last executing test programs:

1m22.382417202s ago: executing program 3 (id=95):
unshare(0x26020480)
r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$nfc_llcp(r0, &(0x7f0000000380)={0x27, 0x0, 0x0, 0x0, 0x0, 0x0, "d9298498abdba7f061bd1ca44c226af5160e961711a03760760beeab91e8ff0055e5c0d48bd63ffdb93bd43a847a1597c8ef03da5be42200", 0x37}, 0x60)
listen(r0, 0x0)
ppoll(&(0x7f00000000c0)=[{r0}], 0x1, &(0x7f0000000240)={0x0, 0x3938700}, 0x0, 0x0)

1m22.216361631s ago: executing program 3 (id=99):
setresuid(0x0, 0xee00, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_open_dev$ttys(0xc, 0x2, 0x1)

1m20.655934702s ago: executing program 3 (id=104):
r0 = epoll_create1(0x0)
r1 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000780)={0x10000008})
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)={{0x12, 0x1, 0x110, 0xff, 0xbd, 0x4e, 0x40, 0x2040, 0x4201, 0xbe86, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x26, 0x0, 0x1, 0xd9, 0xb3, 0x2d, 0x0, [], [{{0x9, 0x5, 0x2, 0x0, 0x200, 0x4e, 0xa, 0xf4}}]}}]}}]}}, 0x0)
read$dsp(r1, &(0x7f0000000140)=""/29, 0x1d)

1m18.506249377s ago: executing program 3 (id=128):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x3810082, &(0x7f0000000280)=ANY=[@ANYBLOB='undelete,gid=', @ANYRESDEC=0x0, @ANYBLOB=',gid=forget,rootdir=00000000000000001055,iocharset=cp864,unhide,gid=ignore,mode=00000000000000000000001,anchor=00000000000000000000,\x00'], 0x1, 0xc3c, &(0x7f0000002680)="$eJzs3U9sHNd9B/DfGy7Fld1WTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpVlIRRzC8CVuFIXpkiCpBrZSAumlx56CFAUPeREoDUKpGhgNIXRI9O6QHLxocipJ6KFjaDogS0C5BSwmNm34pKibEUkJUr6fGzquzvz3ux789YzsqA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN979dzxE+lBtwIAuJ8ujH/1+En3fwB4rFzy//8AAAAAAAAAAAAAALDfpSjiqUgxd2EtTVbvu+rnO4M3bk6Mjm1f7WCqag5U5cuf+omTp05/6cWRM70835n5iPq77bPx+vilc41XZq/PzbcXFtpTjYmZzpXZqfZdH2Gn9bc6Wp2AxvU3bkxdvbrQOPnCqU27bw5/OPTk4eGzI88de7ZXdmJ0bGx8o0i9v3ztnhvSdacZHgeiiGOR4vnv/SS1IqKInZ+L+v0d+60OVp04WnViYnSs6sh0pzWzWO682DsRRUSjr1Kzd462H4uoDd7XPtxZM2KpbH7Z4KNl98bnWvOty9PtxsXW/GJnsTM7czF1W1v2pxFFnEkRyxGxOnT74QajiFqk+M6htXQ5IgZ65+GL1cTgO7ej2MM+3oWynY3BiOXiIRizfWwoingtUvz0vSNxJV9nqmvNFyJeK/PdiLfLfDkilV+M0xEfbPM94uFUiyL+ohz/s2tpqroe9K4r57/W+MrM1dm+sr3ryi94f7jtSvGA7g8Ht+T9sc+vTfUoolVd8dfSvf9mBwAAAAAAAAAAAAAAAIDddjCK+EykePXf/7iaVxzVvPRDZ0d+f/iX++eMP/MxxynLvhARS8Xdzck9kCcGXkwXU3rAc4kfZ/Uo4k/i3Wr+37cedGMAAAAAAAAAAAAAAAAAAAAea0X8OFK89P6RtBz9a4p3Zq41LrUuT3dXhe2t/dtbM319fX29kbrZzDmZcynncs6VnKs5o8j1czZzTuZcyrmccyXnas4YyPVzNnNO5lzKuZxzJedqzqjl+jmbOSdzLuVczrmSczVn7JO1ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiVFFPHzSPHtb6ylSBHRjJiMbq4MPejWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACloVTE9yNF4w+at7bVIiJV/3YdKX85Hc0DZX4ymiNlvhzNczlbVdaa33oA7WdnBlMRP4oUQ/V3bg14Hv/B7rtbX4N4+5sb7z5b6+ZAb+fwh0NPHj50dmTs15650+u0XQOOnu/M3LjZmBgdGxvv21zLn/7Jvm3D+XOL3ek6EbHw5ltvtKan2/P3/qL8Cuyg+kP0ItX2pqdD+6WDXmx+EbV90YwH03ceA+X9/4NI8dvv/0fvht+9/9fjl7rvbt3h42d/unH/f2nrge7y/l/bWi/f/8t7+nb3/6f6tr2UfzcyWIuoL16fGzwcUV94861jneuta+1r7ZnTx49/eWTky6eODx6IqF/tTLf7Xu3K6QIAAAAAAAAAAAAAAAC4f1IRvxspWj9aS42IuFnN1xo+O/LcsWcHYqCab7Vp3vbr45fONV6ZvT43315YaE81JmY6V2an2nf7cfVqutfE6NiedOZjHdzj9h+svzI79+Z859ofLW67/4n6ucsLi/OtK9vvjoNRRDT7txytGjwxOlY1errTmqmqXtx2Mv0vbjAV8Z+R4srpRvp83pbn/2+d4b9p/v/S1gPt0fz/T/RtKz8zpSJ+Fil+6y+fic9X7XwibjtnudzfRoqjZz6Xy8WBslyvDd3nCnRnBpZl/zdS/OPPN5ftzYd8aqPsibs+sQ+JcvwPRYrv//l349fzts3Pf9h+/J/YeqA9Gv+n+7Y9sel5BTvuOnn8j0WKl596J34jb/uo53/0nr1xJBe+9XyOPRr/T/VtG86f+5u703UAAAAAAAAAAICH2mAq4u8ixQ/GaunFvO1u/v7f1NYD7dHf//p037ap3Vmv6GNf7PikAgAAAMA+MZiK+HGkuLb4zq051Jvnf/fN//ydjfmfo2nL3urP+X6lem7Abv75X7/h/LmTO+82AAAAAAAAAAAAAAAAAAAA7CspFfFiXk99sprPn7ZZ3L1bbiVSvPrfz/fKHY5io+hw9Wv9wuzMsXPT07NXWouty9Ptxvhc60q7rPt0pFj7m8/lukW1vnpvvfnuGu8ba7HPR4qxv++V7a7F3lub/Ole2aX2ibLsJyLFf/3D5rK9daw/tXHck2XZv44UX//n7cse3ih7qiz73Ujxw683emWfKMv2no/66Y2yL1yZLXZ7SAAAAAAAAAAAAAAAAAAAAHgMDaYi/ixS/M/15Vtz+fP6/4N9bytvf7Nvvf8tblbr/A9X6//f6fW9rP9fPVdg6U6fCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj6YURbwVKeYurKWVofJ9V/18Z+bGzYnRse2rHUxVzYGqfPlTP3Hy1OkvvThyppcfXX+3fSZeH790rvHK7PW5+fbCQnuqMTHTuTI71b7rI+y0/lZHqxPQuP7GjamrVxcaJ184tWn3zeEPh548PHx25Lljz/bKToyOjY33lakN3vOn3ybdYfuBKOKvIsXz3/tJ+sFQRBE7Pxcf893ZawerThytOjExOlZ1ZLrTmlksd17snYgiotFXqdk7R/dhLHakGbFUNr9s8NGye+NzrfnW5el242JrfrGz2JmduZi6rS3704gizqSI5YhYHbr9cINRxBuR4juH1tK/DEUM9M7DFy+krx4/eed2FHvYx7tQtrMxGLFcfNSYbdNhNhmKIv4pUvz0vSPxr0MRtej+xBciXivz3Yi3ozveqfxinI74wGl9ZNSiiP8rx//sWnpvqLwe9K4r57/W+MrM1dm+sr3ryub7w0A8dPeH+2mf30/qUcQPqyv+Wvo3/10DAAAAAAAAAAAAAAAA7CNF/GqkeOn9I6maH3xrTnFn5lrjUuvydHdaX2/uX2/O9Pr6+nojdbOZczLnUs7lnCs5V3NGkevnbJZZX1+fzO+Xci7nXMm5mjMGcv2czT/Mjcrvl3Iu51zJuZozarl+zmbOyZxLOZdzruRczRn7ZO4eAAAAAAAAAAAAAAAAAADwaCmqf1J8+xtraX2oWl96oLdvxXqgj7z/DwAA//9cO/Ma")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000680)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='mounts\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)

