last executing test programs:

25.6943644s ago: executing program 3 (id=2385):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e20, 0xffffffff, @empty, 0x4}, 0x1c)
connect$inet6(r0, &(0x7f0000000300)={0xa, 0x4e1d, 0x9, @local, 0x2}, 0x1c)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0xfffffffc, @mcast2, 0x2}, 0x1c)

25.555916949s ago: executing program 3 (id=2387):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000680)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

25.288254088s ago: executing program 3 (id=2390):
r0 = epoll_create1(0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
socket(0x25, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0xffff, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xa0028000})

24.947106609s ago: executing program 3 (id=2393):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000500)={[{@grpquota}, {@delalloc}, {}, {@noblock_validity}, {@debug}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='tracefs\x00', 0x400, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x91)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)

24.256386255s ago: executing program 3 (id=2398):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@enum={0x2, 0x0, 0x0, 0xf}]}}, 0x0, 0x26}, 0x28)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='&\x00\x00\x00\a'], 0x50)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r0, &(0x7f0000000000), 0xd)

21.892169603s ago: executing program 3 (id=2415):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='htcp', 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)

20.992454204s ago: executing program 32 (id=2415):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='htcp', 0x4)
sendto$inet(r0, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)

4.50853815s ago: executing program 2 (id=2571):
r0 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x9, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x1, @local, 0x4f1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f00000005c0)={0x3, {{0xa, 0x4e23, 0xc, @mcast1, 0xfffffff8}}, 0x0, 0x1, [{{0xa, 0x8001, 0x2, @loopback, 0x30000}}]}, 0x110)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000180)={0x0, {{0xa, 0x4e22, 0x6ef, @mcast1, 0xfffffffd}}, {{0xa, 0x4e24, 0x21, @loopback, 0xfffffe01}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000040)={0x0, {{0xa, 0x4e22, 0x3, @mcast1, 0x1000}}, {{0xa, 0x4e20, 0xd, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x3}}}, 0x108)

4.217533127s ago: executing program 2 (id=2573):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x1, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40040)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x2c, r1, 0x5, 0x4, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PRIVACY={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x8060040)

4.060614265s ago: executing program 2 (id=2575):
openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010ac0544020000000000010902240001000000000904000000030002"], 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffff7f}]})
close_range(r0, 0xffffffffffffffff, 0x0)

3.660510804s ago: executing program 6 (id=2579):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000100)=0xc6, 0x4)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x2, 0x4)
bind$inet6(r0, &(0x7f0000000200)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0xd2, &(0x7f0000000080)=ANY=[@ANYBLOB="ffffffffbfff00000000000086dd600489f1009c1100fc010000000000000025030000000000ff02000000000000000000000000000100000e22"], 0x0)

2.987890891s ago: executing program 6 (id=2583):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@hyper})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@local, 0x2}, @local, 0x0, 0x0, 0x5e, 0x200000000000, 0x100000000000006})
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000540)={{@local, 0x2}, 0x0, 0x9, 0xffffffff, 0x40})

2.919483345s ago: executing program 0 (id=2584):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000022c0)=ANY=[], 0x9, 0x6ea, &(0x7f0000000b80)="$eJzs3c9vHGf9B/D3rNeON98qX6dNaCSKsBKpIEUkTqwUwiUGIZRDhapy6NlKnMbqJqkSF6UFQQoITkgc+gcUJN84ICTuQeHCpdx69bESUi8RQlEltGhmZ9e79jr2Jv6RwOsVjed55sfzfOYzz8x411ltgP9Zl0+neT9FLp9+/W5ZX1udb6+tzh+qV7eTlOVG0uzOUtxMigfJQrm+GJgyMN/ko+WLb376cO2zbq1ZT9X2E/39pncU8og+7tVTZuv2ZkfuObmj9rttVeHlhSRX6vmwqZ22NbRhmbRT9RwOXGeTe+PsvuX1Djz7qqfTj7+czFTPzU1mksP1k7n6naC+OzT2Ncg9MNZdDgAAAJ5Tn9w66AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg+VOk+v7/op4a9TyzKXrf/z/VW1aXn0ELO97y/p7GAQAAAAAAAAD746uP8ih3c6RX7xTV3/xPVpVj+aKT/F/ey50s5XbO5G4Ws5KV3M65JDMDDU3dXVxZuX2uv2dp9J7nR+55fr+OGAAAAAAAAAD+K/08rfW//wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLOgSCa6s2o6lvyrnGcmjWbW1+Ve8vckUwcd7xiKDfV/d7oOKBwAAAB4MtNPsM//P8qj3M2R3uvjTlG+5s+Xqvp03svNrGQ5K2lnKVfr19Dlq/7G2up8e211/kY5lfXhOL7z+VhhTNUtTFS1UT2fqLZo5VqWqyVncqUK5moa3b5PJSd68QzENeDDz9fDvHRph5E167SWnf12xLsIu+f+UK3xmC1b68El/YzM1bGVex7tZqCo3qhJNmZi27PTHKrNVK1O9ns6l0b/nZ9j2+c8xaXaNr32HK7n5fH8ak9zPq5+JhqpMnG+N/rKa+bxmUi+9uc/vHW9ffOd69funH52DmkbE1ss3zgm5gcy8fJznYnmmNvPVZk43q9fzvfzw5zObN7I7SznR1nMSpbSe6NxsR7P5c+Zx2dqYaj2xnaRTNXnpXvOdhLTbL5XlRZzstr3SJZT5FauZimvVf/O51y+mQu5kIsDZ/j4lnFXx1Zd9Y2NV33vTP9lZPCnvl4Xyrvbr9fvcguPO+KtRudu6d77y7weHchrd9Q/7G91dOA6mBvI0ou97EyObHy8e+OGt9rLPn6xzXNif83UmSgvoN5TohfdS91MNKtn0eZx/rtOuV/aNzud64vvbtH+vQ31V+t5OaxWv7Ld1j2jT8XuKk/Vi5mu7yTDo6Nc91L/LjOwrrM+lrvrhp+45X7Hq3VF0btSf5Bb1QDYfKVO1b/DbWip38XLI3uZr/Y7MbBu6Pet3Eo7V/chfwA8ib+91S/O5PBU6x+tT1oft37Zut56ffq7h7516JWpTP518tvNuYlXG68Uf8rH+Wn1+h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhKd97/4J3Fdnvp9uhCY+tVQ4VWNi7ZquVDo9sp6i/02UFfz0VhOsnQkup7jnali+YY7bQ2htEtTCSpl3R+lux7fnrfaTV6m9+UheamETWqsDC05I+bG/xwzAiLnV0Xe1hoZH87LcfCqFUHeFMC9sXZlRvvnr3z/gffWL6x+PbS20s3Jy9cuDh38cJr82evLbeX5ro/DzpKYC+sP/QPOhIAAAAAAAAAAABgp0Z9MODkCyM/NDLuZzz8z0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgV1w+neb9FDk3d2aurK+tzrfLqVde37KZpNFIip8kxYNkId0pMwPNFfn9g3RG9PPR8sU3P3249tl6W83u9kmjnm/t8WuT3KunzCaZqOdPYai9K0/dXvHP3jGUCfui0+ksPF18sDv+EwAA//8BQfjb")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x0)

2.749844021s ago: executing program 6 (id=2585):
r0 = mq_open(&(0x7f00000005c0)='eth0\x00#\x13\xaeu\xe0\xfb\x050*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\x19\xf1\xcce\xab\x80M\xc9\xcf\xaeR\xb69k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3\xff\a\x00\x00\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\aY\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3Cs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\x96{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\x03\x00\x00\x00y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\x8e\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9\xb3\x83\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|c\xf3\x8b\xc2E\x00\x00\x00\x00\x00\x00', 0x42, 0x0, 0x0)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000880)={0x0, 0xdff9, 0x800, 0x1000, 0x1eb}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000080)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_CLOSE={0x13, 0x4e3b947d338dce40, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0)

2.560499068s ago: executing program 0 (id=2587):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x110e22ffef)
ioctl$TUNGETVNETLE(r0, 0x4004743b, &(0x7f00000000c0))

2.464752832s ago: executing program 1 (id=2588):
bpf$PROG_LOAD(0x5, &(0x7f0000000d80)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb3, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r1, 0x0, 0x0}, 0x10)

2.43388452s ago: executing program 6 (id=2589):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000440)=ANY=[@ANYBLOB="12010000d507df08c410448200dc01020301090212000100000000090400000003"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000240)={0x0, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.38258071s ago: executing program 2 (id=2590):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000000)={0x18, r1, 0x2, 0x0, &(0x7f0000000140)=[{0x12df, 0x2000000000000003}, {0x7ff, 0x1080}]})
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x6, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

2.250236049s ago: executing program 2 (id=2591):
syz_mount_image$ocfs2(&(0x7f00000002c0), &(0x7f0000000140)='./file1\x00', 0x8c0, &(0x7f0000000500)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c6572726f72733d72656d6f756e742d726f2c61636c2c00a9b504852143b698d2e379891a0dde7f9adfca8cc85bf8e749e04e", @ANYRES16, @ANYRESOCT, @ANYRES16], 0x11, 0x445c, &(0x7f0000004a80)="$eJzs3c9vE9kdAPA3k1ASyo+EcqBSpVoqUqu2ihJOtEFqEgIhgZSKFlT1YpzEQFonRolT9YBEekPtqVIPVQ9oV9pbTij/APsn7GWP7BlpOexlpZXQemV7HDwTezFgh2X1+Rw89vvtfGee3xwmL05U7q5u5lY3c4X1XHn59ubZ3N/Lpa21YogPSNv+Dx1c/3TnNc+TsN37Numhaxcu/fHm2RA+Xvn0WbVarYaawdDWRMv7L7+4v9x6bIozdWrttm+tV/4SQji1b1w1AyGEPycDmk7SZpLjcAjhWAghCiHcvP/vW7kejebx0+L5/IvFh7uTZxZ2Hu12/u5RCP8v/fjXd9Y+/9nA5Ge/7FH3AAAAAAAAAAAAAAAAAAC85+auX7vxh/GJ8CQKgzvR/ud155Jjp+djqz3z005D/FdPvzAAAAAAAAAAAAAAAAAAAAB8B718/j8XnWzz/P9scpzqUL/6uw4Zh3s7Tvpj/vfXZi+OTyT7v0f78s8lSc+nB8Jom33fs/u/T2fqt9//PWl04O3H3xxfs9+REMVj1Qd7+SMhjsfGQvgw2fj9dHQkLpU3K7+6Xd5aX3n7/t936fg3NstPnQXJ/vndxn8m037/9///UcietbXPt/afyrSRjn/nC/Kjf0Zdxf9Cpt5BxJ83l47/YD1tuLXAVGMCqMX/P4Ovjv9spv1+xf94CCEX1caaS80AtTVMLb3TeoW0dPwP1dNSU2fyh+x0/X+Vif/FTPud4n+i/vqDHnyD9vP/dvaHiLbS8W/EYyhV4uX1Pxp3vv6bc8alTPvv4ve/Nv5tv/9dScc/uWkbTBWp/yW7nf/nMu33K/434mScx6PUGbATNdI7/b860tLxH9qXfy5q3KU9n467Wv9dztT/1vu/Hmje/zX7rd//tdyH/CJq3P/RXjr+wx3LdXv9z2fq9Xv+n6qv/3hT6fgfqael184j9ddu47+Qab9f8a+vSoaa8X85n3x9uJH+gfVfV9Lx/2EjMW4tsV1/ra//onTcq9Xqg+z6/0qm/Xex/quNfzvub6/fF+n4H+1Yrhb/T7r4/b+aqdf/+Icwbq3/xtLxP5bJnapWq4139et/6NXxX8y00O/4/7yfjQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8B2aS40iI4rHU5zgeGwvhQvL5dDgSLRVW8kul8vLfNkOYTdJz4WR0p1ReKpTyq+vllWK+UCqVl0O4mOSfCkPRZqlcya8V7l3aa2s4ulssbFSWioVKCGEuSf9JONZsa2m1sla4F0K4vJd3Ii5v3LtbWM+vrG78dnx8fDzM741hNCr+o1JcrzR6b+SGsLBXdyRqGVw9+8reWI5Gfy1vbawXSvX0qy11SuXlQqmlzmKS998wGlU2ttaXC5VivlS+0+zvXZpKjrPz1/90/erEvvxbUeM4c7DDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA1PZn8zf9CCIONT3EIYar5JmpX/vHT4vn8i8WHu5NnFnYe7T7rVA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bt24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsEvHKBEDURiA34yF2nkMq5B0tgmKaGFE8AR6DA8Tj+IlvIOFha2FCGYGNO5Cmt3q+5oH+Xl5PyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKxzeTfe37ZdRIqjr8OIl8fXt9/5dZnTMM+82D/YU0924+pmPL9ou/Ld07/8rDx67/NP+vnx9BAbZvU8/N1f/k+zeud4a69pWNe/9qt3TyLlJiL6kp+mnJtm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GYHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AsAAAAACDM3zqKvg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgVwAAAP//xmUngw==")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000d80)='./file1\x00', 0x143042, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000005880)=ANY=[@ANYBLOB="010000000000000080e0"])

2.214759452s ago: executing program 1 (id=2592):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000b, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
getpgrp(0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

2.154761249s ago: executing program 0 (id=2593):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$SIOCGSTAMP(r0, 0x8906, 0x0)
r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
r2 = dup2(r0, r1)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r2)

2.15365435s ago: executing program 4 (id=2594):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
write$USERIO_CMD_SET_PORT_TYPE(r0, &(0x7f00000002c0)={0x1, 0x5}, 0x2)
write$USERIO_CMD_REGISTER(r0, &(0x7f00000000c0), 0x2)
read(r0, &(0x7f00000001c0)=""/93, 0x5d)
write$USERIO_CMD_SEND_INTERRUPT(r0, &(0x7f0000000180)={0x2, 0xfc}, 0x2)

1.910500448s ago: executing program 0 (id=2595):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'bond0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000200)={'batadv0\x00', <r3=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=@newlink={0x48, 0x10, 0x401, 0x0, 0x2, {0x0, 0x0, 0x0, 0x0, 0x1a21}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE1={0x8, 0x1, r2}, @IFLA_HSR_SLAVE2={0x8, 0x2, r3}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x48}}, 0x0)

1.910281063s ago: executing program 4 (id=2596):
unshare(0x2c020400)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002000), 0x2, 0x0)
r1 = getgid()
syz_mount_image$fuse(&(0x7f0000002040), &(0x7f0000002080)='./file1\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r1, @ANYBLOB=',group_id=', @ANYRESDEC=r1], 0x0, 0x0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0)

1.551884572s ago: executing program 5 (id=2598):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x100000a, 0x5d032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f0000800000/0x800000)=nil, &(0x7f00009f6000/0x2000)=nil, 0x800000})

1.376574061s ago: executing program 5 (id=2599):
r0 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x20000}}, {{0xa, 0x0, 0x40000, @dev={0xfe, 0x80, '\x00', 0x26}}}}, 0x108)
close(r0)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x4, 0x0, @mcast1={0xff, 0x7}, 0x8a4}}, {{0xa, 0x4e20, 0xfe, @remote}}}, 0x108)

1.189514798s ago: executing program 5 (id=2600):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000003000000040122000b00000001"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000ae00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000725e850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000680)={r1}, 0xc)

