8/Xr//cn/f/26vr/vxhpvaD+v/6//r/+v/4/XdBr/f+Y+58IMylJ/gcAAIAyiLn/E2Em8j8AAAAURsz9vx5mIv8DAABAYcTc/8kwk5Lkf/1//X/9f/1//f/m69f/70/6/+35/v8O9P/1//X/9f/pql7r/8fc/2SYSUnyPwAAAJRBzP2/EWYi/wMAAEBhxNz/m2EmMf8v8P9lBwAAAHpXzP2/FWZSkr//6/8Xs/8fe8n6//r/zdav/6//X2T6/+3p/3eg/6//r/+v/09X9Vr/P+b+3w4zKUn+BwAAgDKIuf+pMBP5HwAAAAoj5v4DYSbyPwAAABRGzP0Hw0xKkv/1/4vZ//f9/wXo///xxn/6wfc+dnCb/r/+v/7/ouj/t6f/34H+v/6//r/+P13Va/3/mPsPhZmUJP8DAABAGcTc/zthJvI/AAAAFEbM/YfDTOR/AAAAKIyY+yfDTEqS//X/9f/1/3u0/+/7/5Oe7v+f1//vNfr/7en/d6D/r/+v/6//T1ctuv8/2vKqutL/j7l/KsykJPkfAAAAyiDm/iNhJvI/AAAAFEbM/UfDTOR/AAAAKIyY+58OMylJ/tf/1//X/9f/1/9vvn7f/9+f9P/b0//vQP9f/1//X/+fruq17/+PuX86zKQk+R8AAADKIOb+T4WZyP8AAABQGDH3fzrMRP4HAACAwoi5/1iYSUnyv/6//n/h+v8jPdD///vmx4f+v/6//v/S0/9vT/+/A/1//X/9f/1/uqo7/f/ZrFv9/5j7j4eZlCT/AwAAQBnE3H8izET+BwAAgMKIuf9kmIn8DwAA/B9799GsWV3tcfx0XfrStxhcy4kDB058Ac6ZMLIKq3wFlkN1pKJgDmDOOUfMGVFQxJwTRhRzxoCiomJAxYHV3WutrnPO08/usLt77//6fAau0vb0foDTXfWr9usGhpG7/5K4pcn+1//r/4fr/73/X/+v/29N/7+d/n+C/l//r//X/zOrpb3/P3f/w+KWJvsfAAAAOsjd//C4xf4HAACAYeTuvzRusf8BAABgGLn7L4tbmux//b/+/9z1/wfO0//r//X/+v+5Ddv/7/2FcYr0/xP0/w36/+P/YtL/6/+Z39L6/9z9j4hbmux/AAAA6CB3/yPjFvsfAAAAhpG7/1Fxi/0PAAAAw8jd/+i4pcn+1//r/73/X/+v/9/8fP3/Og3b/8+kU/9/6U0XPOT26+5+/ck8X//fof8/c59f/6//Z7+l9f+5+x8TtzTZ/wAAANBB7v7Hxi32PwAAAAwjd//j4hb7HwAAAIaRu//xcUuT/a//1//r//X/+v/Nz9f/r5P+f7tO/f+pPF//r//X/+v/mdfS+v/c/U+IW5rsfwAAAOggd/8T4xb7HwAAAIaRu//yuMX+BwAAgGHk7r8ibmmy//X/+n/9v/5f/7/5+Q+68qG7wt1z2f8f/mH9/4lZUP9/UP+v/9f/6//1/5c9+JIHnq//b2xp/X/u/ifFrdNk/wMAAEAHufufHLfY/wAAADCM3P1PiVvsfwAAABhG7v6nxi1N9r/+X/+v/9f/6/83P9/7/9dpuv+/68Xbvt77/4P+X/+v/9f/e/8/M1ha/5+7/2lxS5P9DwAAAB3k7n963GL/AwAAwDBy9z8jbrH/AQAAYBi5+58ZtzTZ//r/M9P/Z6+o/9f/7+j/j31f6v/1/2fBgt7/f0rP1//r//X/6/38+n/9P/strf/P3f+suKXJ/gcAAIAOcvc/O26x/wEAAGAYufufE7fY/wAAADCM3P3PjVua7H/9v/f/6//1//r/zc/X/6+T/n87/f8E/b/+X/+v/2dWS+v/c/c/L25psv8BAACgg9z9z49b7H8AAAAYRu7+F8Qt9j8AAAAMI3f/C+OWJvt/jv7/Cv2//n/P59f/b/7+0P/r//X/Z57+fzv9/wT9v/5f/6//Z1ZL6/9z978obmmy/wEAAKCD3P0vjlvsfwAAABhG7v6XxC32PwAAAAwjd/9L45bJ/X/HzEXeubG7/z/g/f/6f/3/jv5f/3+U/n+d9P/b6f8n6P/1/4vo/6/W/zOMpfX/uftfFrf4838AAAAYRu7+l8ct9j8AAAAMI3f/K+IW+x8AAACGkbv/lXFLk/0/x/v/B+7/D+n/9f8t+v/DfwH6f/3/IObr/+/5//p//f/e/v/gnr8P+v/d9P/e/39C/f95Uz8TI1la/5+7/1VxS5P9DwAAAB3k7n913GL/AwAAwDBy978mbrH/AQAAYBi5+18btzTZ//p/7//X/y+z/7/c+/+L/l//fzK8/3+7U+r/d/T/3v+v/9f/e/8/p2Zp/X/u/tfFLU32PwAAAHSQu//1cYv9DwAAAMPI3X9l3GL/AwAAwDBy978hbmmy/2ft/w9/lf6/6P/1/3u/Pxb7/n/9/8bn6//XSf+/nff/T9D/6//1//p/ZrW0/j93/xvjlib7HwAAADrI3f+muMX+BwAAgGHk7n9z3GL/AwAAwDBy978lbmmy/73/f+ce+n/9v/5f/7/p+fr/ddL/b6f/n6D/1//r//X/zGpp/X/u/rfGLU32PwAAAHSQu/9tcYv9DwAAAMPI3f/2uMX+BwAAgGHk7n9H3NJk/+v/T/v9/0cSYP3/7s9/nP6//jbp/3f/9/X/R+n/9f9z0P9vp/+foP/X/+v/9f/Mamn9f+7+d8YtTfY/AAAAdJC7/11xi/0PAAAAw8jd/+64xf4HAACAYeTuf0/c0mT/6/9Pu/8/YrT+/3+iM/f+f/2//v/Yz6v/Xwf9/3b6/wn6f/2//l//z6yW1v/n7r8qbmmy/wEAAKCD3P3vjVvsfwAAABhG7v6r4xb7HwAAAIaRu/99cUuT/a//1/+fxff/6//PWf+fv3L1//r/8en/t9P/7+zsXLPlA+j/9f/6f/0/s1pa/5+7//1xS5P9DwAAAB3k7r8mbrH/AQAAYBi5+6+NW+x/AAAAGEbu/g/ELU32v/5f/6//79D/736+/l//P7Le/X/W8sen/5+g/9f/6//1/8xqaf1/7v4Pxi1N9j8AAAB0kLv/urjF/gcAAIBh5O7/UNxi/wMAAMAwcvdfH7c02f+7+v+MWvX/+v8z2P/feQr9/8H4Mf3/fP3/xRuer//X/4+gd/8/Tf8/4S5Hf0vQ/+v/9f/6f+axtP4/d/+H45aL9gxDAAAAYLVy9388bmny5/8AAADQwUeO/OuhnY/GLfY/AAAADCN3/8filib73/v/9f/e/9+z//f+f/3/qPT/2+n/J3j/v/5f/6//Z1ZL6/9z9/vf/wMAAMC4cvd/Im6x/wEAAGAYufs/GbfY/wAAADCM3P2filua7H/9v/5f/6//1/9vfr7+f530/9vp/yfo//X/+n/9P7NaWv+fu//TcUuT/Q8AAAAd5O7/TNxi/wMAAMAwcvd/Nm6x/wEAAGAYufs/F7c02f/6f/2//l//r//f/Hz9/zrp/7fT/0/Q/+v/9f/6f2a1tP4/d//n45Ym+x8AAAA6yN3/hbjF/gcAAIBh5O7/Ytxi/wMAAMAwcvd/KW5psv/1//p//b/+X/+/+fn6/3XS/2+n/5+g/9f/6//1/8xqaf1/7v4vxy1N9j8AAAB0kLv/hrjF/gcAAIBh5O7/Stxi/wMAAMAwcvd/NW5psv/1//p//f+o/f//Hff5+n/9/8iW0v9feOF9btT/6//1/yvp/+MbTf+v/2d+S+v/c/d/LW457vC7474n8JcJAAAALEju/q/HLU3+/B8AAAA6yN3/jbjF/gcAAIBh5O7/ZtzSZP/r//X/+v9R+//dz7+3/l//38RS+n/v/z+1z6//1/+v+fPr//X/7Le0/j93/41xS5P9DwAAAB3k7v9W3GL/AwAAwDBy9387brH/AQAAYBi5+2+KW5rsf/3/tv7/f/X/+v9h+v8d/b/+v4lV9/+H9P/6/3PZ/190Fvv5W2b4vPvkb8v6f/0/C7K0/j93/3filib7HwAAADrI3f/duMX+BwAAgGHk7v9e3GL/AwAAwDBy938/bmmy//X/3v+v/9f/6/83P1//v06r7v+9/1//7/3/q/78+n/9P/strf/P3f+DuKXJ/gcAAIAOcvf/MG6x/wEAAGAYuft/FLfY/wAAADCM3P0/jlua7H/9v/5f/6//1/9vfr7+f530/9vp/yfo//X/+n/9P7NaWv+fu/8ncUuT/Q8AAAAd5O7/adxi/wMAAMAwcvf/LG6x/wEAAGAYuft/Hrc02f/6f/2//l//r//f/Hz9/zqtq/8/uO8/0f/r//X/6/38+n/9P/strf/P3f+LuKXJ/gcAAIAOcvffHLfY/wAAADCM3P2/jFvsfwAAABhG7v5fxS1N9n/L/v+A/v8k+v+bbz36Q437/2P/dPX/+v+z0f8f0P+flnX1//vp//X/+v9lf/79/68dxwzf/5+3/eun+v+JL2dQS+v/c/f/Om5psv8BAACgg9z9v4lb7H8AAAAYRu7+W+IW+x8AAACGkbv/t3FLk/3fsv/3/n/v//f+f/3/gvt/7/8/Pfr/7c5l/3/bCTxW/6//X/PnH77/n+D9/2yytP4/d//v4pYm+x8AAAA6yN1/a9xi/wMAAMAwcvf/Pm6x/wEAAGAYufv/ELc02f/6f/2//l//r//f/Hz9/zrp/7fz/v8J+n/9v/5f/8+sltb/5+7/Y9zSZP8DAABAB7n7b4tb7H8AAAAYRu7+P8Ut9j8AAAAMI3f/n+OWJvtf/7+Q/j8+hP5f/6//P5n+/24XXHHD/R5w7VX6f47R/2+n/58wX/9//3vp//X/+n/9P2er/z90ov1/7v6/xC1N9j8AAAB0kLv/9rjF/gcAAIBh5O7/a9xi/wMAAMAwcvf/LW5psv/1/wvp/+Nr9P/6/0X3/+fv/nnPff/v/f/6//30/9vp/yecaP9/+DcO7//fR/+v/9f/s9dZ6v+P2/vv/fe5+/8etzTZ/wAAANBB7v5/xC32PwAAAAwjd/8dcYv9DwAAAMPI3f/PuKXJ/tf/6//1//r/9b7//4z1/0f+ker/10n/v53+f8J87//X/+v/9f/6fxbY/+fu/1fc0mT/AwAAQAe5+/8dt9j/AAAAMIzc/XfGLfY/AAAADCN3/3/ilib7X/+v/9f/6//1/5ufr/9fJ/3/dvr/Cfp//b/+X//PrJbW/+fu/28AAAD//wzZXOs=")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000004, 0x4031, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0xc0185879, &(0x7f0000000080)={@desc={0x4100, 0x0, @desc3}})

3m15.690588878s ago: executing program 5 (id=2902):
r0 = socket$inet6(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x1, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x8}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x21, &(0x7f0000000880)=0xfbf, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0xfffffefffbfbbfbe, &(0x7f0000000100)={0xa, 0x4e20, 0x8, @empty, 0x6}, 0x1c)

3m15.281096712s ago: executing program 5 (id=2907):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
mkdir(&(0x7f0000000000)='./control\x00', 0x0)
rmdir(&(0x7f00000003c0)='./control\x00')

3m14.991318573s ago: executing program 5 (id=2911):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000180), r1)
sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)={0x14, r2, 0x1, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x8000)

3m14.175453261s ago: executing program 5 (id=2921):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000001340)=ANY=[@ANYBLOB="1201100100000010435503000000000000010902240001000060a0090400fe090300000009210000000122290009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe6, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000636c77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b23819b4385cdceacc0da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e", 0x0, 0x24, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0})

3m13.745909015s ago: executing program 33 (id=2921):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000001340)=ANY=[@ANYBLOB="1201100100000010435503000000000000010902240001000060a0090400fe090300000009210000000122290009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xe6, 0x0, &(0x7f0000000100)="b9ff03316844268cb89e14f0080047e0ffff00124000636c77fbac14fe16e000030a07080403fe80000020006558845013f2325f1a3901050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b23819b4385cdceacc0da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e", 0x0, 0x24, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x371, {0x9}}}, &(0x7f0000000080)={0xffffffffffffffeb, 0x0, 0x0, 0x0, 0x0, 0x0})

7.096230056s ago: executing program 4 (id=4487):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000080)={'batadv_slave_1\x00', {0x2, 0x4e20, @remote}})
ioctl$sock_inet_SIOCSIFADDR(r0, 0x891c, &(0x7f0000000540)={'batadv_slave_1\x00', {0x2, 0x0, @private=0xfffffffe}})
ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x4e1e, @initdev={0xac, 0x1e, 0x0, 0x0}}})

6.819548726s ago: executing program 4 (id=4492):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0xff, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
fanotify_mark(0xffffffffffffffff, 0x10, 0x1008, 0xffffffffffffffff, 0x0)

5.028182707s ago: executing program 4 (id=4509):
syz_open_dev$dmmidi(&(0x7f00000000c0), 0x2, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.981252483s ago: executing program 4 (id=4516):
unshare(0x62040200)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0x1, 0x120d, &(0x7f0000001280)="$eJzs3M+LG2UYB/Bnd2u3bt0faq22IL7oRS9Ddw9e9BJkC9KA0jZCKwhTN9GwYxIyYSEiVk+eBP8OEUTwJog3vezF/0DwthdvVhBHNqlto6k0omYpn88lDzzzTZ43IYEJ78zBi5+8s9sqs1Y+iMWFhVjsRaQbKVIsxh8+iOde+Pa7Jy9duXqhVq9vX0zpfO3y5vMppbWnvn79vc+e/mZw8rUv175ajv2NNw5+2vpx//T+mYPfLr/dLlO7TJ3uIOXpWrc7yK8VzbTTLnezlF4tmnnZTO1O2exP9FtFt9cbpryzs7rS6zfLMuWdpZuTpEF/mPK38nYnZVmWVleC2R27VTU+vVFVVURVPRDHo6qq6sFYiZPxUKzGWqzHRjwcj8SjcSoei9PxeDwRX/zw+fAwAQAAAAAAAAAAAAAAAAAAAPx7Zr3+/8zoqHlPDQAAAAAAAAAAAAAAAAAAAPeXS1euXqjV69sXUzoRUXy019hrjB/H/Vor2lFEM87Fevwao6v/x8b1+Zfr2+fSyEZ8WFy/mb++11iazG+ObicwNb85zqfJ/HKs3JnfivU4NT2/NTV/Ip595o58Fuvx/ZvRjSJ24jB7O//+ZkovvVL/U/7s6DgAAAC4H2Tplqnn71l2t/44P8P/AxPn14fZs8fmunQiohy+u5sXRbOvOPLF8fmO8UtVVf/VSywdgbf3b4u7f1OWI+Jenufnaa2FiDgaC/xLMe9fJv4Ptz/0eU8CAAAAAAAAAADALP7pDsGPx9vD72nn47zXCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Ds7cCwAAAAAIMzfOo2ODQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACArwIAAP//GgHNcg==")
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd23, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x0, 0x11223}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x29, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_SPORT={0x6, 0x10, 0x4e21}, @IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000011}, 0x44040)

3.971802573s ago: executing program 6 (id=4517):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x40, 0x972, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
timerfd_create(0x9, 0x0)