1m17.92194558s ago: executing program 3 (id=133):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
fchown(r0, 0x0, 0xee01)
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
fchownat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xee01, 0xee01, 0x1000)

1m17.353455003s ago: executing program 3 (id=136):
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000380)={{0x0, 0x989680}}, 0x0)
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x3, &(0x7f0000000440)={{0x0, 0x3938700}}, 0x0)
read(r0, &(0x7f0000000240)=""/123, 0x7b)
clock_adjtime(0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x8, 0x2, 0x3, 0x0, 0x3})

1m17.117068367s ago: executing program 32 (id=136):
timerfd_settime(0xffffffffffffffff, 0x3, &(0x7f0000000380)={{0x0, 0x989680}}, 0x0)
r0 = timerfd_create(0x0, 0x0)
timerfd_settime(r0, 0x3, &(0x7f0000000440)={{0x0, 0x3938700}}, 0x0)
read(r0, &(0x7f0000000240)=""/123, 0x7b)
clock_adjtime(0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x9, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x8, 0x2, 0x3, 0x0, 0x3})

43.884702424s ago: executing program 0 (id=363):
syz_open_dev$dvb_frontend(&(0x7f0000000000), 0x0, 0x40002)
syz_clone3(0x0, 0x0)
r0 = syz_io_uring_setup(0x4ed, &(0x7f0000000300)={0x0, 0xfec9, 0x0, 0xff7ffffc, 0x274}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r0, 0xdb4, 0xd070, 0x0, 0x0, 0x0)

43.667583887s ago: executing program 0 (id=367):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
write$binfmt_register(0xffffffffffffffff, &(0x7f0000000080)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0xfa, 0x3a, '', 0x3a, '!', 0x3a, './file0'}, 0x28)
write$cgroup_int(r0, &(0x7f0000000340)=0x4, 0x12)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_to_hsr\x00'}, 0x18)

43.369650224s ago: executing program 0 (id=371):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc531, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x90, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x3, 0x0, {0x9, 0x21, 0x1000, 0x5, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0xd, 0x1}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x7, {[@main=@item_4={0x3, 0x0, 0xa, "ac58bea3"}, @global=@item_012={0x1, 0x1, 0x3, 'O'}]}}, 0x0}, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, 0xffffffffffffffff, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0xfffffffd, @empty}, 0x1c)

41.238244678s ago: executing program 0 (id=390):
syz_mount_image$cramfs(&(0x7f0000000240), &(0x7f00000006c0)='./file1\x00', 0x8080, &(0x7f0000000c40)=ANY=[], 0xfe, 0x158, &(0x7f0000000040)="$eJzs0E9LKlEYBvDnMHPV+8crF25gQSa0aEhMmbBWURoJQjZQuGlTYBMJipFQrsKIdi2Cti6soJX4FSxrYymEfYk2rl0WR8ciCPwAPb/NMM953+fAWZpravAChy50LWYzu3tmLmdueVeNeHTtpVoNy9wGoPPpvDd/EwZ25FcF2keAjO+cwHYqbU4lsw450w4DGoDIbyzIPCizf8Avmf3HO7mvjQO1od6+/kU2bWUjKhBx9TLZ93oBTMg+O4BU2rRbnfmir1J+WGnUY/7J61EFJzHf2A/rrJ97zFM9Onz1x60gYd5fIiLk3nOg7n8KVMqtZiO+bMwD0PUZARSCoZbx2IiFCmdQN+z7wLoABD7uscHtURMOHAvgvNvVvhVOALVSx8j8nS1Z9zsOFC8g8sXkpiL/fwKKBtF/DhsGEIMGiIiIiIiIiIiIiIiIiIjo23gLAAD//03YXHc=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)

40.924146297s ago: executing program 0 (id=393):
r0 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x48d, 0x4)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e27, 0xfffffffd, @mcast2, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)="bc9ad5ba82b2cbac602c1f5445ec16bd6907283472caf491071378a8177ecb02a176a2ad3a813f40ec5feba6e46346fab760d29dc4eeb7ce9f1583a549f756b3ff0464506f3362c966c5fa44fa7d791b0c256336fa548ed3c7e60d1b6dd9b7201e9598cde7175979a98cc32550e3f42164be09e2d46c7910bc111656eb94e129a55daea022e4b4339bbe509897203eaf7f8c15089763b24cf2c0c12c632eee5175dfa1288b9b9ce209d1756edcc62ce9516be044126754d7455defd92e40940b98d5de6fa4739cead44b56502548db2b796848983d644f88fcb8f61774119f938eb9ef0e9a7b8013e171a143d8c7dbb1ba7b1c1dc1ccea7d5d7f61a9c3586c2c6aab05c027a4ce51f62e628822cabf0aa147a5ab3f9d01f5f374831a06fba9fd4729260a69143963fde75d1dc3df0f2765a21552fbe6135a2f85d4a0cbd246d0225fac27fe09c4c7637052c5d1db445a5580795424836ad979714bd7a2b4f0cb0d08f5ae0ae4bbdd6513ea2a702257d829592fcd19c7e70730223266c0eeb1f156414cb70bb9ce2f769c1a28b0bec62bd2125439e0c47041da192fd622241ec6e7782cf95341bcf861e1acab92cb0029e1b717e10ef6194f8d164bf55d92e654c43413b1a0cb95daa31ac09862b7cdb8d8b6a57e2dd906cdb33adda35c439a4a11a095cdd41335cb8eda444179a0913496f6afedf4624163d5928eae15e167a48bf9d0fd654267e2df7a156a5c8b3cd7f3ab71c9c1a9446393c6bc03c93e9f71eef2e512edc6066dc0ad53b5844abf6d39ca89d2c0bc39a9b620d9110bf37696e719f30d470623ce8ede1296ad749a254666e666f4a6293d4cb4135716aba401f42b3bfb06ef2fcb0599c690c3b87259d2353d6878fe76c2f1debb02a83b24f84fcc076a4e5908d4661bc817c907e8685228de11a5c2886e44f941631f0671c5303762c46c428dd606d55d29539b402bec4aaf264de11483de6efd1a8549eb1fbf7984fef8686fc2dc503b9cd952b44b13cd16e71d19dc51ecb970ab2c43e173168656c762e20ca18b03d275c49bf21ad627a82c318760288c5006a76f67f10714371e3b8891444a344b016b7442cbb8106b3ee264ba1aad3fce5443abf196d4acd21b153d5e9319afe916e24ca46a19d9378a23773c4e0225b6c4c7c724dd4d2628d9244e41cf1b1a5863b1d8e6a530120336b5da3283804df088d5ee19a004d14b260e0bc2f81f6caf3c3621d5b546489ad77a9907e5233f89b4cd8c6cb6ba83f83fa77db26174aa4ffc7fe2b762899a651e035161b437593bbb94ea0fd70bc8fe4fdc1a6a89ebde97be133f6360c746a98b8648d71b074852ac00de43674d33e2f8b90b08be7a96c9996d3cdc221578ef479ec5df6f9fe40eb7fc8a8a440a8d608421a0ec4952ed07e1216af26fb3856bc0368cd223e7babbdaf599e361da930220fb6ded7fc10939fc99737091d2bf2b192c31a1e0d26180405efe5b978fed231cdeaefa95bdc70067b6fa78aa6e8b525049ef432b47538d8d7326e7ef7cb96e055f37ac08dddd6af73d6759587443d615ce868fa4a5ada9067993408b302ae3009bf7411463fb635be4602af194b04215e8b750268be629b30574c147a4382eadc5409f75a5d1923f38174bd9ef850ccb0063b75b189483600872584e4aa38e726609743043166cd1690984351e71ae65438344a7d69ff1eed4bee46555f381a5927678a221a00ee270b9519d3983714b71b882cbb05852cb41a860d471e1805995f8cdb3d6baad26810373f396326b712ae3285a8e4b2f6b0127dcb89febe82f2d781aa92abc18e42d91da0e4d2542296edd82715e30065381e35e8f504b44291195a164bd239c1d1ab0b2a6aa5d030a3af88b4b827738ab93fadcecc1f5e11ab22bfce4b74b2602510e1901c5a3629b36e697d5952ee41267a558606cab61119d60cbdad9f0ae147bbb5ef99b9b68c6655611ee53324fa606d6f7ff9e66cb5852474b69d575fd0c00aadfda20dbc35224028fa29b5b955a065cf59800175e311a4133d27670f73439ee1789614ed9", 0x5b2}], 0x1}}], 0x1, 0x4001c00)