1.110974922s ago: executing program 0 (id=2601):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000005d40)='./file0\x00', 0x4040, &(0x7f0000001e40)=ANY=[@ANYBLOB="71756f74612c646973636172642c646973636172642c696f636861727365743d6b6f69382d72752c646973636172642c00f4193eb3ba2a0d5ff2cd7374288ff89ec513a53e007345decb720900f8312da2463eb0edf52fad1a00ebd41c14b3ce75d0cffefd379624b16f7260c835713b263352e03b5cb8fa0c042bd1225ed4ded2b62e12fea4d7e61b738e40781e58d5fff112364ac140f419e5dafecd283b3fab6b142ddbc893b35a81fe9265591ef35fa2928e095fee4c10b22e4212378de59bca0307cc644b9620b63f0000007bbbd422d87856b71348b8f45398b9660b6b3e8ee8a8c32f3234cb46e2cd827ec25c1ca4d046bc004f8df7b1ee690a5e50510700d80c7fa65fa724d0e1b4369f1b64fe249a0312010000004ac983de925f52d735b03fea941b1e948ad8d19cfda5b799325fd69d14fcf6cdde7700a63150eb3699e5314e0827750e244150ec19f3f3f1d8be542c084b5e40bfaa8ad206d2a33b0ddbd7f8e07dc7d17174a4549ffaf5976949cb69658c42ec7cd9fe8ad82852cefb04646edb3a41eb514eb6a772b3ee9f21e25822b54ec33e592d5c040946721101d53aff21f90351c95aa0f73f1853d6afcbf9448b220e988466066fa5c09e6198fc4520d199b93bdedee87c4043815aa05668a06f8da96680ccc1a139ade90f5c79af46208f9762f54e7c29088d9de69bd2d51c6b9c42209ddc3880051303b855853407d959a5777dce25201c5ea1faa084c36e3e349915ebec53435eb2910c59394ee84ba3baf9c440ae5833c23f46b0eaac543ce0c80ba0603213e53ea59755070b18bc10b9224aa082d96700e63d51c5bffa4f712c2d7fafb9cf506c06e1ddad4fc19038407786fedb9afdfb11a5f182676dd84c919f71d5eee2f3b740b68ee7f6518eb9d8baa26f1c3871f863b134ee942eb3af92d19e70d8268839cd7b4637f0627299f99b1873ca165e410f8bd421e1a4859fd9bd6bb34d25c07e1a52b9668a530b10b8585d797124a6975a71aedbe557a17b06bbfe547aa553c3d08b8921a4b0d938c03687bd48a9a387b4c066c056f457fba5738775b900a1e82a89aae1494b05c4bb0fc8ed1a93688bf850a4f7b0942eda1f16ecf043efa6b8c1f9e0fba31f4a58ed0031180fb1b8a00e4a86826b030000002dd1272a3d1609bed545b86ca7a6bf569ed35d0000ca23b0de742f6008fdf20928370d88f8c04bc3b97b9a9e0062e8fc5fd2337d85a66bd20730f3153db2459fb34c134c06c19364e9645e83040dd16ee08f18f0ba69ac9ca3e25e15442b07000000d30d38a64613b535fa808a9b3bae00bc371271d45db200a5cbf433e2f6dd03b7c7fcc040781e5151c9badb787e7e1e2f39d60998919aa8dbd156f31a5b7fa5f9e5ec01e8c799edc322703c7fc4a81ab9bc02dd96714ee9d7e75d28d040ff3566404fd6db547a4b553197c1f316d20ea54f9459cd81351a510d101e90eabe6dc6c6ac3ffa189c073a5fb3fc382df620bf5af9e638819c77a051e6875866a849f6f578c068c0e4c7cfbc15033997efa853c96297b3201dd30ea40dc94d010a0c33da9f63a10b8f813dc789b80be3bb3f00ee58b30d5c03a6ddbf418ac1b3d4a13839e4b273c4f914bed13f8806295495d41609478798396aeec06e8d342efd8ac6b422f6c23a011b1400000000000000bc2a02094e19a1ee8bb3c3c0c088ae8efaf68c85001faf7cf5426fb7c5c367ed93eb25c48a293549d15b91b59f1b574b3f6171f8e56a402ec56bdf51d90312b3ca5398f4050000007504be21456ec953bf06f12fff20c31e7c8b55fee5c49aa939830b09995ff149258118f9aae29206f9731288b56b10de51525665fdb4e289b1c177df97af3085f82045fbd012f1dde94ffecd90b7b63d8197d9c24a6fe5915ac7d7240847f6d0bf9099ee117c83e363f2ad36a4a9f4faa5734afe9770c38c565cae87a408d0acbb2db7db9174acab60a344814ee643fa82ba41706d2360269ed276e13dd83abbc258f07b0d58ab0b65290b18b7f9f871bcb43fec5a2e3789ecd0c1069d2da80b93c86dff8933e70c2108346003ddf6b60379eee63b66e7341cdd8f87ed9f11894c9ae040976321d87405b492f419ebfa77eb367ca6e360b808451102f54893d7d1695c24bcc184b1e7d19940a2b6931ade8638dd2b85a86dc511dbb97f5035d07ca024076e8581db332b1c5f135fe6b2e9d2c18c9d5d5a524d3d5b2657e4b28f1a09696bd5b076a1471c8b2ab2ca3ba57843af1d03590f4e8985e1c463c781bb03ad7ec816ea70bbe06411aae001e0ca72ee7e828ad14bb7a092d883ad000554bf7f00000000000075cc01f8a2e1802192f09e77bc488b3bd3f08a9ce88ba2e2bcc23cf5d7372b339ce1f5003db0ad70fa6e93aa908a2ced81f5514e23e2f94ff03c1c02f5a9195f4735563efd0a1fc7dafcfb3dae043fe0c172ec3a12747d7abf4382bf7453c13df994641017a0f461add956ef8f834b762af30408af6a61f317fd3c7b0816236a768601b7c6606ba52ff126eb13d33c915c5da99d118db488da3f3d7783a608282a93fcbe0910f0389c3ef91de7c84e23daa6554c42b2b3e9f70a9f790f29011a0b5101b23bfeba6e52877ed8a188958e39375dd203d434bef4dc82cc8a21fc40c6e6e6a2475f70bf1503beb9555036e606a9d3239d1df6f2e9ef16dee590b15ac028c6d873bb2965374b733d8e11ba763ab157ed91dd871b098c0543dcbba4cf67db8c83c84369dc67735fa4faa0fdcf34b1c6a862ccae9fe4fa28746504643b57f02623a2ef34ea90f2e7f7dd771f8f75217c799d978a3533fcfab6c6f5391b626d61b400f08172fc675e2a062d06c31b85452804f7b125c291f60a02a5d62271e96fe70d64bae36e28b42e197259169ebee8f64355544fbad8b83c1c8fad02cd1a2e56a6f6e82ec7719a48a1bea803546b8af7a89faf7cef94d8ada45fc0a98a79ba90c95262f0110725c6bf7c81237534dcd6a8a113bd8ac48b7db5526ab762cec103674742476cd6b92b8c7abcfb1f8e08f0a05c1b209187049f3206bd545e8c20f8db6d8a7cdd0c9ecbb9011b611a013cd581521dfcb028d59d5c69d286fb93e4c498b3aaff7e0cdcf1f41fec65ebdbe4c2bf453140251cdd94c32b87c4634d6500000000000000000000000000000000816e6c33f92dca3e03c400"/2294], 0x3, 0x5e9d, &(0x7f000000bc00)="$eJzs3cuOHFcZB/CvL9NzMXGsCEXGYjFxICSE+G5DuMVhwQIWIKGssTWZRAYHkG0QiSw8kReIDfAIsPGGRV6BB8gzoDwAlmzYZEEoVDPn2DU1Pe4x9nR1z/n9pHHVV6dr+pT/U1PdU1V9AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIH3z/J6d7EXHpN2nBkYjPxSCiH7Fc16tRz1zMjx9GxNHYbI7nI2KwGFGvv/nPsxHnIuLjwxH37t9cqxef2WM/zp+6ce2zH37vH7//0+2jP3v7p3fa7T/+/NmP/nAr4siPXv/os1tPZ9sBAACgFFVVVb30Nv9Yen/f77pTAMBU5ON/leTlarVarX6q9R/7s9UfdaF1UzXerWYRERvNderXDE7HA8Cc2YhPu+4CHZJ/0YYRcajrTgAzrdd1B9gX9+7fXOulfHvN48HqVnv+O+W2/Dd6D+7v2G06Sfsak2n9fN2OQTy3S3+Wp9SHWZLz77fzv7TVPkqP2+/8p2W3/Edbtz4VJ+c/aOffsi3/P0fE3ObfH5t/qXL+w8fJf2Mwx/u//AEAAAAAOPjy3/+PdHz+d/HJN2VPHnX+d3VKfQAAAAAAAACAp+1Jx/97wPh/AAAAMLPq9+q1vxx+uGy3z2Krl7/Vi3im9XigMKuNDwcEAAAAAAAAAAAAAKZjGLGSrutfiIhnVlaqqqq/mtr143rS9edd6dsPJev6lzwAAGz5+HDrXv5exFJEvJU+629hZWWlqpaWV6qVankxv54dLS5Vy433tXlaL1sc7eEF8XBU1d9sqbFe06T3y5Pa29+vfq5RNdhDx6ajw8ABICK2jkb3HJEOmKp6Nrp+lcN8sP8fPPZ/9qLrn1MAAABg/1VVVfXSx3kfS+f8+113CgCYinz8b58XUKvVarVaffDqpmq8W80iIjaa69SvGQzHDwBzZiM+7boLdEj+RRtGxNGuOwHMtF7XHWBf3Lt/c62X8u01jwerW+35WpBt+W/0NtfL64+bTtK+xmRaP1+3YxDP7dKf56fUh1mS8++387+01Z6H+N/v/Kdlt/zr7TzSQX+6lvMftPNvOTj598fmX6qc//Cx8h/IHwAAAAAAZlj++/8R53/zJgMAAAAAAADA3Ll3/+Zavu81n///4pjH9Zpz7v88MHL+vT3n7/7fgyTn32/n37ogZ9CYv/vmw/z/df/m2p0b//xCns58/guDUf3cC73+YJiu+akW3okrcTXW49SOxw+3tZ/e0b6wrf3MhPazO9pHdftybj8Ra/HLuBpvP2hfnHBh1NKE9mpCe85/YP8vUs5/2Piq819J7b3WtHb3w/6O/b45Hfc8F//2n5d27l3TdzsGD7atqd6+4x30Z/P/5NAofn19/dqJ316+cePa6UiTbUvPRJo8ZTn/hfSV83/5xa32/Hu/ub/e/XD02PnPitsx3DX/Fxvz9fa+MuW+dSHnP0pfOf98BBq//89z/rvv/6920B8AAAAAAAAAAAAAAAB4lKqqNm8RvRgRF9L9P13dmwkATFc+/ldJXq5Wq9Vq9UGqPzk0W/3pqm6qxnujWUTE35vr1K8ZfjfumwEAs+y/EfFJ152gM/IvWP68v3r6pa47A0zV9fc/+Pnlq1fXr13vuicAAAAAAAAAwP8rj/+52hj/efM6oNa40dvGf30zVud2/M/+aLA51nnaoBfi0eN/H49Hj/89nPB8CxPaRxPaFye0L01oH3ujR0PO/4WUcc7/WNqwksZ/fbmD/nQt5388jfWc8/9K63HN/Ku/znP+/W35n7zx3q9OXn//g9euvHf53fV3139x+tSFc2fPnzt7/vzJd65cXT+19W+HPd5fOf889rXrQMuS88+Zy78sOf8vp1r+Zcn5v5Rq+Zcl559f78m/LDn//N5H/mXJ+b+SavmXJef/1VTLvyw5/1dTLf+y5Py/lmr5lyXn/1qq5V+WnP+JVMu/LDn/k6mWf1ly/vkMl/zLkvPPVzbIvyw5/zOpln9Zcv5nUy3/suT8z6Va/mXJ+Z9PtfzLkvO/kGr5lyXn//VUy78sOf9vpFr+Zcn5v55q+Zcl5//NVMu/LDn/b6Va/mXJ+X871fIvS87/O6mWf1ly/t9NtfzLkvN/I9XyL8vDz/83Y8bMFGbu/DtiBroxaabr30wAAAAAAAAAAAAAQNs0LifuehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4HztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwt69xchZ3vcDf/fotSHgfzgTB2xzMrCwuz6BQwwmCflT0gMlIW1aUuPYa+PEp3rXnITKptCWKEhFai/oRdMkSqNIbQWqojaVaITUSO1dc9WIm6iVcuELqByUVEoV2OqdeZ5nZ2ZnZ9aHtWfe5/NB9s87887MM++8M7vfRd8ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg0YaPT//JQFEU5Z/aX2uL4uLy36uLXeWXc9sv9AoBAACAs/Ve7e+/vTSdsGsZF2rY5l+v+/fvzs/PzxdfePfk+382P5/OWF8UQ6uKonZe9G+/+Pl84zbBC8XYwGDD14Ndbn6oy/nDXc4f6XL+aJfzV3U5f6zL+Yt2wCKr67+PqV3ZjbV/rq3v0uLyYqR23o1tLvXCwKrBwfi7nJqB2mXmR/YXB4tDxXQxuegyA7X/iuKNDeVtPVjE2xpsuK11RVGc+ulze+MaBsI+vrFourGaxsfunfuL9e/+9Lm93559+5p2s+tuWLTSoti0sVzni0Wx8OuqYqBYlfZJXOdgwzrXtVnnUNM6B2qXK//dus5Ty1xnvN9jYZ0/7LDOdeG0p28oimKuWHKbVi8Ug8WalltN+3usfkSU11E+lB8shk/rONmwjOOkvMxPbmg+TlqPybj/N4R9MrzEGhofjne+PLpov5/pcVLe6144Vsvrfri80bGxxl+tNh2r5TbP3bT0MdD2sWtzDKRjueEY2NjtGBgcHaodA4MLa97YdAxMLbrMYDFQu62TN3U+BiZmDx+bmHnm2TsOHt5zYPrA9JGpye1bt2zbumXbton9Bw9NT9b/Pr1d2kfWFIPpGNwYXmviMXhLy7aNh+T8N87d82CsR54H5X3/zM3lgi4eLJY4xsttXtx09s+D9H2/4Xkw3PA8aPua2uZ5MLyM50G5zalNy/ueOdzwp90aVuq1cG3DMXAhvx+Wt/nYrUu/Fq4L63rpttP9fji06BiId2sgPPfKU9LPe2N3h/2y+Li4tjzjotHixMz08Tuf3jM7e3yqCOO8uKzhsWo9XtY03Kdi0fEyeNrHy66/+eXN17Y5fW3YV2O3d36sym22jnd+rGqv7u33Z9Opm4swzrHzvT/bfTcr92fKEh32Z7nNi3ec/c+CKZc0vP6NdHv9GxoZrr/+DaW9MdL0+rf4oRmqrawoTt2xvNe/kfDnfL/+Xd4jr3/lvnrszs7HQLnNSxOnewwMd3z9uyHMgbCeW0NiGGvI/e/Xzp+rH6YNj2XX42Z4eCQcN8PxFpuPmy2LLlNeW3nbmybP7LjZdEPzY9X0c0sFj5tyX/35ZOfjptzmzamzf+1YHf/Z8Nox2u0YGBkaLdc7kg6C+uvd/Op4DNxZ7C2OFoeKfeky5aNc3tb45uUdA6Phz/l+7bi6R46Bcl+9urnzMVBu84Mt5/Znp03hlLRNw89Orb9fWCrzXzu8cH2tu+1cZ/5ynZ/Y2vl3Q+U2b2893ZzReT/dHk65qM1+an3+LHVM7yvOz366Oqzz0LbOv5sqt7l8+zKPp11FUbw19Vbt913h97t/f+I/vtv0e992v1N+a+qthyYe+dHprB8AgDP3fu3vudH6z5oN/8d6Of//HwAAAOgLMfcPhpnI/wAAAFAZMfcPhZnI/wAAAFAZMfcPh5lkkv+fuHvHa+89X6R3A5wP4vlxNzx8b3272PGeC1+vn19Qnv6xb4289pXnl3fbg0VR/PKhD7Xd/ol747rqjsV1fqT59EWuvn5Zt//4owvbNb5/wqkd9euP92e5h0HsKr8xsbl2veufmarNNx8qavORuZdeqF9//eu4/ckt9e3/Mrxpya79A02X3xTWc2OY68N7yjy8a2E/lDNe7rV11/3LZZ9duL14uYGNl9Tu5qt/UL/e+B5Rr1xW3z7e76XW/89f/c5r5fZP39R+/c8Ptl//yXC9PwnzFzvr2zfu8680rP+Pwvrj7cXL3fnN77dd/+tX1bd/PRwXXw+zdf33/+mH32v3eMXb2XVP/XLx9if/Z2vtcvH64vW3rn/s+amm/dF6/W++W7+enU/+bKhx+3h6vJ3o8Xuaj++B8Pg29ciLovjOHxdN+7n4aP1y/9Sy/nh9x+5pv/7bW9Z5bOD62uUX7s/apvv1tb/e3Pb+xvXs+ru1TffnlQfC/nt34gfl9Z58JByP4fz//WH9+lrfy/T1B5pfb+L2X19bf97G65toWf8rLeufu77cd93X/+C79fW/ft+qpvXv+mQ4nh6sz27rP/BXlzZd/hvfrj8ex58aP3J05sTBfQ17tfF5vGps9ZqLLv7AJZeG19LWr3cfnX1i+vj6yfWTRbG+D98ycKXX/80w/7s+5s79LdT96Gf14+7lT9W/b93y8/rXr4TTHw+PZ/z++LW/GGk6Xlsf97n76vNs139bWMdyXfXV/7p+WRue/PwbJ/7xD99u/bkg3p9jV4zV7t+rG66snTfwZv381terbv7ziubn9Y+HJ2vze2G/zod3Zt54Zf32Wq8/vjfJy5+uP3/jT3Lx8kXL+4msHWq+H2e7/h+Hn2O+f3Xz6188Pr73fMu7Oa8tBsolzIXXh2Kufn7cKu7vl09d2fb24vvwFHPXnM4ylzTzzMzEoYNHTjw9MTs9Mzsx88yzuw8fPXFkdnftvUt3f7Hb5Ree32tqz+9909u3FrVn+9H6WGEXev3HHt27767Jm/dN799zYv/so8emjx/YOzOzd3rfzM179u+ffqrb5Q/u2zm1eceWuzaPHzi4b+fdO3Zs2TF+8MjRchn1RXWxffJL40eO765dZGbn1h1T27ZtnRw/fHTf9M67JifHT3S7fO1703h56SfHj08f2jN78PD0+MzBZ6d3Tu3Yvn1z13d/PHxs/8z6ieMnjkycmJk+PlG/L+tnayeX3/u6XZ48zBwNr3ctBsJP55+7fXt6f9zSt7685FXVN2n+8bR4J7wXVPz+1u3rmPtHwkwyyf8AAACQg5j7wxv/L5wh/wMAAEBlxNy/KsxE/gcAAIDKiLl/LMwkk/yv/6//r/+v/78i/f/4IOn/6//r/+v/d6D/r//fz+vX/9f/p7te6//H3L+6KLLM/wAAAJCDmPvXhJnI/wAAAFAZMfdfFGYi/wMAAEBlxNx/cZhJHvl/pPWf+v/6//r/jf3/uK3+f+Hz//X/z5D+v/5/J/r/+v/9vP4e7P+vXvn+/8Ixrf/Pciyr/z+6cPpK9/9j7v9AmEke+R8AAACyEHP/JWEm8j8AAABURsz9l4aZyP8AAABQGTH3rw0zyST/+/x//X/9f5//r/+v/7+S9P/1/zvR/9f/7+f192D/3+f/03N67fP/Y+7/f2EmmeR/AAAAyEHM/R8MM5H/AQAAoDJi7r8szET+BwAAgMqIuf/yMJNM8r/+v/6//r/+v/5///T/T6+Z3Bv0//X/O9H/1//v5/Xr/+v/012v9f9j7r8izCST/A8AAAA5iLn/yjAT+R8AAAAqI+b+q8JM5H8AAACojJj7rw4zyST/93v/f7j1gvr/+v/6//r/4fQq9v99/v9i+v/6/4X+/xm70P35fl+//r/+P931Wv8/5v5rwkwyyf8AAACQg5j7rw0zkf8BAACgMmLu/1CYifwPAAAAlRFz/7owk0zyf7/3/xfR/9f/1//X/w+n6//3hv7q/w8ueY7+f53+fzP9f/1//X/9fzpbov9/6kL1/2Pu/3CYSSb5HwAAAHIQc/91YSbyPwAAAFRGzP3Xh5nI/wAAAFAZMfevDzPJJP/r/+v/6//r/+v/6/+vpP7q/y9N/79O/7+Z/r/+v/6//j+d9drn/8fcvyHMJJP8DwAAADmIuX9jmIn8DwAAAJURc/8NYSbyPwAAAFRGzP03hplkkv/1//X/9f/1//X/9f9Xkv6//n8n+v/6//28fv3/5fX/R7tdEZXWa/3/mPtvCjPJJP8DAABADmLuvznMRP4HAACAyoi5/5YwE/kfAAAAKiPm/k1hJpnkf/1//X/9f/1//X/9/5Wk/6//34n+v/5/P69f/9/n/9Ndr/X/Y+6/Ncwkk/wPAAAAOYi5/7YwE/kfAAAAKiPm/tvDTOR/AAAAqIyY+8fDTDLJ//r/+v/6//r/+v/6/yupqv3/9Dqq/6//r/+v/6//r//Pknqt/x9z/x1hJpnkfwAAAMhBzP13hpnI/wAAAFAZMfdPhJnI/wAAAFAZMfdPhplkkv/1//X/9f/1//X/9f9XUlX7/z7/X/+/0P/X/9f/1/+nq17r/8fcPxVmkkn+BwAAgBzE3L85zET+BwAAgMqIuX9LmIn8DwAAAJURc//WMJNM8r/+/xn2/1c1f6n/3379+v/6//r/+v/6//r/nej/6//38/r1//X/aTbY5rRe6//H3L8tzCST/A8AAAA5iLl/e5iJ/A8AAACVEXP/XWEm8j8AAABURsz9d4eZZJL/9f99/r/+v/6//n+/9v9Hi36g/6//34n+v/5/P69f/1//n+56rf8fc/+OMJNM8j8AAADkIOb+j4SZyP8AAABQGTH33xNmIv8DAABAX2n3OYRRzP0fDTPJJP/r/1e9/z+/Sv9f/1//v/P6+7f/3x/0//X/O9H/1//v5/Xr/+v/012v9f9j7t8ZZpJJ/gcAAIAcxNx/b5iJ/A8AAACVEXP/fWEm8j8AAABURsz9u8JMMsn/+v9V7//7/H/9//7p/4/Ex1X/X///NOj/6/8X+v9n7Ez78+HHFv3/Hur/l8eQ/j+9qNf6/zH33x9mkkn+BwAAgBzE3P+xMBP5HwAAACoj5v6Ph5nI/wAAAFAZMfd/Iswkk/yv/6//r/+v/98r/f9I/1///3To/+v/F/r/Z+xC9+f7ff291P/3+f/0ql7r/8fc/0CYSSb5HwAAAHIQc/8nw0zkfwAAAKiMmPv/f5iJ/A8AAACVEXP/g2EmmeR//X/9f/1//X/9f/3/laT/r//fif6//n8/r1//X/+f7nqt/x9z/6+EmWSS/wEAACAHMfc/FGYi/wMAAEBlxNz/qTAT+R8AAAAqI+b+Xw0zyST/6/+fn/7/YLp+/X/9f/1//X/9/3NJ/1//v9D/P2MXuj/f7+vX/9f/p7te6//H3P9rYSaZ5H8AAADIQcz9vx5mIv8DAABAZcTc/xthJvI/AAAAVEbM/Q+HmWSS//X/ff6//r/+v/6//v9K0v/X/+9E/1//v5/Xr/+v/093vdb/j7n/N8NMMsn/AAAAkIOY+x8JM5H/AQAAoDJi7v90mIn8DwAAAJURc/9nwkwyyf/6//r/+v/6//r/+v8rSf9f/78T/X/9/35ev/6//j/d9Vr/P+b+R8NMMsn/AAAAkIOY+z8bZiL/AwAAQGXE3P9bYSbyPwAAAFRGzP2/HWaSSf7X/9f/1//X/9f/1/9fSfr/i/v/5WvYhez/jy5nQ/3/ZdH/1//X/9f/p7Ne6//H3P+5MJNM8j8AAADkIOb+3wkzkf8BAACgMmLu/90wE/kfAAAAKiPm/sfCTDLJ//r/+v/6//r/+v/6/ytJ/9/n/3ei/6//38/r1//X/6e7Jfr/p/4h/ON89/9j7v98mEkm+R8AAAByEHP/74WZyP8AAABQGTH37w4zkf8BAACgMmLufzzMJJP8r/+v/6//r/+v/6//v5L0//X/O9H/1//v5/Xr/+v/012vff5/zP17wkwyyf8AAACQg5j7vxBmIv8DAABAZcTcvzfMRP4HAACAyoi5f1+YSSb5X/9f/1//X/9f/1//fyXp/+v/d6L/r//fz+vX/9f/p7te6//H3D8dZpJJ/gcAAIAcxNy/P8xE/gcAAIDKiLn/QJiJ/A8AAACVEXP/E2EmmeR//X/9f/1//X/9f/3/laT/r//fif6//n8/r1//X/+f7nqt/x9z/8Ewk0zyPwAAAOQg5v4vhpnI/wAAAFAZMfd/KcxE/gcAAIDKiLn/UJhJJvlf/1//X/9f/1//X/9/Jen/6/93ov+v/9/P69f/1/+nu17r/8fcfzjMJJP8DwAAADmIuf9ImIn8DwAAAJURc//RMBP5HwAAACoj5v5jYSaZ5H/9f/1//X/9f/1//f+VpP+/uP8/Gq5T/1//X/+/v9ev/6//T3e91v+Puf/3w0wyyf8AAACQg5j7j4eZyP8AAABQGTH3z4SZyP8AAABQGTH3z4aZZJL/9f/1//X/9f/1//X/V5L+v8//70T/X/+/n9ev/6//T3e91v+Puf9EmEkm+R8AAAByEHP/k2Em8j8AAABURsz9T4X5f+zddY4g9xHH0XGikKIoZ8kJcoScIbcIMznMzMzMzMwOM7MTh1FyFE9VrRXvdC+4Pd1V7/3hMqzknzyWpa+sj7rY/wAAANBG7v77xC1D9r/+X/+v/99N/3/a+en/9f/6/8ui/7/N+/+b/pXX/5/S/+v/9f/6f5btrf/P3X/fuGXI/gcAAIAJcvffL26x/wEAAKCN3P33j1vsfwAAAGgjd/8D4pYh+1//r//X/++m//f9//y56v/1/5dB/+/7/yf6/yt23v380d+v/9f/s25v/X/u/gfGLUP2PwAAAEyQu/9BcYv9DwAAAG3k7n9w3GL/AwAAQBu5+x8StwzZ//p//b/+X/+v/9f/b0n/r/9fov/X/x/5/fp//T/r9tb/5+5/aNwyZP8DAADABLn7Hxa32P8AAADQRu7+h8ct9j8AAAC0kbv/EXHLkP2v/9f/6//1//p//f+W9P/6/yX6f/3/kd+v/9f/s25v/X/u/kfGLUP2PwAAAEyQu/9RcYv9DwAAAG3k7n903GL/AwAAQBu5+x8TtwzZ//p//b/+X/+v/9f/b0n/r/9fov/X/x/5/fp//T/rNu//73XtTfdS+//c/dfGLUP2PwAAAEyQu/+xcYv9DwAAAG3k7n9c3GL/AwAAQBu5+x8ftwzZ//p//f+F/v/Ga/T/+n/9/4U/r/+/dej/9f9L9P977f8v7Z+E/l//r/9nzeb9/0rv//9/nLv/CXHLkP0PAAAAE+Tuf2LcYv8DAABAG7n7nxS32P8AAADQRu7+J8ctQ/b/Ufr/u+Tv6P99/1//r//X/x+K/l//v0T/v9f+3/f/r7b/v+clvF//zwR76/9z9z8lbhmy/wEAAGCC3P1PjVvsfwAAAGgjd//T4hb7HwAAANrI3f/0uGXI/j9K/+/7//r/i71f/6//P9H/757+X/+/RP+v/z/y+33/X//Pur31/7n7nxG3DNn/AAAAMEHu/mfGLfY/AAAAtJG7/1lxi/0PAAAAbeTuf3bcMmT/6//1//p//f9V9f+31//r/5fp/5f7/2uu8v36/1P6/ytz3v380d9/9f3//36r/6e3vfX/ufufE7cM2f8AAAAwQe7+58Yt9j8AAAC0kbv/eXGL/Q8AAABt5O5/ftwyZP/r//X/+n/9v+//6/+3pP9v9/3/a/T/F+j/9f++/6//Z9ne+v/c/S+IW4bsfwAAAJggd/8L4xb7HwAAANrI3f+iuMX+BwAAgDZy9784bhmy//X/+n/9v/5f/6//35L+v13/7/v/N6P/1//r//X/LNtb/5+7/yVxy5D9DwAAABPk7n9p3GL/AwAAQBu5+18Wt9j/AAAA0Ebu/pfHLUP2v/5f/6//1//r//X/W9L/6/+X6P8v3v/f+Yy/n/5/X+/X/+v/Wbe3/j93/yviliH7HwAAACbI3f/KuMX+BwAAgDZy978qbrH/AQAAoI3c/a+OW4bs/7P6/xvuevrX9f+XRv9/8ffr//X/+n/9v/5f/79E/+/7/0d+v/5f/8+6vfX/uftfE7cM2f8AAAAwQe7+18Yt9j8AAAC0kbv/dXGL/Q8AAABt5O5/fdwyZP/7/r/+X/+v/9f/6/+3pP/X/y/R/+v/j/x+/b/+n3V76/9z978hbhmy/wEAAGCC3P1vjFvsfwAAAGgjd/+b4hb7HwAAANrI3f/muGXI/tf/6//Pvf+/3dn9f/4E9P/6/xP9v/7/DPp//f+J/v+KnXc/f/T36//1/6zbW/+fu/8tccuQ/Q8AAAAT5O5/a9xi/wMAAEAbufvfFrfY/wAAANBG7v63xy1D9r/+X/9/7v2/7/8X/X/8XPX/+v/LoP/X/5/o/6/YeffzR3+//l//z7q99f+5+98RtwzZ/wAAADBB7v53xi32PwAAALSRu/9dcYv9DwAAAG3k7n933DJk/+v/9f/6f/2//l//vyX9v/5/if5f/3/k9+v/9f+s21v/n7v/PXHLkP0PAAAAE+Tuf2/cYv8DAABAG7n73xe32P8AAADQRu7+98ctQ/a//v/o/f+9r48X6P/1//p//f8u6f/1/0v0//r/I79f/6//Z93e+v/c/R+IW4bsfwAAAJggd/8H4xb7HwAAANrI3f+huMX+BwAAgDZy9384bhmy/2f0/3e4xS/r0//7/r/+X/+v/983/b/+f4n+X/9/5Pfr//X/rNtb/5+7/yNxy5D9DwAAABPk7v9o3GL/AwAAQBu5+z8Wt9j/AAAA0Ebu/o/HLUP2/4z+/5b0/6du9f7/xrvr//X/Rf+v/z/R/+v/V+j/9f9Hfr/+X//Pur31/7n7PxG3DNn/AAAAMEHu/k/GLfY/AAAAtJG7/1Nxi/0PAAAAbeTu/3TccI+7nd+TblP6f/2/7//r//X/+v8t6f/1/0v0//r/I79f/6//Z93e+v/c/Z+JW/z/fwAAAGgjd/9n4xb7HwAAANrI3f+5uMX+BwAAgDZy938+bhmy//X/+n/9v/5f/6//35L+X/+/RP+v/z/y+/X/+n/W7a3/z93/hbhlyP4HAACACXL3fzFusf8BAACgjdz9X4pb7H8AAABoI3f/l+OWIftf/6//1//r//X/+v8t6f/1/0v0//r/I79f/6//Z93e+v/c/V+JW4bsfwAAAJggd/9X4xb7HwAAANrI3X9d3GL/AwAAQBu5+78WtwzZ//p//b/+X/+v/9f/b0n/r/9fov+/Wf+f/zHR/x/m/fp//T/r9tb/5+7/etwyZP8DAADABLn7vxG32P8AAADQRu7+b8Yt9j8AAAC0kbv/W3HLkP3fuf9f+mX6/1P6f/3/if5f/78x/b/+f4n+3/f/j/x+/b/+n3V76/9z9387bhmy/wEAAGCC3P3fiVvsfwAAAGgjd/934xb7HwAAANrI3f+9uGXI/u/c/y/R/5/S/+v/T/T/+v+N6f/1/0v0//r/I79f/6//Z93e+v/c/d+PW4bsfwAAAJggd/8P4hb7HwAAANrI3f/DuMX+BwAAgDZy9/8obhmy//X/+n/9v/5f/6//35L+X/+/RP+v/z/y+/X/+n/W7a3/z93/47hlyP4HAACACXL3/yRusf8BAACgjdz9P41b7H8AAABoI3f/z+KWIftf/6//1//r//X/+v8t6f/1/0v0//r/I79f/6//Z93e+v/c/T+PW4bsfwAAAJggd/8v4hb7HwAAANrI3f/LuMX+BwAAgDZy9/8qbhmy//X/+n/9v/5f/6//35L+X/+/RP+v/z/y+/X/+n/W7a3/z93/67hlyP4HAACACXL3/yZusf8BAACgjdz9v41b7H8AAABoI3f/7+KWIftf/6//1//r//X/+v8t6f/1/0v0//r/I79f/6//Z93e+v/c/dfHLUP2PwAAAEyQu//3cYv9DwAAAG3k7v9D3GL/AwAAQBu5+2+IW4bs/879/3V3PPuX6f9Pte3/76T/1//r//dC/6//X6L/1/8f+f36f/0/6/bW/+fu/2PcMmT/AwAAwAS5+/8Ut9j/AAAA0Ebu/j/HLfY/AAAAtJG7/y9xy5D937n/X6L/P9W2//f9f/2//n839P/6/yX6f/3/kd+v/9f/s25v/X/u/r/GLUP2PwAAAEyQu/9vcYv9DwAAAG3k7v973GL/AwAAQBu5+/8RtwzZ//p//b/+X/+v/9f/b0n/r/9fov/X/x/5/fp//T/r9tb/5+7/Z9wyZP8DAADABLn7/xW32P8AAADQRu7+f8ct9j8AAAC0kbv/P3HLkP2v/9f/6//1//p//f+W9P/6/yX6f/3/kd+v/9f/s25v/X/u/v8GAAD//59qIuc=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x1eb182, 0x0)
sendfile(r0, r1, 0x0, 0x20fffe82)
creat(&(0x7f00000002c0)='./file0\x00', 0x1)