3.008557926s ago: executing program 4 (id=4521):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f00000003c0)={[{@memory_low}, {@background_gc_off}, {@noquota}, {@inline_dentry}, {@data_flush}, {@discard_unit_segment}, {@noinline_xattr}, {@discard}, {@checkpoint_diasble}, {@user_xattr}, {@resgid}, {@noinline_xattr}, {@jqfmt_vfsv1}, {@noflush_merge}]}, 0xff, 0x5512, &(0x7f00000079c0)="$eJzs3EtvG1UUAODjpGnpgxIhFuw6UoWUSLVVpw/BrkArHiJVVGDBChzbsdzanih2nJAVC5aIBf8EgcSKJb+BBWt2iAWIHRLIcyfQ8JCQ4sSk+T5pfOZeX58516oqnZnIAZxai9kvP1XicpyPiPmIuBRRnFfKo3Anhecj4kpEzD12VMr5PybORsSFiLg8SZ5yVsq3Prs2vnrrxzd//vrbc2cufv7Vd7PbNTBrL0REfzOd7/RTzDspPiznG+NuEfs3x2VMb/QfleM8xZ32epFhp7G/rlHEG520Pt/cHk7iRq/RnMROd6OY3xykCw7Hnf08xQceNraKcau9XsTuMC9iZy/VtbuX/m/bG45SnlaZ78MifYxG+zHNt3fbaT+bj4rYHIzK+ZQ3b7V3J3FcxvJy0cx7raKO9cN80/9vb3UH27vZuL017OaD7Fat/mKtfrta38pb7VH7ZrXRb92+mS11epNl1VG70b/TyfNOr11r5v3lbKnTbFbr9Wzpbnu92xhk9XrtRu169dZyeXYte+3+u1mvlS1N4ivdwfao2xtmG/lWlj6xnK3Ubry0nF2tZ2+vrmVrD+7dW1175/27791/efWNV8tFfysrW1q5vrJSrV+vrtSXT9H+Py6LnuL+4VAqsy4A4OTR/wOzcHT9/9aDiKPv/0P/PxUnqv897f3/EewfDkX/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwan2/8MXrxcliGl8s558up54tx5WImIuI3/7BfJw9kHO+zLPwL+sX/lLDN5UoMkyuca48LkTEnfL49Zmj/hYAAADgyfXlR1c+Td16elmcdUEcp3TTZu7SB1PKV4mIhcUfppRtbvLy3JSSFf++z8TulLIVN7DOTClZuuU2tWz/yfyB8NRjoZLC3LGWAwAAHIuDncDxdiEAAAAcp09mXQCzUYn9R5n7z4KLv7z/84Hg+QMjAAAA4ASqzLoAAAAA4MgV/b/f/wMAAIAnW/r9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB3du4mN20gjgPo3wYX6IeKqu57le7gGD1Cl11WHKCX4ABd0Cv0ApyB7HKECCLsCYEIRZE8NiF6TzLDGPNjxoLFzKABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3VSr+b/f3/60zdnu2snTGwAAAOCcTbWa10+mTf1DOv8pnfqS6kVElBFxbuw+iHcnmYOUUz1e//f4+upJG/5H1An7zxil431EfE/H3eeu7wIAAABcsdHzL68Xy1kzWm8epv20itehmbQpP/7IlFdERDW9zZRW7vO+Zgqrv9/D+JUprZ7AGmcKa6bchrnSXqT+uR9m7cZHRdEU5dm3HRqZre8AAECPBidFv6MQAAAA+vTz0g3gMop4WMo8LAWmPwyk5b3JSQ0AAAC4QsWlGwAAAAB0rh7/97T/3y73/n+T3HcDAAAA3qhm/z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC6tKlW8/ViOWubs921k6c3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9+zPOwqEQBiEwd71ncnc/7DSoKmpSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXM/r3FUcQDA38zsbH+ouEbZQ0QUPOjFbre1tTfxoAQP/glCSLc1duuPNgdbipiLN8m5F9GjiKDEW/+Hnlvopd562EMFz8qbnclO0oCr4swm+XzgzfvuY5j3fbMQ8p03CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCZvDOLs3joTeO0HLv3+NZa7O/v6aM7Ww+WY4tx0mTSB8NL9Q9Jv71EAAAAODqyqr4PITzMt1din/aK+j+vzok1/3fPTOOqnt9b91d9VfvH9usvj17Ymag3nSde9NL6eHT6yVQ6/98qF9uzf3tGp7jzxbOXrPhC0vc3n5/kx+P9TL65e/fdbnFrjzWRLQDwb5yq+jKofh+K/bDNxAA4Mjq1wruq/7NeuzkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANGGyGZ6q4iSEsNyZxdH9x7fW9uvvbD1Yrtr527e3wleza8ZL5CGES+vj0elGV7PYrt+4eWV1PB5daz54OYTQ1uxvl8u/8uEcJ4eweyQLe0cEixyk5Ze9KPkcjKDFH0oAABxKedliXf8w316JY8lSCH9+v7v+f60Whznr/0cfnb9Xn6te/w8bW+HiG2xc/Wxw/cbNN9avrl4eXR598uaZ4VvDsxfOnbswKJ6VDDwxAQAA4L/plq1e/6dLT+7/n6zFYc76//Nvh1/W58rU//uabfq1nQkAAMDR9twrf/ye7DOedLvhi9WNjWvD6XHn85npsYVU/7FjZavX/9lS21kBAAAATZhsJrv2/y/W4jDn/v/TP7z4U/2aWQjhRLn/f2rt0/HF5paz0Jr4c+K21wgAAEC7TpStvv+fF+//pzuvPKQhhNdfncblvwGcq/7P3vv6x/pc9ff/zza3xIWU9qf3o+j7IXT6bWcEAADAYXa8bLHY/y3fXvn455MfdL3/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANC0vwIAAP//PJY89w==")
open(&(0x7f0000000040)='./file2\x00', 0x80242, 0x24)
setresuid(0x0, 0xee00, 0x0)
lsetxattr(&(0x7f0000002800)='./file2\x00', &(0x7f0000002840)=@known='system.advise\x00', 0x0, 0x0, 0x0)

2.778832994s ago: executing program 6 (id=4522):
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000004000)={0x0, 0x0, &(0x7f0000003f00)=[{&(0x7f0000000180)=ANY=[], 0x114}], 0x1}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000140)=[{0x20, 0x4, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff024}, {0x6, 0x0, 0x4, 0x7}]}, 0x10)
sendmmsg(r0, &(0x7f0000001c00), 0x400000000000159, 0x40840)

2.471399755s ago: executing program 6 (id=4523):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x3214, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0x4004550a, 0x0)

2.02626725s ago: executing program 1 (id=4524):
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x94, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x64, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0x1}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x0, [0x8, 0x4], [0xfffd]}}]}}]}, 0x94}, 0x1, 0x7a00, 0x0, 0x4c8c1}, 0x0)

1.783369348s ago: executing program 1 (id=4526):
r0 = semget$private(0x0, 0x4000000009, 0x42a)
semop(r0, &(0x7f00000002c0)=[{0x0, 0xff}, {0x0, 0x1f}, {0x4, 0x202}, {0x0, 0x8, 0x1000}, {0x0, 0xfff}], 0x26)
semop(r0, &(0x7f00000001c0)=[{0x3, 0x204}, {0x3, 0x0, 0x1000}], 0x2)
semctl$GETNCNT(r0, 0x0, 0xe, 0x0)

1.503314648s ago: executing program 6 (id=4529):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2={0xff, 0x3}}, 0x1c)
setsockopt$sock_linger(r0, 0x1, 0x3d, &(0x7f0000000080)={0x1}, 0x8)
sendmmsg$sock(r0, &(0x7f00000005c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000680)="643f0e91", 0x4}], 0x1, &(0x7f0000000200)=[@txtime={{0x18, 0x1, 0x3d, 0xdf}}], 0x18}}], 0x1, 0x40)

1.413716821s ago: executing program 2 (id=4530):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$UHID_CREATE(r0, &(0x7f0000000240)={0x0, {'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000040)=""/2, 0x2}}, 0x120)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0xf2de1000)
readv(r0, &(0x7f0000000140)=[{&(0x7f0000001580)=""/161, 0xa1}], 0x1)

1.311412915s ago: executing program 6 (id=4531):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)

1.223370368s ago: executing program 3 (id=4532):
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
recvmmsg(r0, &(0x7f0000001480)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000001c0)=[{0xfffffffffffffffd}], 0x1}}], 0x2, 0x20, 0x0)
r1 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000001540)={0x20000010})

1.112472701s ago: executing program 2 (id=4533):
r0 = socket$rxrpc(0x21, 0x2, 0xa)
sendto$rxrpc(r0, 0x0, 0x0, 0x44800, 0x0, 0x0)
r1 = socket$rxrpc(0x21, 0x2, 0xa)
bind$rxrpc(r1, &(0x7f0000000200)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x7, @empty, 0x40000000}}, 0x24)

1.040388374s ago: executing program 6 (id=4534):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000000c0)={&(0x7f0000000280)=[{0x1, 0x9001, 0x0, 0x0}], 0x1})

991.219315ms ago: executing program 4 (id=4535):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f00000007c0)='./file0\x00', 0x0, &(0x7f0000000a00)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@resgid}, {@barrier}, {@quota}, {@delalloc}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r0, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
fadvise64(r0, 0x7f, 0x0, 0x4)

897.608189ms ago: executing program 3 (id=4536):
accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000100))
mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x3000, 0x3, &(0x7f0000968000/0x3000)=nil)
mremap(&(0x7f00003fd000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f0000769000/0x1000)=nil)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

815.213342ms ago: executing program 1 (id=4537):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000037c0)={0x0, 0x0, &(0x7f0000003780)={&(0x7f0000000cc0)=@newtaction={0x84, 0x30, 0x12f, 0x0, 0x0, {0x0, 0x0, 0x1be}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001e80)=@newtaction={0x48, 0x31, 0x1, 0xfffffffd, 0x25dfdbfb, {0x0, 0x0, 0x11}, [{0x34, 0x1, [@m_police={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x3, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x8800}, 0x0)

790.231352ms ago: executing program 2 (id=4538):
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10)
sendto$inet(r0, 0x0, 0x0, 0x8004, &(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x10)
sendto$inet(r0, &(0x7f0000000080)="c70582e1aa96fa9085", 0x9, 0x800, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10)

608.971299ms ago: executing program 3 (id=4539):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000c00)=ANY=[], 0x1, 0x6e5, &(0x7f0000000680)="$eJzs3c1vHGcdB/DvrNeON1TBaRMaoSBMIhWkiMSJlUK4YBBCOVSoKoeercRprGySKnFRWiFwAcEJiUP/gILkGweExD0oXLiUW68+VkLiEnGIelk0s7P27nr9lvgloZ9PNZnnmeeZZ377m2dmvOtaG+AL6+q5NB+myNVzbzwo66srs+3VldkjdXM7SVluJM3uKsWdpHiUzJXtRd+SvvUGHy1eeevTx6ufdWvNeqn6j2213wgj+i7XS6br8aZH7jm+00Ms1+HlpSTX6vWgiZ2ONdCxTNrZeg2HrjOokc7ybnbfzXULPGd6T6ei+9zcYCo5mmSy/jkg9d2hcXAR7qlv9Aq7ussBAADAC+qTu4cdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALx4qu//b61VG91NyXSK3vf/T/S21eXn0NyOez7c1zgAAAAAAAAA4GB8/Ume5EGO9eqdovqd/5mqciKfd5Iv5b3cz0Lu5XweZD5LWcq9XEwy1TfQxIP5paV7F9f2LI3e89LIPS8d1CsGAAAAAAAAgP9Lv0pr/ff/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwPCiSse6qWk7U60yl0cx6W5aTfyWZOOx4d6EYtfHhwccBAAAAz2TyKfb58pM8yYMc69U7RfWe/yvV++XJvJc7WcpiltLOQq7X76HLd/2N1ZXZ9urK7O1yKeuD4/7gP7sKY6IeYayqjTryqapHKzeyWG05n2tVMNfT6B77bHKqF09fXH0+LGMqvl/bYWTNOq3lwf6w2acIe2Lwo4jGFj1b68ElaxmZqWMr9zzezUBRfVCTDGdi+OxsOFhzoDZVdRlfO9LFNNY++TmxDzk/Wq/L1/Pbfc35TvTnYi0TjVSZuNSbfeU1s3Umkm/+7c9v32zfuXXzxv1zh/uSdmFsk+3Dc2K2LxOvvtCZaO6y/0yViZNr9av5cX6ac5nOm7mXxfws81nKQjp1+3w9n8t/p7bO1NxA7c3tIpmoz0v3nO0kpun8qCrN50y177EspsjdXM9CXq/+u5SL+U4u53Ku9J3hk5vGXb226qpvDF/1vTP995HBn/1WXSjvbr9bv8vNbfWKN5ude6V77y/zerwvr91Z/3it1/G+62CmL0sv97IzPnLwp7k3Nr9aF8pj/Hqb58TBmqozUV5AvadEL7pXuploVs+ijfP8j51yv7TvdDo359/dZPzlofpr9bqcVitf2653z+hTsbfK+fJyJus7yeDsKNteWbvL9LV11udyt23wiVvud7JqK4relfqT3K0mwMYrdaL+GW7jSJeqtleH2k7X9/Cy7VRf28DPW7mbdq4fQP4AeBr/fHutOJWjE61/tz5pfdz6Tetm643JHx757pHTExn/x/j3mjNjrzVOF3/Nx/nF+vt/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6d1//4Nb8+32wr3RhcbmTQOFVoa3bDfyUKGov9BnVJ9b9bcU7GrAQy5MJhnYUn3P0YGH0RoOY0Oh88vkwPPT+xLB0X1+XxaaOzrdcwNb/rJxwA+3j2csQ/NwB9fFPhYaOdiDjmX0BDisOxJwUC4s3X73wv33P/j24u35dxbeWbgzfvnylZkrl1+fvXBjsb0w0/33sKME9sP6Q/+wIwEAAAAAAAAAAAB2atQfBpx5abs/GtlQaCQZ/hsP/2chAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsCeunkvzYYpcnDk/U9ZXV2bb5dIrr/dsJmk0kuLnSfEomUt3yVTfcEX+9CidEcf5aPHKW58+Xv1sfaxmt3/SqNeb27o1yXK9ZDrJWL1+BgPjXXvm8Yr/9l5DmbDPO53O3LPFB3vjfwEAAP//qWztYw==")
r0 = open(&(0x7f0000000200)='./file1\x00', 0x4a07e, 0xdc)
creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x9)
write$P9_RGETLOCK(r0, &(0x7f0000000040)={0x33, 0x37, 0x1, {0x2, 0xfffffffffffffffa, 0x46e1, 0x0, 0x15, '/dev/bus/usb/00#/00#\x00'}}, 0x33)

564.22339ms ago: executing program 2 (id=4540):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)

501.180792ms ago: executing program 1 (id=4541):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$NFT_MSG_GETSETELEM(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x44, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_KEY_END={0x8, 0xa, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x4}]}]}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000801}, 0x8000)

333.726608ms ago: executing program 2 (id=4542):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000c80)=[{{&(0x7f0000000980)={0xa, 0x4e21, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}, 0xa}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000022c0)='t', 0x1}], 0x1}}, {{&(0x7f0000000300)={0xa, 0x4e23, 0x1, @private1={0xfc, 0x1, '\x00', 0x1}, 0x18}, 0x1c, &(0x7f00000003c0)=[{&(0x7f00000004c0)="af", 0x1}], 0x1}}], 0x2, 0x40800)
shutdown(r0, 0x1)
getsockopt$bt_hci(r0, 0x84, 0x1, &(0x7f0000002300)=""/4113, &(0x7f00000000c0)=0x1011)

294.518559ms ago: executing program 3 (id=4543):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000240)=0x100, 0x4)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x4008084, &(0x7f0000000140)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x11}}, 0x10)

284.01913ms ago: executing program 1 (id=4544):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2c, r0, 0x1, 0x70bd2b, 0x25dfdc01, {{0xa}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0x10, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x1}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040000}, 0x8044)

85.251587ms ago: executing program 3 (id=4545):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f00000003c0)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x7f, 0x7f}, &(0x7f0000000040)=0x90)

75.894387ms ago: executing program 1 (id=4546):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x38, r1, 0x105, 0xffffffff, 0xa, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @crypto_settings=[@NL80211_ATTR_CIPHER_SUITES_PAIRWISE={0x10, 0x49, [0xfac08, 0xfac0d, 0xfac08]}]]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x4004050)

41.267218ms ago: executing program 2 (id=4547):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff})
io_setup(0x3ff, &(0x7f0000000500)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
io_cancel(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6, 0x200, 0xffffffffffffffff, 0x0, 0x0, 0x8dc3, 0x0, 0x3}, 0x0)

0s ago: executing program 3 (id=4548):
r0 = socket$kcm(0x29, 0x5, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff000)

kernel console output (not intermixed with test programs):