40.393714837s ago: executing program 0 (id=400):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

40.086556545s ago: executing program 33 (id=400):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

16.740243149s ago: executing program 6 (id=570):
r0 = eventfd2(0x49d, 0x800)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000080)={0x800000000004, 0x6000, 0x8, r0, 0x1})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000240)={0x800000000004, 0x6000, 0x8, r0, 0x1})

16.469894195s ago: executing program 6 (id=574):
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$key(0xf, 0x3, 0x2)
r0 = socket(0x10, 0x3, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=0x0, @ANYRES16=r0], 0x0)

14.433300593s ago: executing program 6 (id=591):
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setresuid(0xee00, 0xee00, 0x0)
bind$bt_hci(r0, &(0x7f0000000040), 0x6)
write$bt_hci(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="01"], 0x7)

14.295074481s ago: executing program 6 (id=595):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
mount$fuseblk(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x24000, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)

14.13755753s ago: executing program 6 (id=599):
bpf$PROG_LOAD(0x5, 0x0, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, 0x0, 0x0, 0x810001, 0x0, 0x0, 0x41000, 0x32, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000bc7a007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)

13.661937958s ago: executing program 6 (id=604):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_user\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
ftruncate(r0, 0xc17a)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='sched\x00')
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

13.434347991s ago: executing program 34 (id=604):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_user\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
ftruncate(r0, 0xc17a)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='sched\x00')
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

6.157858623s ago: executing program 1 (id=652):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private1, 0x200000}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)='N', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x4e24, 0x0, @private2}, 0x1c)
shutdown(r0, 0x1)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7c, &(0x7f00000000c0), &(0x7f0000000180)=0x8)

5.383925668s ago: executing program 1 (id=658):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0b000000080000000c0000000500000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.383759428s ago: executing program 2 (id=659):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0x40015b19, 0x0)
syz_open_procfs(0xffffffffffffffff, 0x0)

5.1708037s ago: executing program 1 (id=661):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x500, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r3, @ANYBLOB="0c00990000000200000000000800a00094090000080026009409000008002700000000000800a1"], 0x48}}, 0x0)

4.936863653s ago: executing program 1 (id=662):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x20000800)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x24, r1, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x24}}, 0x4000844)

4.780575863s ago: executing program 1 (id=663):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = open(&(0x7f0000001b80)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x20000088)
openat(0xffffffffffffff9c, 0x0, 0x441, 0x20)
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')

3.546230664s ago: executing program 5 (id=668):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @empty, 0x8000002}, 0x1c)

3.543418455s ago: executing program 4 (id=669):
r0 = syz_open_dev$dri(&(0x7f0000000480), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r2=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000280)={0x3, r2, 0xfffffffe, 0x300, 0x14, 0x203, 0x1})

3.361516175s ago: executing program 5 (id=670):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0b000000080000000c0000000500000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3.152390387s ago: executing program 2 (id=671):
unshare(0x22020600)
r0 = epoll_create1(0x0)
r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000040)='GPL\x00'}, 0x80)
bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000140)={@cgroup=r1, r2, 0x11, 0x0, r1}, 0x11)

3.135773748s ago: executing program 5 (id=672):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000040)={0x0, 0xaf1}, 0x8)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r0, 0x84, 0x78, &(0x7f0000000600), 0x4)

2.893880402s ago: executing program 4 (id=673):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x20000800)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x24, r1, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x24}}, 0x4000844)

2.666766885s ago: executing program 1 (id=674):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
socket(0x11, 0xa, 0x5)
r0 = socket(0x2b, 0x80801, 0x1)
getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000180)={'filter\x00', 0x0, [0x0, 0x7, 0x7, 0x70b, 0x1]}, &(0x7f0000000000)=0x54)

2.665738655s ago: executing program 2 (id=683):
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
sendto(0xffffffffffffffff, &(0x7f0000000540)="0cc31a4098ddc80dadd3a0aa2bea9050d9f47bcde4cbb8170d3d61aabbdbd869e8a75ab95a3b8e8b960477dbbbbf5cb0fd4a98ea0032d054de676f19c5e1f84def57482d1b3eb94a2a1d3c0af33709610ece6cb54ae7f8c3ed385c3890244d348c9bcfb556ee478845ff23d8a9f2a492531e7c7ce719ef1983bdaf4008386323fc593be590321dbe51aa4ecabebf495efc0f722637337e20cc541399dc617deafa840b68f2b22e5f7c6afb3825871b966ab90a79a4d6d72f29a1e43abdf4d25f6352dfa26c57684224fdb0e14151550796aaa09b4669e71d9f4255f63905467b709f6d7185347a078538e4443f0dad324393274e857979db0a9e3894857aacabc2f2ccd9457fda98a520e2b8c83085a206c8aea9dd18a0b66c87b3b61f95fafed84303436c7ae3782f714dc364c10102788b02d3aed05cb29fe974b75e7bf53dfd2554d7b700dcbf24a6fa021732b747a2c7d6d2a649e1ca523f91ba57da29e6e5050da7ec9466884aea64349e0c65b40bd78fe25622a5f854d351fd3282e85e37989b73e1a3b9fe874ad7131850117f28a930f8fb5afe15040fd20cd9c861c95b2c1f9844ac1f8b3cd0a7f22269e235866414acb5f4d9d0b64301cd5b4e8c2da68caacd3f7dda0f325120ad99c05a55736067c87cceda7b850758e60ab8829b0dbfdc1ca8322e6716e643e00c2f665781461f08282a0aa366d9927036d685c3a721530dafe21e62906c5710c3214621d6374d9f5eef47eca1e5080e21510000009822a3bf99784f7b19e2dfaa7b8ba39dc5212c94585af38e7a50cbf6d619e3f1b8e4c17351203fa037ca4ce7ef32fd8b4387b8583ebd32a0be47c5aeb06ec1c054377d5532c370aba18abe561e2bfcfa6d92c0c3d0419f5f4936772b6a0026a623914f09b04cf5d7c2b3ab010c676e9932f5807240a765b3d92d2bddd63a91bd0f1c795fe0ecdda5e50ec8fd0a68115986168fb8bb67fa020ed3c416a716fb12d5d918b8522931dcf2bfd0c7bf7d9c56c490c9880309240d0c2cf1a3cafb647e1a9e1fde434cdbcae9eeac3f8c652a85d6aea69b3e9a922cb2727ed8f50e6babd152b96ca223be94c4aedf7e6848650026a7e1df48e00f45714233d9ae79f4e5e13ac220d553da26f7e7bd242db5f11acc92d32e6c60106a0934174c7fc587a191dd9939473e17308e5c0a614860c5619378b9efe5b8e7593f5cb0b154e3f7e2964aa44756d7d2e6972c39ef66bfbe15408a4f169b96b305fee9e2b00a1bc4f2610daf6467af908966f0031143f2349e7c406a02935625e8c3a2b2d769b6abfd6737adee81747af3a1f0a9c9f916ef0f8d96d804e75bf01506c338cd48948a", 0x3c0, 0x4000, &(0x7f0000000180)=@caif=@rfm={0x25, 0x107ff, "6798c48f000000ec00"}, 0x80)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$FUSE(r0, &(0x7f0000003680)={0x2020}, 0x2020)

2.549551462s ago: executing program 4 (id=675):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000350000000400000002"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r0}, 0x20)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfdffa000)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r2, &(0x7f00000001c0), 0x0}, 0x20)

2.540196783s ago: executing program 2 (id=676):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000f80)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r1=>0x0}, &(0x7f0000001080)=0x8)
getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r0, 0x84, 0x66, &(0x7f0000000ac0)={r1, 0xd0}, &(0x7f0000000b00)=0x8)
listen(r0, 0x2)