924.910939ms ago: executing program 5 (id=2602):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
write$tun(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="000086dd0500560008005400000060ec970001983a00fc000018c6ba35000000000000000700ff02000000000000000000000000000100000000000000cc00000000000000000000000000000000860090780000000000000000000000000000ee3f000000002b036f8c006e64021d683910c3090b3188a7c747eb2278a273c1b80029442911892704"], 0xfdef)

873.466046ms ago: executing program 2 (id=2603):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000180)={0x1c, &(0x7f00000000c0)={0x40, 0x14}, 0x0, 0x0})

862.783593ms ago: executing program 4 (id=2604):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = syz_io_uring_setup(0x12de, &(0x7f0000000300)={0x0, 0x2000, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000180)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x80, &(0x7f0000000540)=@l2tp6={0xa, 0x0, 0x7, @mcast1, 0xbf6b}})
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r1, 0x5b43, 0x0, 0x20, 0x0, 0x0)

730.785514ms ago: executing program 1 (id=2605):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x2, r1})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000040)={0x48, 0x1, r1, 0x0, 0xe, 0x201000000000005})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000001340)={0x28, 0x2, r1, 0x0, &(0x7f00003bd000/0x3000)=nil, 0x3000, 0x80})

639.576018ms ago: executing program 4 (id=2606):
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='bridge0\x00', 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x1, &(0x7f0000000040)=0x10, 0x4)

474.299422ms ago: executing program 1 (id=2607):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='memory.current\x00', 0x26e1, 0x0)
close(r0)
r1 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$kcm(r1, &(0x7f00000004c0)={&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r1, 0x4, 0x3, 0x2, 0x0, {0xa, 0x4e24, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}}}, 0x80, 0x0}, 0x2000f765)
ioctl$SIOCSIFHWADDR(r0, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00', @link_local})

421.971554ms ago: executing program 4 (id=2608):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r0, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a80)={0x6, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r1}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0x6, 0x3, &(0x7f0000000080)=@framed, &(0x7f00000000c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94)

420.939747ms ago: executing program 5 (id=2609):
bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000002640)=""/4096, 0x1000}, {&(0x7f0000000600)=""/235, 0xeb}, {&(0x7f0000000540)=""/167, 0xa7}], 0x3}, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="364000002600913e"], 0xfe33)

247.580527ms ago: executing program 4 (id=2610):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000d3e457201e040b40e73e000000010902120001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)

247.349941ms ago: executing program 1 (id=2611):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x5, 0x14, 0x0, &(0x7f0000000000)="259a53f271a76d2608004c6588a80a38667d2f15", 0x0, 0x7f, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

246.136426ms ago: executing program 6 (id=2612):
r0 = socket$igmp6(0xa, 0x3, 0x2)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000600), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_WOWLAN(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000680)={0x28, r2, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5, 0x69}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x4040)

63.443476ms ago: executing program 5 (id=2613):
r0 = io_uring_setup(0xf08, &(0x7f00000003c0)={0x0, 0xfb6e, 0x38c1, 0x4, 0xf0})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f000000c000/0x1000)=nil, &(0x7f000001f000/0x1000)=nil, &(0x7f0000015000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f000000c000/0x4000)=nil, &(0x7f000001d000/0x3000)=nil, &(0x7f0000012000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0}, 0x68)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000bf00)=@newtaction={0x114, 0x30, 0x200, 0x70bd29, 0x25dfdbfc, {}, [{0x100, 0x1, [@m_police={0xfc, 0x18, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x1, 0xffffffffffffffff, 0x4, 0x3, 0x1, {0x95, 0x1, 0xb, 0x8, 0xf6, 0xfffffffa}, {0x9, 0x0, 0xff, 0x8, 0x1bed, 0x9}, 0x8000000, 0x80000001, 0x3e}}]]}, {0x91, 0x6, "d087ea06528c49fdd2f8773f075474c04e24bc674ffa7ff4197b8c118cc36a8e001b7d028a120757d4654d50a353ead91a7a8f546058e1e06aeba141f04e8c8f60d4a6dd1d10e16ae223becd5c2583c59cc4e64da4c9326fcb393fb3bb6f5f78d65fac872fcc3379a2a19a96bc60620de4fbf47ad7465e3d683e455b7be48a691989371090b6663fb5bc5955c4"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x80}, 0x4000080)
io_uring_register$IORING_REGISTER_FILES(r0, 0x20, &(0x7f0000000000)=[r0], 0x1)

52.26098ms ago: executing program 6 (id=2614):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000340)={0xa, 0x3, 0x3, @ipv4={'\x00', '\xff\xff', @remote}, 0xfffffffe}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000003c0), 0x3)

645.471µs ago: executing program 0 (id=2615):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x65)
syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

0s ago: executing program 1 (id=2616):
syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file1\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x287, &(0x7f0000001d00)="$eJzs3U1rE0Ecx/HfbJIm2lK3DyKIp2rBk/ThIl4KknfgxZOoTYRiqKAV1FP1LL4A730LvgCPnsSz4K0nX0BukZmdmE2ym01Dt5uk3w8kbLrzn53Jznbmv6WsAFxaD+t/TnZP7ctIJZUkPZACSTWpLOm6btTeHh4dHLWajVEVlVyEfRlFkWaozP5hMynUxrkIL7SfylqK/wz5qP3WcdFtQPHc1Z8gkKr+6nT7axfesnxc9kFv2mrrnZaLbgcAoFh+/g/8PL/k1+9BIG36ab9//p/xCbRddANy9j1jf2z+d1lWx9jze83t6uV7LoUrq+KDTnZPJ2nLgqKR1bfANFlZpWtLcOXFQat5b/9VqxHok/a8Sq/YuntvREO3q5vT2u2Pw1Vv+Nx0zPwyXtvZLLo+VGwfduLtjxVZO98jZjM/zE/zxIT6qsb/9V+5Y+xpcmcqHDhTUfu30mt0vVyQK5XSyxV3kJv+CN7IXpaUkpGoO6JWBk5gmNVOF7U6EBX1bjsjai0xaicjan0wqjea0yPzZr6Yx2ZDf/VN9dj6P7Df9qbGuTJtGVfSj4yR/Sm7kqGbT/wdoeNbiSWDSXuECXzWc93X8pv3H14+a7War+d2w16JU9CMqdroDoJpac/cbtgvuZCjd+edyetJ/9XBbfn50TvpZwxkEMwLu+4yUf4Xy1e23GLNvoX96/RqPLaTVXmsxu2U3GDVvV9Nz+D6GHfrYTHhr4vDRxyZc92+K90Z54iR0Ldz+uxNEmTq+qWn3P8HAAAAAAAAAAAAAAAAAACYNef3Lwc1pe0quo8AAAAAAAAAAAAAAAAAAAAAAMy6hOf/Vgt9/u8jRZ94/i+Qu38BAAD//0lmcxY=")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000240))
chdir(&(0x7f00000003c0)='./bus\x00')
creat(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='freezer.parent_freezing\x00', 0x275a, 0x0)

kernel console output (not intermixed with test programs):