ass 2
[  455.518715][ T4909] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  455.572270][ T4909] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  455.676142][ T4909] usb 5-1: config 0 descriptor??
[  455.693926][ T4909] cp210x 5-1:0.0: cp210x converter detected
[  456.102089][ T4909] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32
[  456.146899][ T4909] usb 5-1: cp210x converter now attached to ttyUSB0
[  456.334757][ T4909] usb 5-1: USB disconnect, device number 20
[  456.377349][ T4909] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  456.429717][T13081] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3297'.
[  456.433879][T13080] netlink: 104 bytes leftover after parsing attributes in process `syz.2.3298'.
[  456.492192][ T4909] cp210x 5-1:0.0: device disconnected
[  456.929292][T13092] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3302'.
[  457.971472][T13127] loop6: detected capacity change from 0 to 1024
[  458.268142][   T11] hfsplus: b-tree write err: -5, ino 25
[  458.278119][   T11] hfsplus: b-tree write err: -5, ino 4
[  458.283849][   T11] hfsplus: b-tree write err: -5, ino 2
[  458.348218][   T11] hfsplus: b-tree write err: -5, ino 26
[  459.596954][ T4378] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  459.797191][ T4378] usb 4-1: Using ep0 maxpacket: 16
[  459.813893][ T4378] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  459.824329][T13136] loop1: detected capacity change from 0 to 40427
[  459.837113][T13172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3330'.
[  459.868134][ T4378] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  459.873712][T13168] loop4: detected capacity change from 0 to 4096
[  459.884681][T13136] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  459.906244][ T4378] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  459.918842][T13172] netlink: 60 bytes leftover after parsing attributes in process `syz.2.3330'.
[  459.929410][T13136] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  459.935657][ T4378] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.954925][T13172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3330'.
[  459.989110][ T4378] usb 4-1: Product: syz
[  459.993374][ T4378] usb 4-1: Manufacturer: syz
[  460.026395][ T4378] usb 4-1: SerialNumber: syz
[  460.048807][T13136] F2FS-fs (loop1): Found nat_bits in checkpoint
[  460.268431][ T4378] usb 4-1: 0:2 : does not exist
[  460.274307][T13136] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  460.318900][ T4378] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  460.327069][T13136] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  460.447628][ T4378] usb 4-1: USB disconnect, device number 25
[  460.546091][T13190] loop6: detected capacity change from 0 to 2048
[  460.655524][T13190] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  460.767696][ T4258] udevd[4258]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  460.799187][ T4280] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22.
[  460.822084][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  460.822104][   T26] audit: type=1800 audit(1775085172.443:132): pid=13194 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3333" name="file1" dev="loop6" ino=1415 res=0 errno=0
[  460.860722][ T4280] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  461.488921][T13212] loop4: detected capacity change from 0 to 16
[  461.568620][T13214] netlink: 148 bytes leftover after parsing attributes in process `syz.6.3342'.
[  461.577040][T13212] erofs: (device loop4): mounted with root inode @ nid 36.
[  462.751896][T13250] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3355'.
[  462.790523][T13210] loop1: detected capacity change from 0 to 32768
[  462.897086][T13210] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.3340 (13210)
[  463.017346][T13210] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  463.081765][T13210] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  463.132145][T13210] BTRFS info (device loop1): using free space tree
[  463.516057][T13210] BTRFS info (device loop1): enabling ssd optimizations
[  463.555602][T13273] loop4: detected capacity change from 0 to 4096
[  463.762465][T13296] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  464.270534][ T4274] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  464.486134][    C0] vkms_vblank_simulate: vblank timer overrun
[  464.735779][    C0] vkms_vblank_simulate: vblank timer overrun
[  465.086682][    C0] vkms_vblank_simulate: vblank timer overrun
[  465.956841][ T4909] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  466.130649][T13352] loop6: detected capacity change from 0 to 16
[  466.151173][ T4909] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  466.165796][T13352] erofs: (device loop6): mounted with root inode @ nid 36.
[  466.179127][ T4909] usb 5-1: config 0 has no interface number 0
[  466.204597][ T4909] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  466.244760][ T4909] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.271961][ T4909] usb 5-1: Product: syz
[  466.285304][ T4909] usb 5-1: Manufacturer: syz
[  466.302024][ T4909] usb 5-1: SerialNumber: syz
[  466.337896][ T4909] usb 5-1: config 0 descriptor??
[  466.555586][ T4909] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  466.581741][ T4909] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  466.639764][ T4909] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  466.668405][ T4909] usb 5-1: media controller created
[  466.755605][ T4909] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  467.402437][T13376] loop3: detected capacity change from 0 to 256
[  467.467109][T13376] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  467.535374][T13376] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  467.873757][ T4909] i2c i2c-1: ec100: i2c rd failed=-71 reg=33
[  467.982413][ T4909] usb 5-1: USB disconnect, device number 21
[  468.787341][T13325] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  468.849629][T13410] loop6: detected capacity change from 0 to 4096
[  468.953055][T13410] ntfs3: loop6: Mark volume as dirty due to NTFS errors
[  468.993417][T13325] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  469.025254][T13410] ntfs3: loop6: Failed to load $Extend.
[  469.032476][T13325] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  469.083891][T13325] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  469.144222][   T26] audit: type=1800 audit(1775085180.763:133): pid=13410 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.3401" name="file1" dev="loop6" ino=30 res=0 errno=0
[  469.188517][T13325] gspca_main: stv0680-2.14.0 probing 041e:4007
[  469.562280][T13426] loop4: detected capacity change from 0 to 128
[  470.085721][T13440] loop4: detected capacity change from 0 to 2048
[  470.153230][T13443] Falling back ldisc for ttyS3.
[  470.207154][T13440] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  470.245208][T13325] stv0680 2-1:4.0: Could not get descriptor 0200
[  470.309540][   T26] audit: type=1800 audit(1775085181.933:134): pid=13440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3410" name="file1" dev="loop4" ino=1415 res=0 errno=0
[  470.449115][T13325] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  470.472020][T13325] stv0680 2-1:4.0: last error: 2,  command = 0x22
[  470.505849][T13325] usb 2-1: USB disconnect, device number 23
[  471.814308][T13474] loop4: detected capacity change from 0 to 512
[  471.873699][T13474] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  471.928383][T13474] EXT4-fs (loop4): 1 truncate cleaned up
[  471.934127][T13474] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  471.961718][   T26] audit: type=1800 audit(1775085183.583:135): pid=13474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3426" name="file2" dev="loop4" ino=16 res=0 errno=0
[  472.071537][ T4280] EXT4-fs (loop4): unmounting filesystem.
[  472.138079][T13452] loop3: detected capacity change from 0 to 32768
[  472.215431][T13452] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  472.279218][T13452] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  472.351076][T13465] loop6: detected capacity change from 0 to 32768
[  472.356882][T13452] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  472.430116][T13491] program syz.1.3431 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  472.483531][T13325] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  472.521605][T13465] XFS (loop6): Mounting V5 Filesystem
[  472.525354][T13325] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  472.814619][T13325] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 289ms
[  472.863663][T13325] gfs2: fsid=syz:syz.0: jid=0: Done
[  472.886397][T13452] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  472.903094][T13465] XFS (loop6): Ending clean mount
[  473.073541][T12006] XFS (loop6): Unmounting Filesystem
[  473.473462][T13508] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3437'.
[  473.575858][T13452] gfs2: fsid=syz:syz.0: found 1 quota changes
[  473.923282][ T4277] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  473.923282][ T4277]   inode = 11 2339
[  473.923282][ T4277]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464
[  474.024792][ T4277] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  474.061847][ T4277] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:4277 [syz-executor] gfs2_quota_sync+0x32c/0x700
[  474.098007][ T4277] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  474.133671][ T4277] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  474.185770][ T4277] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  474.206994][ T4277] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  474.264103][ T4277] gfs2: fsid=syz:syz.0: File system withdrawn
[  474.294487][ T4277] CPU: 0 PID: 4277 Comm: syz-executor Not tainted syzkaller #0
[  474.302135][ T4277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  474.312337][ T4277] Call Trace:
[  474.315670][ T4277]  <TASK>
[  474.318721][ T4277]  dump_stack_lvl+0x188/0x24e
[  474.323563][ T4277]  ? kobject_uevent_env+0x35f/0x8a0
[  474.328903][ T4277]  ? show_regs_print_info+0x12/0x12
[  474.334188][ T4277]  ? load_image+0x400/0x400
[  474.338953][ T4277]  ? kobject_uevent_env+0x35f/0x8a0
[  474.344225][ T4277]  gfs2_withdraw+0xde6/0x15d0
[  474.349062][ T4277]  ? gfs2_lm+0x240/0x240
[  474.353366][ T4277]  ? gfs2_consist_inode_i+0xf1/0x110
[  474.358796][ T4277]  gfs2_inode_refresh+0xb64/0xfd0
[  474.364054][ T4277]  ? gfs2_inode_metasync+0xf0/0xf0
[  474.369217][ T4277]  ? gfs2_glock_nq+0xcf0/0x14e0
[  474.374121][ T4277]  gfs2_instantiate+0x15e/0x210
[  474.379109][ T4277]  gfs2_glock_wait+0x1d0/0x2a0
[  474.383927][ T4277]  do_sync+0x4bf/0xc40
[  474.388050][ T4277]  ? gfs2_quota_sync+0x32c/0x700
[  474.393056][ T4277]  ? slot_put+0x1e0/0x1e0
[  474.395073][T13504] loop1: detected capacity change from 0 to 32768
[  474.397430][ T4277]  ? gfs2_quota_sync+0x32c/0x700
[  474.397537][ T4277]  ? do_raw_spin_unlock+0x11d/0x230
[  474.397565][ T4277]  gfs2_quota_sync+0x32c/0x700
[  474.397599][ T4277]  gfs2_sync_fs+0x48/0xb0
[  474.423707][ T4277]  sync_filesystem+0xe6/0x220
[  474.428658][ T4277]  generic_shutdown_super+0x6b/0x340
[  474.434008][ T4277]  kill_block_super+0x7c/0xe0
[  474.438764][ T4277]  deactivate_locked_super+0x93/0xf0
[  474.444263][ T4277]  cleanup_mnt+0x42c/0x4b0
[  474.448738][ T4277]  ? lockdep_hardirqs_on+0x94/0x140
[  474.454044][ T4277]  task_work_run+0x1d0/0x260
[  474.459054][ T4277]  ? task_work_cancel+0x220/0x220
[  474.464498][ T4277]  ? exit_to_user_mode_loop+0x3b/0x110
[  474.470022][ T4277]  exit_to_user_mode_loop+0xe6/0x110
[  474.475379][ T4277]  exit_to_user_mode_prepare+0xee/0x180
[  474.481000][ T4277]  syscall_exit_to_user_mode+0x16/0x40
[  474.486522][ T4277]  do_syscall_64+0x58/0xa0
[  474.491000][ T4277]  ? clear_bhb_loop+0x60/0xb0
[  474.495720][ T4277]  ? clear_bhb_loop+0x60/0xb0
[  474.500437][ T4277]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  474.506463][ T4277] RIP: 0033:0x7f6d3b79da57
[  474.511031][ T4277] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  474.531057][ T4277] RSP: 002b:00007ffee23c5da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  474.539637][ T4277] RAX: 0000000000000000 RBX: 00007f6d3b832048 RCX: 00007f6d3b79da57
[  474.547761][ T4277] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee23c5e60
[  474.555792][ T4277] RBP: 00007ffee23c5e60 R08: 00007ffee23c6e60 R09: 00000000ffffffff
[  474.563827][ T4277] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee23c6ef0
[  474.572180][ T4277] R13: 00007f6d3b832048 R14: 0000000000073262 R15: 00007ffee23c6f30
[  474.580317][ T4277]  </TASK>
[  474.583584][    C0] vkms_vblank_simulate: vblank timer overrun
[  474.599377][T13512] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  474.619215][T13515] DRBG: could not allocate CTR cipher TFM handle: ctr(aes)
[  474.637687][ T4277] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[  474.737869][ T4277] CPU: 1 PID: 4277 Comm: syz-executor Not tainted syzkaller #0
[  474.745521][ T4277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  474.755636][ T4277] Call Trace:
[  474.758961][ T4277]  <TASK>
[  474.761924][ T4277]  dump_stack_lvl+0x188/0x24e
[  474.766766][ T4277]  ? gfs2_assert_warn_i+0xc3/0x2c0
[  474.771961][ T4277]  ? show_regs_print_info+0x12/0x12
[  474.777309][ T4277]  ? load_image+0x400/0x400
[  474.781878][ T4277]  ? do_raw_spin_unlock+0x11d/0x230
[  474.787138][ T4277]  gfs2_assert_warn_i+0x18f/0x2c0
[  474.792313][ T4277]  gfs2_quota_cleanup+0x4b4/0x6a0
[  474.797397][ T4277]  gfs2_put_super+0x22f/0x8c0
[  474.802132][ T4277]  ? gfs2_evict_inode+0x11d0/0x11d0
[  474.807829][ T4277]  generic_shutdown_super+0x130/0x340
[  474.813259][ T4277]  kill_block_super+0x7c/0xe0
[  474.817995][ T4277]  deactivate_locked_super+0x93/0xf0
[  474.823335][ T4277]  cleanup_mnt+0x42c/0x4b0
[  474.828037][ T4277]  ? lockdep_hardirqs_on+0x94/0x140
[  474.833382][ T4277]  task_work_run+0x1d0/0x260
[  474.838033][ T4277]  ? task_work_cancel+0x220/0x220
[  474.843213][ T4277]  ? exit_to_user_mode_loop+0x3b/0x110
[  474.848809][ T4277]  exit_to_user_mode_loop+0xe6/0x110
[  474.854229][ T4277]  exit_to_user_mode_prepare+0xee/0x180
[  474.859801][ T4277]  syscall_exit_to_user_mode+0x16/0x40
[  474.865275][ T4277]  do_syscall_64+0x58/0xa0
[  474.869709][ T4277]  ? clear_bhb_loop+0x60/0xb0
[  474.874411][ T4277]  ? clear_bhb_loop+0x60/0xb0
[  474.879109][ T4277]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  474.885451][ T4277] RIP: 0033:0x7f6d3b79da57
[  474.889878][ T4277] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  474.909978][ T4277] RSP: 002b:00007ffee23c5da8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  474.918407][ T4277] RAX: 0000000000000000 RBX: 00007f6d3b832048 RCX: 00007f6d3b79da57
[  474.926913][ T4277] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffee23c5e60
[  474.934904][ T4277] RBP: 00007ffee23c5e60 R08: 00007ffee23c6e60 R09: 00000000ffffffff
[  474.942981][ T4277] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffee23c6ef0
[  474.950968][ T4277] R13: 00007f6d3b832048 R14: 0000000000073262 R15: 00007ffee23c6f30
[  474.959142][ T4277]  </TASK>
[  474.989826][T13504] XFS (loop1): Mounting V5 Filesystem
[  475.140774][T13504] XFS (loop1): Ending clean mount
[  475.157653][T13504] XFS (loop1): Quotacheck needed: Please wait.
[  475.352375][T13504] XFS (loop1): Quotacheck: Done.
[  475.505666][ T4274] XFS (loop1): Unmounting Filesystem
[  475.668469][    C0] vkms_vblank_simulate: vblank timer overrun
[  475.721177][    C0] vkms_vblank_simulate: vblank timer overrun
[  475.776802][ T6296] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  475.864373][T13562] loop6: detected capacity change from 0 to 512
[  475.943466][T13562] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e002e028, mo2=0002]
[  475.954236][T13562] System zones: 0-2, 18-18, 34-34
[  475.968764][ T6296] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  475.983385][ T6296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.008501][ T6296] usb 4-1: config 0 descriptor??
[  476.025617][ T6296] cp210x 4-1:0.0: cp210x converter detected
[  476.057127][T13564] loop4: detected capacity change from 0 to 8192
[  476.071523][T13562] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 42 vs 41 free clusters
[  476.100391][T13564] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  476.113836][T13564] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[  476.137905][T13564] REISERFS (device loop4): using ordered data mode
[  476.155260][T13564] reiserfs: using flush barriers
[  476.192232][T13564] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 7, max trans age 7
[  476.208841][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.229511][T13564] REISERFS (device loop4): checking transaction log (loop4)
[  476.241866][T13562] EXT4-fs error (device loop6): ext4_do_update_inode:5268: inode #16: comm syz.6.3450: corrupted inode contents
[  476.262472][T13564] REISERFS (device loop4): Using r5 hash to sort names
[  476.272553][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.286253][T13564] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  476.301110][T13562] EXT4-fs error (device loop6): ext4_dirty_inode:6133: inode #16: comm syz.6.3450: mark_inode_dirty error
[  476.313633][T13564] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  476.323272][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.341709][T13562] EXT4-fs error (device loop6): ext4_do_update_inode:5268: inode #16: comm syz.6.3450: corrupted inode contents
[  476.383206][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.413307][T13562] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #16: comm syz.6.3450: mark_inode_dirty error
[  476.434604][T13564] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  476.454238][ T6296] usb 4-1: cp210x converter now attached to ttyUSB0
[  476.473215][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.493041][T13562] EXT4-fs error (device loop6): ext4_do_update_inode:5268: inode #16: comm syz.6.3450: corrupted inode contents
[  476.532736][T13564] REISERFS warning (device loop4): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block
[  476.567003][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.584386][T13562] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #16: comm syz.6.3450: mark_inode_dirty error
[  476.606542][T13564] overlayfs: upper fs needs to support d_type.
[  476.621035][T13574] loop1: detected capacity change from 0 to 2048
[  476.628342][T13564] overlayfs: upper fs does not support tmpfile.
[  476.634694][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.642185][T13562] EXT4-fs error (device loop6): ext4_do_update_inode:5268: inode #16: comm syz.6.3450: corrupted inode contents
[  476.666422][T13325] usb 4-1: USB disconnect, device number 26
[  476.667763][T13564] REISERFS warning (device loop4): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block
[  476.707026][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.716874][T13325] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  476.718813][T13574] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  476.725917][T13564] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  476.749863][T13562] EXT4-fs error (device loop6) in ext4_orphan_del:303: Corrupt filesystem
[  476.764674][T13564] REISERFS warning (device loop4): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block
[  476.772289][T13325] cp210x 4-1:0.0: device disconnected
[  476.805471][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.826746][T13562] EXT4-fs error (device loop6): ext4_do_update_inode:5268: inode #16: comm syz.6.3450: corrupted inode contents
[  476.879212][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.907744][   T26] audit: type=1800 audit(1775085188.533:136): pid=13574 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3446" name="file1" dev="loop1" ino=1415 res=0 errno=0
[  476.932765][T13562] EXT4-fs error (device loop6): ext4_truncate:4314: inode #16: comm syz.6.3450: mark_inode_dirty error
[  476.966185][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  476.968553][T13564] REISERFS warning (device loop4): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block
[  476.982998][T13562] EXT4-fs error (device loop6) in ext4_process_orphan:345: Corrupt filesystem