2.316021516s ago: executing program 2 (id=677):
syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000002c0)={[{@journal_async_commit}, {@heartbeat_none}, {@usrquota}, {@barrier={'barrier', 0x3d, 0x7}}, {@heartbeat_none}, {@inode64}]}, 0x1, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000040)='./file0\x00', 0x43440, 0x0, 0x1, 0x0, &(0x7f0000000040))
mkdir(&(0x7f0000000000)='./bus\x00', 0x129)
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000f80)='./bus/file0\x00', 0x1814080, 0x0, 0xfd, 0x0, &(0x7f0000000100))
rename(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='./bus/file0\x00')

2.115411628s ago: executing program 5 (id=678):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000080)=0xc82, 0x4)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x40, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet(r0, &(0x7f0000003240)=[{{&(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10, 0x0}}], 0x1, 0x4000800)
recvfrom(r0, 0x0, 0x0, 0x2101, 0x0, 0x0)

1.860223692s ago: executing program 5 (id=679):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0xfd, 0x7fff0003}]})
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f00000001c0), 0x101042, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f0000000240)={0x1, &(0x7f0000000140)=[{0x6, 0x1, 0xfb, 0x2}]})
close_range(r0, 0xffffffffffffffff, 0x0)

1.841298154s ago: executing program 7 (id=607):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000140)={0x1, 0x0, [{0x80000001, 0x0, 0x1, 0x9, 0x758, 0x5, 0x5}]})
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000040)={0x1, 0x0, [{0xc0010141}]})

1.585903218s ago: executing program 7 (id=680):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x8, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
lseek(r0, 0x0, 0x0)

1.465593535s ago: executing program 7 (id=681):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9rVNceAPBzb/KeiU998cfCBw/ewBPeoy0hcdU2QjVGY6KpxVYp3YyTZNS0k4wkk9KFi3QndFXoQrqQFrrLSrLo1v4J3XRp10K76KZQkKbMzJ0492aGTCXXVPl8wJzc8zvznXvmzOJ64kTt1sJKYWGlUFoqVOdurJwsfFytrC6WQ/yc7PX49CaPOIn93rl89vy7106G8N38D483Nzc3Q11/6Gi07fdff7kz1562xJk29X4797ZbPgghHNs2r7q+EML734YQhRDOJHnjSToYQjgUmmXX7nx2vbBLs3nwqHyq+GTm7sbYien1+xvd//YohC8r/3rt5uJP/+0b+/GVXRoeAAAAAAAAAAAAAAAAAIAX3OSVy1ffGRkND6PQvx5tf153Mkm7PR+7uWv+k/8fCwAAAAAAAAAAAAAAAAAAAH9RT5//L0RHOjz/P5Gkp7u033wr/zmSn6m3L0+cGxlNzn+PtpW/nmT9fKYvHO5w7nv2/Pczmfadz3/fPs6zas2vNe5QiOLh1HUcDw+H8HVy8PvxaH9cqa7UXr1RXV2a37VpvLDS8W+e3p+KTnKgf6/xH8/0n//5/0e3vZvq19d37y32UkvHv69rvW8+jXqK/9l0s3s5TbvN0fyHeIml49/fyBtsr7CvmdTj/3n/zvGfyPSf1/1/KIRQiOpzLaRWgPoepp7fbb9CWjr+f2vkpZbO5IXsdv//lon/uUz/e7X+r2U/iOgoHf+/N/IGUjWaG4BG/OOd7//zmf73Iv71+a/5/O9JOv7JYt+fqtJ4JXtd/ycz/ecV/6txMs9DUeodsB4187v9f3WkpeM/sK386fe/uKf934VM++f1/a81buv7X2v5/3/U/P5HZ+n4D3at1+v9P5Vpl/f6f7qx/+NZpeO/v5GX3jsPNX72Gv/pTP95xb+xKxloxf/pevL7vmb+V/Z/PUnH/x/NzLi9xlrjZ2P/F+28/7+Y6X8v9n/1+a/F+Y76skjH/0DXevX4f9/D5/+lTLv84x/CiL3+M0vH/2DXeo37f2Dn+M9k2uUd///l2TkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAC2A8SYdCFA+nruN4eDiEs8n18bA/mi3NF2cr1bmPVkKYSPIL4Uh0s1KdLVWKC0vV+XKxVKlU50I4l5QfCwPRSqVaKy6Wbp/f6mswulUuLddmy6VaCGEyyf93ONjqa3ahtli6HUK4sFX2z7i6fPtWaak4v7D85sjIyEiY2prD4aj8Sa28VGuO3iwNYXqr7VDUNrlG8cWtuRyIPqyuLi+VKo38S21tKtW5UqWtzUxS9kU4HNWWV5fmSrVysVK92RpvL51O0ompK+9duTS6rfx61EzHn++0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTHo69cS+E0N+8ikMIhSj5JUr+pTx4VD5VfDJzd2PsxPT6/Y3HneoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAH+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhl/5RIgaiOAC/GQUtPYZVSDrbiCJaGBE8gR7Dw+hRvIR3sLCwtVgWdiew5A+EwHbf1zyYH2/ewDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgubvn7uWpbiJSnG/OIr7evn8O84dSP66n+09WzDxd0cNx3D92N7d1U/49jfKrcvTb5l36//f+GhO19znYk+E+7Y3nDM3t29z7+rkXkXIVEW3JL1POVbXsLgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDLDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgWAAAAABAmL91FH0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//4w3HM8=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfffe82)
ioctl$FITRIM(r0, 0x40406f06, &(0x7f00000000c0)={0x0, 0xffffffffffffffff, 0x100})

799.775783ms ago: executing program 4 (id=682):
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)

798.978983ms ago: executing program 5 (id=693):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0xd8c, 0x14, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x87, [{{0x9, 0x4, 0x0, 0x3, 0xd, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x33, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xc, 0x9, 0x7}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000080)={0x20, 0xb, 0x17, {0x17, 0x6, "a555115b7dada8a0c4eef38cbc1fcbac768a0f2087"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x81, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)

588.326196ms ago: executing program 2 (id=684):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)

556.523707ms ago: executing program 4 (id=685):
alarm(0x1000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000050000090900010073797a310000000054000000030a03000000000000000000050000030900010073797a31000000000900030073797a32000000002800048008000140"], 0x9c}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)

211.86µs ago: executing program 7 (id=686):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x9}]}, 0x24}}, 0x20000800)
sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x24, r1, 0x5, 0x4, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}]}, 0x24}}, 0x4000844)

0s ago: executing program 4 (id=687):
r0 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x510, 0x0, 0xd0, 0x1b8, 0x288, 0xd0, 0x440, 0x440, 0x440, 0x440, 0x440, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @inet=@TOS={0x28, 'TOS\x00', 0x0, {0xd, 0x1}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@rand_addr=' \x01\x00', @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@MARK={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x570)
setsockopt$inet6_IPV6_RTHDR(r0, 0x29, 0x39, &(0x7f0000000040)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18)
connect$inet6(r0, &(0x7f0000000400)={0xa, 0x4e24, 0x0, @local, 0x7}, 0x1c)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1)

kernel console output (not intermixed with test programs):