nds beyond EOD, truncated
[  313.559737][ T5947] usb 3-1: new full-speed USB device number 20 using dummy_hcd
[  313.766171][ T5947] usb 3-1: config 4 has an invalid interface number: 1 but max is 0
[  313.787546][ T5947] usb 3-1: config 4 has no interface number 0
[  313.826720][ T5947] usb 3-1: config 4 interface 1 has no altsetting 0
[  313.881512][ T5947] usb 3-1: New USB device found, idVendor=2639, idProduct=0013, bcdDevice=21.c0
[  313.919448][ T5947] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.947792][ T5947] usb 3-1: Product: syz
[  313.970899][ T5947] usb 3-1: Manufacturer: syz
[  313.993989][ T5947] usb 3-1: SerialNumber: syz
[  314.241593][T10726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  314.260510][T10726] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  314.283444][T10743] loop4: detected capacity change from 0 to 4096
[  314.339190][T10743] ntfs3(loop4): ino=b, mi_enum_attr
[  314.348777][T10743] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  314.367378][T10743] ntfs3(loop4): Failed to load $Extend (-22).
[  314.379887][T10743] ntfs3(loop4): Failed to initialize $Extend.
[  314.384298][ T5947] xsens_mt 3-1:4.1: xsens_mt converter detected
[  314.420073][ T5947] usb 3-1: xsens_mt converter now attached to ttyUSB0
[  314.449279][ T5947] usb 3-1: USB disconnect, device number 20
[  314.520582][ T5947] xsens_mt ttyUSB0: xsens_mt converter now disconnected from ttyUSB0
[  314.543893][ T5947] xsens_mt 3-1:4.1: device disconnected
[  314.715744][   T30] audit: type=1800 audit(1760816083.673:210): pid=10743 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1785" name="file1" dev="loop4" ino=30 res=0 errno=0
[  315.449021][T10764] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1792'.
[  315.597854][T10770] loop1: detected capacity change from 0 to 128
[  315.633530][T10770] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  315.661529][T10770] hpfs: filesystem error: improperly stopped
[  315.670437][T10770] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  315.718712][T10770] hpfs: You really don't want any checks? You are crazy...
[  315.741722][T10770] hpfs: hpfs_map_sector(): read error
[  315.747104][T10770] hpfs: code page support is disabled
[  315.790907][T10770] hpfs: hpfs_map_4sectors(): unaligned read
[  315.796880][T10770] hpfs: hpfs_map_4sectors(): unaligned read
[  315.803326][ T5923] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  315.827304][T10770] hpfs: filesystem error: unable to find root dir
[  315.847658][T10770] hpfs: hpfs_map_4sectors(): unaligned read
[  315.873101][T10770] hpfs: hpfs_map_sector(): read error
[  315.895288][T10757] loop5: detected capacity change from 0 to 32768
[  315.916097][T10776] loop3: detected capacity change from 0 to 128
[  315.934208][T10757] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1789 (10757)
[  315.960513][T10776] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  315.965047][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  315.992922][T10757] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  316.004921][T10776] hpfs: filesystem error: improperly stopped
[  316.013638][T10757] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  316.023895][ T5923] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.031155][T10776] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  316.058062][ T5923] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  316.067694][T10776] hpfs: You really don't want any checks? You are crazy...
[  316.075045][ T5923] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  316.075084][ T5923] usb 3-1: Manufacturer: syz
[  316.099270][ T5923] usb 3-1: config 0 descriptor??
[  316.129900][T10776] hpfs: hpfs_map_sector(): read error
[  316.159126][T10776] hpfs: code page support is disabled
[  316.224144][T10776] hpfs: hpfs_map_4sectors(): unaligned read
[  316.249700][T10776] hpfs: hpfs_map_4sectors(): unaligned read
[  316.279220][T10776] hpfs: filesystem error: unable to find root dir
[  316.318785][T10757] BTRFS info (device loop5): enabling ssd optimizations
[  316.352467][T10757] BTRFS info (device loop5): turning on async discard
[  316.380878][T10757] BTRFS info (device loop5): enabling free space tree
[  316.517098][T10805] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1804'.
[  316.526356][T10805] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1804'.
[  316.558134][T10756] BTRFS info (device loop5): balance: start -s
[  316.566254][T10756] BTRFS info (device loop5): left=0, need=98304, flags=2
[  316.574463][T10756] BTRFS info (device loop5): space_info SYSTEM (sub-group id 0) has 0 free, is not full
[  316.584760][T10756] BTRFS info (device loop5): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0
[  316.598402][T10756] BTRFS info (device loop5): global_block_rsv: size 1441792 reserved 1441792
[  316.607539][T10756] BTRFS info (device loop5): trans_block_rsv: size 0 reserved 0
[  316.615274][T10756] BTRFS info (device loop5): chunk_block_rsv: size 0 reserved 0
[  316.623098][T10756] BTRFS info (device loop5): delayed_block_rsv: size 0 reserved 0
[  316.630952][T10756] BTRFS info (device loop5): delayed_refs_rsv: size 0 reserved 0
[  316.689981][T10756] BTRFS info (device loop5): relocating block group 1048576 flags system
[  316.808780][T10756] BTRFS info (device loop5): balance: ended with status: 0
[  317.124129][T10816] loop0: detected capacity change from 0 to 4096
[  317.235675][T10820] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  317.252447][T10820] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  317.300092][T10814] loop3: detected capacity change from 0 to 32768
[  317.319912][ T5923] uclogic 0003:256C:006D.0017: failed retrieving string descriptor #100: -71
[  317.328743][ T5923] uclogic 0003:256C:006D.0017: failed retrieving pen parameters: -71
[  317.344367][T10816] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  317.351012][ T5923] uclogic 0003:256C:006D.0017: failed probing pen v1 parameters: -71
[  317.362187][ T5923] uclogic 0003:256C:006D.0017: failed probing parameters: -71
[  317.364103][T10814] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  317.380265][T10814] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  317.414397][T10814] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  317.425157][ T5910] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  317.432665][T10816] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  317.439756][ T5910] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  317.449752][ T5923] uclogic 0003:256C:006D.0017: probe with driver uclogic failed with error -71
[  317.466195][T10816] ntfs3(loop0): Failed to initialize $Extend/$Reparse.
[  317.476350][ T5923] usb 3-1: USB disconnect, device number 21
[  317.483438][ T5835] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  317.712063][ T5910] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 272ms
[  317.736452][ T5910] gfs2: fsid=syz:syz.0: jid=0: Done
[  317.746422][T10814] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  317.767531][T10814] gfs2: fsid=syz:syz.0: gfs2_check_dirent: gfs2_dirent too small (not first in block)
[  317.778064][T10814] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 12 2341, function = gfs2_dirent_scan, file = fs/gfs2/dir.c, line = 590
[  317.793369][T10814] gfs2: fsid=syz:syz.0: G:  s:SH n:2/925 f:aqo t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1
[  317.802709][T10814] gfs2: fsid=syz:syz.0:  H: s:SH f:H e:0 p:10814 [syz.3.1808] __gfs2_lookup+0xa0/0x290
[  317.812710][T10814] gfs2: fsid=syz:syz.0:  I: n:12/2341 t:4 f:0x00 d:0x00000001 s:3864 p:0
[  317.821196][T10814] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  317.828410][T10814] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  317.838806][T10814] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  317.845521][T10814] gfs2: fsid=syz:syz.0: File system withdrawn
[  317.851865][T10814] CPU: 0 UID: 0 PID: 10814 Comm: syz.3.1808 Not tainted syzkaller #0 PREEMPT(full) 
[  317.851910][T10814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  317.851932][T10814] Call Trace:
[  317.851943][T10814]  <TASK>
[  317.851956][T10814]  dump_stack_lvl+0x16c/0x1f0
[  317.852019][T10814]  gfs2_withdraw+0xa8b/0x1130
[  317.852092][T10814]  ? __pfx_gfs2_withdraw+0x10/0x10
[  317.852154][T10814]  ? __pfx_gfs2_meta_read+0x10/0x10
[  317.852213][T10814]  ? srso_alias_return_thunk+0x5/0xfbef5
[  317.852266][T10814]  gfs2_dirent_scan+0x352/0x420
[  317.852329][T10814]  ? __pfx_gfs2_dirent_find+0x10/0x10
[  317.852374][T10814]  gfs2_dirent_search+0x44b/0x5b0
[  317.852408][T10814]  ? __pfx_gfs2_dirent_find+0x10/0x10
[  317.852447][T10814]  ? __pfx_gfs2_dirent_search+0x10/0x10
[  317.852482][T10814]  ? gfs2_permission+0x333/0x500
[  317.852524][T10814]  ? srso_alias_return_thunk+0x5/0xfbef5
[  317.852580][T10814]  gfs2_dir_search+0x97/0x2e0
[  317.852618][T10814]  ? __pfx_gfs2_dir_search+0x10/0x10
[  317.852670][T10814]  gfs2_lookupi+0x4b7/0x6e0
[  317.852717][T10814]  ? __pfx_gfs2_lookupi+0x10/0x10
[  317.852754][T10814]  ? srso_alias_return_thunk+0x5/0xfbef5
[  317.852804][T10814]  ? __gfs2_lookup+0xa0/0x290
[  317.852848][T10814]  ? srso_alias_return_thunk+0x5/0xfbef5
[  317.852901][T10814]  __gfs2_lookup+0xa0/0x290
[  317.852943][T10814]  ? __pfx___gfs2_lookup+0x10/0x10
[  317.852997][T10814]  ? srso_alias_return_thunk+0x5/0xfbef5
[  317.853049][T10814]  gfs2_atomic_open+0xea/0x210
[  317.853088][T10814]  ? srso_alias_return_thunk+0x5/0xfbef5
[  317.853133][T10814]  ? __pfx_gfs2_atomic_open+0x10/0x10
[  317.853178][T10814]  lookup_open.isra.0+0x83d/0x1580
[  317.853227][T10814]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  317.853274][T10814]  ? find_held_lock+0x2b/0x80
[  317.853321][T10814]  ? __pfx_down_write+0x10/0x10
[  317.853364][T10814]  ? srso_alias_return_thunk+0x5/0xfbef5
[  317.853416][T10814]  path_openat+0x893/0x2cb0
[  317.853476][T10814]  ? __pfx_path_openat+0x10/0x10
[  317.853527][T10814]  ? __lock_acquire+0xb8a/0x1c90
[  317.853581][T10814]  do_filp_open+0x20b/0x470
[  317.853625][T10814]  ? __pfx_do_filp_open+0x10/0x10
[  317.853703][T10814]  ? srso_alias_return_thunk+0x5/0xfbef5
[  317.853747][T10814]  ? alloc_fd+0x471/0x7d0
[  317.853803][T10814]  do_sys_openat2+0x11b/0x1d0
[  317.853858][T10814]  ? __pfx_do_sys_openat2+0x10/0x10
[  317.853932][T10814]  __x64_sys_openat+0x174/0x210
[  317.853987][T10814]  ? __pfx___x64_sys_openat+0x10/0x10
[  317.854051][T10814]  ? srso_alias_return_thunk+0x5/0xfbef5
[  317.854106][T10814]  do_syscall_64+0xcd/0xfa0
[  317.854142][T10814]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  317.854179][T10814] RIP: 0033:0x7fac67b8efc9
[  317.854207][T10814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  317.854243][T10814] RSP: 002b:00007fac68af6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  317.854277][T10814] RAX: ffffffffffffffda RBX: 00007fac67de5fa0 RCX: 00007fac67b8efc9
[  317.854302][T10814] RDX: 00000000000026e1 RSI: 0000200000000180 RDI: ffffffffffffff9c
[  317.854327][T10814] RBP: 00007fac67c11f91 R08: 0000000000000000 R09: 0000000000000000
[  317.854351][T10814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  317.854373][T10814] R13: 00007fac67de6038 R14: 00007fac67de5fa0 R15: 00007ffc294ced48
[  317.854425][T10814]  </TASK>
[  318.677668][ T6173] Bluetooth: hci6: Frame reassembly failed (-84)
[  318.699079][T10840] loop5: detected capacity change from 0 to 1024
[  318.709230][ T6173] Bluetooth: hci6: received HCILL_GO_TO_SLEEP_ACK in state 0
[  318.746729][T10842] evm: overlay not supported
[  318.792439][T10840] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  320.229551][ T5947] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  320.391662][ T5947] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  320.410326][ T5947] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  320.428834][ T5947] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.489216][ T5947] usb 6-1: config 0 descriptor??
[  320.505374][ T5947] pwc: Askey VC010 type 2 USB webcam detected.
[  320.679980][ T5834] Bluetooth: hci6: command 0x1003 tx timeout
[  320.680716][ T5847] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  320.935355][ T5947] pwc: recv_control_msg error -32 req 02 val 2b00
[  320.960635][ T5947] pwc: recv_control_msg error -32 req 02 val 2700
[  321.055432][   T30] audit: type=1326 audit(1760816090.013:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10897 comm="syz.1.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85ecd8efc9 code=0x7ffc0000
[  321.098307][   T30] audit: type=1326 audit(1760816090.013:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10897 comm="syz.1.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f85ecd8efc9 code=0x7ffc0000
[  321.136592][   T30] audit: type=1326 audit(1760816090.023:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10897 comm="syz.1.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85ecd8efc9 code=0x7ffc0000
[  321.178185][ T5947] pwc: recv_control_msg error -71 req 04 val 1000
[  321.184998][   T30] audit: type=1326 audit(1760816090.023:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10897 comm="syz.1.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85ecd8efc9 code=0x7ffc0000
[  321.207626][ T5947] pwc: recv_control_msg error -71 req 04 val 1300
[  321.216814][   T30] audit: type=1326 audit(1760816090.023:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10897 comm="syz.1.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f85ecd8efc9 code=0x7ffc0000
[  321.241690][ T5947] pwc: recv_control_msg error -71 req 04 val 1400
[  321.250095][T10902] vlan2: entered promiscuous mode
[  321.255133][T10902] bridge0: entered promiscuous mode
[  321.269653][ T5947] pwc: recv_control_msg error -71 req 02 val 2000
[  321.279528][ T5947] pwc: recv_control_msg error -71 req 02 val 2100
[  321.302398][ T5947] pwc: recv_control_msg error -71 req 04 val 1500
[  321.319742][ T5947] pwc: recv_control_msg error -71 req 02 val 2500
[  321.336610][ T5947] pwc: recv_control_msg error -71 req 02 val 2400
[  321.344845][   T30] audit: type=1326 audit(1760816090.023:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10897 comm="syz.1.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85ecd8efc9 code=0x7ffc0000
[  321.380368][ T5947] pwc: recv_control_msg error -71 req 02 val 2600
[  321.397382][ T5947] pwc: recv_control_msg error -71 req 02 val 2900
[  321.409598][ T5947] pwc: recv_control_msg error -71 req 02 val 2800
[  321.419858][   T30] audit: type=1326 audit(1760816090.023:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10897 comm="syz.1.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85ecd8efc9 code=0x7ffc0000
[  321.458968][ T5947] pwc: recv_control_msg error -71 req 04 val 1100
[  321.478482][T10909] pim6reg1: entered allmulticast mode
[  321.479511][ T5947] pwc: recv_control_msg error -71 req 04 val 1200
[  321.508166][   T30] audit: type=1326 audit(1760816090.023:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10897 comm="syz.1.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f85ecd8efc9 code=0x7ffc0000
[  321.579936][ T5947] pwc: Registered as video103.
[  321.615455][ T5947] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input36
[  321.734628][   T30] audit: type=1326 audit(1760816090.023:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10897 comm="syz.1.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[  321.775026][ T5947] usb 6-1: USB disconnect, device number 19
[  321.795155][   T30] audit: type=1326 audit(1760816090.023:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10897 comm="syz.1.1844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f85ecd8efc9 code=0x7ffc0000
[  321.879510][ T5910] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  322.063530][ T5910] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  322.077766][ T5910] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  322.088806][T10926] netlink: 'syz.5.1852': attribute type 29 has an invalid length.
[  322.099845][ T5910] usb 5-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  322.108932][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.122170][T10927] netlink: 'syz.5.1852': attribute type 29 has an invalid length.
[  322.143882][ T5910] usb 5-1: config 0 descriptor??
[  322.160041][T10926] netlink: 500 bytes leftover after parsing attributes in process `syz.5.1852'.
[  322.199857][ T5817] usb 2-1: new full-speed USB device number 13 using dummy_hcd
[  322.211274][ T5910] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  322.227933][ T5910] dvb-usb: bulk message failed: -22 (3/0)
[  322.276582][ T5910] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  322.370579][ T5910] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  322.383537][ T5817] usb 2-1: config 0 has no interfaces?
[  322.389158][ T5817] usb 2-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47
[  322.408709][ T5817] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.420807][ T5817] usb 2-1: config 0 descriptor??
[  322.428844][ T5910] usb 5-1: media controller created
[  322.495545][T10917] loop4: detected capacity change from 0 to 2048
[  322.511693][ T5910] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  322.569372][ T5910] dvb-usb: bulk message failed: -22 (6/0)
[  322.585830][ T5910] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  322.597288][ T5910] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input37
[  322.614797][T10935] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  322.629987][ T5910] dvb-usb: schedule remote query interval to 150 msecs.
[  322.653565][ T5910] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  322.783811][ T5910] usb 5-1: USB disconnect, device number 17
[  322.804902][  T974] usb 2-1: USB disconnect, device number 13
[  322.824228][ T5910] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  322.966135][T10925] loop2: detected capacity change from 0 to 32768
[  322.974806][T10925] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1854 (10925)
[  323.001175][T10925] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  323.013811][T10925] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  323.062349][T10925] BTRFS info (device loop2): turning off barriers
[  323.068905][T10925] BTRFS info (device loop2): enabling free space tree
[  323.075915][T10925] BTRFS info (device loop2): use zlib compression, level 3
[  323.205533][T10962] syzkaller1: entered promiscuous mode
[  323.212488][T10962] syzkaller1: entered allmulticast mode
[  323.238661][ T5829] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  323.956310][T10983] loop1: detected capacity change from 0 to 512
[  323.975183][T10983] EXT4-fs: Ignoring removed nobh option
[  324.019944][T10983] EXT4-fs warning (device loop1): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  324.081897][T10983] EXT4-fs warning (device loop1): dx_probe:848: Enable large directory feature to access it
[  324.122651][T10983] EXT4-fs warning (device loop1): dx_probe:933: inode #2: comm syz.1.1874: Corrupt directory, running e2fsck is recommended
[  324.146631][T10983] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117
[  324.173166][T10983] EXT4-fs error (device loop1): ext4_iget_extra_inode:5074: inode #15: comm syz.1.1874: corrupted in-inode xattr: invalid ea_ino
[  324.214311][T10983] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm syz.1.1874: couldn't read orphan inode 15 (err -117)
[  324.283435][T10983] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  324.401901][T10983] EXT4-fs warning (device loop1): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  324.419551][T10983] EXT4-fs warning (device loop1): dx_probe:848: Enable large directory feature to access it
[  324.439461][T10983] EXT4-fs warning (device loop1): dx_probe:933: inode #2: comm syz.1.1874: Corrupt directory, running e2fsck is recommended
[  324.488830][T10995] EXT4-fs warning (device loop1): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  324.566934][T10998] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1878'.
[  324.589363][T10998] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1878'.
[  324.610735][T10999] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1879'.
[  324.655251][T10995] EXT4-fs warning (device loop1): dx_probe:848: Enable large directory feature to access it
[  324.715301][T10995] EXT4-fs warning (device loop1): dx_probe:933: inode #2: comm syz.1.1874: Corrupt directory, running e2fsck is recommended
[  324.778014][T11000] EXT4-fs warning (device loop1): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  324.889555][T11000] EXT4-fs warning (device loop1): dx_probe:848: Enable large directory feature to access it
[  324.915794][T11002] netlink: 'syz.4.1880': attribute type 13 has an invalid length.
[  324.950311][T11000] EXT4-fs warning (device loop1): dx_probe:933: inode #2: comm syz.1.1874: Corrupt directory, running e2fsck is recommended
[  325.016894][T10983] EXT4-fs warning (device loop1): dx_probe:843: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  325.097664][T10989] loop5: detected capacity change from 0 to 32768
[  325.261133][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  325.740236][    T9] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  325.892412][    T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  325.913175][    T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[  325.942902][    T9] usb 2-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  325.981573][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.016736][    T9] usb 2-1: config 0 descriptor??
[  326.040618][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  326.053028][    T9] dvb-usb: bulk message failed: -22 (3/0)
[  326.060376][T11002] veth1_vlan: left allmulticast mode
[  326.070664][T11002] batman_adv: batadv0: Interface deactivated: macsec1
[  326.094623][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  326.132748][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  326.150317][ T9333] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  326.160143][    T9] usb 2-1: media controller created
[  326.171721][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  326.183880][ T9333] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  326.220483][ T9333] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  326.229872][    T9] dvb-usb: bulk message failed: -22 (6/0)
[  326.269606][ T9333] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  326.284982][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  326.341425][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input38
[  326.364511][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[  326.368255][T11020] loop1: detected capacity change from 0 to 2048
[  326.381813][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  326.463107][T11042] loop2: detected capacity change from 0 to 1024
[  326.489175][T11043] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  326.540446][T11039] loop4: detected capacity change from 0 to 4096
[  326.543637][    T9] dvb-usb: bulk message failed: -22 (1/0)
[  326.567881][T11039] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  326.571256][    T9] dvb-usb: error while querying for an remote control event.
[  326.607721][T11039] EXT4-fs (loop4): shut down requested (2)
[  326.685922][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  326.692296][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  326.702406][T11022] usb 2-1: USB disconnect, device number 14
[  326.795788][ T9333] hfsplus: b-tree write err: -5, ino 8
[  326.800974][T11022] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  326.821857][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  327.848030][T11074] loop0: detected capacity change from 0 to 4096
[  328.530545][T11112] netlink: 'syz.3.1919': attribute type 10 has an invalid length.
[  328.561512][T11112] bond0: (slave wlan1): Opening slave failed
[  328.902740][T11123] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[  329.313452][T11128] loop1: detected capacity change from 0 to 128