[  477.006371][T13562] EXT4-fs (loop6): Remounting filesystem read-only
[  477.015092][T13562] EXT4-fs (loop6): 1 truncate cleaned up
[  477.030138][ T4341] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  477.061330][T13562] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  477.071915][ T4341] EXT4-fs error (device loop6): ext4_release_dquot:6871: comm kworker/u4:7: Failed to release dquot type 1
[  477.077576][T13564] REISERFS warning (device loop4): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block
[  477.094950][T13562] ext4 filesystem being mounted at /94/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  477.128091][ T4341] EXT4-fs (loop6): Remounting filesystem read-only
[  477.381783][T13564] overlayfs: failed to set xattr on upper
[  477.389685][T13562] EXT4-fs warning (device loop6): ext4_empty_dir:3147: inode #12: comm syz.6.3450: directory missing '.'
[  477.418106][T13564] overlayfs: ...falling back to index=off,metacopy=off.
[  477.474595][T13579] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3455'.
[  477.549355][T12006] EXT4-fs (loop6): unmounting filesystem.
[  477.555615][T13579] block nbd0: Unsupported socket: should be TCP or UNIX.
[  477.567999][ T4341] Quota error (device loop6): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  477.597216][ T4341] EXT4-fs error (device loop6): ext4_release_dquot:6871: comm kworker/u4:7: Failed to release dquot type 1
[  477.611242][ T4280] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  477.647403][ T4341] EXT4-fs (loop6): Remounting filesystem read-only
[  477.690611][ T4280] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  478.073421][T13589] loop1: detected capacity change from 0 to 8192
[  478.246226][T13589] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 0)
[  478.270860][T13589] FAT-fs (loop1): Filesystem has been set read-only
[  478.447863][   T26] audit: type=1326 audit(1775085190.073:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13600 comm="syz.2.3465" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1d5859c819 code=0x0
[  478.501414][T13603] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3466'.
[  478.556940][T13603] netlink: 58 bytes leftover after parsing attributes in process `syz.3.3466'.
[  480.416948][ T6296] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  480.616733][ T6296] usb 2-1: Using ep0 maxpacket: 8
[  480.629447][ T6296] usb 2-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[  480.653260][ T6296] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  480.671906][ T6296] usb 2-1: Product: syz
[  480.676277][ T6296] usb 2-1: Manufacturer: syz
[  480.692173][ T6296] usb 2-1: SerialNumber: syz
[  481.327276][T13671] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3497'.
[  481.364625][ T6296] usb 2-1: clock source 0 is not valid, cannot use
[  481.372184][T13671] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3497'.
[  481.566264][ T6296] usb 2-1: 1:1: cannot get freq (v2/v3): err -71
[  481.579195][ T6296] usb 2-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  481.605002][ T6296] usb 2-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  481.624004][ T6296] usb 2-1: clock source 0 is not valid, cannot use
[  481.644269][ T6296] usb 2-1: 2:1: cannot get freq (v2/v3): err -71
[  481.666327][ T6296] usb 2-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  481.776796][ T6296] usb 2-1: USB disconnect, device number 24
[  481.790561][T13660] loop6: detected capacity change from 0 to 32768
[  481.908687][T13660] XFS (loop6): Mounting V5 Filesystem
[  481.991086][T13660] XFS (loop6): Ending clean mount
[  482.019824][T13660] XFS (loop6): Quotacheck needed: Please wait.
[  482.193542][T13660] XFS (loop6): Quotacheck: Done.
[  482.257256][T13660] XFS (loop6): User initiated shutdown received.
[  482.264411][T13660] XFS (loop6): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:499).  Shutting down filesystem.
[  482.343045][T13660] XFS (loop6): Please unmount the filesystem and rectify the problem(s)
[  482.452484][T13696] loop4: detected capacity change from 0 to 128
[  482.505887][T13696] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  482.542428][T12006] XFS (loop6): Unmounting Filesystem
[  482.586009][    C0] vkms_vblank_simulate: vblank timer overrun
[  482.605713][T13696] ext4 filesystem being mounted at /682/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  482.688865][T13703] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3505'.
[  482.917966][ T4280] EXT4-fs (loop4): unmounting filesystem.
[  483.783982][T13725] loop1: detected capacity change from 0 to 512
[  483.826882][ T6296] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  483.849918][T13725] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  483.867349][T13725] ext4 filesystem being mounted at /713/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  484.028995][ T6296] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  484.062711][ T6296] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  484.104938][ T6296] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00
[  484.121708][ T6296] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  484.143427][ T6296] usb 3-1: config 0 descriptor??
[  484.269431][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  484.317437][    C0] vkms_vblank_simulate: vblank timer overrun
[  484.585468][ T6296] cm6533_jd 0003:0D8C:0022.0029: item fetching failed at offset 3/5
[  484.605241][ T6296] cm6533_jd 0003:0D8C:0022.0029: parse failed
[  484.619728][ T6296] cm6533_jd: probe of 0003:0D8C:0022.0029 failed with error -22
[  484.801037][ T6210] usb 3-1: USB disconnect, device number 26
[  485.061161][T13743] loop6: detected capacity change from 0 to 256
[  485.111387][T13743] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0xdbae3f17, utbl_chksum : 0xe619d30d)
[  485.221310][T13735] loop1: detected capacity change from 0 to 32768
[  485.273520][T13737] loop3: detected capacity change from 0 to 32768
[  485.287047][T13735] XFS (loop1): Mounting V5 Filesystem
[  485.293226][T13737] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.3519 (13737)
[  485.314527][T13737] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  485.325290][T13737] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  485.367151][T13737] BTRFS info (device loop3): setting nodatasum
[  485.374019][T13737] BTRFS info (device loop3): force zlib compression, level 3
[  485.382113][T13737] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8)
[  485.392334][T13737] BTRFS info (device loop3): use lzo compression, level 0
[  485.400350][T13737] BTRFS info (device loop3): turning on flush-on-commit
[  485.407754][T13737] BTRFS info (device loop3): enabling auto defrag
[  485.414442][T13737] BTRFS info (device loop3): max_inline at 4096
[  485.421130][T13737] BTRFS info (device loop3): using free space tree
[  485.423071][T13735] XFS (loop1): Ending clean mount
[  485.531227][   T26] audit: type=1800 audit(1775085197.153:138): pid=13735 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3518" name="file1" dev="loop1" ino=6150 res=0 errno=0
[  485.565505][T13735] XFS (loop1): WARNING: Reset corrupted AGFL on AG 0. 1 blocks leaked. Please unmount and run xfs_repair.
[  485.630659][T13737] BTRFS info (device loop3): enabling ssd optimizations
[  485.905827][ T4274] XFS (loop1): Unmounting Filesystem
[  485.922148][T13735] syz.1.3518 (13735) used greatest stack depth: 20272 bytes left
[  486.017873][    C0] vkms_vblank_simulate: vblank timer overrun
[  486.100963][    C0] vkms_vblank_simulate: vblank timer overrun
[  486.417346][ T6296] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  486.638981][ T6296] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  486.652037][ T6296] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  486.670039][ T6296] usb 3-1: config 220 has an invalid descriptor of length 41, skipping remainder of the config
[  486.685498][ T6296] usb 3-1: config 220 has no interface number 2
[  486.713017][ T6296] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  486.746364][ T4277] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  486.766371][ T6296] usb 3-1: config 220 interface 0 has no altsetting 0
[  486.795033][ T6296] usb 3-1: config 220 interface 76 has no altsetting 0
[  486.801662][    C0] vkms_vblank_simulate: vblank timer overrun
[  486.826136][ T6296] usb 3-1: config 220 interface 1 has no altsetting 0
[  486.840052][ T6296] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  486.854474][ T6296] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  486.890220][ T6296] usb 3-1: Product: syz
[  486.932057][ T6296] usb 3-1: Manufacturer: syz
[  486.952519][ T6296] usb 3-1: SerialNumber: syz
[  486.966896][    C0] vkms_vblank_simulate: vblank timer overrun
[  487.052121][    C0] vkms_vblank_simulate: vblank timer overrun
[  487.200536][    C0] vkms_vblank_simulate: vblank timer overrun
[  487.225522][ T6296] usb 3-1: selecting invalid altsetting 0
[  487.267209][ T6296] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  487.274078][ T6296] usb 3-1: No valid video chain found.
[  487.284247][    C0] vkms_vblank_simulate: vblank timer overrun
[  487.315904][ T6296] usb 3-1: selecting invalid altsetting 0
[  487.329246][ T6296] usbtest: probe of 3-1:220.1 failed with error -22
[  487.378478][ T6296] usb 3-1: USB disconnect, device number 27
[  487.420528][    C0] vkms_vblank_simulate: vblank timer overrun
[  487.596513][T13802] program syz.6.3538 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  488.512021][T13822] loop4: detected capacity change from 0 to 256
[  488.586057][T13822] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  489.033848][T13831] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3550'.
[  489.087127][ T6210] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  489.132734][   T26] audit: type=1326 audit(1775085200.753:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13817 comm="syz.1.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9dd439c819 code=0x7ffc0000
[  489.155388][    C0] vkms_vblank_simulate: vblank timer overrun
[  489.171747][   T26] audit: type=1326 audit(1775085200.753:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13817 comm="syz.1.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9dd439c819 code=0x7ffc0000
[  489.239797][T13325] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  489.272367][   T26] audit: type=1326 audit(1775085200.753:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13817 comm="syz.1.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9dd439c819 code=0x7ffc0000
[  489.350713][ T6210] usb 7-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  489.388274][ T6210] usb 7-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  489.396541][ T6210] usb 7-1: Product: syz
[  489.427008][T13325] usb 5-1: Using ep0 maxpacket: 32
[  489.437525][T13325] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  489.463543][T13843] loop3: detected capacity change from 0 to 512
[  489.474458][   T26] audit: type=1326 audit(1775085200.763:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13817 comm="syz.1.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f9dd439c819 code=0x7ffc0000
[  489.497242][ T6210] usb 7-1: Manufacturer: syz
[  489.497272][ T6210] usb 7-1: SerialNumber: syz
[  489.498204][T13325] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.527506][ T6210] usb 7-1: config 0 descriptor??
[  489.542514][ T6210] ch341 7-1:0.0: ch341-uart converter detected
[  489.588209][T13325] usb 5-1: config 0 descriptor??
[  489.617763][   T26] audit: type=1326 audit(1775085200.763:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13817 comm="syz.1.3544" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f9dd439c819 code=0x7ffc0000
[  489.812504][T13325] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  489.837372][T13325] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  489.899771][T13325] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  489.926594][T13325] usb 5-1: media controller created
[  489.948873][ T4378] usb 2-1: new high-speed USB device number 25 using dummy_hcd
[  489.968747][T13849] pimreg: tun_chr_ioctl cmd 1074025677
[  489.974530][T13849] pimreg: linktype set to 805
[  489.998237][T13325] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  490.158720][ T4378] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  490.182044][T13325] DVB: Unable to find symbol dib7000p_attach()
[  490.191189][T13325] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  490.198981][ T4378] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  490.227339][ T4378] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  490.297632][ T4378] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  490.337695][ T4378] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  490.368147][ T4378] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  490.379424][ T6210] usb 7-1: failed to send control message: -71
[  490.385731][ T6210] ch341-uart: probe of ttyUSB0 failed with error -71
[  490.393971][T13854] loop3: detected capacity change from 0 to 1024
[  490.410636][ T4378] usb 2-1: Product: syz
[  490.451931][ T6210] usb 7-1: USB disconnect, device number 3
[  490.458235][ T4378] usb 2-1: Manufacturer: syz
[  490.462895][ T4378] usb 2-1: SerialNumber: syz
[  490.476486][ T6210] ch341 7-1:0.0: device disconnected
[  490.520916][ T4378] usb 2-1: config 0 descriptor??
[  490.576925][T13325] rc_core: IR keymap rc-dib0700-rc5 not found
[  490.586782][T13325] Registered IR keymap rc-empty
[  490.591949][T13325] dvb-usb: could not initialize remote control.
[  490.643045][T13325] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  490.695099][T13325] usb 5-1: USB disconnect, device number 22
[  490.772093][ T4378] adutux 2-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  490.813596][T13325] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  490.878128][ T6210] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  490.929127][T13864] loop3: detected capacity change from 0 to 2048
[  490.977710][T13864] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  491.006493][ T4378] usb 2-1: USB disconnect, device number 25
[  491.105908][ T6210] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[  491.120779][   T26] audit: type=1800 audit(1775085202.743:144): pid=13864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3561" name="file1" dev="loop3" ino=1415 res=0 errno=0
[  491.148106][ T6210] usb 3-1: config 0 has no interface number 0
[  491.154352][ T6210] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  491.237231][ T6210] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  491.307517][ T6210] usb 3-1: config 0 interface 255 has no altsetting 0
[  491.314600][ T6210] usb 3-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  491.367135][ T6210] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.401739][ T6210] usb 3-1: config 0 descriptor??
[  491.438345][ T6210] ums-realtek 3-1:0.255: USB Mass Storage device detected
[  491.668153][ T6210] usb 3-1: USB disconnect, device number 28
[  491.709112][T13881] program syz.1.3568 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  492.259743][T13869] loop6: detected capacity change from 0 to 32768
[  492.411241][T13869] XFS (loop6): Mounting V5 Filesystem
[  492.512121][T13869] XFS (loop6): Ending clean mount
[  492.528440][T13869] XFS (loop6): Quotacheck needed: Please wait.
[  492.740496][T13869] XFS (loop6): Quotacheck: Done.
[  492.884089][T12006] XFS (loop6): Unmounting Filesystem
[  494.036742][T11766] usb 2-1: new high-speed USB device number 26 using dummy_hcd
[  494.218792][T11766] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  494.256787][T11766] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  494.306865][T11766] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af
[  494.316012][T11766] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.382645][T11766] usb 2-1: config 0 descriptor??
[  494.822387][T11766] playstation 0003:054C:0DF2.002A: unknown main item tag 0x0
[  494.839708][T11766] playstation 0003:054C:0DF2.002A: unknown main item tag 0x0
[  494.850551][T11766] playstation 0003:054C:0DF2.002A: unknown main item tag 0x0
[  494.861659][T11766] playstation 0003:054C:0DF2.002A: unknown main item tag 0x0
[  494.870167][T11766] playstation 0003:054C:0DF2.002A: unknown main item tag 0x0
[  494.881306][T11766] playstation 0003:054C:0DF2.002A: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0
[  495.031559][T11766] playstation 0003:054C:0DF2.002A: Invalid reportID received, expected 9 got 0
[  495.041881][T11766] playstation 0003:054C:0DF2.002A: Failed to retrieve DualSense pairing info: -22
[  495.056769][ T6296] usb 4-1: new low-speed USB device number 27 using dummy_hcd
[  495.068661][T13977] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  495.078901][T13977] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  495.088018][T13977] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  495.097115][T13977] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  495.108754][T11766] playstation 0003:054C:0DF2.002A: Failed to get MAC address from DualSense
[  495.119426][T11766] playstation 0003:054C:0DF2.002A: Failed to create dualsense.
[  495.129636][T11766] playstation: probe of 0003:054C:0DF2.002A failed with error -22
[  495.141934][T13977] device vxlan0 entered promiscuous mode
[  495.252900][ T4378] usb 2-1: USB disconnect, device number 26
[  495.298635][ T6296] usb 4-1: config index 0 descriptor too short (expected 6427, got 27)
[  495.323362][ T6296] usb 4-1: config 0 has an invalid interface number: 21 but max is 0
[  495.342320][ T6296] usb 4-1: config 0 has no interface number 0
[  495.363115][ T6296] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  495.383600][T13979] fido_id[13979]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  495.417758][T13981] loop6: detected capacity change from 0 to 4096
[  495.423681][ T6296] usb 4-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  495.452773][ T6296] usb 4-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  495.479292][ T6296] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.519237][ T6296] usb 4-1: config 0 descriptor??
[  496.046216][T13987] loop6: detected capacity change from 0 to 2048
[  496.102239][T13987] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  496.115231][T13987] NILFS (loop6): mounting unchecked fs
[  496.143256][ T6296] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.21/input/input21
[  496.186833][ T6296] input: failed to attach handler kbd to device input21, error: -5
[  496.205243][T13987] NILFS (loop6): recovery complete
[  496.231510][T13992] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  496.277966][T13983] loop4: detected capacity change from 0 to 32768
[  496.302131][T13983] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.3599 (13983)
[  496.327111][ T6210] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  496.365118][T13983] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  496.379809][ T6296] usb 4-1: USB disconnect, device number 27
[  496.420472][T13983] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  496.451837][T13983] BTRFS info (device loop4): setting nodatasum
[  496.477118][T13983] BTRFS info (device loop4): force zlib compression, level 3
[  496.523539][T13983] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8)
[  496.536823][ T6210] usb 3-1: Using ep0 maxpacket: 8
[  496.550196][ T6210] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  496.581573][T13983] BTRFS info (device loop4): use lzo compression, level 0
[  496.606723][ T6210] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.614891][ T6210] usb 3-1: Product: syz
[  496.622041][T13983] BTRFS info (device loop4): turning on flush-on-commit
[  496.637368][ T6210] usb 3-1: Manufacturer: syz
[  496.642272][ T6210] usb 3-1: SerialNumber: syz
[  496.647460][T13983] BTRFS info (device loop4): enabling auto defrag
[  496.654005][T13983] BTRFS info (device loop4): max_inline at 4096
[  496.684391][T13983] BTRFS info (device loop4): using free space tree
[  496.704763][ T6210] usb 3-1: config 0 descriptor??
[  496.870847][T14002] loop1: detected capacity change from 0 to 4096
[  496.946873][ T6210] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  496.977612][T14016] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  497.047679][T13983] BTRFS info (device loop4): enabling ssd optimizations