[ T4189] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   80.825778][ T4414] loop2: detected capacity change from 0 to 128
[   80.930694][ T4414] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[   81.000687][ T4297] kernel write not supported for file /media6 (pid: 4297 comm: kworker/0:6)
[   81.050222][   T21] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:179.65/input/input8
[   81.077323][   T13] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   81.217764][ T4189] usb 2-1: config 1 has an invalid descriptor of length 116, skipping remainder of the config
[   81.231897][ T4297] usb 1-1: USB disconnect, device number 2
[   81.243988][    C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[   81.256514][ T4189] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[   81.257717][ T4297] xpad 1-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[   81.345129][ T4189] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   81.359529][ T4189] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[   81.386898][ T4189] usb 2-1: SerialNumber: syz
[   81.465286][   T13] usb 5-1: config index 0 descriptor too short (expected 23569, got 27)
[   81.488905][   T13] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   81.584533][   T13] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[   81.600409][   T13] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[   81.613375][ T4429] netlink: 4 bytes leftover after parsing attributes in process `syz.3.53'.
[   81.622496][   T13] usb 5-1: Manufacturer: syz
[   81.645809][   T13] usb 5-1: config 0 descriptor??
[   81.709234][ T4189] usb 2-1: 0:2 : does not exist
[   81.720443][ T4189] usb 2-1: unit 206 not found!
[   81.787438][ T4189] usb 2-1: USB disconnect, device number 2
[   81.811004][   T13] rc_core: IR keymap rc-hauppauge not found
[   81.824599][   T13] Registered IR keymap rc-empty
[   81.846042][   T13] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[   81.861689][   T13] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input9
[   81.964030][ T4297] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   82.047814][ T4300] udevd[4300]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   82.174138][    C0] igorplugusb 5-1:0.0: receive overflow invalid: 147
[   82.214050][ T4297] usb 4-1: Using ep0 maxpacket: 16
[   82.367273][ T4444] loop1: detected capacity change from 0 to 512
[   82.389393][   T13] usb 5-1: USB disconnect, device number 3
[   82.398405][ T4434] loop0: detected capacity change from 0 to 40427
[   82.453894][ T4444] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.59: invalid block
[   82.475467][ T4434] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   82.487424][ T4434] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   82.494929][ T4297] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[   82.508939][ T4444] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.59: invalid indirect mapped block 4294967295 (level 1)
[   82.514663][ T4297] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   82.531379][ T4297] usb 4-1: Product: syz
[   82.544394][ T4297] usb 4-1: Manufacturer: syz
[   82.554029][ T4297] usb 4-1: SerialNumber: syz
[   82.560896][ T4444] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.59: invalid indirect mapped block 4294967295 (level 1)
[   82.576209][ T4434] F2FS-fs (loop0): invalid crc value
[   82.578429][ T4297] usb 4-1: config 0 descriptor??
[   82.628380][ T4297] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected
[   82.641642][ T4444] EXT4-fs (loop1): 2 truncates cleaned up
[   82.647301][ T4297] usb 4-1: Detected FT232H
[   82.658997][ T4434] F2FS-fs (loop0): Found nat_bits in checkpoint
[   82.665746][ T4444] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,init_itable=0x0000000000004004,barrier=0x0000000000000005,,errors=continue. Quota mode: writeback.
[   82.806804][ T4434] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   82.824900][ T4434] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   82.854176][ T4297] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[   83.349494][ T4297] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0
[   83.550169][ T4297] usb 4-1: USB disconnect, device number 4
[   83.568773][ T4297] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[   83.578914][ T4297] ftdi_sio 4-1:0.0: device disconnected
[   83.891822][ T4473] loop4: detected capacity change from 0 to 512
[   83.908044][ T4471] loop0: detected capacity change from 0 to 1024
[   83.952663][ T4473] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   83.969386][ T4473] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   83.984162][ T4471] EXT4-fs (loop0): Ignoring removed orlov option
[   84.027742][ T4471] EXT4-fs (loop0): inline encryption not supported
[   84.039121][ T4473] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   84.061257][ T4471] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[   84.066706][ T4473] EXT4-fs (loop4): 1 truncate cleaned up
[   84.074961][ T4471] EXT4-fs (loop0): invalid journal inode
[   84.083454][ T4471] EXT4-fs (loop0): can't get journal size
[   84.129524][ T4473] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,max_batch_time=0x0000000000000002,debug_want_extra_isize=0x000000000000006a,block_validity,errors=remount-ro,nombcache,. Quota mode: none.
[   84.133285][ T4471] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,norecovery,inlinecrypt,resuid=0x0000000000000000,,errors=continue. Quota mode: writeback.
[   84.194507][ T4478] loop2: detected capacity change from 0 to 4096
[   84.242117][ T4482] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   84.479815][ T4487] loop4: detected capacity change from 0 to 512
[   84.530125][ T4487] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   84.544660][ T4478] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[   84.620743][ T4187] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22.
[   84.854209][ T4243] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[   84.975839][ T4500] netlink: 4 bytes leftover after parsing attributes in process `syz.3.79'.
[   85.214187][ T4243] usb 1-1: config 0 has an invalid interface number: 41 but max is 0
[   85.238341][ T4243] usb 1-1: config 0 has no interface number 0
[   85.256168][ T4243] usb 1-1: config 0 interface 41 has no altsetting 0
[   85.372071][ T4517] capability: warning: `syz.3.87' uses deprecated v2 capabilities in a way that may be insecure
[   85.414345][ T4243] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[   85.434891][ T4243] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   85.442949][ T4243] usb 1-1: Product: syz
[   85.448273][ T4520] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   85.467409][ T4519] netlink: 104 bytes leftover after parsing attributes in process `syz.1.88'.
[   85.496139][ T4243] usb 1-1: Manufacturer: syz
[   85.500807][ T4243] usb 1-1: SerialNumber: syz
[   85.542750][ T4243] usb 1-1: config 0 descriptor??
[   85.562173][ T4522] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   85.624453][ T4522] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on.
[   85.757127][ T4530] sock: sock_set_timeout: `syz.3.93' (pid 4530) tries to set negative timeout
[   85.800086][ T4502] loop2: detected capacity change from 0 to 32768
[   85.893366][ T4502] (syz.2.80,4502,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   85.993678][ T4502] (syz.2.80,4502,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[   86.037618][ T4540] loop1: detected capacity change from 0 to 128
[   86.106497][ T4502] JBD2: Ignoring recovery information on journal
[   86.162524][ T4540] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[   86.348447][ T4502] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   86.684218][ T4243] CoreChips: probe of 1-1:0.41 failed with error -71
[   86.710159][ T4243] usb 1-1: USB disconnect, device number 3
[   86.751353][ T4538] loop4: detected capacity change from 0 to 32768
[   86.869839][ T1325] cfg80211: failed to load regulatory.db
[   86.955618][ T4187] ocfs2: Unmounting device (7,2) on (node local)
[   86.958113][ T4538] attempt to access beyond end of device
[   86.958113][ T4538] loop4: rw=1, want=4680040, limit=32768
[   87.041761][ T4538] metapage_write_end_io: I/O error
[   87.065353][  T276] blkno = 8ed2c, nblocks = 1
[   87.070028][  T276] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[   87.070028][  T276] 
[   87.100188][ T4538] blkno = 8ed2c, nblocks = 1
[   87.114860][ T4538] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[   87.114860][ T4538] 
[   87.135028][  T276] ERROR: (device loop4): remounting filesystem as read-only
[   87.201470][ T4538] ERROR: (device loop4): dtSearch: DT_GETPAGE: dtree page corrupt
[   87.201470][ T4538] 
[   87.264179][ T4538] jfs_mkdir: dtSearch returned -5
[   87.305850][ T4538] ERROR: (device loop4): dtReadFirst: DT_GETPAGE: dtree page corrupt
[   87.305850][ T4538] 
[   87.358168][ T4538] jfs_readdir: unexpected rc = -5 from dtReadNext
[   87.416118][ T4551] loop0: detected capacity change from 0 to 1764
[   87.539788][ T4553] loop2: detected capacity change from 0 to 2048
[   87.548703][ T4195] attempt to access beyond end of device
[   87.548703][ T4195] loop4: rw=1, want=4680040, limit=32768
[   87.595906][ T4195] metapage_write_end_io: I/O error
[   87.606376][ T4195] JFS: metapage_get_blocks failed
[   87.611538][ T4195] JFS: metapage_get_blocks failed
[   87.620438][ T4553] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=66359, location=66359
[   87.682482][ T4195] JFS: metapage_get_blocks failed
[   87.688560][ T4553] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   87.705263][ T4195] JFS: metapage_get_blocks failed
[   88.004657][ T4549] loop1: detected capacity change from 0 to 32768
[   88.083427][ T4549] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   88.097979][   T21] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   88.213372][ T4186] ocfs2: Unmounting device (7,1) on (node local)
[   88.343320][ T3162] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   88.495382][   T21] usb 4-1: config 0 has an invalid interface number: 38 but max is 0
[   88.515321][   T21] usb 4-1: config 0 has no interface number 0