[  329.355144][T11128] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  329.416158][T11128] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  330.047646][T11122] loop4: detected capacity change from 0 to 131072
[  330.060894][T11122] F2FS-fs (loop4): invalid crc value
[  330.176791][T11122] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  330.201661][T11122] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  330.313469][T11146] loop3: detected capacity change from 0 to 4096
[  331.180791][   T30] kauditd_printk_skb: 2 callbacks suppressed
[  331.180816][   T30] audit: type=1326 audit(1760816100.133:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11156 comm="syz.4.1938" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdbaf38efc9 code=0x0
[  332.351769][T11167] loop2: detected capacity change from 0 to 32768
[  332.382398][T11167] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1952 (11167)
[  332.399749][T11167] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  332.410261][T11167] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  332.430624][T11169] loop0: detected capacity change from 0 to 128
[  332.512094][T11169] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  332.549943][T11169] ext4 filesystem being mounted at /316/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  332.641175][T11167] BTRFS info (device loop2): enabling ssd optimizations
[  332.648175][T11167] BTRFS info (device loop2): turning on async discard
[  332.655690][T11167] BTRFS info (device loop2): enabling free space tree
[  332.708933][T11169] fscrypt (loop0, inode 12): Unsupported encryption modes (contents 0, filenames 0)
[  332.837986][ T5829] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  332.935441][ T5830] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  333.559585][T11033] usb 1-1: new full-speed USB device number 19 using dummy_hcd
[  333.732176][T11033] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  333.749490][T11033] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  333.767965][T11033] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  333.783475][T11033] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.814176][T11033] usb 1-1: config 0 descriptor??
[  333.823279][T11033] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  333.830009][T11033] dvb-usb: bulk message failed: -22 (3/0)
[  333.852255][T11033] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  333.880894][T11033] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  333.908301][T11033] usb 1-1: media controller created
[  333.939254][T11033] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  333.968478][T11033] dvb-usb: bulk message failed: -22 (6/0)
[  333.969540][    T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  333.979377][T11033] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  334.003829][T11033] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input39
[  334.069979][T11033] dvb-usb: schedule remote query interval to 150 msecs.
[  334.082513][T11033] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  334.105583][T11199] loop0: detected capacity change from 0 to 2048
[  334.137617][T11192] loop1: detected capacity change from 0 to 32768
[  334.156650][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  334.160898][T11218] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  334.184600][    T9] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  334.219844][    T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  334.241265][   T30] audit: type=1800 audit(1760816103.203:224): pid=11192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1944" name="file1" dev="loop1" ino=4 res=0 errno=0
[  334.242823][T11033] dvb-usb: bulk message failed: -22 (1/0)
[  334.282178][    T9] usb 4-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  334.289947][T11033] dvb-usb: error while querying for an remote control event.
[  334.313211][ T5903] usb 1-1: USB disconnect, device number 19
[  334.320673][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.334543][    T9] usb 4-1: Product: syz
[  334.338778][    T9] usb 4-1: Manufacturer: syz
[  334.356795][ T5903] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  334.368551][    T9] usb 4-1: SerialNumber: syz
[  334.384943][    T9] usb 4-1: config 0 descriptor??
[  334.391106][T11204] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  334.401848][T11204] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  334.415295][    T9] usb 4-1: ucan: probing device on interface #0
[  334.493968][T11224] ALSA: mixer_oss: invalid OSS volume ''
[  335.040266][    T9] ucan 4-1:0.0 can0: registered device
[  335.228554][    T9] ucan 4-1:0.0 can0: firmware string: „ž®LÝÜ>z�^Ëɉwä{f–,ÚÏ
=Ä}œØÑÌ«eRJ¡(é=#ºgE}ûÈuçtÒ+”|Üø’ÿHŠ!R€$8
[  335.322935][T11248] loop0: detected capacity change from 0 to 1024
[  335.330634][T11248] EXT4-fs: Ignoring removed orlov option
[  335.361532][T11248] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  335.379503][T11033] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  335.408279][   T30] audit: type=1800 audit(1760816104.363:225): pid=11248 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1969" name="file1" dev="loop0" ino=15 res=0 errno=0
[  335.457184][    T9] usb 4-1: USB disconnect, device number 13
[  335.472483][T11255] loop2: detected capacity change from 0 to 512
[  335.481108][T11255] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  335.489086][ T5923] kernel write not supported for file /uhid (pid: 5923 comm: kworker/0:6)
[  335.514447][T11255] EXT4-fs (loop2): 1 truncate cleaned up
[  335.533181][T11255] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  335.559133][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  335.574030][T11033] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  335.585151][T11033] usb 6-1: config 0 interface 0 has no altsetting 0
[  335.608469][T11033] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  335.631447][T11033] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  335.651783][T11033] usb 6-1: Product: syz
[  335.656230][T11255] EXT4-fs error (device loop2): ext4_generic_delete_entry:2667: inode #2: block 13: comm syz.2.1971: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  335.659348][T11033] usb 6-1: Manufacturer: syz
[  335.704511][T11033] usb 6-1: SerialNumber: syz
[  335.712255][T11255] EXT4-fs (loop2): Remounting filesystem read-only
[  335.716779][T11033] usb 6-1: config 0 descriptor??
[  335.725893][T11255] EXT4-fs warning (device loop2): ext4_rename_delete:3729: inode #2: comm syz.2.1971: Deleting old file: nlink 5, error=-117
[  335.732329][T11033] usb 6-1: selecting invalid altsetting 0
[  335.864052][ T5829] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.028374][    T9] usb 6-1: USB disconnect, device number 20
[  336.098300][T11273] loop4: detected capacity change from 0 to 512
[  336.120811][T11273] EXT4-fs: Ignoring removed orlov option
[  336.142949][T11273] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  336.313583][T11273] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  336.350197][T11273] EXT4-fs error (device loop4): ext4_iget_extra_inode:5074: inode #15: comm syz.4.1978: corrupted in-inode xattr: e_value size too large
[  336.417077][T11273] EXT4-fs error (device loop4): ext4_orphan_get:1395: comm syz.4.1978: couldn't read orphan inode 15 (err -117)
[  336.511557][T11273] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  336.786895][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.797184][T11289] loop0: detected capacity change from 0 to 1024
[  336.964059][T11297] loop3: detected capacity change from 0 to 64
[  337.229345][T11306] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1993'.
[  337.680920][ T5931] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  337.871685][ T5931] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  337.892031][T11322] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2001'.
[  337.899827][ T5931] usb 5-1: config 0 interface 0 has no altsetting 0
[  337.932228][ T5931] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  337.954011][ T5931] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  337.976144][ T5931] usb 5-1: Product: syz
[  337.991444][ T5931] usb 5-1: Manufacturer: syz
[  338.005197][ T5931] usb 5-1: SerialNumber: syz
[  338.035449][ T5931] usb 5-1: config 0 descriptor??
[  338.052903][T11327] syz.5.2004 (11327): /proc/11325/oom_adj is deprecated, please use /proc/11325/oom_score_adj instead.
[  338.091381][ T5931] usb 5-1: selecting invalid altsetting 0
[  338.135319][T11330] loop0: detected capacity change from 0 to 256
[  338.276620][T11330] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  338.380881][   T30] audit: type=1800 audit(1760816107.343:226): pid=11330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2003" name="file1" dev="loop0" ino=1048669 res=0 errno=0
[  338.408940][T11334] loop1: detected capacity change from 0 to 256
[  338.444397][ T5931] usb 5-1: USB disconnect, device number 18
[  338.494024][T11334] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  339.189568][    T9] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  339.239975][T11332] loop2: detected capacity change from 0 to 32768
[  339.273917][   T30] audit: type=1800 audit(1760816108.233:227): pid=11332 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2005" name="file1" dev="loop2" ino=4 res=0 errno=0
[  339.369666][    T9] usb 2-1: Using ep0 maxpacket: 32
[  339.381979][    T9] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  339.400725][    T9] usb 2-1: config 0 has no interface number 0
[  339.436795][    T9] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  339.462389][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.482734][    T9] usb 2-1: Product: syz
[  339.490889][    T9] usb 2-1: Manufacturer: syz
[  339.499786][    T9] usb 2-1: SerialNumber: syz
[  339.526672][    T9] usb 2-1: config 0 descriptor??
[  339.917047][T11360] loop3: detected capacity change from 0 to 40427
[  339.925392][T11360] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  339.933599][T11360] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  339.945628][    T9] smsc95xx v2.0.0
[  339.966285][T11360] F2FS-fs (loop3): invalid crc value
[  340.077320][T11360] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  340.090497][T11360] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  340.097568][T11360] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  340.373642][    T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  340.389180][    T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  340.509855][T11033] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  340.665110][T11384] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22
[  340.681911][T11033] usb 3-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00
[  340.698786][T11384] netdevsim netdevsim4: Direct firmware load for . failed with error -22
[  340.709709][T11384] netdevsim netdevsim4: Falling back to sysfs fallback for: .
[  340.709739][T11033] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  340.728820][T11033] usb 3-1: config 0 descriptor??
[  340.802066][    T9] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  340.820386][    T9] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71
[  340.850127][    T9] usb 2-1: USB disconnect, device number 15
[  340.865681][ T5931] kernel write not supported for file /sg0 (pid: 5931 comm: kworker/1:4)
[  340.920001][ T5834] Bluetooth: hci6: command 0x1003 tx timeout
[  340.928609][ T5847] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  341.112113][T11396] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2030'.
[  341.175539][T11033] magicmouse 0003:05AC:0324.0018: item fetching failed at offset 1/5
[  341.200876][T11033] magicmouse 0003:05AC:0324.0018: magicmouse hid parse failed
[  341.208466][T11033] magicmouse 0003:05AC:0324.0018: probe with driver magicmouse failed with error -22
[  341.379061][T11033] usb 3-1: USB disconnect, device number 22
[  341.591461][ T5923] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  341.759544][T11417] loop1: detected capacity change from 0 to 128
[  341.771725][ T5923] usb 4-1: config 1 has an invalid interface number: 7 but max is 0
[  341.789700][ T5923] usb 4-1: config 1 has no interface number 0
[  341.802486][ T5923] usb 4-1: config 1 interface 7 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1024
[  341.833046][ T5923] usb 4-1: config 1 interface 7 altsetting 0 has a duplicate endpoint with address 0x6, skipping
[  341.858126][ T5923] usb 4-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  341.867699][ T5923] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.881463][ T5923] usb 4-1: Product: syz
[  341.889065][ T5923] usb 4-1: Manufacturer: syz
[  341.897171][ T5923] usb 4-1: SerialNumber: syz
[  341.915984][T11406] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  341.925297][T11406] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  341.946049][ T5923] usb 4-1: Expected 3 endpoints, found: 2
[  342.136388][T11423] loop2: detected capacity change from 0 to 512
[  342.320201][ T5903] usb 4-1: USB disconnect, device number 14
[  342.461794][ T5923] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  342.643892][ T5923] usb 1-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00
[  342.653353][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.673380][ T5923] usb 1-1: Product: syz
[  342.677565][ T5923] usb 1-1: Manufacturer: syz
[  342.697989][ T5923] usb 1-1: SerialNumber: syz
[  343.256615][T11444] loop5: detected capacity change from 0 to 256
[  343.386561][ T5923] rtl8150 1-1:1.0: eth1: rtl8150 is detected
[  343.468434][T11446] loop4: detected capacity change from 0 to 1024
[  343.489360][T11432] loop1: detected capacity change from 0 to 32768
[  343.496966][T11446] EXT4-fs: Ignoring removed orlov option
[  343.565760][ T5923] usb 1-1: USB disconnect, device number 20
[  343.572087][T11444] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d)
[  343.593397][T11446] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  343.644231][   T30] audit: type=1800 audit(1760816112.603:228): pid=11446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2053" name="file1" dev="loop4" ino=15 res=0 errno=0
[  343.804985][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  344.489486][T11033] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  344.493432][T11468] loop2: detected capacity change from 0 to 1024
[  344.569181][ T9334] hfsplus: b-tree write err: -5, ino 4
[  344.696934][T11033] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  344.717227][T11033] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.739678][T11033] usb 5-1: Product: syz
[  344.740545][T11475] bridge0: port 2(bridge_slave_1) entered disabled state
[  344.752486][T11475] bridge0: port 1(bridge_slave_0) entered disabled state
[  344.752975][T11033] usb 5-1: Manufacturer: syz
[  344.778874][T11033] usb 5-1: SerialNumber: syz
[  344.802837][T11033] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  344.824719][ T5931] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  344.962250][T11481] block nbd3: shutting down sockets
[  345.585490][T11022] usb 5-1: USB disconnect, device number 19
[  345.866311][T11477] loop0: detected capacity change from 0 to 32768
[  345.888384][T11477] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2064 (11477)
[  345.934517][ T5931] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[  345.960136][ T5931] ath9k_htc: Failed to initialize the device
[  345.980630][T11022] usb 5-1: ath9k_htc: USB layer deinitialized
[  345.988766][T11477] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  346.031838][T11477] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  346.225082][T11477] BTRFS info (device loop0): enabling ssd optimizations
[  346.257344][T11477] BTRFS info (device loop0): turning on async discard
[  346.279949][T11477] BTRFS info (device loop0): enabling free space tree
[  346.305971][T11518] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  346.323556][T11484] loop2: detected capacity change from 0 to 32768
[  346.380381][T11484] (syz.2.2067,11484,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  346.446029][T11484] (syz.2.2067,11484,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  346.543381][T11484] JBD2: Ignoring recovery information on journal
[  346.590484][T11527] bridge0: port 1(bridge_slave_0) entered disabled state
[  346.612744][ T5830] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  346.717053][T11484] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  347.296496][ T5829] ocfs2: Unmounting device (7,2) on (node local)
[  347.367678][T11551] netlink: 'syz.3.2090': attribute type 10 has an invalid length.
[  347.391844][T11549] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2088'.
[  347.417958][T11551] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2090'.
[  347.663593][T11548] loop0: detected capacity change from 0 to 32768
[  347.728586][T11548] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  347.777518][T11548] XFS (loop0): Metadata corruption detected at xfs_dinode_verify.part.0+0x93e/0x1760, inode 0x1802 dinode
[  347.789023][T11548] XFS (loop0): Unmount and run xfs_repair
[  347.794782][T11548] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  347.803326][T11548] 00000000: 49 4e 80 00 03 02 00 00 00 00 00 00 00 00 00 00  IN..............
[  347.812224][T11548] 00000010: 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  347.821131][T11548] 00000020: 1d cd 65 00 00 00 00 00 34 f7 58 68 7f c1 86 28  ..e.....4.Xh...(
[  347.830017][T11548] 00000030: 34 f7 58 68 7f c1 86 28 00 00 00 00 00 00 00 00  4.Xh...(........
[  347.838876][T11548] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  347.847763][T11548] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  347.856648][T11548] 00000060: ff ff ff ff bc 69 0f 52 00 00 00 00 00 00 00 02  .....i.R........
[  347.866188][T11548] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08  ................
[  347.875170][T11548] XFS (loop0): metadata inode 0x1802 type 6 is corrupt
[  347.883511][T11548] XFS (loop0): failed to read RT inodes
[  347.896971][T11548] XFS (loop0): Uncorrected metadata errors detected; please run xfs_repair.
[  348.079523][ T5923] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  348.202112][T11570] loop4: detected capacity change from 0 to 47
[  348.299699][ T5923] usb 2-1: Using ep0 maxpacket: 16
[  348.349777][ T5923] usb 2-1: config 1 interface 0 altsetting 52 bulk endpoint 0x82 has invalid maxpacket 16
[  348.369521][ T5923] usb 2-1: config 1 interface 0 altsetting 52 bulk endpoint 0x3 has invalid maxpacket 8
[  348.395225][ T5923] usb 2-1: config 1 interface 0 has no altsetting 0
[  348.415120][ T5923] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  348.463695][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  348.484692][ T5923] usb 2-1: SerialNumber: syz
[  348.500938][T11564] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  348.521720][T11564] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  348.752200][T11578] input: syz0 as /devices/virtual/input/input40
[  348.817407][ T5923] cdc_acm 2-1:1.0: ttyACM0: USB ACM device
[  348.860058][ T5923] usb 2-1: USB disconnect, device number 16
[  348.864185][T11580] can0: slcan on pty24.
[  349.088098][T11586] netlink: 7 bytes leftover after parsing attributes in process `syz.3.2101'.
[  349.146313][T11579] can0 (unregistered): slcan off pty24.
[  349.191997][T11588] loop0: detected capacity change from 0 to 256
[  349.239850][T11588] exfat: Deprecated parameter 'utf8'
[  349.288244][T11588] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  349.390395][T11592] input: syz1 as /devices/virtual/input/input41
[  349.684932][T11602] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  349.920030][T11603] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  350.469574][ T5903] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  350.639563][ T5903] usb 3-1: Using ep0 maxpacket: 16
[  350.651251][ T5903] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  350.669515][T11022] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  350.669686][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  350.706130][ T5903] usb 3-1: Product: syz
[  350.710658][T11633] GUP no longer grows the stack in syz.3.2123 (11633): 200000004000-20000000a000 (200000002000)
[  350.735198][ T5903] usb 3-1: Manufacturer: syz
[  350.740101][ T5903] usb 3-1: SerialNumber: syz
[  350.749605][T11633] CPU: 1 UID: 0 PID: 11633 Comm: syz.3.2123 Not tainted syzkaller #0 PREEMPT(full) 
[  350.749652][T11633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  350.749675][T11633] Call Trace:
[  350.749686][T11633]  <TASK>
[  350.749699][T11633]  dump_stack_lvl+0x16c/0x1f0
[  350.749774][T11633]  gup_vma_lookup+0x1d2/0x220
[  350.749824][T11633]  __get_user_pages+0x241/0x3530
[  350.749890][T11633]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.749935][T11633]  ? find_held_lock+0x2b/0x80
[  350.749971][T11633]  ? __pfx___get_user_pages+0x10/0x10
[  350.750026][T11633]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.750079][T11633]  get_user_pages_remote+0x243/0xab0
[  350.750130][T11633]  ? mast_spanning_rebalance.isra.0+0x2060/0x2060
[  350.750201][T11633]  ? __pfx_get_user_pages_remote+0x10/0x10
[  350.750260][T11633]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  350.750322][T11633]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.750376][T11633]  __access_remote_vm+0x250/0xaa0
[  350.750431][T11633]  ? do_raw_spin_lock+0x12c/0x2b0
[  350.750487][T11633]  ? __pfx___access_remote_vm+0x10/0x10
[  350.750537][T11633]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.750589][T11633]  proc_pid_cmdline_read+0x4de/0x8e0
[  350.750645][T11633]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  350.750700][T11633]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.750743][T11633]  ? rw_verify_area+0xcf/0x6c0
[  350.750787][T11633]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  350.750836][T11633]  vfs_readv+0x5c1/0x8b0
[  350.750882][T11633]  ? __pfx_vfs_readv+0x10/0x10
[  350.750921][T11633]  ? kmem_cache_free+0x2d4/0x6c0
[  350.750966][T11633]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.751033][T11633]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.751077][T11633]  ? __fget_files+0x20e/0x3c0
[  350.751133][T11633]  ? do_preadv+0x1a6/0x270
[  350.751165][T11633]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.751209][T11633]  do_preadv+0x1a6/0x270
[  350.751246][T11633]  ? __pfx_do_preadv+0x10/0x10
[  350.751283][T11633]  ? srso_alias_return_thunk+0x5/0xfbef5
[  350.751339][T11633]  do_syscall_64+0xcd/0xfa0
[  350.751376][T11633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.751413][T11633] RIP: 0033:0x7fac67b8efc9
[  350.751441][T11633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  350.751477][T11633] RSP: 002b:00007fac68af6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  350.751511][T11633] RAX: ffffffffffffffda RBX: 00007fac67de5fa0 RCX: 00007fac67b8efc9
[  350.751536][T11633] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003
[  350.751559][T11633] RBP: 00007fac67c11f91 R08: 0000000000000000 R09: 0000000000000000
[  350.751582][T11633] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  350.751604][T11633] R13: 00007fac67de6038 R14: 00007fac67de5fa0 R15: 00007ffc294ced48
[  350.751657][T11633]  </TASK>
[  350.763076][ T5903] usb 3-1: config 0 descriptor??
[  350.848163][T11022] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  351.074254][T11638] veth0: entered promiscuous mode
[  351.084576][T11637] veth0: left promiscuous mode
[  351.114315][T11640] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  351.158279][T11022] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  351.216643][T11022] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.231722][T11645] pim6reg1: entered promiscuous mode
[  351.238216][T11022] usb 5-1: config 0 descriptor??