[  497.187264][T14002] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 648518346341351424
[  497.216925][T14002] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=12)
[  497.335827][T14002] Remounting filesystem read-only
[  497.348652][T14002] NILFS (loop1): error -5 truncating bmap (ino=12)
[  497.576350][ T6210] dvb_usb_rtl28xxu: probe of 3-1:0.0 failed with error -71
[  497.598076][ T6210] usb 3-1: USB disconnect, device number 29
[  497.665189][ T4274] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer
[  497.722393][ T4280] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  497.885473][    C0] vkms_vblank_simulate: vblank timer overrun
[  497.951159][    C0] vkms_vblank_simulate: vblank timer overrun
[  498.018319][    C0] vkms_vblank_simulate: vblank timer overrun
[  498.086836][ T6296] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  498.201313][    C0] vkms_vblank_simulate: vblank timer overrun
[  498.277696][ T6296] usb 2-1: Using ep0 maxpacket: 8
[  498.288271][ T6296] usb 2-1: config 0 has an invalid interface number: 8 but max is 0
[  498.320832][ T6296] usb 2-1: config 0 has no interface number 0
[  498.355893][ T6296] usb 2-1: config 0 interface 8 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  498.422124][ T6296] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  498.448202][ T6296] usb 2-1: New USB device strings: Mfr=0, Product=128, SerialNumber=0
[  498.464534][ T6296] usb 2-1: Product: syz
[  498.471924][ T6296] usb 2-1: config 0 descriptor??
[  498.512893][ T6296] iowarrior 2-1:0.8: IOWarrior product=0x1512, serial= interface=8 now attached to iowarrior0
[  498.780532][ T6296] usb 2-1: USB disconnect, device number 27
[  498.786847][    C1] iowarrior 2-1:0.8: iowarrior_callback - usb_submit_urb failed with result -19
[  499.169344][T14053] loop3: detected capacity change from 0 to 4096
[  499.194056][T14053] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  499.369484][T14053] ntfs: volume version 3.1.
[  499.501026][T14060] netlink: 40 bytes leftover after parsing attributes in process `syz.6.3622'.
[  499.793503][T14062] loop4: detected capacity change from 0 to 4096
[  499.826368][T14071] loop1: detected capacity change from 0 to 1024
[  500.006174][T14072] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  500.115959][   T26] audit: type=1800 audit(1775085211.733:145): pid=14062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3623" name="file1" dev="loop4" ino=15 res=0 errno=0
[  500.875782][T14095] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3636'.
[  500.885730][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  500.892186][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  501.234645][    C0] vkms_vblank_simulate: vblank timer overrun
[  502.625862][T14122] loop3: detected capacity change from 0 to 40427
[  502.638655][T14122] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[  502.646770][T14122] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  502.667864][T14122] F2FS-fs (loop3): Found nat_bits in checkpoint
[  502.744218][T14122] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  502.766762][T14122] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  502.889972][ T4277] syz-executor: attempt to access beyond end of device
[  502.889972][ T4277] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  503.183276][T14151] loop4: detected capacity change from 0 to 256
[  503.298511][T14151] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d)
[  503.633242][ T6210] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  503.761292][T14161] loop6: detected capacity change from 0 to 8192
[  503.825662][T14161] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  503.849744][ T6210] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  503.855855][T14163] loop4: detected capacity change from 0 to 4096
[  503.861109][ T6210] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  503.877666][ T6210] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  503.892512][ T6210] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  503.907400][ T6210] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  503.913448][T14161] REISERFS (device loop6): found reiserfs format "3.6" with non-standard journal
[  503.926303][ T6210] usb 2-1: config 0 descriptor??
[  504.018311][T14161] REISERFS (device loop6): using journaled data mode
[  504.046671][T14161] reiserfs: using flush barriers
[  504.052284][T14171] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  504.101808][T14163] NILFS error (device loop4): nilfs_readdir: zero-length directory entry
[  504.127469][T14161] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  504.190089][T14163] Remounting filesystem read-only
[  504.227683][T14161] REISERFS (device loop6): checking transaction log (loop6)
[  504.267054][T14161] REISERFS (device loop6): Using r5 hash to sort names
[  504.274494][T14161] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  504.358469][T14161] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  504.370896][ T6210] microsoft 0003:045E:07DA.002B: ignoring exceeding usage max
[  504.399566][ T6210] microsoft 0003:045E:07DA.002B: unsupported Resolution Multiplier 0
[  504.442794][ T6210] microsoft 0003:045E:07DA.002B: implement() called with n (152) > 32! (kworker/0:17)
[  504.516737][ T6296] usb 3-1: new low-speed USB device number 30 using dummy_hcd
[  504.580782][ T6210] microsoft 0003:045E:07DA.002B: unsupported Resolution Multiplier 0
[  504.607111][ T6210] microsoft 0003:045E:07DA.002B: No inputs registered, leaving
[  504.643500][ T6210] microsoft 0003:045E:07DA.002B: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  504.706005][ T6210] microsoft 0003:045E:07DA.002B: no inputs found
[  504.711615][ T6296] usb 3-1: config index 0 descriptor too short (expected 6427, got 27)
[  504.727902][ T6296] usb 3-1: config 0 has an invalid interface number: 21 but max is 0
[  504.739526][ T6210] microsoft 0003:045E:07DA.002B: could not initialize ff, continuing anyway
[  504.751868][ T6296] usb 3-1: config 0 has no interface number 0
[  504.772278][ T6296] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 is Bulk; changing to Interrupt
[  504.788923][ T6210] usb 2-1: USB disconnect, device number 28
[  504.828061][ T6296] usb 3-1: config 0 interface 21 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  504.862822][ T6296] usb 3-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  504.892765][ T6296] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.922279][ T6296] usb 3-1: config 0 descriptor??
[  505.050085][T14180] fido_id[14180]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  505.291706][T14173] loop3: detected capacity change from 0 to 32768
[  505.321507][T14173] XFS: attr2 mount option is deprecated.
[  505.391436][T14173] XFS (loop3): Mounting V5 Filesystem
[  505.498664][T14198] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3678'.
[  505.507885][T14198] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3678'.
[  505.516989][T14198] netlink: 'syz.4.3678': attribute type 18 has an invalid length.
[  505.566016][T14173] XFS (loop3): Ending clean mount
[  505.588225][ T6296] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.21/input/input22
[  505.627214][T14173] XFS (loop3): Quotacheck needed: Please wait.
[  505.637019][ T6296] input: failed to attach handler kbd to device input22, error: -5
[  505.719272][T14201] loop6: detected capacity change from 0 to 2048
[  505.838718][T14173] XFS (loop3): Quotacheck: Done.
[  505.848024][ T4272] usb 3-1: USB disconnect, device number 30
[  505.864646][T14204] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  506.029963][ T4277] XFS (loop3): Unmounting Filesystem
[  506.044417][T14204] NILFS (loop6): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  506.116917][T14204] NILFS error (device loop6): nilfs_bmap_propagate: broken bmap (inode number=4)
[  506.183296][T14204] Remounting filesystem read-only
[  506.202363][T14206] NILFS (loop6): mounting fs with errors
[  506.258393][T14204] NILFS (loop6): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  506.294048][T14204] NILFS error (device loop6): nilfs_bmap_propagate: broken bmap (inode number=4)
[  506.317872][T14204] Remounting filesystem read-only
[  506.406846][T12006] NILFS (loop6): disposed unprocessed dirty file(s) when stopping log writer
[  506.524760][T14217] loop4: detected capacity change from 0 to 128
[  506.599132][T14217] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  506.647541][T14217] ext4 filesystem being mounted at /722/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  506.877408][ T4280] EXT4-fs (loop4): unmounting filesystem.
[  506.953839][T14228] loop6: detected capacity change from 0 to 1024
[  506.980404][T14209] loop1: detected capacity change from 0 to 32768
[  507.031594][T14209] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.3682 (14209)
[  507.096827][T14209] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  507.117507][T14209] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  507.155209][T14237] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3693'.
[  507.174922][T14209] BTRFS info (device loop1): setting nodatasum
[  507.195105][T14209] BTRFS info (device loop1): force zlib compression, level 3
[  507.224380][T14209] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_LZO (0x8)
[  507.269391][T14209] BTRFS info (device loop1): use lzo compression, level 0
[  507.285897][T14209] BTRFS info (device loop1): turning on flush-on-commit
[  507.355957][T14209] BTRFS info (device loop1): enabling auto defrag
[  507.370836][T14209] BTRFS info (device loop1): max_inline at 4096
[  507.385354][T14209] BTRFS info (device loop1): using free space tree
[  507.563982][T14209] BTRFS info (device loop1): enabling ssd optimizations
[  508.406732][ T4272] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  508.470424][ T4274] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  508.651124][ T4272] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  508.670334][ T4272] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  508.704296][ T4272] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  508.732246][T14275] loop6: detected capacity change from 0 to 128
[  508.760295][ T4272] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  508.801971][ T4272] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  508.858987][ T4272] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  508.880123][ T4272] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  508.899491][ T4272] usb 3-1: Product: syz
[  508.903741][ T4272] usb 3-1: Manufacturer: syz
[  508.950033][ T4272] cdc_wdm 3-1:1.0: skipping garbage
[  508.955326][ T4272] cdc_wdm 3-1:1.0: skipping garbage
[  509.006424][ T4272] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  509.016882][ T4272] cdc_wdm 3-1:1.0: Unknown control protocol
[  509.048744][    C0] vkms_vblank_simulate: vblank timer overrun
[  509.166900][    C0] vkms_vblank_simulate: vblank timer overrun
[  509.349320][ T8437] usb 3-1: USB disconnect, device number 31
[  509.520157][T14283] netlink: 26332 bytes leftover after parsing attributes in process `syz.4.3703'.
[  509.674757][T14284] loop6: detected capacity change from 0 to 4096
[  509.764739][T14288] loop3: detected capacity change from 0 to 256
[  509.798097][T14288] FAT-fs (loop3): Unrecognized mount option "" or missing value
[  509.853914][ T4262] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  510.044402][T14284] overlayfs: upper fs does not support tmpfile.
[  510.162206][T14284] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  510.206900][T14284] overlayfs: conflicting lowerdir path
[  511.673978][T14327] loop4: detected capacity change from 0 to 32768
[  511.694392][T14327] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  511.703569][T14327] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  511.747568][T14327] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  511.757137][T11766] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  511.763968][T11766] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  511.819778][T11766] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 55ms
[  511.828251][T11766] gfs2: fsid=syz:syz.0: jid=0: Done
[  511.837044][T14327] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  512.093147][T14327] gfs2: fsid=syz:syz.0: found 1 quota changes
[  512.149093][T14346] program syz.6.3729 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  512.433330][ T4280] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  512.433330][ T4280]   inode = 11 2339
[  512.433330][ T4280]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 464
[  512.541771][ T4280] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  512.611557][ T4280] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:4280 [syz-executor] gfs2_quota_sync+0x32c/0x700
[  512.664311][ T4280] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000200 s:0 p:0
[  512.706732][ T4280] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  512.734886][T14361] loop5: detected capacity change from 0 to 7
[  512.767200][ T4280] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  512.797229][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  512.806650][    C0] buffer_io_error: 9 callbacks suppressed
[  512.806666][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  512.851401][ T4280] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  512.874916][ T4280] gfs2: fsid=syz:syz.0: File system withdrawn
[  512.884611][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  512.893934][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  512.917468][ T4280] CPU: 0 PID: 4280 Comm: syz-executor Not tainted syzkaller #0
[  512.925103][ T4280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  512.935309][ T4280] Call Trace:
[  512.938749][ T4280]  <TASK>
[  512.941835][ T4280]  dump_stack_lvl+0x188/0x24e
[  512.946643][ T4280]  ? kobject_uevent_env+0x35f/0x8a0
[  512.951973][ T4280]  ? show_regs_print_info+0x12/0x12
[  512.957385][ T4280]  ? load_image+0x400/0x400
[  512.962091][ T4280]  ? kobject_uevent_env+0x35f/0x8a0
[  512.967399][ T4280]  gfs2_withdraw+0xde6/0x15d0
[  512.972194][ T4280]  ? gfs2_lm+0x240/0x240
[  512.976458][ T4280]  ? gfs2_consist_inode_i+0xf1/0x110
[  512.981763][ T4280]  gfs2_inode_refresh+0xb64/0xfd0
[  512.986863][ T4280]  ? gfs2_inode_metasync+0xf0/0xf0
[  512.992079][ T4280]  ? gfs2_glock_nq+0xcf0/0x14e0
[  512.997039][ T4280]  gfs2_instantiate+0x15e/0x210
[  513.001913][ T4280]  gfs2_glock_wait+0x1d0/0x2a0
[  513.006697][ T4280]  do_sync+0x4bf/0xc40
[  513.010811][ T4280]  ? gfs2_quota_sync+0x32c/0x700
[  513.015767][ T4280]  ? slot_put+0x1e0/0x1e0
[  513.020117][ T4280]  ? gfs2_quota_sync+0x32c/0x700
[  513.025073][ T4280]  ? do_raw_spin_unlock+0x11d/0x230
[  513.030305][ T4280]  gfs2_quota_sync+0x32c/0x700
[  513.035098][ T4280]  gfs2_sync_fs+0x48/0xb0
[  513.039823][ T4280]  sync_filesystem+0xe6/0x220
[  513.044645][ T4280]  generic_shutdown_super+0x6b/0x340
[  513.050236][ T4280]  kill_block_super+0x7c/0xe0
[  513.054962][ T4280]  deactivate_locked_super+0x93/0xf0
[  513.060262][ T4280]  cleanup_mnt+0x42c/0x4b0
[  513.064697][ T4280]  ? lockdep_hardirqs_on+0x94/0x140
[  513.069915][ T4280]  task_work_run+0x1d0/0x260
[  513.074524][ T4280]  ? task_work_cancel+0x220/0x220
[  513.079569][ T4280]  ? exit_to_user_mode_loop+0x3b/0x110
[  513.085049][ T4280]  exit_to_user_mode_loop+0xe6/0x110
[  513.090377][ T4280]  exit_to_user_mode_prepare+0xee/0x180
[  513.096117][ T4280]  syscall_exit_to_user_mode+0x16/0x40
[  513.101595][ T4280]  do_syscall_64+0x58/0xa0
[  513.106087][ T4280]  ? clear_bhb_loop+0x60/0xb0
[  513.110989][ T4280]  ? clear_bhb_loop+0x60/0xb0
[  513.115814][ T4280]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  513.121847][ T4280] RIP: 0033:0x7f1f06f9da57
[  513.126298][ T4280] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  513.146446][ T4280] RSP: 002b:00007ffd4d43bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  513.154967][ T4280] RAX: 0000000000000000 RBX: 00007f1f07032048 RCX: 00007f1f06f9da57
[  513.163495][ T4280] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd4d43bc70
[  513.171651][ T4280] RBP: 00007ffd4d43bc70 R08: 00007ffd4d43cc70 R09: 00000000ffffffff
[  513.179634][ T4280] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd4d43cd00
[  513.187615][ T4280] R13: 00007f1f07032048 R14: 000000000007d4cc R15: 00007ffd4d43cd40
[  513.195616][ T4280]  </TASK>
[  513.198909][    C0] vkms_vblank_simulate: vblank timer overrun
[  513.216776][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  513.226178][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  513.245551][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  513.254935][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  513.263651][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  513.273000][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  513.282162][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  513.291630][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  513.318763][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  513.328078][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  513.346733][T14361] ldm_validate_partition_table(): Disk read failed.
[  513.389465][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  513.398818][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  513.438426][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  513.447878][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  513.460777][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  513.474038][T14361] Dev loop5: unable to read RDB block 0
[  513.480495][T14361]  loop5: unable to read partition table
[  513.486509][T14361] loop5: partition table beyond EOD, truncated
[  513.535064][T14361] loop_reread_partitions: partition scan of loop5 (њљƒWхЁ™‰ќОУНИ*‹Ка	œым%ѕЋЕ4FLQkнŠ5) failed (rc=-5)
[  513.714909][ T4280] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485
[  513.750236][ T4280] CPU: 0 PID: 4280 Comm: syz-executor Not tainted syzkaller #0
[  513.757881][ T4280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  513.768340][ T4280] Call Trace:
[  513.771658][ T4280]  <TASK>
[  513.774638][ T4280]  dump_stack_lvl+0x188/0x24e
[  513.779380][ T4280]  ? gfs2_assert_warn_i+0xc3/0x2c0
[  513.784552][ T4280]  ? show_regs_print_info+0x12/0x12
[  513.789911][ T4280]  ? load_image+0x400/0x400
[  513.794473][ T4280]  ? do_raw_spin_unlock+0x11d/0x230
[  513.799732][ T4280]  gfs2_assert_warn_i+0x18f/0x2c0
[  513.804812][ T4280]  gfs2_quota_cleanup+0x4b4/0x6a0
[  513.809898][ T4280]  gfs2_put_super+0x22f/0x8c0
[  513.814623][ T4280]  ? gfs2_evict_inode+0x11d0/0x11d0
[  513.819966][ T4280]  generic_shutdown_super+0x130/0x340
[  513.825408][ T4280]  kill_block_super+0x7c/0xe0
[  513.830149][ T4280]  deactivate_locked_super+0x93/0xf0
[  513.835494][ T4280]  cleanup_mnt+0x42c/0x4b0
[  513.840139][ T4280]  ? lockdep_hardirqs_on+0x94/0x140
[  513.845576][ T4280]  task_work_run+0x1d0/0x260
[  513.850248][ T4280]  ? task_work_cancel+0x220/0x220
[  513.855359][ T4280]  ? exit_to_user_mode_loop+0x3b/0x110
[  513.860960][ T4280]  exit_to_user_mode_loop+0xe6/0x110
[  513.866587][ T4280]  exit_to_user_mode_prepare+0xee/0x180
[  513.872268][ T4280]  syscall_exit_to_user_mode+0x16/0x40
[  513.877870][ T4280]  do_syscall_64+0x58/0xa0
[  513.882582][ T4280]  ? clear_bhb_loop+0x60/0xb0
[  513.887302][ T4280]  ? clear_bhb_loop+0x60/0xb0
[  513.892045][ T4280]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  513.895388][T14384] loop3: detected capacity change from 0 to 512
[  513.897975][ T4280] RIP: 0033:0x7f1f06f9da57
[  513.898079][ T4280] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  513.911674][T14384] ext3: Unknown parameter 'permit_directio'
[  513.928586][ T4280] RSP: 002b:00007ffd4d43bbb8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  513.928626][ T4280] RAX: 0000000000000000 RBX: 00007f1f07032048 RCX: 00007f1f06f9da57
[  513.928640][ T4280] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd4d43bc70
[  513.928653][ T4280] RBP: 00007ffd4d43bc70 R08: 00007ffd4d43cc70 R09: 00000000ffffffff
[  513.928667][ T4280] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd4d43cd00
[  513.928681][ T4280] R13: 00007f1f07032048 R14: 000000000007d4cc R15: 00007ffd4d43cd40
[  513.928712][ T4280]  </TASK>
[  513.928866][    C0] vkms_vblank_simulate: vblank timer overrun