[   88.521840][   T21] usb 4-1: config 0 interface 38 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64
[   88.594335][ T3162] usb 1-1: Using ep0 maxpacket: 8
[   88.704406][   T21] usb 4-1: New USB device found, idVendor=2040, idProduct=4201, bcdDevice=be.86
[   88.714266][ T3162] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[   88.727102][ T3162] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   88.737825][   T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   88.746116][   T21] usb 4-1: Product: syz
[   88.750586][ T3162] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   88.782825][   T21] usb 4-1: Manufacturer: syz
[   88.795839][   T21] usb 4-1: SerialNumber: syz
[   88.801261][ T3162] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   88.812720][   T21] usb 4-1: config 0 descriptor??
[   88.818133][ T3162] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   88.831363][ T3162] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   88.840966][ T3162] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   89.060085][ T4189] usb 4-1: USB disconnect, device number 5
[   89.147578][ T3162] usb 1-1: usb_control_msg returned -32
[   89.153416][ T3162] usbtmc 1-1:16.0: can't read capabilities
[   89.412964][ T4608] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[   89.591749][ T4605] loop4: detected capacity change from 0 to 32768
[   89.636671][ T4605] find_entry called with index >= next_index
[   89.642922][ T4605] find_entry called with index >= next_index
[   89.649681][ T4605] find_entry called with index >= next_index
[   89.832084][ T4615] loop3: detected capacity change from 0 to 2048
[   89.931537][ T4615] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d
[   89.990942][ T4615] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[   90.003681][ T4619] loop1: detected capacity change from 0 to 256
[   90.091052][ T4615] overlayfs: upper fs needs to support d_type.
[   90.102040][ T4619] exfat: Deprecated parameter 'utf8'
[   90.102068][ T4619] exfat: Deprecated parameter 'namecase'
[   90.110839][ T4615] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   90.110897][ T4615] overlayfs: failed to set xattr on upper
[   90.110907][ T4615] overlayfs: ...falling back to index=off,metacopy=off.
[   90.174424][ T4619] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[   90.242938][ T4184] UDF-fs: error (device loop3): udf_read_inode: (ino 1440) failed !bh
[   90.243777][ T4184] UDF-fs: error (device loop3): udf_read_inode: (ino 1440) failed !bh
[   90.738564][ T4624] loop4: detected capacity change from 0 to 40427
[   90.775152][ T4624] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[   90.783113][ T4624] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[   90.826887][ T4624] F2FS-fs (loop4): invalid crc value
[   90.841048][ T1152] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   90.874547][ T4297] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   90.886028][ T4624] F2FS-fs (loop4): Found nat_bits in checkpoint
[   90.982085][ T1152] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.035593][ T4624] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[   91.042860][ T4624] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[   91.056295][ T1106] usb 1-1: USB disconnect, device number 4
[   91.125318][ T4297] usb 3-1: Using ep0 maxpacket: 32
[   91.169526][ T1152] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.264409][ T4297] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[   91.276784][ T1152] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.293168][ T4297] usb 3-1: config 0 has no interface number 0
[   91.520118][ T4297] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[   91.565764][ T4297] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   91.602861][ T4644] loop1: detected capacity change from 0 to 256
[   91.611894][ T4297] usb 3-1: Product: syz
[   91.625152][ T4297] usb 3-1: Manufacturer: syz
[   91.631061][ T4297] usb 3-1: SerialNumber: syz
[   91.669879][ T4297] usb 3-1: config 0 descriptor??
[   91.723682][ T4644] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   91.747586][ T4297] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[   91.794018][ T4644] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[   91.848372][ T4644] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   91.957233][ T4297] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[   92.042447][ T4297] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[   92.378113][ T1106] usb 3-1: USB disconnect, device number 3
[   92.384744][    C0] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[   92.471362][ T1106] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[   92.493312][ T4645] chnl_net:caif_netlink_parms(): no params data found
[   92.519582][ T4642] loop0: detected capacity change from 0 to 32768
[   92.564904][ T1106] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[   92.630584][ T1106] quatech2 3-1:0.51: device disconnected
[   92.665684][ T4642] find_entry called with index >= next_index
[   92.671835][ T4642] find_entry called with index >= next_index
[   92.678052][ T4642] find_entry called with index >= next_index
[   92.830792][ T4645] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.839224][ T4645] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.847903][ T4645] device bridge_slave_0 entered promiscuous mode
[   92.884143][ T4645] bridge0: port 2(bridge_slave_1) entered blocking state
[   92.891567][ T4645] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.912163][ T4645] device bridge_slave_1 entered promiscuous mode
[   92.970598][ T4645] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.016844][ T4645] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   93.109556][ T4645] team0: Port device team_slave_0 added
[   93.119867][ T4645] team0: Port device team_slave_1 added
[   93.164510][ T4645] batman_adv: batadv0: Adding interface: batadv_slave_0
[   93.171972][ T4645] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.198933][ T4645] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   93.225788][ T4645] batman_adv: batadv0: Adding interface: batadv_slave_1
[   93.232780][ T4645] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   93.265592][ T4645] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   93.335666][ T4645] device hsr_slave_0 entered promiscuous mode
[   93.343311][ T4645] device hsr_slave_1 entered promiscuous mode
[   93.361388][ T4645] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   93.372079][ T4645] Cannot create hsr debugfs directory
[   93.579862][ T1152] device hsr_slave_0 left promiscuous mode
[   93.587608][ T1152] device hsr_slave_1 left promiscuous mode
[   93.600475][ T1152] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   93.608466][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_0
[   93.619088][ T1152] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   93.626982][ T1152] batman_adv: batadv0: Removing interface: batadv_slave_1
[   93.645041][ T1152] device bridge_slave_1 left promiscuous mode
[   93.652522][ T1152] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.682021][ T1152] device bridge_slave_0 left promiscuous mode
[   93.688423][ T1152] bridge0: port 1(bridge_slave_0) entered disabled state
[   93.719749][ T1152] device veth1_macvtap left promiscuous mode
[   93.731136][ T1152] device veth0_macvtap left promiscuous mode
[   93.740075][ T1152] device veth1_vlan left promiscuous mode
[   93.745199][ T4189] Bluetooth: hci1: command 0x0409 tx timeout
[   93.758235][ T1152] device veth0_vlan left promiscuous mode
[   93.998222][ T1152] team0 (unregistering): Port device team_slave_1 removed
[   94.017512][ T1152] team0 (unregistering): Port device team_slave_0 removed
[   94.032295][ T1152] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   94.049688][ T1152] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   94.125446][ T1152] bond0 (unregistering): Released all slaves
[   94.315657][ T4645] netdevsim netdevsim5 netdevsim0: renamed from eth0
[   94.325612][ T4645] netdevsim netdevsim5 netdevsim1: renamed from eth1
[   94.344691][ T4645] netdevsim netdevsim5 netdevsim2: renamed from eth2
[   94.366954][ T4645] netdevsim netdevsim5 netdevsim3: renamed from eth3
[   94.470758][ T4645] 8021q: adding VLAN 0 to HW filter on device bond0
[   94.506043][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   94.520277][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   94.533750][ T4645] 8021q: adding VLAN 0 to HW filter on device team0
[   94.564868][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[   94.581165][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   94.590057][  T144] bridge0: port 1(bridge_slave_0) entered blocking state
[   94.597826][  T144] bridge0: port 1(bridge_slave_0) entered forwarding state
[   94.634059][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[   94.656593][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[   94.674909][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   94.694178][  T144] bridge0: port 2(bridge_slave_1) entered blocking state
[   94.701395][  T144] bridge0: port 2(bridge_slave_1) entered forwarding state
[   94.734420][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[   94.775180][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[   94.796111][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[   94.826797][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[   94.845034][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[   94.864797][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[   94.884508][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   94.904378][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   94.917856][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[   94.930917][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   94.941931][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   94.964554][ T4645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[   95.231475][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   95.245929][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   95.259321][ T4645] 8021q: adding VLAN 0 to HW filter on device batadv0