[  351.244141][T11645] pim6reg1: entered allmulticast mode
[  351.291764][ T5903] dvb-usb: found a 'AME DTV-5100 USB2.0 DVB-T' in warm state.
[  351.317991][ T5903] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  351.351411][ T5903] dvbdev: DVB: registering new adapter (AME DTV-5100 USB2.0 DVB-T)
[  351.366375][ T5903] usb 3-1: media controller created
[  351.415884][ T5903] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  351.668433][T11022] keytouch 0003:0926:3333.0019: fixing up Keytouch IEC report descriptor
[  351.699204][T11022] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.0019/input/input42
[  351.752807][T11657] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  351.867049][T11628] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  351.876229][T11628] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  351.906564][T11659] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  351.989915][T11620] dtv5100: wlen = 0, aborting.
[  351.998479][ T5903] zl10353_read_register: readreg error (reg=127, ret==0)
[  352.013624][ T5903] dvb-usb: no frontend was attached by 'AME DTV-5100 USB2.0 DVB-T'
[  352.038824][ T5903] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully initialized and connected.
[  352.086190][ T5903] usb 3-1: USB disconnect, device number 23
[  352.222420][ T5903] dvb-usb: AME DTV-5100 USB2.0 DVB-T successfully deinitialized and disconnected.
[  352.344369][T11651] loop3: detected capacity change from 0 to 32768
[  352.363478][T11651] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2131 (11651)
[  352.754592][T11651] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  352.792604][T11651] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  352.851150][T11022] keytouch 0003:0926:3333.0019: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0
[  352.867688][T11022] usb 5-1: USB disconnect, device number 20
[  353.155586][T11661] loop5: detected capacity change from 0 to 131072
[  353.166784][T11661] F2FS-fs (loop5): Wrong CP boundary, start(512) end(1536) blocks(0)
[  353.174956][T11661] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  353.193008][T11661] F2FS-fs (loop5): invalid crc value
[  353.291144][T11695] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  353.333294][T11661] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  353.340128][T11651] BTRFS info (device loop3): enabling ssd optimizations
[  353.356856][T11685] loop2: detected capacity change from 0 to 4096
[  353.372842][T11651] BTRFS info (device loop3): turning on async discard
[  353.380140][T11661] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  353.387182][T11661] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  353.400174][T11651] BTRFS info (device loop3): enabling free space tree
[  353.529172][T11685] ntfs3(loop2): ino=1a, mi_enum_attr
[  353.559818][T11685] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  353.785851][ T5837] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  353.790868][T11704] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  353.834094][T11704] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  353.921526][T11681] loop1: detected capacity change from 0 to 32768
[  353.952548][T11681] (syz.1.2139,11681,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  353.995480][T11681] (syz.1.2139,11681,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  354.044117][T11681] JBD2: Ignoring recovery information on journal
[  354.136117][T11681] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  354.149577][    T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  354.307391][    T9] usb 1-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e
[  354.330445][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.356236][    T9] usb 1-1: Product: syz
[  354.379663][    T9] usb 1-1: Manufacturer: syz
[  354.389006][    T9] usb 1-1: SerialNumber: syz
[  354.409374][    T9] usb 1-1: config 0 descriptor??
[  354.502266][ T5903] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  354.554661][ T5828] ocfs2: Unmounting device (7,1) on (node local)
[  354.660173][ T5903] usb 3-1: Using ep0 maxpacket: 16
[  354.667780][ T5903] usb 3-1: config 1 interface 0 altsetting 52 bulk endpoint 0x82 has invalid maxpacket 16
[  354.679788][ T5903] usb 3-1: config 1 interface 0 altsetting 52 bulk endpoint 0x3 has invalid maxpacket 8
[  354.722121][ T5903] usb 3-1: config 1 interface 0 has no altsetting 0
[  354.732124][ T5903] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  354.749667][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  354.757691][ T5903] usb 3-1: SerialNumber: syz
[  354.786125][T11717] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  354.809739][T11717] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  355.047746][    T9] mos7840 1-1:0.0: required endpoints missing
[  355.063531][ T5903] cdc_acm 3-1:1.0: ttyACM0: USB ACM device
[  355.087326][    T9] usb 1-1: USB disconnect, device number 21
[  355.101280][ T5903] usb 3-1: USB disconnect, device number 24
[  355.622257][T11737] loop1: detected capacity change from 0 to 40427
[  355.640629][T11737] F2FS-fs (loop1): invalid crc value
[  355.708374][T11746] overlay: filesystem on ./bus not supported as upperdir
[  355.729309][T11737] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  355.749349][T11737] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  355.768789][T11737] F2FS-fs (loop1): access invalid blkaddr:2816
[  355.775628][T11737] CPU: 1 UID: 0 PID: 11737 Comm: syz.1.2160 Not tainted syzkaller #0 PREEMPT(full) 
[  355.775674][T11737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  355.775696][T11737] Call Trace:
[  355.775708][T11737]  <TASK>
[  355.775721][T11737]  dump_stack_lvl+0x16c/0x1f0
[  355.775792][T11737]  __f2fs_is_valid_blkaddr+0x59d/0x1310
[  355.775858][T11737]  ? f2fs_map_blocks+0x87f/0x4be0
[  355.775914][T11737]  f2fs_is_valid_blkaddr+0xce/0x2b0
[  355.775982][T11737]  f2fs_map_blocks+0x87f/0x4be0
[  355.776074][T11737]  ? __pfx_f2fs_map_blocks+0x10/0x10
[  355.776132][T11737]  ? srso_alias_return_thunk+0x5/0xfbef5
[  355.776182][T11737]  ? srso_alias_return_thunk+0x5/0xfbef5
[  355.776239][T11737]  ? srso_alias_return_thunk+0x5/0xfbef5
[  355.776293][T11737]  ? __pfx_down_read+0x10/0x10
[  355.776338][T11737]  ? srso_alias_return_thunk+0x5/0xfbef5
[  355.776383][T11737]  ? fiemap_prep+0x142/0x220
[  355.776447][T11737]  f2fs_fiemap+0x735/0x1cb0
[  355.776527][T11737]  ? __pfx_f2fs_fiemap+0x10/0x10
[  355.776588][T11737]  ? srso_alias_return_thunk+0x5/0xfbef5
[  355.776637][T11737]  ? srso_alias_return_thunk+0x5/0xfbef5
[  355.776682][T11737]  ? find_held_lock+0x2b/0x80
[  355.776715][T11737]  ? __might_fault+0xe3/0x190
[  355.776780][T11737]  do_vfs_ioctl+0x447/0x14f0
[  355.776844][T11737]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  355.776918][T11737]  ? srso_alias_return_thunk+0x5/0xfbef5
[  355.776962][T11737]  ? find_held_lock+0x2b/0x80
[  355.776993][T11737]  ? srso_alias_return_thunk+0x5/0xfbef5
[  355.777036][T11737]  ? hook_file_ioctl_common+0x145/0x410
[  355.777118][T11737]  __x64_sys_ioctl+0x114/0x210
[  355.777183][T11737]  do_syscall_64+0xcd/0xfa0
[  355.777220][T11737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  355.777257][T11737] RIP: 0033:0x7f85ecd8efc9
[  355.777285][T11737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  355.777322][T11737] RSP: 002b:00007f85edca9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  355.777357][T11737] RAX: ffffffffffffffda RBX: 00007f85ecfe5fa0 RCX: 00007f85ecd8efc9
[  355.777381][T11737] RDX: 0000200000000300 RSI: 00000000c020660b RDI: 0000000000000004
[  355.777405][T11737] RBP: 00007f85ece11f91 R08: 0000000000000000 R09: 0000000000000000
[  355.777429][T11737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  355.777452][T11737] R13: 00007f85ecfe6038 R14: 00007f85ecfe5fa0 R15: 00007ffe5f68f5e8
[  355.777505][T11737]  </TASK>
[  356.331895][T11760] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2170'.
[  356.341177][T11760] netlink: 'syz.4.2170': attribute type 7 has an invalid length.
[  356.348917][T11760] netlink: 'syz.4.2170': attribute type 8 has an invalid length.
[  356.360226][T11760] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2170'.
[  356.693096][T11765] loop4: detected capacity change from 0 to 2048
[  356.749906][ T5931] IPVS: starting estimator thread 0...
[  356.755830][T11765] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  356.860989][T11772] IPVS: using max 21 ests per chain, 50400 per kthread
[  357.934128][T11774] loop5: detected capacity change from 0 to 32768
[  358.016182][T11797] loop4: detected capacity change from 0 to 128
[  358.019885][   T30] audit: type=1800 audit(1760816126.973:229): pid=11774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2177" name="file1" dev="loop5" ino=4 res=0 errno=0
[  358.050842][T11774] ERROR: (device loop5): xtSearch: xt_getpage: xtree page corrupt
[  358.050842][T11774] 
[  358.096694][T11794] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  358.097082][T11774] ERROR: (device loop5): remounting filesystem as read-only
[  358.118191][T11778] loop0: detected capacity change from 0 to 32768
[  358.129502][T11774] xtLookup: xtSearch returned -5
[  358.139602][T11774] ERROR: (device loop5): xtSearch: xt_getpage: xtree page corrupt
[  358.139602][T11774] 
[  358.154340][T11800] syz.4.2187: attempt to access beyond end of device
[  358.154340][T11800] loop4: rw=2049, sector=138, nr_sectors = 8 limit=128
[  358.219807][   T30] audit: type=1800 audit(1760816127.183:230): pid=11778 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2178" name="file1" dev="loop0" ino=4 res=0 errno=0
[  358.262856][T11800] loop2: detected capacity change from 0 to 7
[  358.280752][T11774] ERROR: (device loop5): xtSearch: xt_getpage: xtree page corrupt
[  358.280752][T11774] 
[  358.292987][T11774] xtLookup: xtSearch returned -5
[  358.298315][T11774] ERROR: (device loop5): xtTruncate: xt_getpage: xtree page corrupt
[  358.298315][T11774] 
[  358.308957][T11800] Dev loop2: unable to read RDB block 7
[  358.317937][T11800]  loop2: AHDI p1 p2 p3
[  358.359756][T11798] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  358.384431][T11800] loop2: partition table partially beyond EOD, truncated
[  358.402524][T11800] loop2: p1 start 1601398130 is beyond EOD, truncated
[  358.423350][T11800] loop2: p2 start 1702059890 is beyond EOD, truncated
[  359.027454][ T5931] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  359.236195][ T5931] usb 3-1: Using ep0 maxpacket: 16
[  359.247732][ T5931] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7
[  359.276185][ T5931] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f
[  359.289617][ T5931] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.325943][T11819] loop4: detected capacity change from 0 to 1024
[  359.332842][ T5931] usb 3-1: Product: syz
[  359.337014][ T5931] usb 3-1: Manufacturer: syz
[  359.341655][ T5931] usb 3-1: SerialNumber: syz
[  359.347407][T11819] EXT4-fs: Ignoring removed nobh option
[  359.361791][ T5931] usb 3-1: config 0 descriptor??
[  359.375898][ T5931] hub 3-1:0.0: bad descriptor, ignoring hub
[  359.387923][ T5931] hub 3-1:0.0: probe with driver hub failed with error -5
[  359.400628][ T5931] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  359.423635][T11819] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  359.524101][T11828] netlink: 'syz.3.2200': attribute type 10 has an invalid length.
[  359.542389][T11828] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2200'.
[  359.581796][T11819] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4192: comm syz.4.2197: Allocating blocks 1-17 which overlap fs metadata
[  359.596182][T11828] dummy0: entered promiscuous mode
[  359.622696][T11828] dummy0: entered allmulticast mode
[  359.667866][T11828] bridge0: port 1(dummy0) entered blocking state
[  359.699883][T11828] bridge0: port 1(dummy0) entered disabled state
[  359.731340][T11828] bridge0: port 1(dummy0) entered blocking state
[  359.737829][T11828] bridge0: port 1(dummy0) entered forwarding state
[  359.779847][T11838] kernel read not supported for file /file0 (pid: 11838 comm: syz.5.2202)
[  359.806479][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.822431][   T30] audit: type=1800 audit(1760816128.773:231): pid=11838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2202" name="file0" dev="mqueue" ino=29130 res=0 errno=0
[  360.000861][ T5931] usb 3-1: USB disconnect, device number 25
[  360.031857][T11842] use of bytesused == 0 is deprecated and will be removed in the future,
[  360.050823][T11842] use the actual size instead.
[  360.145196][T11847] A link change request failed with some changes committed already. Interface macsec1 may have been left with an inconsistent configuration, please check.
[  360.182320][T11845] loop3: detected capacity change from 0 to 2048
[  360.214439][T11848] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  360.265816][T11845] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  360.573813][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  360.701410][T11850] loop1: detected capacity change from 0 to 32768
[  360.719649][T11850] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2207 (11850)
[  360.769468][T11850] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  360.809528][T11850] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  360.823515][T11872] loop3: detected capacity change from 0 to 2048
[  360.997698][T11850] BTRFS info (device loop1): enabling ssd optimizations
[  361.006850][T11850] BTRFS info (device loop1): turning on async discard
[  361.014519][T11850] BTRFS info (device loop1): enabling free space tree
[  361.342740][ T5828] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  361.694917][T11898] loop3: detected capacity change from 0 to 2048
[  361.818200][T11898] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  361.850667][T11898] ext4 filesystem being mounted at /394/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  361.913290][T11871] loop4: detected capacity change from 0 to 32768
[  361.950901][T11871] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  361.973625][T11913] loop1: detected capacity change from 0 to 128
[  362.006840][T11913] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  362.036127][T11888] loop0: detected capacity change from 0 to 32768
[  362.051875][T11913] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  362.070777][T11871] XFS (loop4): Ending clean mount
[  362.091964][T11871] XFS (loop4): Quotacheck needed: Please wait.
[  362.101919][T11919] input: syz1 as /devices/virtual/input/input43
[  362.117042][T11888] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  362.141184][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.176415][ T9334] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  362.206680][T11871] XFS (loop4): Quotacheck: Done.
[  362.261119][T11888] XFS (loop0): Ending clean mount
[  362.404835][T11934] tun0: tun_chr_ioctl cmd 1074025675
[  362.419670][T11934] tun0: persist enabled
[  362.447947][T11934] tun0: tun_chr_ioctl cmd 1074025675
[  362.474697][T11934] tun0: persist enabled
[  362.489721][ T5830] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  362.491057][ T5841] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  362.766563][T11945] loop3: detected capacity change from 0 to 512
[  362.820034][T11945] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  362.877784][T11945] EXT4-fs error (device loop3): ext4_free_branches:1020: inode #16: comm syz.3.2232: invalid indirect mapped block 4294967295 (level 0)
[  363.005316][T11945] EXT4-fs error (device loop3): ext4_free_branches:1020: inode #16: comm syz.3.2232: invalid indirect mapped block 4294967295 (level 1)
[  363.025768][T11945] EXT4-fs (loop3): 1 orphan inode deleted
[  363.041720][T11945] EXT4-fs (loop3): 1 truncate cleaned up
[  363.053330][T11945] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  363.165923][T11904] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  363.349224][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  363.973464][T11975] overlay: filesystem on ./bus not supported as upperdir
[  364.022986][T11977] netlink: 'syz.4.2244': attribute type 3 has an invalid length.
[  364.069865][T11977] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2244'.
[  364.141337][T11947] loop2: detected capacity change from 0 to 32768
[  364.231283][T11947] read_mapping_page failed!
[  364.258809][T11947] ERROR: (device loop2): txAbort: 
[  364.258809][T11947] 
[  364.269784][ T5903] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  364.377807][  T111] ERROR: (device loop2): diUpdatePMap: the inode is not allocated in the working map
[  364.377807][  T111] 
[  364.413806][T11987] loop4: detected capacity change from 0 to 512
[  364.440286][ T5903] usb 1-1: Using ep0 maxpacket: 32
[  364.454295][ T5903] usb 1-1: config 0 interface 0 has no altsetting 0
[  364.467642][ T5903] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  364.479581][ T5903] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.488403][T11987] EXT4-fs (loop4): 1 truncate cleaned up
[  364.496250][T11987] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  364.508598][ T5903] usb 1-1: Product: syz
[  364.513005][ T5903] usb 1-1: Manufacturer: syz
[  364.517632][ T5903] usb 1-1: SerialNumber: syz
[  364.525841][ T5903] usb 1-1: config 0 descriptor??
[  364.619883][T11991] PF_CAN: dropped non conform CAN XL skbuff: dev type 65534, len 40
[  364.772591][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.969588][ T5903] gs_usb 1-1:0.0: Configuring for 1 interfaces
[  365.377432][ T5903] gs_usb 1-1:0.0: Couldn't register candev for channel 0 (-EINVAL)
[  365.396698][ T5903] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -22
[  365.626771][ T5931] usb 1-1: USB disconnect, device number 22
[  365.809814][ T5903] usb 6-1: new high-speed USB device number 21 using dummy_hcd
[  365.989749][ T5903] usb 6-1: Using ep0 maxpacket: 32
[  365.998347][ T5903] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  366.010809][ T5903] usb 6-1: config 0 has no interface number 0
[  366.020380][   T30] audit: type=1326 audit(1760816134.983:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12023 comm="syz.3.2265" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fac67b8efc9 code=0x0
[  366.022926][ T5903] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  366.069090][ T5903] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.078140][ T5903] usb 6-1: Product: syz
[  366.082367][ T5903] usb 6-1: Manufacturer: syz
[  366.086968][ T5903] usb 6-1: SerialNumber: syz
[  366.102837][ T5903] usb 6-1: config 0 descriptor??
[  366.114189][ T5903] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  366.289533][ T3092] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  366.323043][ T5903] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  366.357078][ T5903] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  366.402537][T12033] loop0: detected capacity change from 0 to 2048
[  366.452699][ T3092] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  366.477003][ T3092] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.517870][ T3092] usb 3-1: config 0 descriptor??
[  366.554494][ T3092] cp210x 3-1:0.0: cp210x converter detected
[  366.577439][T12033] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  366.590369][T12033] ext4 filesystem being mounted at /362/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  366.830966][    C0] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -71
[  366.841163][    T9] usb 6-1: USB disconnect, device number 21
[  366.872357][    T9] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  366.921428][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  366.931425][    T9] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  366.962861][    T9] quatech2 6-1:0.51: device disconnected
[  366.965699][ T3092] cp210x 3-1:0.0: failed to get vendor val 0x000e size 3: -32
[  367.132681][T12044] loop1: detected capacity change from 0 to 16
[  367.203077][T12044] erofs (device loop1): mounted with root inode @ nid 36.
[  367.205314][ T3092] usb 3-1: cp210x converter now attached to ttyUSB0
[  367.253467][T12047] loop0: detected capacity change from 0 to 512
[  367.289841][T12047] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  367.318263][   T30] audit: type=1800 audit(1760816136.273:233): pid=12044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2273" name="file1" dev="loop1" ino=86 res=0 errno=0
[  367.319741][T12044] Invalid ELF header len 10
[  367.383823][T12047] EXT4-fs (loop0): 1 truncate cleaned up
[  367.408441][ T3092] usb 3-1: USB disconnect, device number 26
[  367.456834][ T3092] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  367.457412][T12047] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  367.508147][ T3092] cp210x 3-1:0.0: device disconnected
[  367.531076][   T30] audit: type=1800 audit(1760816136.483:234): pid=12047 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2272" name="file1" dev="loop0" ino=15 res=0 errno=0
[  367.766785][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  368.101259][T12076] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2285'.
[  368.185559][T12079] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2285'.
[  368.258801][T12079] nbd: device at index 64 is going down
[  368.676067][T12092] loop4: detected capacity change from 0 to 512
[  368.731958][T12092] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  368.829842][T12092] EXT4-fs (loop4): 1 truncate cleaned up
[  368.837555][T12092] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  368.949084][   T30] audit: type=1800 audit(1760816137.903:235): pid=12092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2293" name="file1" dev="loop4" ino=15 res=0 errno=0
[  369.531847][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.580378][T12116] loop3: detected capacity change from 0 to 512
[  369.727028][T12116] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  369.822887][T12116] ext4 filesystem being mounted at /410/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  370.154821][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  370.524553][T12148] loop3: detected capacity change from 0 to 256
[  370.533724][T12148] FAT-fs (loop3): Directory bread(block 1285) failed
[  370.554212][T12148] FAT-fs (loop3): Directory bread(block 1285) failed
[  370.562858][T12148] FAT-fs (loop3): FAT read failed (blocknr 1281)
[  370.574077][T12148] FAT-fs (loop3): Directory bread(block 1285) failed
[  370.599987][T12148] FAT-fs (loop3): Directory bread(block 1285) failed
[  370.606791][T12148] FAT-fs (loop3): Directory bread(block 1285) failed
[  370.629834][T12148] FAT-fs (loop3): Directory bread(block 1285) failed
[  370.656262][T12148] FAT-fs (loop3): Directory bread(block 1285) failed
[  370.700643][T12148] FAT-fs (loop3): Directory bread(block 1285) failed
[  370.717900][T12153] FAT-fs (loop3): Directory bread(block 1285) failed
[  370.878810][T12158] loop1: detected capacity change from 0 to 512
[  370.939773][T12158] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  371.060165][T12158] EXT4-fs (loop1): 1 truncate cleaned up
[  371.084156][T12170] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  371.115012][T12158] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  371.183153][T12172] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2325'.
[  371.184416][T12163] loop2: detected capacity change from 0 to 4096
[  371.241297][T12163] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  371.253774][   T30] audit: type=1800 audit(1760816140.203:236): pid=12158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2317" name="file1" dev="loop1" ino=15 res=0 errno=0
[  371.274292][    C1] vkms_vblank_simulate: vblank timer overrun
[  371.353044][T12163] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  371.378811][T12163] ntfs3(loop2): ino=1a, mi_enum_attr
[  371.407363][T12163] ntfs3(loop2): Failed to initialize $Extend/$ObjId.