[  514.261073][T14384] bridge_slave_0: default FDB implementation only supports local addresses
[  514.502489][T14393] loop6: detected capacity change from 0 to 1024
[  514.534694][T14393] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  514.599661][T14398] netlink: 'syz.1.3752': attribute type 10 has an invalid length.
[  514.643878][T14393] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  514.666245][T14398] netlink: 55 bytes leftover after parsing attributes in process `syz.1.3752'.
[  514.685227][T14398] team0: Device virt_wifi0 failed to register rx_handler
[  514.783855][T14393] EXT4-fs error (device loop6): ext4_xattr_inode_iget:401: inode #11: comm syz.6.3750: missing EA_INODE flag
[  514.855542][T14393] EXT4-fs (loop6): Remounting filesystem read-only
[  514.917844][T14393] EXT4-fs error (device loop6): ext4_xattr_inode_iget:406: comm syz.6.3750: error while reading EA inode 11 err=-117
[  514.987287][T14393] EXT4-fs (loop6): Remounting filesystem read-only
[  515.153051][T12006] EXT4-fs (loop6): unmounting filesystem.
[  515.947295][   T26] audit: type=1326 audit(1775085227.573:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14429 comm="syz.6.3765" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fafba39c819 code=0x0
[  516.613992][T14454] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3774'.
[  516.661743][T14454] netem: change failed
[  516.733993][T14455] loop1: detected capacity change from 0 to 2048
[  516.841063][T14462] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  516.892958][T14455] NILFS error (device loop1): nilfs_readdir: zero-length directory entry
[  516.983902][T14455] Remounting filesystem read-only
[  517.427568][T14472] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.3783'.
[  517.459564][T14472] netlink: 1034 bytes leftover after parsing attributes in process `syz.2.3783'.
[  517.910531][T14488] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  518.197944][T14493] loop4: detected capacity change from 0 to 256
[  518.342075][T14493] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  518.576904][T13325] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  518.782519][T13325] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  518.805034][T13325] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  518.842823][T13325] usb 4-1: config 0 descriptor??
[  518.873964][T13325] cp210x 4-1:0.0: cp210x converter detected
[  519.268584][T13325] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32
[  519.294730][T13325] usb 4-1: cp210x converter now attached to ttyUSB0
[  519.524249][ T6296] usb 4-1: USB disconnect, device number 28
[  519.575824][ T6296] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  519.641870][ T6296] cp210x 4-1:0.0: device disconnected
[  520.052509][T14534] overlayfs: failed to resolve './file0': -2
[  520.208727][T14546] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3813'.
[  520.327300][T14548] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3814'.
[  521.103423][T14542] loop1: detected capacity change from 0 to 40427
[  521.132219][T14569] loop4: detected capacity change from 0 to 4096
[  521.154959][T14569] EXT4-fs (loop4): Test dummy encryption mode enabled
[  521.165668][T14542] F2FS-fs (loop1): invalid crc value
[  521.192165][T14542] F2FS-fs (loop1): Found nat_bits in checkpoint
[  521.313498][T14569] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  521.479022][T14542] F2FS-fs (loop1): Cannot turn on quotas: -2 on 0
[  521.496433][T14542] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1
[  521.531949][T14542] F2FS-fs (loop1): Start checkpoint disabled!
[  521.572044][T14542] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  522.133485][T14569] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  522.240506][T14598] loop6: detected capacity change from 0 to 128
[  522.291590][T14598] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  522.357234][T14598] ext4 filesystem being mounted at /179/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  522.419421][ T4280] EXT4-fs (loop4): unmounting filesystem.
[  522.461796][T14598] fscrypt (loop6, inode 12): Can't use IV_INO_LBLK_32 policy on filesystem 'loop6' because it doesn't have stable inode numbers
[  522.690412][T12006] EXT4-fs (loop6): unmounting filesystem.
[  522.734331][    C0] vkms_vblank_simulate: vblank timer overrun
[  523.286978][ T4378] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[  523.312356][T14623] Bluetooth: MGMT ver 1.22
[  523.486977][ T4378] usb 3-1: Using ep0 maxpacket: 16
[  523.499314][ T4378] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  523.539914][ T4378] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  523.570283][ T4378] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  523.623524][ T4378] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  523.643141][ T4378] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  523.676230][ T4378] usb 3-1: config 0 descriptor??
[  523.683413][T14636] device veth0_virt_wifi entered promiscuous mode
[  523.913776][T14613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  523.946196][T14613] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.103556][T14646] loop1: detected capacity change from 0 to 64
[  524.200703][ T4378] hid-generic 0003:0955:7214.002C: unknown main item tag 0x0
[  524.226718][ T4378] hid-generic 0003:0955:7214.002C: unknown main item tag 0x4
[  524.271044][ T4378] hid-generic 0003:0955:7214.002C: hidraw0: USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.2-1/input0
[  524.458275][ T4913] usb 3-1: USB disconnect, device number 32
[  524.619253][T14638] loop3: detected capacity change from 0 to 32768
[  524.635909][T14655] device team_slave_0 entered promiscuous mode
[  524.643535][T14655] device team_slave_1 entered promiscuous mode
[  524.660216][T14655] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  524.679529][T14649] fido_id[14649]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  524.748216][T14638] XFS (loop3): Mounting V5 Filesystem
[  524.856411][T14638] XFS (loop3): Ending clean mount
[  524.903200][T14638] XFS (loop3): Quotacheck needed: Please wait.
[  525.078496][T14638] XFS (loop3): Quotacheck: Done.
[  525.354138][ T4277] XFS (loop3): Unmounting Filesystem
[  525.514978][    C0] vkms_vblank_simulate: vblank timer overrun
[  525.607427][T14679] loop6: detected capacity change from 0 to 1024
[  525.917764][    C0] vkms_vblank_simulate: vblank timer overrun
[  526.075070][T14690] loop6: detected capacity change from 0 to 64
[  527.515575][T14724] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3886'.
[  527.844286][T14707] loop6: detected capacity change from 0 to 32768
[  527.925352][T14710] loop1: detected capacity change from 0 to 32768
[  527.975116][T14710] XFS (loop1): Mounting V5 Filesystem
[  527.983163][T14707] XFS (loop6): Mounting V5 Filesystem
[  528.045071][T14742] loop3: detected capacity change from 0 to 64
[  528.187949][T14710] XFS (loop1): Ending clean mount
[  528.195062][T14707] XFS (loop6): Ending clean mount
[  528.203767][T14707] XFS (loop6): Quotacheck needed: Please wait.
[  528.233902][T14710] XFS (loop1): Quotacheck needed: Please wait.
[  528.381945][T14707] XFS (loop6): Quotacheck: Done.
[  528.454399][T14710] XFS (loop1): Quotacheck: Done.
[  528.600281][T12006] XFS (loop6): Unmounting Filesystem
[  528.775131][T14728] loop4: detected capacity change from 0 to 32768
[  528.802394][T14728] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 scanned by syz.4.3888 (14728)
[  528.878489][ T4274] XFS (loop1): Unmounting Filesystem
[  528.910179][T14728] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  528.962223][T14728] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  529.013257][T14728] BTRFS info (device loop4): using free space tree
[  529.316242][    C0] vkms_vblank_simulate: vblank timer overrun
[  529.539531][T14728] BTRFS info (device loop4): enabling ssd optimizations
[  529.628960][   T26] audit: type=1800 audit(1775085241.253:147): pid=14728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3888" name="file1" dev="loop4" ino=260 res=0 errno=0
[  529.815470][    C0] vkms_vblank_simulate: vblank timer overrun
[  529.874468][ T4280] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  529.875573][T14748] loop3: detected capacity change from 0 to 40427
[  529.979479][T14748] F2FS-fs (loop3): invalid crc value
[  530.018544][T14748] F2FS-fs (loop3): Found nat_bits in checkpoint
[  530.264988][T14748] F2FS-fs (loop3): Cannot turn on quotas: -2 on 0
[  530.282154][T14748] F2FS-fs (loop3): Cannot turn on quotas: -2 on 1
[  530.377083][T14748] F2FS-fs (loop3): Start checkpoint disabled!
[  530.461012][T14748] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  531.233227][T14806] program syz.3.3901 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  532.390167][T14815] loop3: detected capacity change from 0 to 32768
[  532.436070][T14815] 
[  532.436070][T14815]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  532.436070][T14815] 
[  532.603624][T14842] loop4: detected capacity change from 0 to 512
[  532.625064][ T9772] ERROR: (device loop3): diWrite: ixpxd invalid
[  532.625064][ T9772] 
[  532.671930][ T9772] ERROR: (device loop3): txCommit: 
[  532.671930][ T9772] 
[  532.694590][ T9772] jfs_write_inode: jfs_commit_inode failed!
[  532.707846][ T4277] 
[  532.707846][ T4277]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  532.707846][ T4277] 
[  532.749310][ T4277] 
[  532.749310][ T4277]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  532.749310][ T4277] 
[  532.820277][T14842] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  532.837304][T14842] ext4 filesystem being mounted at /771/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[  533.138189][ T4280] EXT4-fs (loop4): unmounting filesystem.
[  533.676761][ T4270] Bluetooth: hci0: command 0x0406 tx timeout
[  534.175757][T14882] program syz.6.3933 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  534.213497][ T4913] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  534.303823][   T26] audit: type=1326 audit(1775085245.923:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14888 comm="syz.6.3938" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fafba39c819 code=0x0
[  534.429696][ T4913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  534.441593][ T4913] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  534.476996][ T4913] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  534.515452][ T4913] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  534.540433][ T4913] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  534.568658][ T4913] usb 3-1: config 0 descriptor??
[  534.920903][T14907] loop1: detected capacity change from 0 to 4096
[  534.996421][T14912] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  535.004054][ T4913] plantronics 0003:047F:FFFF.002D: unbalanced collection at end of report description
[  535.046133][ T4913] plantronics 0003:047F:FFFF.002D: parse failed
[  535.054157][ T4913] plantronics: probe of 0003:047F:FFFF.002D failed with error -22
[  535.259053][ T8437] usb 3-1: USB disconnect, device number 33
[  535.417945][    C0] vkms_vblank_simulate: vblank timer overrun
[  535.579398][T14925] loop4: detected capacity change from 0 to 64
[  536.253950][T14914] loop3: detected capacity change from 0 to 32768
[  536.401763][T14914] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  536.424441][T14914] XFS (loop3): Mounting V5 Filesystem
[  536.548583][T14914] XFS (loop3): Ending clean mount
[  536.558694][T14914] XFS (loop3): Quotacheck needed: Please wait.
[  536.641141][ T4913] XFS (loop3): Metadata CRC error detected at xfs_allocbt_read_verify+0x3a/0xd0, xfs_cntbt block 0x10 
[  536.672750][ T4913] XFS (loop3): Unmount and run xfs_repair
[  536.692830][ T4913] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  536.720183][ T4913] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  536.746930][ T4913] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10  ................
[  536.766119][ T4913] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  536.795794][ T4913] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02  .... ......N....
[  536.819639][ T4913] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  536.834166][ T4913] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00  ................
[  536.843749][ T4913] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  536.853316][ T4913] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  536.863305][ T4332] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x10 len 8 error 74
[  536.904046][T14914] XFS (loop3): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  537.016531][ T4913] XFS (loop3): Metadata CRC error detected at xfs_allocbt_read_verify+0x3a/0xd0, xfs_cntbt block 0x10 
[  537.037527][ T4913] XFS (loop3): Unmount and run xfs_repair
[  537.045971][ T4913] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  537.070269][ T4913] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  537.106677][ T4913] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10  ................
[  537.142755][ T4913] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  537.178537][ T4913] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02  .... ......N....
[  537.198105][ T4913] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  537.207573][T14952] loop6: detected capacity change from 0 to 4096
[  537.214132][ T4913] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00  ................
[  537.241429][ T4913] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  537.264983][ T4913] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  537.316789][T14914] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x10 len 8 error 74
[  537.331557][T14955] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  537.417092][T14914] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x54f/0x9c0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  537.452865][T14914] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  537.471700][T14957] loop4: detected capacity change from 0 to 2048
[  537.663053][ T4277] XFS (loop3): Unmounting Filesystem
[  538.406906][ T4270] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  538.515961][    C0] vkms_vblank_simulate: vblank timer overrun
[  538.943672][T14988] netlink: 200 bytes leftover after parsing attributes in process `syz.2.3974'.
[  539.188052][T14930] syz.1.3954 (14930) used greatest stack depth: 19728 bytes left
[  539.423924][   T26] audit: type=1326 audit(1775085251.043:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14998 comm="syz.4.3979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f06f9c819 code=0x7ffc0000
[  539.505638][   T26] audit: type=1326 audit(1775085251.043:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14998 comm="syz.4.3979" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f1f06f9c819 code=0x7ffc0000
[  539.530427][   T26] audit: type=1326 audit(1775085251.043:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14998 comm=98D9E98622158B30828785925E45C2 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f06f9c819 code=0x7ffc0000
[  539.571767][   T26] audit: type=1326 audit(1775085251.043:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14998 comm=98D9E98622158B30828785925E45C2 exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7f1f06f9c819 code=0x7ffc0000
[  539.575198][T15002] loop4: detected capacity change from 0 to 256
[  539.626883][   T26] audit: type=1326 audit(1775085251.043:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14998 comm=98D9E98622158B30828785925E45C2 exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f06f9c819 code=0x7ffc0000
[  539.651216][    C0] vkms_vblank_simulate: vblank timer overrun
[  539.686333][T15002] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  540.386482][T15023] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3989'.
[  542.236984][ T4284] Bluetooth: hci5: command 0xfc11 tx timeout
[  542.237030][ T4270] Bluetooth: hci5: Entering manufacturer mode failed (-110)
[  542.495234][T15063] loop4: detected capacity change from 0 to 2048
[  542.551541][T15063] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  542.699227][T15063] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1126: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  542.786737][T15063] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28
[  542.816818][T15063] EXT4-fs (loop4): This should not happen!! Data will be lost
[  542.816818][T15063] 
[  542.850147][T15063] EXT4-fs (loop4): Total free blocks count 0
[  542.856408][T15063] EXT4-fs (loop4): Free/Dirty block details
[  542.903729][T15063] EXT4-fs (loop4): free_blocks=2415919104
[  542.944222][T15063] EXT4-fs (loop4): dirty_blocks=64
[  542.973778][T15063] EXT4-fs (loop4): Block reservation details
[  543.000808][T15063] EXT4-fs (loop4): i_reserved_data_blocks=4
[  543.217791][    T9] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  543.730619][    C0] vkms_vblank_simulate: vblank timer overrun
[  544.393482][T15107] vivid-007: disconnect
[  544.446907][T15102] vivid-007: reconnect
[  545.724876][T15139] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4035'.
[  546.288079][T15123] loop4: detected capacity change from 0 to 40427
[  546.326446][T15123] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  546.364719][T15123] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  546.469554][T15123] F2FS-fs (loop4): Found nat_bits in checkpoint
[  546.682842][T15123] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  546.702463][T15123] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  546.903301][T15159] loop3: detected capacity change from 0 to 256
[  547.039496][T15161] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4043'.
[  548.346965][T15186] loop3: detected capacity change from 0 to 32768
[  548.355278][T15186] XFS: noikeep mount option is deprecated.
[  548.478296][T15186] XFS (loop3): Mounting V5 Filesystem
[  548.493681][   T26] audit: type=1326 audit(1775085260.113:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.2.4057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d5859c819 code=0x7ffc0000
[  548.516216][    C0] vkms_vblank_simulate: vblank timer overrun
[  548.622857][T15186] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  548.654248][   T26] audit: type=1326 audit(1775085260.153:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.2.4057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f1d5859c819 code=0x7ffc0000
[  548.718677][T15186] XFS (loop3): Starting recovery (logdev: internal)
[  548.739326][T15186] XFS (loop3): Corruption warning: Metadata has LSN (2:16) ahead of current LSN (1:48). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  548.755368][T15186] XFS (loop3): Metadata corruption detected at xfs_agi_verify+0x211/0x4f0, xfs_agi block 0x2 
[  548.766440][T15186] XFS (loop3): Unmount and run xfs_repair
[  548.772384][T15186] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  548.780032][T15186] 00000000: 58 41 47 49 00 00 00 01 00 00 00 00 00 00 10 00  XAGI............
[  548.789085][T15186] 00000010: 00 00 00 40 00 00 00 03 00 00 00 01 00 00 00 37  ...@...........7
[  548.798746][T15186] 00000020: 00 00 11 40 ff ff ff ff ff ff ff ff ff ff ff ff  ...@............
[  548.806373][   T26] audit: type=1326 audit(1775085260.153:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.2.4057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d5859c819 code=0x7ffc0000
[  548.807786][T15186] 00000030: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  548.807810][T15186] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  548.807825][T15186] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  548.807843][T15186] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  548.807860][T15186] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  548.808121][T15186] XFS (loop3): Corruption of in-memory data (0x8) detected at _xfs_buf_ioapply+0x20c/0x670 (fs/xfs/xfs_buf.c:1553).  Shutting down filesystem.
[  548.830713][    C0] vkms_vblank_simulate: vblank timer overrun
[  548.898548][T15186] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  548.932667][T15186] XFS (loop3): log mount/recovery failed: error -117
[  548.999373][   T26] audit: type=1326 audit(1775085260.153:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.2.4057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f1d5859c819 code=0x7ffc0000