[   95.628743][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   95.645381][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   95.705077][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   95.716615][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   95.730259][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   95.743353][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   95.761505][ T4645] device veth0_vlan entered promiscuous mode
[   95.803735][ T4645] device veth1_vlan entered promiscuous mode
[   95.825004][ T4241] Bluetooth: hci1: command 0x041b tx timeout
[   95.881809][ T4645] device veth0_macvtap entered promiscuous mode
[   95.905914][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   95.926183][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   95.960564][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   95.969822][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   96.000747][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   96.038189][ T4645] device veth1_macvtap entered promiscuous mode
[   96.076372][ T4645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.101569][ T4645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.111992][ T4645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.124348][ T4645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.135761][ T4645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.153992][ T4645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.176759][ T4645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   96.216231][ T4645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.237503][ T4645] batman_adv: batadv0: Interface activated: batadv_slave_0
[   96.255522][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   96.271666][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   96.281683][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   96.325609][ T4645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   96.348341][ T4645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.361283][ T4645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   96.376817][ T4645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.390269][ T4645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   96.402021][ T4645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.415052][ T4645] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   96.426110][ T4645] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   96.441161][ T4645] batman_adv: batadv0: Interface activated: batadv_slave_1
[   96.470019][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   96.485867][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   96.503226][ T4645] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   96.513082][ T4645] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   96.525412][ T4645] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   96.544069][ T4645] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   96.704662][ T4265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.713263][ T4265] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.732882][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   96.768954][    T9] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   96.800819][    T9] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   96.813391][ T1275] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   96.929925][ T4754] loop1: detected capacity change from 0 to 256
[   97.007466][ T4754] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   97.065078][ T4754] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[   97.097227][ T4754] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   97.208833][ T4753] loop4: detected capacity change from 0 to 8192
[   97.383565][ T4753] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[   97.439600][ T4753] REISERFS (device loop4): using ordered data mode
[   97.454097][ T4753] reiserfs: using flush barriers
[   97.532426][ T4753] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   97.571790][ T4776] netlink: 64 bytes leftover after parsing attributes in process `syz.0.150'.
[   97.595343][ T4753] REISERFS (device loop4): checking transaction log (loop4)
[   97.687793][ T4753] REISERFS (device loop4): Using r5 hash to sort names
[   97.726920][ T4753] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[   97.815260][ T4753] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[   97.914369][ T1106] Bluetooth: hci1: command 0x040f tx timeout
[   97.931590][ T4753] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[   98.052155][   T26] audit: type=1800 audit(1770863973.343:3): pid=4753 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.158" name="bus" dev="loop4" ino=4 res=0 errno=0
[   98.087820][ T4787] loop0: detected capacity change from 0 to 1024
[   98.286411][ T4787] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,max_dir_size_kb=0x0000000000000001,dioread_lock,norecovery,discard,lazytime,journal_dev=0x0000000000000001,usrquota,noauto_da_alloc,,errors=continue. Quota mode: writeback.
[   98.310776][    C0] vkms_vblank_simulate: vblank timer overrun
[   98.522678][ T4771] loop2: detected capacity change from 0 to 40427
[   98.657444][ T4771] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   98.703594][ T4771] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   98.778478][ T4771] F2FS-fs (loop2): invalid crc value
[   98.860306][ T4771] F2FS-fs (loop2): Found nat_bits in checkpoint
[   99.006008][ T4804] loop0: detected capacity change from 0 to 8192
[   99.032170][ T4817] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[   99.109121][ T4804] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[   99.133367][ T4817] CIFS mount error: No usable UNC path provided in device string!
[   99.133367][ T4817] 
[   99.144677][ T4817] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[   99.154169][ T4804] REISERFS (device loop0): using ordered data mode
[   99.181321][ T4804] reiserfs: using flush barriers
[   99.234656][ T4771] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   99.241824][ T4771] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   99.262453][ T4804] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[   99.295953][ T4824] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   99.358908][ T4804] REISERFS (device loop0): checking transaction log (loop0)
[   99.745284][ T4804] REISERFS (device loop0): Using tea hash to sort names
[   99.773143][ T4804] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[   99.985262][   T13] Bluetooth: hci1: command 0x0419 tx timeout
[  100.198251][ T4804] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 2) not found (pos 1)
[  100.966620][ T4878] netlink: 4 bytes leftover after parsing attributes in process `syz.1.177'.
[  101.124295][ T4851] loop4: detected capacity change from 0 to 32768
[  101.136475][ T4878] team0: Port device team_slave_0 removed
[  101.219188][ T1325] kernel write not supported for file /input/mouse0 (pid: 1325 comm: kworker/0:3)
[  101.237244][ T4851] XFS (loop4): Mounting V5 Filesystem
[  101.364072][ T4189] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  101.474633][ T4904] netlink: 28 bytes leftover after parsing attributes in process `syz.1.184'.
[  101.503627][ T4851] XFS (loop4): Ending clean mount
[  101.583089][ T4851] XFS (loop4): Quotacheck needed: Please wait.
[  101.644147][ T4189] usb 6-1: Using ep0 maxpacket: 32
[  101.733259][ T4851] XFS (loop4): Quotacheck: Done.
[  101.764263][ T4189] usb 6-1: config 0 has an invalid interface number: 51 but max is 0
[  101.807689][ T4189] usb 6-1: config 0 has no interface number 0
[  101.866260][ T4912] loop1: detected capacity change from 0 to 256
[  101.922533][ T4914] loop0: detected capacity change from 0 to 1024
[  101.932383][   T26] audit: type=1800 audit(1770863977.223:4): pid=4851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.171" name="file1" dev="loop4" ino=6150 res=0 errno=0
[  101.982914][   T26] audit: type=1800 audit(1770863977.253:5): pid=4851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.171" name="file1" dev="loop4" ino=6150 res=0 errno=0
[  101.994701][ T4189] usb 6-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  102.039314][ T4914] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  102.052110][ T4189] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  102.086243][ T4189] usb 6-1: Product: syz
[  102.090489][ T4189] usb 6-1: Manufacturer: syz
[  102.119400][ T4189] usb 6-1: SerialNumber: syz
[  102.152509][ T4189] usb 6-1: config 0 descriptor??
[  102.221059][ T4189] quatech2 6-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  102.410239][ T4195] XFS (loop4): Unmounting Filesystem
[  102.439847][ T4189] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  102.480718][ T4189] usb 6-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  102.638043][ T4884] udc-core: couldn't find an available UDC or it's busy
[  102.663042][ T4934] loop0: detected capacity change from 0 to 16
[  102.676893][ T4884] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  102.697463][ T4934] erofs: (device loop0): mounted with root inode @ nid 36.
[  102.710518][   T26] audit: type=1800 audit(1770863978.003:6): pid=4934 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.193" name="file1" dev="loop0" ino=86 res=0 errno=0
[  102.942626][ T4940] loop0: detected capacity change from 0 to 256
[  102.965530][   T13] usb 6-1: USB disconnect, device number 2
[  102.974080][    C1] usb 6-1: qt2_read_bulk_callback - non-zero urb status: -108
[  103.005236][   T13] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  103.027207][ T4940] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe66dc59, utbl_chksum : 0xe619d30d)
[  103.074566][   T13] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  103.143064][   T13] quatech2 6-1:0.51: device disconnected
[  103.326485][ T4189] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  103.609913][ T4962] loop5: detected capacity change from 0 to 512
[  103.711171][ T4962] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  103.716706][ T4189] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  103.748810][ T4962] EXT4-fs (loop5): invalid journal inode
[  103.759993][ T4189] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00
[  103.774825][ T4962] EXT4-fs (loop5): can't get journal size