[  371.521749][T12182] loop5: detected capacity change from 0 to 2095
[  371.586647][T12183] loop5: detected capacity change from 2095 to 3319
[  371.599245][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.209736][ T5903] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  372.380070][ T5903] usb 4-1: Using ep0 maxpacket: 32
[  372.387689][ T5903] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  372.406874][T12176] loop5: detected capacity change from 0 to 32768
[  372.425791][ T5903] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.449593][ T5903] usb 4-1: config 0 descriptor??
[  372.469831][T12176] XFS (loop5): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  372.541415][T12176] XFS (loop5): Ending clean mount
[  372.552991][T12176] XFS (loop5): Quotacheck needed: Please wait.
[  372.587248][T12176] XFS (loop5): Quotacheck: Done.
[  372.612789][   T30] audit: type=1800 audit(1760816141.573:237): pid=12176 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2326" name="file1" dev="loop5" ino=6150 res=0 errno=0
[  372.674410][ T5903] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  372.710319][ T5903] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  372.731133][ T5903] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  372.738293][ T5903] usb 4-1: media controller created
[  372.803330][ T5903] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  372.814103][T12210] loop1: detected capacity change from 0 to 4096
[  372.868426][T12210] ntfs3(loop1): ino=18, mi_enum_attr
[  372.885243][ T5903] az6027: usb out operation failed. (-71)
[  372.894844][T12210] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  372.902553][ T5903] az6027: usb out operation failed. (-71)
[  372.908746][T12210] ntfs3(loop1): ino=1a, mi_enum_attr
[  372.914985][ T5903] stb0899_attach: Driver disabled by Kconfig
[  372.929744][ T5903] az6027: no front-end attached
[  372.929744][ T5903] 
[  372.953798][ T5903] az6027: usb out operation failed. (-71)
[  372.980665][ T5903] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  372.999634][ T5835] XFS (loop5): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  373.011866][ T5903] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input44
[  373.044029][ T5903] dvb-usb: schedule remote query interval to 400 msecs.
[  373.059636][ T5903] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  373.089313][ T5903] usb 4-1: USB disconnect, device number 15
[  373.116837][T12190] loop0: detected capacity change from 0 to 32768
[  373.195104][T12190] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  373.290775][ T5903] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  373.299378][T12190] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  373.424072][T12190] XFS (loop0): Ending clean mount
[  373.461185][T12190] XFS (loop0): Quotacheck needed: Please wait.
[  373.474439][T11022] hid-generic 0000:3000000:0000.001A: unknown main item tag 0x4
[  373.483227][T12230] loop2: detected capacity change from 0 to 512
[  373.527525][T12230] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  373.563484][ T6173] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x26/0xe0, xfs_cntbt block 0x10 
[  373.576027][T11022] hid-generic 0000:3000000:0000.001A: unknown main item tag 0x2
[  373.589779][T12230] EXT4-fs (loop2): 1 truncate cleaned up
[  373.597707][T12230] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  373.615691][T11022] hid-generic 0000:3000000:0000.001A: unknown main item tag 0x3
[  373.622986][ T6173] XFS (loop0): Unmount and run xfs_repair
[  373.629540][ T6173] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  373.641273][ T6173] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  373.661027][   T30] audit: type=1800 audit(1760816142.593:238): pid=12230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2344" name="file1" dev="loop2" ino=15 res=0 errno=0
[  373.669686][ T6173] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10  ................
[  373.690885][ T6173] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  373.701911][ T6173] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02  .... ......N....
[  373.710904][ T6173] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  373.720395][ T6173] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00  ................
[  373.729927][ T6173] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  373.739985][ T6173] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  373.748852][ T6173] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x10 len 8 error 74
[  373.759053][T11022] hid-generic 0000:3000000:0000.001A: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  373.785542][T12190] XFS (loop0): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  374.161991][T12242] loop4: detected capacity change from 0 to 128
[  374.172249][T12242] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  374.201498][ T5829] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  374.218566][T12242] hpfs: filesystem error: improperly stopped
[  374.228658][T12242] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  374.266845][T12242] hpfs: You really don't want any checks? You are crazy...
[  374.282610][T12242] hpfs: hpfs_map_sector(): read error
[  374.287992][T12242] hpfs: code page support is disabled
[  374.293733][ T5830] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  374.335113][ T5830] XFS (loop0): Uncorrected metadata errors detected; please run xfs_repair.
[  374.344418][T12242] hpfs: hpfs_map_4sectors(): unaligned read
[  374.354224][T12242] hpfs: hpfs_map_4sectors(): unaligned read
[  374.382341][T12242] hpfs: filesystem error: unable to find root dir
[  374.424374][T12248] IPv6: syztnl0: Disabled Multicast RS
[  374.519940][    T9] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[  374.692413][    T9] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  374.711177][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  374.729556][    T9] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  374.741922][T12261] loop2: detected capacity change from 0 to 128
[  374.761174][    T9] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  374.775326][T12261] EXT4-fs: Ignoring removed orlov option
[  374.799895][    T9] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  374.806878][T12261] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  374.829375][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.831913][T12263] loop4: detected capacity change from 0 to 2048
[  374.832113][T12261] ext4 filesystem being mounted at /381/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  374.891304][    T9] usb 6-1: config 0 descriptor??
[  374.897138][T12263] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found!
[  374.918368][T12244] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  374.947794][T12263] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  375.179775][T11022] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  375.249839][ T3092] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  375.278717][T12278] netlink: 'syz.4.2364': attribute type 1 has an invalid length.
[  375.286957][T12278] netlink: 172 bytes leftover after parsing attributes in process `syz.4.2364'.
[  375.295858][T12280] loop3: detected capacity change from 0 to 512
[  375.304372][T12280] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  375.318571][T12280] EXT4-fs (loop3): 1 truncate cleaned up
[  375.326590][T12280] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  375.339635][T11022] usb 1-1: Using ep0 maxpacket: 32
[  375.350317][T11022] usb 1-1: config 0 has an invalid interface number: 209 but max is 0
[  375.358706][T11022] usb 1-1: config 0 has no interface number 0
[  375.365467][T11022] usb 1-1: config 0 interface 209 has no altsetting 0
[  375.375222][T11022] usb 1-1: New USB device found, idVendor=1f71, idProduct=3306, bcdDevice=1b.23
[  375.377784][    T9] plantronics 0003:047F:FFFF.001B: reserved main item tag 0xd
[  375.384635][T11022] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  375.400374][T11022] usb 1-1: Product: syz
[  375.404719][T11022] usb 1-1: Manufacturer: syz
[  375.409323][T11022] usb 1-1: SerialNumber: syz
[  375.415093][   T30] audit: type=1800 audit(1760816144.373:239): pid=12280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2363" name="file1" dev="loop3" ino=15 res=0 errno=0
[  375.437914][T11022] usb 1-1: config 0 descriptor??
[  375.442980][ T3092] usb 3-1: Using ep0 maxpacket: 8
[  375.454059][ T3092] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  375.462763][ T3092] usb 3-1: config 179 has no interface number 0
[  375.464256][    T9] plantronics 0003:047F:FFFF.001B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  375.469096][ T3092] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  375.469144][ T3092] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  375.469223][ T3092] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 155, changing to 11
[  375.469271][ T3092] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 8704, setting to 1024
[  375.469320][ T3092] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  375.555166][ T3092] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  375.567275][ T3092] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  375.614815][T12261] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  375.752582][    T9] usb 6-1: USB disconnect, device number 22
[  375.821168][T11022] usb 1-1: USB disconnect, device number 23
[  375.865014][ T5837] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.877045][ T3092] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input46
[  376.061945][T12261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  376.121627][T12261] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  376.354783][ T5923] usb 3-1: USB disconnect, device number 27
[  376.354781][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  376.945227][ T5829] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  377.386919][T12331] overlayfs: failed to verify upper root origin
[  377.560635][T11022] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  377.745265][T11022] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  377.789326][T11022] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  377.829569][T11022] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.868023][T11022] usb 2-1: config 0 descriptor??
[  377.990587][T12319] loop5: detected capacity change from 0 to 32768
[  378.009903][T12319] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.2382 (12319)
[  378.027222][T12319] BTRFS info (device loop5): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  378.038680][T12319] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm
[  378.067273][T12344] loop3: detected capacity change from 0 to 1024
[  378.111778][T12344] EXT4-fs: Ignoring removed nomblk_io_submit option
[  378.181349][T12344] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c855c01c, mo2=0003]
[  378.223794][T12344] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  378.268303][T12319] BTRFS info (device loop5): enabling ssd optimizations
[  378.316255][T12319] BTRFS info (device loop5): turning on async discard
[  378.326266][T11022] keytouch 0003:0926:3333.001C: fixing up Keytouch IEC report descriptor
[  378.340787][T11022] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.001C/input/input47
[  378.354843][T12319] BTRFS info (device loop5): enabling free space tree
[  378.506545][T11022] keytouch 0003:0926:3333.001C: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0
[  378.514305][T12367] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[  378.530133][T12329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  378.552680][   T30] audit: type=1800 audit(1760816147.473:240): pid=12319 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2382" name="bus" dev="loop5" ino=263 res=0 errno=0
[  378.583522][T12329] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  378.633093][ T5837] EXT4-fs error (device loop3): ext4_iget_extra_inode:5074: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  378.693360][    C1] Mem-Info:
[  378.696882][    C1] active_anon:35915 inactive_anon:0 isolated_anon:0
[  378.696882][    C1]  active_file:9154 inactive_file:50829 isolated_file:0
[  378.696882][    C1]  unevictable:768 dirty:763 writeback:0
[  378.696882][    C1]  slab_reclaimable:7304 slab_unreclaimable:128750
[  378.696882][    C1]  mapped:34833 shmem:29630 pagetables:1167
[  378.696882][    C1]  sec_pagetables:0 bounce:0
[  378.696882][    C1]  kernel_misc_reclaimable:0
[  378.696882][    C1]  free:1234659 free_pcp:15748 free_cma:0
[  378.742279][    C1] Node 0 active_anon:143660kB inactive_anon:0kB active_file:36616kB inactive_file:203112kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:139332kB dirty:3052kB writeback:0kB shmem:116984kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:15136kB pagetables:4544kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  378.774376][    C1] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:124kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  378.804209][    C1] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  378.834062][    C1] lowmem_reserve[]: 0 2483 2485 2485 2485
[  378.839851][    C1] Node 0 DMA32 free:1030448kB boost:0kB min:34108kB low:42632kB high:51156kB reserved_highatomic:0KB free_highatomic:0KB active_anon:143660kB inactive_anon:0kB active_file:36616kB inactive_file:203112kB unevictable:1536kB writepending:3052kB zspages:0kB present:3129332kB managed:2543488kB mlocked:0kB bounce:0kB free_pcp:44700kB local_pcp:26748kB free_cma:0kB
[  378.873351][    C1] lowmem_reserve[]: 0 0 1 1 1
[  378.878093][    C1] Node 0 Normal free:0kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  378.907769][    C1] lowmem_reserve[]: 0 0 0 0 0
[  378.912517][    C1] Node 1 Normal free:3892828kB boost:0kB min:55768kB low:69708kB high:83648kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:18220kB local_pcp:8692kB free_cma:0kB
[  378.944712][    C1] lowmem_reserve[]: 0 0 0 0 0
[  378.949545][    C1] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  378.962365][    C1] Node 0 DMA32: 119*4kB (UE) 26*8kB (UM) 78*16kB (UME) 687*32kB (UME) 451*64kB (UME) 158*128kB (UME) 94*256kB (UME) 27*512kB (UME) 6*1024kB (UME) 8*2048kB (UME) 219*4096kB (M) = 1030444kB
[  378.981135][    C1] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  378.992712][    C1] Node 1 Normal: 87*4kB (UME) 50*8kB (UME) 49*16kB (UME) 175*32kB (UME) 50*64kB (UME) 14*128kB (UME) 3*256kB (ME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 946*4096kB (M) = 3892828kB
[  379.010877][    C1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  379.020417][    C1] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  379.029696][    C1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  379.039234][    C1] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  379.048510][    C1] 89605 total pagecache pages
[  379.053173][    C1] 0 pages in swap cache
[  379.057316][    C1] Free swap  = 124996kB
[  379.061456][    C1] Total swap = 124996kB
[  379.065599][    C1] 2097051 pages RAM
[  379.069390][    C1] 0 pages HighMem/MovableOnly
[  379.074054][    C1] 429089 pages reserved
[  379.078192][    C1] 0 pages cma reserved
[  379.093024][ T5837] EXT4-fs error (device loop3): ext4_iget_extra_inode:5074: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  379.317531][ T5835] BTRFS info (device loop5): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  379.575038][ T5923] usb 2-1: USB disconnect, device number 17
[  379.626623][T12380] input: syz1 as /devices/virtual/input/input48
[  380.658072][ T9111] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  380.959525][ T5923] usb 3-1: new high-speed USB device number 28 using dummy_hcd
[  381.054015][T12410] loop4: detected capacity change from 0 to 1024
[  381.129663][ T5923] usb 3-1: Using ep0 maxpacket: 32
[  381.177058][ T5923] usb 3-1: config 0 has an invalid interface number: 209 but max is 0
[  381.211817][ T5923] usb 3-1: config 0 has no interface number 0
[  381.217960][ T5923] usb 3-1: config 0 interface 209 has no altsetting 0
[  381.246621][ T5923] usb 3-1: New USB device found, idVendor=1f71, idProduct=3306, bcdDevice=1b.23
[  381.259819][ T5923] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.267825][ T5923] usb 3-1: Product: syz
[  381.277259][T12387] loop5: detected capacity change from 0 to 32768
[  381.284366][ T5923] usb 3-1: Manufacturer: syz
[  381.288969][ T5923] usb 3-1: SerialNumber: syz
[  381.289299][ T9334] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.299232][ T6173] hfsplus: b-tree write err: -5, ino 8
[  381.328869][ T5923] usb 3-1: config 0 descriptor??
[  381.359961][T12387] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  381.487786][T12387] XFS (loop5): Ending clean mount
[  381.620991][ T9334] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.645838][ T5923] usb 3-1: USB disconnect, device number 28
[  381.668369][ T5835] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  381.812680][ T9334] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.166162][ T9334] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.497881][T12440] can0: slcan on ptm0.
[  382.577600][ T9334] bridge0: port 1(dummy0) entered disabled state
[  382.599923][ T5923] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[  382.729169][ T5834] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  382.742016][ T5834] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  382.750878][ T5834] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  382.768350][ T5834] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  382.775588][ T5923] usb 6-1: Using ep0 maxpacket: 16
[  382.781829][ T5834] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  382.792596][ T5923] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  382.813244][ T5923] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  382.840493][ T5923] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  382.851080][ T5923] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.859104][ T5923] usb 6-1: Product: syz
[  382.869478][ T5923] usb 6-1: Manufacturer: syz
[  382.874092][ T5923] usb 6-1: SerialNumber: syz
[  382.882177][ T5923] usb 6-1: config 0 descriptor??
[  382.892167][ T5923] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  382.909508][ T5923] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  383.131629][T12450] loop4: detected capacity change from 0 to 128
[  383.158022][T12450] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  383.171756][T12450] ext4 filesystem being mounted at /430/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  383.318050][ T5841] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  383.502816][ T5923] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  383.511039][ T5923] em28xx 6-1:0.0: Config register raw data: 0x41
[  383.679328][T12456] loop1: detected capacity change from 0 to 32768
[  383.684206][T12446] loop2: detected capacity change from 0 to 32768
[  383.708007][T12456] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  383.744739][T12446] find_entry called with index = 0
[  383.747814][ T5923] usb 6-1: USB disconnect, device number 23
[  383.757378][T12446] read_mapping_page failed!
[  383.758326][ T5923] em28xx 6-1:0.0: Disconnecting em28xx
[  383.768330][T12446] ERROR: (device loop2): txAbort: 
[  383.768330][T12446] 
[  383.775948][T12446] ERROR: (device loop2): remounting filesystem as read-only
[  383.787413][T12446] read_mapping_page failed!
[  383.799307][T12446] ERROR: (device loop2): txAbort: 
[  383.799307][T12446] 
[  383.803207][ T5923] em28xx 6-1:0.0: Freeing device
[  383.939001][T12456] XFS (loop1): Ending clean mount
[  383.974189][T12456] XFS (loop1): Metadata CRC error detected at xfs_rmapbt_read_verify+0x26/0xe0, xfs_rmapbt block 0x14 
[  383.985730][T12456] XFS (loop1): Unmount and run xfs_repair
[  383.991517][T12456] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  384.001772][T12456] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[  384.010662][T12456] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 80  ................
[  384.019741][T12456] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91  ..G...N..b..1...
[  384.028644][T12456] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01  ....[.;.........
[  384.037577][T12456] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[  384.047155][T12456] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[  384.056071][T12456] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[  384.065097][T12456] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[  384.073990][T12456] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x23f/0x4f0" at daddr 0x14 len 4 error 74
[  384.094995][T12456] XFS (loop1): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x400/0x970 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  384.109808][T12456] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  384.182426][ T5828] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  384.194619][ T9334] bond0 (unregistering): Released all slaves
[  384.223877][T12470] loop4: detected capacity change from 0 to 128
[  384.409725][T12437] can0 (unregistered): slcan off ptm0.
[  384.803887][ T5923] kernel read not supported for file /rfkill (pid: 5923 comm: kworker/0:6)
[  384.920637][ T5834] Bluetooth: hci3: command tx timeout
[  385.275691][ T9334] hsr_slave_0: left promiscuous mode
[  385.298335][ T9334] hsr_slave_1: left promiscuous mode
[  385.376872][ T9334] veth1_macvtap: left promiscuous mode
[  385.387132][ T9334] veth0_macvtap: left promiscuous mode
[  385.393038][ T9334] veth1_vlan: left promiscuous mode
[  385.398552][ T9334] veth0_vlan: left promiscuous mode
[  385.479878][ T5923] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  385.549352][T12479] loop0: detected capacity change from 0 to 32768
[  385.574603][T12479] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2441 (12479)
[  385.625019][T12479] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  385.655673][T12479] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  385.666758][ T5923] usb 2-1: Using ep0 maxpacket: 8
[  385.687330][ T5923] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  385.712259][ T5923] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  385.732561][ T5923] usb 2-1: config 0 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  385.762266][ T5923] usb 2-1: config 0 interface 0 has no altsetting 0
[  385.779153][ T5923] usb 2-1: New USB device found, idVendor=5543, idProduct=0042, bcdDevice= 0.00
[  385.790223][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.799148][T12512] loop5: detected capacity change from 0 to 512
[  385.801973][ T5923] usb 2-1: config 0 descriptor??
[  385.823096][T12512] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  385.859230][T12512] EXT4-fs (loop5): 1 truncate cleaned up
[  385.882802][T12512] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  385.899081][T12479] BTRFS info (device loop0): enabling ssd optimizations
[  385.909512][T12479] BTRFS info (device loop0): turning on async discard
[  385.916497][T12479] BTRFS info (device loop0): enabling free space tree
[  385.943950][   T30] audit: type=1800 audit(1760816410.895:241): pid=12512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2450" name="file1" dev="loop5" ino=15 res=0 errno=0
[  386.096835][ T5830] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  386.240539][ T5923] uclogic 0003:5543:0042.001D: unbalanced collection at end of report description
[  386.272711][ T5923] uclogic 0003:5543:0042.001D: parse failed
[  386.278730][ T5923] uclogic 0003:5543:0042.001D: probe with driver uclogic failed with error -22
[  386.332306][ T5835] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  386.440418][ T5923] usb 2-1: USB disconnect, device number 18
[  386.999559][ T5834] Bluetooth: hci3: command tx timeout
[  387.595533][T12558] loop0: detected capacity change from 0 to 2048