[  549.044275][T15186] XFS (loop3): log mount failed
[  549.091625][   T26] audit: type=1326 audit(1775085260.153:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.2.4057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f1d5859c582 code=0x7ffc0000
[  549.114255][    C0] vkms_vblank_simulate: vblank timer overrun
[  549.213642][    C0] vkms_vblank_simulate: vblank timer overrun
[  549.274165][   T26] audit: type=1326 audit(1775085260.163:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.2.4057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f1d5855d04e code=0x7ffc0000
[  549.296629][    C0] vkms_vblank_simulate: vblank timer overrun
[  549.430294][   T26] audit: type=1326 audit(1775085260.173:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.2.4057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f1d5859c647 code=0x7ffc0000
[  549.511155][   T26] audit: type=1326 audit(1775085260.183:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.2.4057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1d5855d04e code=0x7ffc0000
[  549.597427][   T26] audit: type=1326 audit(1775085260.183:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.2.4057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d5859c4ab code=0x7ffc0000
[  549.670432][   T26] audit: type=1326 audit(1775085260.183:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15197 comm="syz.2.4057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1d5859c4ab code=0x7ffc0000
[  550.349413][ T4905] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  550.556822][ T4905] usb 4-1: Using ep0 maxpacket: 16
[  550.565705][ T4905] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  550.595478][ T4905] usb 4-1: config 0 has no interface number 0
[  550.628618][ T4905] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  550.681709][ T4905] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  550.713313][ T4905] usb 4-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  550.759105][ T4905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.787786][ T4905] usb 4-1: config 0 descriptor??
[  551.082968][T15252] loop1: detected capacity change from 0 to 128
[  551.100680][T15252] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  551.129790][T15252] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  551.424463][ T4905] uclogic 0003:28BD:0071.002E: pen parameters not found
[  551.427974][T15259] loop1: detected capacity change from 0 to 1024
[  551.435140][ T4905] uclogic 0003:28BD:0071.002E: interface is invalid, ignoring
[  551.656439][ T4378] usb 4-1: USB disconnect, device number 29
[  551.994580][T15271] vivid-003: =================  START STATUS  =================
[  552.009688][T15271] vivid-003: Radio HW Seek Mode: Bounded
[  552.019943][T15271] vivid-003: Radio Programmable HW Seek: false
[  552.033316][T15271] vivid-003: RDS Rx I/O Mode: Block I/O
[  552.042534][T15271] vivid-003: Generate RBDS Instead of RDS: false
[  552.054371][T15271] vivid-003: RDS Reception: true
[  552.061253][T15271] vivid-003: RDS Program Type: 0 inactive
[  552.074607][T15271] vivid-003: RDS PS Name:  inactive
[  552.117330][T15271] vivid-003: RDS Radio Text:  inactive
[  552.128567][T15271] vivid-003: RDS Traffic Announcement: false inactive
[  552.143175][T15271] vivid-003: RDS Traffic Program: false inactive
[  552.155857][T15271] vivid-003: RDS Music: false inactive
[  552.184301][T15271] vivid-003: ==================  END STATUS  ==================
[  552.423224][T15280] loop6: detected capacity change from 0 to 128
[  552.466738][ T8437] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  552.486538][T15280] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  552.565621][T15280] hpfs: filesystem error: improperly stopped
[  552.617523][T15280] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  552.625448][T15280] hpfs: You really don't want any checks? You are crazy...
[  552.657050][T15280] hpfs: hpfs_map_sector(): read error
[  552.662596][T15280] hpfs: code page support is disabled
[  552.677125][ T8437] usb 5-1: Using ep0 maxpacket: 16
[  552.687322][T15280] hpfs: hpfs_map_4sectors(): unaligned read
[  552.688469][ T8437] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  552.693356][T15280] hpfs: hpfs_map_4sectors(): unaligned read
[  552.720350][T15286] loop3: detected capacity change from 0 to 256
[  552.752932][T15268] loop1: detected capacity change from 0 to 40427
[  552.760398][ T8437] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  552.761416][T15280] hpfs: filesystem error: unable to find root dir
[  552.796065][ T8437] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  552.822375][T15286] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  552.822524][T15268] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x3ffff
[  552.893002][ T8437] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  552.934057][ T8437] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.951405][T15268] F2FS-fs (loop1): invalid crc value
[  553.001851][ T8437] usb 5-1: config 0 descriptor??
[  553.025215][T15268] F2FS-fs (loop1): Found nat_bits in checkpoint
[  553.232680][T15268] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  553.455856][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.474151][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.502700][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.537030][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.537490][ T4274] syz-executor: attempt to access beyond end of device
[  553.537490][ T4274] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  553.554621][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.566763][ T4905] usb 4-1: new full-speed USB device number 30 using dummy_hcd
[  553.583655][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.603918][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.630737][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.646715][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.674477][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.712768][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.744386][T15299] lo speed is unknown, defaulting to 1000
[  553.756230][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.765686][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.769329][ T4905] usb 4-1: unable to get BOS descriptor or descriptor too short
[  553.787673][ T4905] usb 4-1: not running at top speed; connect to a high speed hub
[  553.805915][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.807575][ T4905] usb 4-1: config 3 has an invalid interface number: 5 but max is 0
[  553.833991][ T4905] usb 4-1: config 3 has no interface number 0
[  553.838452][ T8437] microsoft 0003:045E:07DA.002F: unknown main item tag 0x0
[  553.847827][ T4905] usb 4-1: config 3 interface 5 has no altsetting 0
[  553.866868][ T4905] usb 4-1: New USB device found, idVendor=1df7, idProduct=2500, bcdDevice=26.79
[  553.888541][ T4905] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  553.906800][ T4905] usb 4-1: Product: syz
[  553.918701][ T4905] usb 4-1: Manufacturer: syz
[  553.937134][ T8437] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.002F/input/input23
[  553.938425][ T4905] usb 4-1: SerialNumber: syz
[  554.074501][ T8437] microsoft 0003:045E:07DA.002F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  554.153404][ T8437] usb 5-1: USB disconnect, device number 23
[  554.281694][    C0] vkms_vblank_simulate: vblank timer overrun
[  554.595859][T15302] fido_id[15302]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  554.672644][ T4905] msi2500 4-1:3.5: Registered as swradio24
[  555.106910][ T8437] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  555.213582][T15321] loop4: detected capacity change from 0 to 128
[  555.243625][T15321] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  555.282238][T15321] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  555.312229][ T8437] usb 3-1: Using ep0 maxpacket: 8
[  555.320891][ T8437] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  555.362709][ T8437] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  555.406538][ T8437] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  555.445425][ T8437] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  555.476046][ T8437] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  555.503380][ T8437] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  555.522157][ T8437] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  555.602116][T15320] loop3: detected capacity change from 0 to 2048
[  555.646613][    C1] sched: RT throttling activated
[  555.662082][ T4905] msi2500 4-1:3.5: SDR API is still slightly experimental and functionality changes may follow
[  555.709546][T15320] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  555.747162][T15310] loop6: detected capacity change from 0 to 131072
[  555.772729][T15310] F2FS-fs (loop6): invalid crc value
[  555.778628][ T4905] usb 4-1: USB disconnect, device number 30
[  555.803549][T15310] F2FS-fs (loop6): Found nat_bits in checkpoint
[  555.865779][ T8437] usb 3-1: GET_CAPABILITIES returned 0
[  555.877568][T15328] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  555.882804][ T8437] usbtmc 3-1:16.0: can't read capabilities
[  555.905620][T15310] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  556.064475][T15310] F2FS-fs (loop6): lookup inode (7) has corrupted xattr
[  556.199289][ T4905] usb 3-1: USB disconnect, device number 34
[  556.232862][T15331] loop1: detected capacity change from 0 to 2048
[  556.293749][T15331] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  556.351234][T15331] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  556.406803][ T4913] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  556.505301][   T26] kauditd_printk_skb: 10 callbacks suppressed
[  556.505320][   T26] audit: type=1800 audit(1775085268.123:174): pid=15331 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4109" name="file1" dev="loop1" ino=1346 res=0 errno=0
[  556.646967][ T4913] usb 5-1: Using ep0 maxpacket: 8
[  556.662988][ T4913] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  556.706787][ T4913] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  556.786918][ T4913] usb 5-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  556.796051][ T4913] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  556.868446][ T4913] usb 5-1: Product: syz
[  556.872688][ T4913] usb 5-1: Manufacturer: syz
[  556.946427][ T4913] usb 5-1: SerialNumber: syz
[  556.983311][ T4913] usb 5-1: config 0 descriptor??
[  557.101290][T15340] 9pnet_fd: p9_fd_create_unix (15340): problem connecting socket: ./file0: -111
[  557.828059][T15334] loop3: detected capacity change from 0 to 40427
[  557.835335][ T8437] usb 5-1: USB disconnect, device number 24
[  557.911922][T15334] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x3ffff
[  557.957551][T15334] F2FS-fs (loop3): invalid crc value
[  558.008927][T15334] F2FS-fs (loop3): Found nat_bits in checkpoint
[  558.215720][T15334] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  558.421694][ T4277] syz-executor: attempt to access beyond end of device
[  558.421694][ T4277] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  558.921211][T15359] loop3: detected capacity change from 0 to 512
[  558.967245][T15363] loop1: detected capacity change from 0 to 128
[  558.983340][T15359] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  558.996993][T15359] ext4 filesystem being mounted at /821/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  559.017942][T15363] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  559.033643][T15359] EXT4-fs error (device loop3): ext4_lookup:1858: inode #12: comm syz.3.4119: iget: bad i_size value: 2533274857506816
[  559.081721][T15363] ext4 filesystem being mounted at /824/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  559.084077][ T4277] EXT4-fs (loop3): unmounting filesystem.
[  559.113935][T15363] fscrypt (loop1, inode 12): Direct key flag not allowed with different contents and filenames modes
[  559.299938][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  559.321108][T15370] loop3: detected capacity change from 0 to 136
[  559.411535][T15370] Attempt to read inode for relocated directory
[  559.685884][T15380] loop4: detected capacity change from 0 to 128
[  559.751635][T15380] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  559.822116][T15380] hpfs: filesystem error: improperly stopped
[  559.852500][T15380] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  559.906738][T15380] hpfs: You really don't want any checks? You are crazy...
[  559.933798][T15380] hpfs: hpfs_map_sector(): read error
[  559.979202][T15380] hpfs: code page support is disabled
[  559.998540][T15380] hpfs: hpfs_map_4sectors(): unaligned read
[  560.024196][T15380] hpfs: hpfs_map_4sectors(): unaligned read
[  560.048817][T15380] hpfs: filesystem error: unable to find root dir
[  560.476367][T15403] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4137'.
[  560.856731][ T6210] usb 3-1: new high-speed USB device number 35 using dummy_hcd
[  561.076984][ T6210] usb 3-1: Using ep0 maxpacket: 32
[  561.086303][ T6210] usb 3-1: config 0 has an invalid interface number: 35 but max is 0
[  561.106129][T15413] loop4: detected capacity change from 0 to 256
[  561.111675][ T6210] usb 3-1: config 0 has no interface number 0
[  561.152583][ T6210] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  561.171476][T15413] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  561.202491][T15415] loop6: detected capacity change from 0 to 512
[  561.221871][ T6210] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  561.244349][T15415] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  561.272668][ T6210] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad
[  561.273907][   T26] audit: type=1800 audit(1775085272.893:175): pid=15413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4142" name="file2" dev="loop4" ino=1048823 res=0 errno=0
[  561.296481][T15415] EXT4-fs (loop6): 1 truncate cleaned up
[  561.314672][ T6210] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  561.322935][ T6210] usb 3-1: Product: syz
[  561.327317][ T6210] usb 3-1: Manufacturer: syz
[  561.331990][ T6210] usb 3-1: SerialNumber: syz
[  561.332193][T15415] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  561.353438][ T6210] usb 3-1: config 0 descriptor??
[  561.455178][T15415] EXT4-fs error (device loop6): ext4_generic_delete_entry:2729: inode #2: block 13: comm syz.6.4143: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  561.503348][T15402] loop3: detected capacity change from 0 to 32768
[  561.535627][T15415] EXT4-fs error (device loop6) in ext4_delete_entry:2800: Corrupt filesystem
[  561.590172][T15415] EXT4-fs warning (device loop6): ext4_rename_delete:3778: inode #2: comm syz.6.4143: Deleting old file: nlink 4, error=-117
[  561.631377][T15422] EXT4-fs error (device loop6): ext4_generic_delete_entry:2729: inode #2: block 13: comm syz.6.4143: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  561.657054][ T8437] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  561.696562][T15422] EXT4-fs error (device loop6) in ext4_delete_entry:2800: Corrupt filesystem
[  561.716830][T15422] EXT4-fs warning (device loop6): ext4_rename_delete:3778: inode #2: comm syz.6.4143: Deleting old file: nlink 4, error=-117
[  561.745566][T15402] XFS (loop3): Mounting V5 Filesystem
[  561.794644][ T6210] radio-si470x 3-1:0.35: DeviceID=0x568a ChipID=0x3100
[  561.893722][ T8437] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  561.936880][ T8437] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  561.974665][ T8437] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  561.995941][ T6210] radio-si470x 3-1:0.35: software version 86, hardware version 138
[  562.010195][T12006] EXT4-fs (loop6): unmounting filesystem.
[  562.016326][ T8437] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.de
[  562.039749][ T8437] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.054057][ T8437] usb 2-1: config 0 descriptor??
[  562.090780][T15402] XFS (loop3): Ending clean mount
[  562.189598][ T6210] radio-si470x 3-1:0.35: si470x_set_report: usb_control_msg returned -71
[  562.199034][ T6210] radio-si470x 3-1:0.35: submitting int urb failed (-90)
[  562.207194][ T6210] radio-si470x 3-1:0.35: si470x_set_report: usb_control_msg returned -71
[  562.219039][ T6210] radio-si470x: probe of 3-1:0.35 failed with error -22
[  562.269242][ T8437] ath6kl: Failed to submit usb control message: -71
[  562.276064][ T8437] ath6kl: unable to send the bmi data to the device: -71
[  562.284685][ T6210] radio-raremono 3-1:0.35: this is not Thanko's Raremono.
[  562.293258][ T8437] ath6kl: Unable to send get target info: -71
[  562.306431][ T6210] usb 3-1: USB disconnect, device number 35
[  562.319065][ T8437] ath6kl: Failed to init ath6kl core: -71
[  562.325474][ T1277] ieee802154 phy0 wpan0: encryption failed: -22
[  562.335226][ T1277] ieee802154 phy1 wpan1: encryption failed: -22
[  562.376368][T15440] Falling back ldisc for ttyS3.
[  562.404299][ T4277] XFS (loop3): Unmounting Filesystem
[  562.416098][ T8437] ath6kl_usb: probe of 2-1:0.0 failed with error -71
[  562.451445][ T8437] usb 2-1: USB disconnect, device number 29
[  562.548933][T15442] netlink: 156 bytes leftover after parsing attributes in process `syz.6.4151'.
[  563.112607][T15453] loop6: detected capacity change from 0 to 256
[  563.154164][T15453] exfat: Deprecated parameter 'namecase'
[  563.229268][T15453] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  564.359003][T15494] loop1: detected capacity change from 0 to 8
[  564.602715][T15494] SQUASHFS error: Failed to read block 0x2fc: -5
[  564.631781][T15494] SQUASHFS error: Unable to read metadata cache entry [2fa]
[  564.654840][T15494] SQUASHFS error: Unable to read directory block [2fa:0]
[  565.978746][T15532] vcan0: tx address claim with dest, not broadcast
[  566.531254][T15551] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  566.659216][T15553] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4198'.
[  567.274537][T15578] loop1: detected capacity change from 0 to 256
[  567.319951][T15578] exfat: Deprecated parameter 'namecase'
[  567.325780][T15578] exfat: Deprecated parameter 'utf8'
[  567.349749][T15578] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d)
[  568.317525][T15601] vivid-002: disconnect
[  569.081982][T15600] vivid-002: reconnect
[  569.546754][ T4915] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  569.751356][ T4915] usb 3-1: Using ep0 maxpacket: 16
[  569.762013][ T4915] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  569.783790][ T4915] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  569.809193][ T4915] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  569.827675][ T4915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.847912][ T4915] usb 3-1: Product: syz
[  569.857125][ T4915] usb 3-1: Manufacturer: syz
[  569.862555][ T4915] usb 3-1: SerialNumber: syz
[  570.031621][T15630] loop1: detected capacity change from 0 to 32768
[  570.092822][ T4915] usb 3-1: 0:2 : does not exist
[  570.114631][ T4915] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  570.135414][T15630] XFS (loop1): Mounting V5 Filesystem
[  570.197119][ T4915] usb 3-1: USB disconnect, device number 36
[  570.313659][ T4563] udevd[4563]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  570.476438][T15630] XFS (loop1): Starting recovery (logdev: internal)
[  570.569883][T15630] XFS (loop1): Ending recovery (logdev: internal)
[  570.843343][ T4274] XFS (loop1): Unmounting Filesystem
[  571.140688][T15650] af_packet: tpacket_rcv: packet too big, clamped from 108 to 4294967272. macoff=96
[  574.553080][T15623] Set syz1 is full, maxelem 65536 reached
[  574.640477][T15709] loop1: detected capacity change from 0 to 4096
[  574.704480][T15709] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  574.777071][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  575.085876][T15724] netlink: 'syz.3.4269': attribute type 2 has an invalid length.
[  576.474750][T15761] loop1: detected capacity change from 0 to 512
[  576.524826][T15761] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  576.540910][T15761] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.4283: bad orphan inode 131083
[  576.573499][T15761] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  576.670701][T15761] EXT4-fs (loop1): re-mounted. Quota mode: none.
[  576.868357][ T4274] EXT4-fs (loop1): unmounting filesystem.
[  576.961226][T15773] loop6: detected capacity change from 0 to 8
[  577.100313][T15776] loop1: detected capacity change from 0 to 8
[  578.334585][T15810] netlink: 'syz.2.4303': attribute type 1 has an invalid length.
[  578.580069][T15815] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4307'.
[  578.607020][T15815] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4307'.
[  578.647195][T15818] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4307'.
[  578.680315][T15815] netlink: 60 bytes leftover after parsing attributes in process `syz.6.4307'.
[  581.510756][T15893] loop4: detected capacity change from 0 to 256
[  581.879825][T15901] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4343'.
[  581.926961][T15901] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4343'.
[  581.988789][T15903] loop4: detected capacity change from 0 to 1024
[  582.001834][T15903] EXT4-fs: Ignoring removed bh option
[  582.008168][T15903] EXT4-fs: Ignoring removed oldalloc option
[  582.027418][T15903] EXT4-fs: Ignoring removed nobh option
[  582.062371][T15903] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  582.148204][T15903] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  582.371221][T15903] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3861: comm syz.4.4344: Allocating blocks 497-513 which overlap fs metadata
[  582.417964][T15903] EXT4-fs (loop4): pa ffff8880747b41c0: logic 7808, phys. 129, len 24
[  582.427576][T15903] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4894: group 0, free 23, pa_free 24
[  582.639238][ T4280] EXT4-fs (loop4): unmounting filesystem.
[  582.788938][T15924] loop4: detected capacity change from 0 to 256
[  582.796319][T15924] exfat: Deprecated parameter 'utf8'
[  582.917270][T15924] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d)
[  583.045790][ T4905] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  583.246831][ T4905] usb 3-1: Using ep0 maxpacket: 8
[  583.260528][ T4905] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  583.279710][ T4905] usb 3-1: config 179 has no interface number 0
[  583.289412][ T4905] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  583.316785][ T4905] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  583.336771][ T4905] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  583.379031][ T4905] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  583.412400][ T4905] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  583.446729][ T4905] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  583.466483][ T4905] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  583.521275][T15922] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  583.742254][T15939] device erspan0 entered promiscuous mode
[  583.925302][ T4905] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input24
[  583.961637][ T6396] usb 3-1: USB disconnect, device number 37
[  583.961645][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  583.961690][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  584.019883][ T6396] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  584.348874][T15950] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4365'.
[  585.025995][T15970] vcan0: tx drop: invalid da for name 0x00000000000000f0
[  585.038423][T15969] loop1: detected capacity change from 0 to 256
[  585.127721][T15969] FAT-fs (loop1): Directory bread(block 64) failed
[  585.147548][T15969] FAT-fs (loop1): Directory bread(block 65) failed
[  585.154414][T15969] FAT-fs (loop1): Directory bread(block 66) failed
[  585.201562][T15969] FAT-fs (loop1): Directory bread(block 67) failed
[  585.221792][T15969] FAT-fs (loop1): Directory bread(block 68) failed
[  585.249238][T15969] FAT-fs (loop1): Directory bread(block 69) failed
[  585.255968][T15969] FAT-fs (loop1): Directory bread(block 70) failed
[  585.297585][T15969] FAT-fs (loop1): Directory bread(block 71) failed
[  585.313347][T15969] FAT-fs (loop1): Directory bread(block 72) failed
[  585.336747][T15969] FAT-fs (loop1): Directory bread(block 73) failed
[  586.276921][ T4915] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  586.468911][ T4915] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  586.477435][ T4915] usb 3-1: config 0 has no interface number 0
[  586.488782][ T4915] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  586.498978][ T4915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  586.513489][ T4915] usb 3-1: Product: syz
[  586.519532][ T4915] usb 3-1: Manufacturer: syz
[  586.524903][ T4915] usb 3-1: SerialNumber: syz
[  586.564448][ T4915] usb 3-1: config 0 descriptor??
[  586.781745][ T4915] usb 3-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  586.798856][ T4915] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  586.817632][ T4915] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  586.826053][ T4915] usb 3-1: media controller created
[  586.871042][ T4915] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  587.175364][   T26] audit: type=1326 audit(1775085298.793:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16026 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3b79c819 code=0x7ffc0000
[  587.198194][    C0] vkms_vblank_simulate: vblank timer overrun
[  587.243364][   T26] audit: type=1326 audit(1775085298.833:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16026 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=255 compat=0 ip=0x7f6d3b79c819 code=0x7ffc0000
[  587.265759][    C0] vkms_vblank_simulate: vblank timer overrun
[  587.317639][   T26] audit: type=1326 audit(1775085298.843:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16026 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6d3b79c819 code=0x7ffc0000
[  587.406777][ T4905] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  587.589245][ T4905] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  587.615057][ T4905] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  587.661163][ T4905] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  587.677452][ T4905] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  587.696055][ T4905] usb 5-1: SerialNumber: syz
[  587.939998][ T4905] usb 5-1: 0:2 : does not exist
[  588.006093][ T4915] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[  588.033063][ T4905] usb 5-1: USB disconnect, device number 25
[  588.167055][ T4915] usb 3-1: USB disconnect, device number 38
[  588.262601][T16050] loop1: detected capacity change from 0 to 4096
[  588.307608][ T4262] udevd[4262]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  588.376392][T16054] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  589.202953][T16071] ALSA: mixer_oss: invalid OSS volume 'нн'
[  589.298249][T16073] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4420'.
[  592.415723][ T6210] kernel write not supported for file /1909/attr/fscreate (pid: 6210 comm: kworker/0:17)
[  593.726532][T16159] loop4: detected capacity change from 0 to 256
[  593.954248][T16164] loop6: detected capacity change from 0 to 256
[  594.049359][T16164] FAT-fs (loop6): Directory bread(block 64) failed
[  594.087175][T16164] FAT-fs (loop6): Directory bread(block 65) failed
[  594.094167][T16164] FAT-fs (loop6): Directory bread(block 66) failed
[  594.156509][T16164] FAT-fs (loop6): Directory bread(block 67) failed
[  594.166814][T16164] FAT-fs (loop6): Directory bread(block 68) failed
[  594.173423][T16164] FAT-fs (loop6): Directory bread(block 69) failed
[  594.217636][T16164] FAT-fs (loop6): Directory bread(block 70) failed
[  594.224466][T16164] FAT-fs (loop6): Directory bread(block 71) failed
[  594.283452][T16164] FAT-fs (loop6): Directory bread(block 72) failed
[  594.300569][T16164] FAT-fs (loop6): Directory bread(block 73) failed
[  594.354729][T16164] syz.6.4461: attempt to access beyond end of device
[  594.354729][T16164] loop6: rw=0, sector=1160, nr_sectors = 4 limit=256
[  594.417328][T16164] syz.6.4461: attempt to access beyond end of device
[  594.417328][T16164] loop6: rw=0, sector=1160, nr_sectors = 4 limit=256
[  595.151279][T16192] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4473'.
[  595.473202][T16205] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  595.488406][T16205] overlayfs: NFS export requires an index dir, falling back to nfs_export=off.
[  596.639785][T16239] tmpfs: Bad value for 'uid'
[  596.709063][T16240] lo speed is unknown, defaulting to 1000
[  597.014366][    C0] vkms_vblank_simulate: vblank timer overrun
[  597.554126][T16258] loop1: detected capacity change from 0 to 256
[  597.655613][T16260] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4504'.
[  597.676210][T16258] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  597.711343][T16258] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  597.722623][T16234] loop6: detected capacity change from 0 to 40427
[  597.765290][T16234] F2FS-fs (loop6): invalid crc value
[  597.765652][T16258] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  597.792784][T16260] n: the hash_elasticity option has been deprecated and is always 16
[  597.804889][T16260] n: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  597.819737][T16234] F2FS-fs (loop6): Found nat_bits in checkpoint
[  597.878181][T16263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4504'.
[  597.932136][T16263] n: the hash_elasticity option has been deprecated and is always 16
[  597.964585][T16263] n: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[  598.072770][T16234] F2FS-fs (loop6): Start checkpoint disabled!
[  598.114896][T16234] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  598.351142][   T26] audit: type=1326 audit(1775085309.943:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16270 comm="syz.4.4509" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1f06f9c819 code=0x0
[  598.547279][ T9772] kworker/u4:8: attempt to access beyond end of device
[  598.547279][ T9772] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  598.703876][T16278] loop1: detected capacity change from 0 to 256
[  599.423642][T16286] lo speed is unknown, defaulting to 1000
[  599.616380][T16291] 9pnet_fd: Insufficient options for proto=fd
[  599.735894][T16288] loop4: detected capacity change from 0 to 8192
[  599.889676][T16286] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4516'.
[  600.159603][    C0] vkms_vblank_simulate: vblank timer overrun
[  600.262028][    C0] vkms_vblank_simulate: vblank timer overrun
[  601.492170][T16300] loop4: detected capacity change from 0 to 40427
[  601.547291][T16300] F2FS-fs (loop4): invalid crc value
[  601.556434][T16316] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[  601.556434][T16316] The task syz.1.4526 (16316) triggered the difference, watch for misbehavior.
[  601.565292][T16300] F2FS-fs (loop4): Found nat_bits in checkpoint
[  601.825974][T16300] F2FS-fs (loop4): Start checkpoint disabled!
[  601.846079][T16300] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  601.910203][ T4915] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0
[  601.921774][ T4915] hid-generic 0000:0000:0000.0030: unknown main item tag 0x0
[  601.964578][ T4915] hid-generic 0000:0000:0000.0030: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  602.303032][T16327] fido_id[16327]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  602.357258][   T57] kworker/u4:4: attempt to access beyond end of device
[  602.357258][   T57] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  602.493174][T16337] netlink: 'syz.1.4537': attribute type 3 has an invalid length.
[  602.959054][T16347] loop4: detected capacity change from 0 to 2048
[  603.061853][T16347] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  603.082899][T16347] ext4 filesystem being mounted at /890/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  603.331579][T16365] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.4535: bg 0: block 345: padding at end of block bitmap is not set
[  603.356050][T16363] 
[  603.358478][T16363] ======================================================
[  603.365558][T16363] WARNING: possible circular locking dependency detected
[  603.372786][T16363] syzkaller #0 Not tainted
[  603.377387][T16363] ------------------------------------------------------
[  603.384678][T16363] syz.3.4548/16363 is trying to acquire lock:
[  603.390752][T16363] ffff88801746f1d8 (&mm->mmap_lock){++++}-{3:3}, at: mmap_read_lock_killable+0x1d/0x60
[  603.400528][T16363] 
[  603.400528][T16363] but task is already holding lock:
[  603.408077][T16363] ffff888054de0f30 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: generic_file_write_iter+0x7f/0x2e0
[  603.419242][T16363] 
[  603.419242][T16363] which lock already depends on the new lock.
[  603.419242][T16363] 
[  603.429914][T16363] 
[  603.429914][T16363] the existing dependency chain (in reverse order) is:
[  603.439378][T16363] 
[  603.439378][T16363] -> #1 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}:
[  603.448263][T16363]        down_write+0x36/0x60
[  603.452966][T16363]        process_measurement+0x3a2/0x1c30
[  603.458788][T16363]        ima_file_mmap+0x102/0x150
[  603.464092][T16363]        __se_sys_remap_file_pages+0x559/0x7b0
[  603.470543][T16363]        do_syscall_64+0x4c/0xa0
[  603.475643][T16363]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  603.482276][T16363] 
[  603.482276][T16363] -> #0 (&mm->mmap_lock){++++}-{3:3}:
[  603.489948][T16363]        __lock_acquire+0x2d07/0x7d10
[  603.495352][T16363]        lock_acquire+0x1bb/0x4a0
[  603.500484][T16363]        down_read_killable+0x4c/0x340
[  603.505962][T16363]        mmap_read_lock_killable+0x1d/0x60
[  603.511866][T16363]        lock_mm_and_find_vma+0x2b1/0x2f0
[  603.517692][T16363]        do_user_addr_fault+0x2db/0xb10
[  603.523346][T16363]        exc_page_fault+0x60/0x100
[  603.528741][T16363]        asm_exc_page_fault+0x22/0x30
[  603.534391][T16363]        fault_in_readable+0x13e/0x1f0
[  603.540476][T16363]        fault_in_iov_iter_readable+0xbb/0x2e0
[  603.546759][T16363]        generic_perform_write+0x1f1/0x5c0
[  603.552758][T16363]        __generic_file_write_iter+0x148/0x2a0
[  603.559369][T16363]        generic_file_write_iter+0xab/0x2e0
[  603.565279][T16363]        vfs_write+0x4b1/0xa30
[  603.570067][T16363]        ksys_write+0x14c/0x250
[  603.574951][T16363]        do_syscall_64+0x4c/0xa0
[  603.579958][T16363]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  603.586423][T16363] 
[  603.586423][T16363] other info that might help us debug this:
[  603.586423][T16363] 
[  603.596663][T16363]  Possible unsafe locking scenario:
[  603.596663][T16363] 
[  603.604245][T16363]        CPU0                    CPU1
[  603.609805][T16363]        ----                    ----
[  603.615264][T16363]   lock(&sb->s_type->i_mutex_key#13);
[  603.620779][T16363]                                lock(&mm->mmap_lock);
[  603.627734][T16363]                                lock(&sb->s_type->i_mutex_key#13);
[  603.635992][T16363]   lock(&mm->mmap_lock);
[  603.640351][T16363] 
[  603.640351][T16363]  *** DEADLOCK ***
[  603.640351][T16363] 
[  603.648849][T16363] 3 locks held by syz.3.4548/16363:
[  603.654055][T16363]  #0: ffff88804e182d68 (&f->f_pos_lock){+.+.}-{3:3}, at: __fdget_pos+0x2ae/0x360
[  603.663420][T16363]  #1: ffff888028542460 (sb_writers#5){.+.+}-{0:0}, at: vfs_write+0x26b/0xa30
[  603.672597][T16363]  #2: ffff888054de0f30 (&sb->s_type->i_mutex_key#13){+.+.}-{3:3}, at: generic_file_write_iter+0x7f/0x2e0
[  603.684039][T16363] 
[  603.684039][T16363] stack backtrace:
[  603.690109][T16363] CPU: 0 PID: 16363 Comm: syz.3.4548 Not tainted syzkaller #0
[  603.697780][T16363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  603.708137][T16363] Call Trace:
[  603.711439][T16363]  <TASK>
[  603.714475][T16363]  dump_stack_lvl+0x188/0x24e
[  603.719451][T16363]  ? load_image+0x400/0x400
[  603.724158][T16363]  ? show_regs_print_info+0x12/0x12
[  603.729725][T16363]  ? print_circular_bug+0x12b/0x1a0
[  603.735040][T16363]  check_noncircular+0x296/0x330
[  603.740023][T16363]  ? add_chain_block+0x940/0x940
[  603.745157][T16363]  ? lockdep_lock+0xf1/0x1f0
[  603.749853][T16363]  ? _find_first_zero_bit+0xcf/0x100
[  603.755502][T16363]  __lock_acquire+0x2d07/0x7d10
[  603.760742][T16363]  ? psi_task_switch+0x312/0x6d0
[  603.765877][T16363]  ? verify_lock_unused+0x140/0x140
[  603.771093][T16363]  ? mark_lock+0x94/0x320
[  603.775444][T16363]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  603.781440][T16363]  lock_acquire+0x1bb/0x4a0
[  603.786040][T16363]  ? mmap_read_lock_killable+0x1d/0x60
[  603.791614][T16363]  ? finish_task_switch+0x32a/0x8f0
[  603.796923][T16363]  ? read_lock_is_recursive+0x10/0x10
[  603.802408][T16363]  ? cmp_ex_search+0x1a/0x70
[  603.807714][T16363]  ? bsearch+0x8a/0xb0
[  603.811798][T16363]  ? fault_in_readable+0x13e/0x1f0
[  603.817102][T16363]  ? search_extable+0x8c/0xd0
[  603.821910][T16363]  ? trim_init_extable+0x3b0/0x3b0
[  603.827132][T16363]  ? mmap_read_lock_killable+0x1d/0x60
[  603.832692][T16363]  down_read_killable+0x4c/0x340
[  603.837969][T16363]  ? mmap_read_lock_killable+0x1d/0x60
[  603.843530][T16363]  mmap_read_lock_killable+0x1d/0x60
[  603.849175][T16363]  lock_mm_and_find_vma+0x2b1/0x2f0
[  603.854514][T16363]  do_user_addr_fault+0x2db/0xb10
[  603.859747][T16363]  ? _raw_spin_unlock_irq+0x1f/0x40
[  603.865146][T16363]  exc_page_fault+0x60/0x100
[  603.869755][T16363]  asm_exc_page_fault+0x22/0x30
[  603.874890][T16363] RIP: 0010:fault_in_readable+0x13e/0x1f0
[  603.880748][T16363] Code: f8 58 c4 ff 4d 89 f4 49 81 cc ff 0f 00 00 4d 89 f7 49 01 dc 49 81 e4 00 f0 ff ff 4d 39 e6 77 44 e8 d7 58 c4 ff 4d 39 e7 74 47 <41> 8a 07 88 44 24 07 49 81 c7 00 10 00 00 4d 39 e7 74 07 e8 ba 58
[  603.901091][T16363] RSP: 0018:ffffc9001660fab0 EFLAGS: 00050287
[  603.907207][T16363] RAX: ffffffff81be1bb9 RBX: 0000000000001000 RCX: 0000000000080000
[  603.915283][T16363] RDX: ffffc9000db51000 RSI: 000000000001408d RDI: 000000000001408e
[  603.923446][T16363] RBP: 0000000000000000 R08: ffff88802b605940 R09: 0000000000000002
[  603.931526][T16363] R10: 0000000000000006 R11: 0000000000000002 R12: 00002000000c0000
[  603.939657][T16363] R13: 0000000000000000 R14: 00002000000bf000 R15: 00002000000bf000
[  603.947689][T16363]  ? fault_in_readable+0x139/0x1f0
[  603.953111][T16363]  fault_in_iov_iter_readable+0xbb/0x2e0
[  603.959053][T16363]  generic_perform_write+0x1f1/0x5c0
[  603.964583][T16363]  ? generic_file_direct_write+0x330/0x330
[  603.970648][T16363]  ? __file_remove_privs+0x5f0/0x5f0
[  603.976318][T16363]  ? rwsem_write_trylock+0x135/0x1c0
[  603.981626][T16363]  ? clear_nonspinnable+0x60/0x60
[  603.986867][T16363]  ? generic_write_checks_count+0x3d9/0x4c0
[  603.992894][T16363]  __generic_file_write_iter+0x148/0x2a0
[  603.998735][T16363]  generic_file_write_iter+0xab/0x2e0
[  604.004300][T16363]  vfs_write+0x4b1/0xa30
[  604.008658][T16363]  ? file_end_write+0x250/0x250
[  604.013698][T16363]  ? __fget_files+0x43d/0x4b0
[  604.018492][T16363]  ? __fdget_pos+0x2ae/0x360
[  604.023157][T16363]  ? ksys_write+0x71/0x250
[  604.027610][T16363]  ksys_write+0x14c/0x250
[  604.032103][T16363]  ? __ia32_sys_read+0x80/0x80
[  604.036888][T16363]  ? lockdep_hardirqs_on+0x94/0x140
[  604.042368][T16363]  do_syscall_64+0x4c/0xa0
[  604.046827][T16363]  ? clear_bhb_loop+0x60/0xb0
[  604.051835][T16363]  ? clear_bhb_loop+0x60/0xb0
[  604.056588][T16363]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  604.062692][T16363] RIP: 0033:0x7f6d3b79c819
[  604.067127][T16363] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  604.087706][T16363] RSP: 002b:00007f6d3c723028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  604.096438][T16363] RAX: ffffffffffffffda RBX: 00007f6d3ba15fa0 RCX: 00007f6d3b79c819
[  604.104797][T16363] RDX: 00000000ffffff6a RSI: 0000200000000000 RDI: 0000000000000004
[  604.113265][T16363] RBP: 00007f6d3b832c91 R08: 0000000000000000 R09: 0000000000000000
[  604.121368][T16363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  604.129551][T16363] R13: 00007f6d3ba16038 R14: 00007f6d3ba15fa0 R15: 00007ffee23c6b38
[  604.138155][T16363]  </TASK>
[  604.141496][    C0] vkms_vblank_simulate: vblank timer overrun
[  604.157134][T16365] EXT4-fs (loop4): Remounting filesystem read-only
[  604.226116][ T4280] EXT4-fs (loop4): unmounting filesystem.