[  387.626840][T12559] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  387.882062][T12447] chnl_net:caif_netlink_parms(): no params data found
[  387.950942][T12564] loop1: detected capacity change from 0 to 1024
[  387.958374][T12564] EXT4-fs: Ignoring removed bh option
[  387.992583][T12564] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  388.027011][T12570] loop2: detected capacity change from 0 to 1024
[  388.082156][T12564] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  388.141436][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  388.147764][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  388.179504][ T5903] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[  388.373572][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  388.385140][T12447] bridge0: port 1(bridge_slave_0) entered blocking state
[  388.389919][ T5903] usb 6-1: config 39 has an invalid interface number: 2 but max is 1
[  388.400396][T12447] bridge0: port 1(bridge_slave_0) entered disabled state
[  388.408162][ T5903] usb 6-1: config 39 has an invalid interface number: 208 but max is 1
[  388.417436][ T5903] usb 6-1: config 39 has no interface number 0
[  388.424922][ T5903] usb 6-1: config 39 has no interface number 1
[  388.431820][ T5903] usb 6-1: config 39 interface 2 has no altsetting 0
[  388.438592][ T5903] usb 6-1: config 39 interface 208 has no altsetting 0
[  388.467574][T12447] bridge_slave_0: entered allmulticast mode
[  388.480257][ T5903] usb 6-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=c4.36
[  388.498815][ T5903] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.509159][T12447] bridge_slave_0: entered promiscuous mode
[  388.515074][ T5903] usb 6-1: Product: syz
[  388.524175][ T5903] usb 6-1: Manufacturer: syz
[  388.528785][ T5903] usb 6-1: SerialNumber: syz
[  388.603714][ T9334] IPVS: stop unused estimator thread 0...
[  388.610987][T12447] bridge0: port 2(bridge_slave_1) entered blocking state
[  388.618164][T12447] bridge0: port 2(bridge_slave_1) entered disabled state
[  388.652140][T12447] bridge_slave_1: entered allmulticast mode
[  388.671181][T12447] bridge_slave_1: entered promiscuous mode
[  388.991810][T12447] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  389.024376][T12447] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  389.079964][ T5834] Bluetooth: hci3: command tx timeout
[  389.123150][ T5903] mdc800 6-1:39.2: probe fails -> wrong Interface
[  389.141010][ T5903] mdc800 6-1:39.208: probe fails -> wrong Interface
[  389.156149][T12447] team0: Port device team_slave_0 added
[  389.162856][ T5903] usb 6-1: USB disconnect, device number 24
[  389.383194][T12447] team0: Port device team_slave_1 added
[  389.516720][T12447] batman_adv: batadv0: Adding interface: batadv_slave_0
[  389.532455][T12447] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  389.579790][T12447] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  389.610907][T12447] batman_adv: batadv0: Adding interface: batadv_slave_1
[  389.626721][T12447] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  389.799780][T12447] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  389.850390][T12600] loop4: detected capacity change from 0 to 32768
[  389.858439][T12600] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2483 (12600)
[  389.897864][T12600] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  389.931620][T12600] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  390.061315][T12600] BTRFS info (device loop4): enabling ssd optimizations
[  390.076902][T12627] usb usb8: usbfs: process 12627 (syz.0.2488) did not claim interface 0 before use
[  390.088794][T12600] BTRFS info (device loop4): turning on async discard
[  390.116196][T12600] BTRFS info (device loop4): enabling free space tree
[  390.126123][T12447] hsr_slave_0: entered promiscuous mode
[  390.134918][T12447] hsr_slave_1: entered promiscuous mode
[  390.143674][T12447] debugfs: 'hsr0' already exists in 'hsr'
[  390.149470][T12447] Cannot create hsr debugfs directory
[  390.473357][ T6173] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  390.599561][ T5903] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[  390.617358][ T5841] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  390.663523][T12642] gre0: Master is either lo or non-ether device
[  390.789458][ T5903] usb 6-1: Using ep0 maxpacket: 16
[  390.833157][ T5903] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  390.859598][ T5903] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  390.892917][ T5903] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  390.924289][ T5903] usb 6-1: config 0 descriptor??
[  391.162913][ T5834] Bluetooth: hci3: command tx timeout
[  391.196032][T12447] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  391.215051][T12447] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  391.252027][T12447] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  391.294133][T12447] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  391.355833][ T5903] mcp2221 0003:04D8:00DD.001E: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0
[  391.624760][T12447] 8021q: adding VLAN 0 to HW filter on device bond0
[  391.694565][T12447] 8021q: adding VLAN 0 to HW filter on device team0
[  391.745494][ T9334] bridge0: port 1(bridge_slave_0) entered blocking state
[  391.752695][ T9334] bridge0: port 1(bridge_slave_0) entered forwarding state
[  391.788804][ T5903] usb 6-1: USB disconnect, device number 25
[  391.803594][ T9334] bridge0: port 2(bridge_slave_1) entered blocking state
[  391.810771][ T9334] bridge0: port 2(bridge_slave_1) entered forwarding state
[  391.959995][ T3092] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  392.134469][ T3092] usb 2-1: Using ep0 maxpacket: 32
[  392.171462][ T3092] usb 2-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b
[  392.189508][ T3092] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.235441][ T3092] usb 2-1: Product: syz
[  392.243593][ T3092] usb 2-1: Manufacturer: syz
[  392.248198][ T3092] usb 2-1: SerialNumber: syz
[  392.279821][ T3092] usb 2-1: config 0 descriptor??
[  392.501195][T12447] 8021q: adding VLAN 0 to HW filter on device batadv0
[  392.650468][T12676] netlink: 703 bytes leftover after parsing attributes in process `syz.5.2505'.
[  392.920820][ T3092] peak_usb 2-1:0.0: PEAK-System PCAN-USB Pro hwrev 0 serial 00000000.00000000 (2 channels)
[  392.943847][ T3092] peak_usb 2-1:0.0 can0: sending command failure: -22
[  392.969584][ T3092] peak_usb 2-1:0.0 can0: sending command failure: -22
[  393.104757][ T3092] peak_usb 2-1:0.0: probe with driver peak_usb failed with error -22
[  393.135009][ T3092] usb 2-1: USB disconnect, device number 19
[  393.389495][T12447] veth0_vlan: entered promiscuous mode
[  393.425999][T12447] veth1_vlan: entered promiscuous mode
[  393.537029][T12447] veth0_macvtap: entered promiscuous mode
[  393.571997][T12447] veth1_macvtap: entered promiscuous mode
[  393.602091][T12447] batman_adv: batadv0: Interface activated: batadv_slave_0
[  393.618785][T12447] batman_adv: batadv0: Interface activated: batadv_slave_1
[  393.657569][ T6171] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  393.685406][ T6171] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  393.701282][ T6171] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  393.713690][T12708] capability: warning: `syz.4.2518' uses 32-bit capabilities (legacy support in use)
[  393.763002][ T6171] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  393.827195][T12710] loop1: detected capacity change from 0 to 128
[  393.861481][T12710] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  393.908555][T12710] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  393.983019][ T6171] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.021464][ T6171] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.119270][ T9333] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  394.141103][ T6171] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  394.168595][ T6171] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  394.419081][T12724] loop2: detected capacity change from 0 to 1024
[  394.995003][ T9334] hfsplus: b-tree write err: -5, ino 3
[  395.337129][T12738] loop2: detected capacity change from 0 to 4096
[  395.382298][T12744] loop4: detected capacity change from 0 to 256
[  395.403803][T12746] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  395.444676][   T30] audit: type=1800 audit(1760816420.395:242): pid=12738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2528" name="file1" dev="loop2" ino=15 res=0 errno=0
[  395.821198][T12759] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2537'.
[  395.853256][T12758] netlink: 16402 bytes leftover after parsing attributes in process `syz.2.2537'.
[  396.540819][   T30] audit: type=1326 audit(1760816421.475:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.6.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f687ed8efc9 code=0x7ffc0000
[  396.627365][   T30] audit: type=1326 audit(1760816421.495:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.6.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f687ed8efc9 code=0x7ffc0000
[  396.678026][T12786] loop1: detected capacity change from 0 to 512
[  396.727028][   T30] audit: type=1326 audit(1760816421.495:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.6.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f687ed8efc9 code=0x7ffc0000
[  396.780999][   T30] audit: type=1326 audit(1760816421.495:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.6.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f687ed8efc9 code=0x7ffc0000
[  396.822715][T12786] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  396.852990][   T30] audit: type=1326 audit(1760816421.495:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.6.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f687ed8efc9 code=0x7ffc0000
[  396.879621][   T30] audit: type=1326 audit(1760816421.525:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.6.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f687ed8efc9 code=0x7ffc0000
[  396.886275][T12786] ext4 filesystem being mounted at /421/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  396.920933][   T30] audit: type=1326 audit(1760816421.525:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.6.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f687ed8efc9 code=0x7ffc0000
[  397.069572][   T30] audit: type=1326 audit(1760816421.525:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.6.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7f687ed8efc9 code=0x7ffc0000
[  397.139002][   T30] audit: type=1326 audit(1760816421.525:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12780 comm="syz.6.2549" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f687ed8efc9 code=0x7ffc0000
[  397.332983][T12799] loop0: detected capacity change from 0 to 4096
[  397.517111][ T5828] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  398.627824][T12833] loop6: detected capacity change from 0 to 32768
[  398.677648][T12833] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  398.755783][T12833] XFS (loop6): Ending clean mount
[  398.770135][T12833] XFS (loop6): Quotacheck needed: Please wait.
[  398.818679][T12833] XFS (loop6): Quotacheck: Done.
[  398.966062][T12857] loop0: detected capacity change from 0 to 512
[  398.998441][T12857] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  399.011641][T12857] ext4 filesystem being mounted at /417/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  399.177745][T12835] loop1: detected capacity change from 0 to 32768
[  399.181294][ T5903] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  399.231082][T12447] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  399.244016][ T5830] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.350106][ T5903] usb 3-1: Using ep0 maxpacket: 16
[  399.393395][ T5903] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  399.415877][ T5903] usb 3-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00
[  399.436087][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.462568][ T5903] usb 3-1: config 0 descriptor??
[  399.488589][ T5903] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input50
[  399.656607][T12863] loop0: detected capacity change from 0 to 8192
[  399.678241][ T5178] bcm5974 3-1:0.0: could not read from device
[  399.712087][ T5903] bcm5974 3-1:0.0: could not read from device
[  399.748340][ T5178] bcm5974 3-1:0.0: could not read from device
[  399.813971][ T5903] input: failed to attach handler mousedev to device input50, error: -5
[  399.847436][ T5178] bcm5974 3-1:0.0: could not read from device
[  399.858251][ T5903] usb 3-1: USB disconnect, device number 29
[  400.092803][T12875] loop0: detected capacity change from 0 to 1024
[  400.242457][ T9333] hfsplus: b-tree write err: -5, ino 3
[  400.710162][ T5923] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  400.888727][ T5923] usb 7-1: Using ep0 maxpacket: 8
[  400.905265][ T5923] usb 7-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  400.954080][ T5923] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.979711][ T5923] usb 7-1: Product: syz
[  400.996345][ T5923] usb 7-1: Manufacturer: syz
[  401.014326][ T5923] usb 7-1: SerialNumber: syz
[  401.039086][ T5923] usb 7-1: config 0 descriptor??
[  401.087701][ T5923] radio-usb-si4713 7-1:0.0: Si4713 development board discovered: (10C4:8244)
[  401.108829][T12899] bond0: entered promiscuous mode
[  401.119313][T12899] bond_slave_0: entered promiscuous mode
[  401.140273][T12899] bond_slave_1: entered promiscuous mode
[  401.175646][T12899] batadv0: entered promiscuous mode
[  401.200939][T12899] hsr1: Slave A (bond0) is not up; please bring it up to get a fully working HSR network
[  401.223986][T12899] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network
[  401.261044][T12899] hsr1: entered allmulticast mode
[  401.289171][T12899] bond0: entered allmulticast mode
[  401.312824][T12899] bond_slave_0: entered allmulticast mode
[  401.331838][T12899] bond_slave_1: entered allmulticast mode
[  401.351954][T12899] batadv0: entered allmulticast mode
[  401.369045][T12899] 8021q: adding VLAN 0 to HW filter on device hsr1
[  401.406142][T12899] bond0: left promiscuous mode
[  401.419891][T12899] bond_slave_0: left promiscuous mode
[  401.434599][T12899] bond_slave_1: left promiscuous mode
[  401.454650][T12899] batadv0: left promiscuous mode
[  401.595746][T12890] loop2: detected capacity change from 0 to 32768
[  401.638297][T12890] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  401.663256][T12890] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  401.698888][ T6838] (kworker/u8:44,6838,1):ocfs2_check_dir_entry:321 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[  401.902559][ T5923] radio-usb-si4713 7-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  401.940223][ T5923] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  401.954110][ T5829] ocfs2: Unmounting device (7,2) on (node local)
[  401.959923][ T5923] usb 7-1: USB disconnect, device number 2
[  402.195681][T12920] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  402.423489][T12914] loop0: detected capacity change from 0 to 32768
[  402.490794][   T30] audit: type=1800 audit(1760816427.445:252): pid=12914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2601" name="file1" dev="loop0" ino=7 res=0 errno=0
[  402.537735][T12931] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2609'.
[  402.592116][T12930] netlink: 16402 bytes leftover after parsing attributes in process `syz.5.2609'.
[  402.699479][ T5931] usb 3-1: new full-speed USB device number 30 using dummy_hcd
[  402.795354][  T111] ==================================================================
[  402.803438][  T111] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0xa46/0xb30
[  402.811107][  T111] Read of size 4 at addr ffff888030fe3894 by task jfsCommit/111
[  402.818739][  T111] 
[  402.821061][  T111] CPU: 0 UID: 0 PID: 111 Comm: jfsCommit Not tainted syzkaller #0 PREEMPT(full) 
[  402.821105][  T111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  402.821127][  T111] Call Trace:
[  402.821139][  T111]  <TASK>
[  402.821152][  T111]  dump_stack_lvl+0x116/0x1f0
[  402.821212][  T111]  print_report+0xcd/0x630
[  402.821256][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  402.821300][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  402.821343][  T111]  ? __phys_addr+0xe8/0x180
[  402.821383][  T111]  ? jfs_lazycommit+0xa46/0xb30
[  402.821435][  T111]  kasan_report+0xe0/0x110
[  402.821482][  T111]  ? jfs_lazycommit+0xa46/0xb30
[  402.821550][  T111]  jfs_lazycommit+0xa46/0xb30
[  402.821610][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  402.821667][  T111]  ? __pfx_default_wake_function+0x10/0x10
[  402.821728][  T111]  ? lockdep_hardirqs_on+0x7c/0x110
[  402.821785][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  402.821830][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  402.821873][  T111]  ? __kthread_parkme+0x19e/0x250
[  402.821914][  T111]  ? __pfx_jfs_lazycommit+0x10/0x10
[  402.821968][  T111]  kthread+0x3c5/0x780
[  402.822015][  T111]  ? __pfx_kthread+0x10/0x10
[  402.822063][  T111]  ? srso_alias_return_thunk+0x5/0xfbef5
[  402.822106][  T111]  ? rcu_is_watching+0x12/0xc0
[  402.822140][  T111]  ? __pfx_kthread+0x10/0x10
[  402.822189][  T111]  ret_from_fork+0x675/0x7d0
[  402.822233][  T111]  ? __pfx_kthread+0x10/0x10
[  402.822281][  T111]  ret_from_fork_asm+0x1a/0x30
[  402.822334][  T111]  </TASK>
[  402.822346][  T111] 
[  402.970926][  T111] Allocated by task 12914:
[  402.975325][  T111]  kasan_save_stack+0x33/0x60
[  402.980006][  T111]  kasan_save_track+0x14/0x30
[  402.984686][  T111]  __kasan_kmalloc+0xaa/0xb0
[  402.989276][  T111]  jfs_fill_super+0xca/0x1040
[  402.993950][  T111]  get_tree_bdev_flags+0x38c/0x620
[  402.999062][  T111]  vfs_get_tree+0x8e/0x340
[  403.003489][  T111]  path_mount+0x7b9/0x23a0
[  403.007925][  T111]  __x64_sys_mount+0x293/0x310
[  403.012695][  T111]  do_syscall_64+0xcd/0xfa0
[  403.017191][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.023080][  T111] 
[  403.025387][  T111] Freed by task 5830:
[  403.029348][  T111]  kasan_save_stack+0x33/0x60
[  403.034027][  T111]  kasan_save_track+0x14/0x30
[  403.038704][  T111]  __kasan_save_free_info+0x3b/0x60
[  403.043917][  T111]  __kasan_slab_free+0x5f/0x80
[  403.048682][  T111]  kfree+0x2b8/0x6d0
[  403.052589][  T111]  generic_shutdown_super+0x156/0x390
[  403.057975][  T111]  kill_block_super+0x3b/0x90
[  403.062667][  T111]  deactivate_locked_super+0xc1/0x1a0
[  403.068036][  T111]  deactivate_super+0xde/0x100
[  403.072796][  T111]  cleanup_mnt+0x225/0x450
[  403.077207][  T111]  task_work_run+0x150/0x240
[  403.081808][  T111]  exit_to_user_mode_loop+0xec/0x130
[  403.087102][  T111]  do_syscall_64+0x426/0xfa0
[  403.091687][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.097583][  T111] 
[  403.099889][  T111] The buggy address belongs to the object at ffff888030fe3800
[  403.099889][  T111]  which belongs to the cache kmalloc-256 of size 256
[  403.113935][  T111] The buggy address is located 148 bytes inside of
[  403.113935][  T111]  freed 256-byte region [ffff888030fe3800, ffff888030fe3900)
[  403.127817][  T111] 
[  403.130125][  T111] The buggy address belongs to the physical page:
[  403.136522][  T111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888030fe3e00 pfn:0x30fe2
[  403.146576][  T111] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  403.155065][  T111] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  403.162603][  T111] page_type: f5(slab)
[  403.166579][  T111] raw: 00fff00000000040 ffff88813ffa6b40 ffffea0000c90d00 dead000000000004
[  403.175159][  T111] raw: ffff888030fe3e00 000000000010000e 00000000f5000000 0000000000000000
[  403.183739][  T111] head: 00fff00000000040 ffff88813ffa6b40 ffffea0000c90d00 dead000000000004
[  403.192405][  T111] head: ffff888030fe3e00 000000000010000e 00000000f5000000 0000000000000000
[  403.201074][  T111] head: 00fff00000000001 ffffea0000c3f881 00000000ffffffff 00000000ffffffff
[  403.209741][  T111] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002
[  403.218395][  T111] page dumped because: kasan: bad access detected
[  403.224790][  T111] page_owner tracks the page as allocated
[  403.230485][  T111] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9506, tgid 9496 (syz.1.1312), ts 261522532379, free_ts 258770174130
[  403.251858][  T111]  post_alloc_hook+0x1c0/0x230
[  403.256641][  T111]  get_page_from_freelist+0x10a3/0x3a30
[  403.262206][  T111]  __alloc_frozen_pages_noprof+0x25f/0x2470
[  403.268097][  T111]  alloc_pages_mpol+0x1fb/0x550
[  403.272952][  T111]  new_slab+0x24a/0x360
[  403.277119][  T111]  ___slab_alloc+0xdc4/0x1ae0
[  403.281807][  T111]  __slab_alloc.constprop.0+0x63/0x110
[  403.287281][  T111]  __kmalloc_noprof+0x501/0x880
[  403.292146][  T111]  iter_file_splice_write+0x1cc/0x12e0
[  403.297607][  T111]  direct_splice_actor+0x192/0x6c0
[  403.302719][  T111]  splice_direct_to_actor+0x345/0xa30
[  403.308096][  T111]  do_splice_direct+0x174/0x240
[  403.312944][  T111]  do_sendfile+0xb06/0xe50
[  403.317353][  T111]  __x64_sys_sendfile64+0x1d8/0x220
[  403.322559][  T111]  do_syscall_64+0xcd/0xfa0
[  403.327060][  T111]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.332950][  T111] page last free pid 23 tgid 23 stack trace:
[  403.338913][  T111]  __free_frozen_pages+0x7df/0x1160
[  403.344123][  T111]  tlb_remove_table_rcu+0x121/0x320
[  403.349332][  T111]  rcu_core+0x79c/0x1530
[  403.353589][  T111]  handle_softirqs+0x219/0x8e0
[  403.358371][  T111]  run_ksoftirqd+0x3a/0x60
[  403.362801][  T111]  smpboot_thread_fn+0x3f7/0xae0
[  403.367741][  T111]  kthread+0x3c5/0x780
[  403.371819][  T111]  ret_from_fork+0x675/0x7d0
[  403.376413][  T111]  ret_from_fork_asm+0x1a/0x30
[  403.381175][  T111] 
[  403.383481][  T111] Memory state around the buggy address:
[  403.389095][  T111]  ffff888030fe3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  403.397149][  T111]  ffff888030fe3800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  403.405202][  T111] >ffff888030fe3880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  403.413254][  T111]                          ^
[  403.417837][  T111]  ffff888030fe3900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  403.425888][  T111]  ffff888030fe3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  403.433936][  T111] ==================================================================
[  403.441977][  T111] Disabling lock debugging due to kernel taint
[  403.471979][ T5931] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  403.481176][ T5931] usb 3-1: config 0 has no interface number 0
[  403.489547][ T5931] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  403.504006][T12942] loop1: detected capacity change from 0 to 64
[  403.510202][ T5931] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.519275][ T5931] usb 3-1: Product: syz
[  403.523485][ T5931] usb 3-1: Manufacturer: syz
[  403.528081][ T5931] usb 3-1: SerialNumber: syz
[  403.591895][ T5931] usb 3-1: config 0 descriptor??
[  403.599454][ T5923] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  403.759453][ T5923] usb 5-1: Using ep0 maxpacket: 32
[  403.766039][ T5923] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  403.775194][ T5923] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  403.785091][ T5923] usb 5-1: config 0 descriptor??
[  403.794303][ T5923] gspca_main: sunplus-2.14.0 probing 041e:400b
[  404.028989][ T5931] usb 3-1: Firmware version (0.0) predates our first public release.
[  404.037192][ T5931] usb 3-1: Please update to version 0.2 or newer
[  404.044171][ T5931] usb 3-1: Firmware: build 
[  404.260853][ T5931] usb 3-1: USB disconnect, device number 30
[  404.803557][ T5923] gspca_sunplus: reg_w_riv err -71
[  404.809300][ T5923] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  404.818258][ T5923] usb 5-1: USB disconnect, device number 21