[  103.795664][ T4189] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.819498][ T4189] usb 2-1: config 0 descriptor??
[  103.881961][ T4962] EXT4-fs (loop5): 1 truncate cleaned up
[  103.912687][ T4962] EXT4-fs (loop5): mounted filesystem without journal. Opts: norecovery,max_batch_time=0x0000000000000003,,errors=continue. Quota mode: none.
[  103.966787][ T4968] loop4: detected capacity change from 0 to 8192
[  103.998586][ T4962] EXT4-fs warning (device loop5): verify_group_input:147: Cannot add at group 1986356271 (only 1 groups)
[  104.081790][ T4968]  loop4: p2 p3 p4[EZD]
[  104.094121][ T4968] loop4: partition table partially beyond EOD, truncated
[  104.137183][ T4968] loop4: p3 start 331781 is beyond EOD, truncated
[  104.164210][ T4968] loop4: p4 size 197376 extends beyond EOD, truncated
[  104.179272][ T4958] loop2: detected capacity change from 0 to 32768
[  104.314353][ T4189] lenovo 0003:17EF:6047.0003: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0
[  104.360129][ T4984] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  104.388936][ T4958] XFS (loop2): Mounting V5 Filesystem
[  104.514274][ T4189] lenovo 0003:17EF:6047.0003: Failed to switch F7/9/11 mode: -71
[  104.541351][ T4958] XFS (loop2): Ending clean mount
[  104.564115][ T4189] lenovo 0003:17EF:6047.0003: Failed to switch middle button: -71
[  104.572863][ T4958] XFS (loop2): Quotacheck needed: Please wait.
[  104.604287][ T4189] lenovo 0003:17EF:6047.0003: Fn-lock setting failed: -71
[  104.624515][ T4189] lenovo 0003:17EF:6047.0003: Sensitivity setting failed: -71
[  104.650823][ T4319] udevd[4319]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  104.652427][ T4300] udevd[4300]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  104.717974][ T4189] usb 2-1: USB disconnect, device number 3
[  104.727045][ T4991] input: syz0 as /devices/virtual/input/input11
[  104.827361][ T4992] fido_id[4992]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  104.846447][ T4958] XFS (loop2): Quotacheck: Done.
[  104.868138][   T26] audit: type=1800 audit(1770863980.163:7): pid=4958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.202" name="file1" dev="loop2" ino=6150 res=0 errno=0
[  104.899355][ T4996] loop4: detected capacity change from 0 to 512
[  104.939022][   T26] audit: type=1800 audit(1770863980.213:8): pid=4958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.202" name="file1" dev="loop2" ino=6150 res=0 errno=0
[  104.976818][ T4996] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  105.082749][ T4187] XFS (loop2): Unmounting Filesystem
[  105.111404][ T4996] EXT4-fs (loop4): 1 truncate cleaned up
[  105.187688][ T4996] EXT4-fs (loop4): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,minixdf,quota,,errors=continue. Quota mode: writeback.
[  106.134094][   T21] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  106.305226][ T5019] loop0: detected capacity change from 0 to 32768
[  106.375220][   T21] usb 5-1: Using ep0 maxpacket: 32
[  106.390075][ T5019] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.222 (5019)
[  106.512056][ T5019] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  106.514831][   T21] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  106.541889][ T5039] loop1: detected capacity change from 0 to 128
[  106.558992][ T5019] BTRFS info (device loop0): using free space tree
[  106.579984][   T21] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  106.590256][ T5019] BTRFS info (device loop0): has skinny extents
[  106.604163][   T21] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  106.613476][   T21] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.702759][   T21] usb 5-1: config 0 descriptor??
[  106.833366][ T5019] BTRFS info (device loop0): enabling ssd optimizations
[  107.012489][ T5027] loop2: detected capacity change from 0 to 32768
[  107.229677][ T5072] netlink: 40 bytes leftover after parsing attributes in process `syz.1.234'.
[  107.246841][   T21] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  107.295251][ T5072] netlink: 2 bytes leftover after parsing attributes in process `syz.1.234'.
[  107.478661][   T21] usb 5-1: USB disconnect, device number 4
[  107.548306][ T5077] fido_id[5077]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  107.844019][ T3162] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  108.234238][ T3162] usb 3-1: config 0 has an invalid interface number: 251 but max is 0
[  108.242531][ T3162] usb 3-1: config 0 has no interface number 0
[  108.424626][ T3162] usb 3-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  108.438425][ T3162] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.474042][ T3162] usb 3-1: Product: syz
[  108.478298][ T3162] usb 3-1: Manufacturer: syz
[  108.482933][ T3162] usb 3-1: SerialNumber: syz
[  108.493115][ T5076] loop5: detected capacity change from 0 to 40427
[  108.516283][ T3162] usb 3-1: config 0 descriptor??
[  108.552106][ T5076] F2FS-fs (loop5): Invalid SB checksum offset: 0
[  108.584678][ T5076] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock
[  108.595105][ T5076] F2FS-fs (loop5): invalid crc value
[  108.601348][ T5106] loop4: detected capacity change from 0 to 1024
[  108.647083][ T5076] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  108.895494][ T5076] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0
[  108.902614][ T5076] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  108.915075][ T5106] hfsplus: catalog searching failed
[  108.959742][ T4309] hfsplus: b-tree write err: -5, ino 8
[  109.113629][ T4645] attempt to access beyond end of device
[  109.113629][ T4645] loop5: rw=2049, want=45104, limit=40427
[  109.204422][ T3162] asix 3-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver
[  109.215623][ T3162] asix: probe of 3-1:0.251 failed with error -524
[  109.308078][ T5120] blk_update_request: I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0
[  109.347226][ T5120] EXT4-fs (loop0): unable to read superblock
[  109.436481][ T4228] usb 3-1: USB disconnect, device number 4
[  109.553607][ T5128] loop0: detected capacity change from 0 to 1024
[  109.634252][ T3162] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  109.655794][ T5128] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  109.759214][ T5128] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3887: comm syz.0.250: Allocating blocks 449-513 which overlap fs metadata
[  109.893993][ T3162] usb 5-1: Using ep0 maxpacket: 16
[  110.014419][ T3162] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  110.035471][ T3162] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  110.061285][ T3162] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  110.092943][ T3162] usb 5-1: config 0 interface 0 has no altsetting 0
[  110.107966][ T3162] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  110.126057][ T3162] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.164717][ T5096] usb 2-1: new full-speed USB device number 4 using dummy_hcd
[  110.182361][ T3162] usb 5-1: config 0 descriptor??
[  110.384607][ T5162] loop2: detected capacity change from 0 to 512
[  110.458732][ T5164] loop5: detected capacity change from 0 to 1024
[  110.542400][ T5164] EXT4-fs (loop5): Ignoring removed orlov option
[  110.594289][ T5096] usb 2-1: too many endpoints for config 0 interface 0 altsetting 254: 253, using maximum allowed: 30
[  110.627280][ T5096] usb 2-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  110.654493][ T5096] usb 2-1: config 0 interface 0 altsetting 254 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  110.654918][ T5164] EXT4-fs (loop5): mounted filesystem without journal. Opts: block_validity,bsddf,nombcache,noauto_da_alloc,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,grpjquota=,,errors=continue. Quota mode: none.
[  110.669184][ T5096] usb 2-1: config 0 interface 0 has no altsetting 0
[  110.697044][ T5096] usb 2-1: New USB device found, idVendor=044e, idProduct=120c, bcdDevice= 0.00
[  110.697604][ T3162] hid (null): nested delimiters
[  110.706142][ T5096] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.727243][ T5096] usb 2-1: config 0 descriptor??
[  110.733297][ T5168] loop2: detected capacity change from 0 to 512
[  110.760015][ T3162] hid (null): nested delimiters
[  110.769421][ T3162] hid (null): nested delimiters
[  110.785223][ T3162] hid (null): report_id 24797 is invalid
[  110.806412][ T5168] EXT4-fs (loop2): orphan cleanup on readonly fs
[  110.820565][ T5168] EXT4-fs error (device loop2): ext4_orphan_get:1426: comm syz.2.266: bad orphan inode 13
[  110.875867][ T5168] ext4_test_bit(bit=12, block=18) = 1
[  110.881311][ T5168] is_bad_inode(inode)=0
[  110.887239][ T5168] NEXT_ORPHAN(inode)=2130706432
[  110.892665][ T5168] max_ino=32
[  110.896793][ T5168] i_nlink=1
[  110.901380][ T5168] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  110.924761][ T3162] usb 5-1: USB disconnect, device number 5
[  110.946778][ T5168] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[  111.048577][ T5168] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback.
[  111.123230][ T5170] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.266: bg 0: block 248: padding at end of block bitmap is not set
[  111.169771][ T5170] Quota error (device loop2): write_blk: dquota write failed
[  111.196204][ T5170] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  111.214480][ T5170] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.266: Failed to acquire dquot type 1
[  111.236354][ T5096] hid-alps 0003:044E:120C.0006: hidraw0: USB HID v0.04 Device [HID 044e:120c] on usb-dummy_hcd.1-1/input0
[  111.420159][ T5096] usb 2-1: USB disconnect, device number 4
[  111.469429][ T5177] fido_id[5177]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:044E:120C.0006/report_descriptor': No such file or directory
[  111.605215][ T5188] netlink: 8 bytes leftover after parsing attributes in process `syz.4.270'.
[  111.761551][ T5191] Falling back ldisc for ptm0.
[  112.054874][ T5203] user requested TSC rate below hardware speed
[  112.110351][ T5208] netlink: 12 bytes leftover after parsing attributes in process `syz.1.277'.
[  112.330764][ T5217] kernel profiling enabled (shift: 5)
[  112.765781][ T5195] loop2: detected capacity change from 0 to 32768
[  112.897289][ T5195] XFS (loop2): Mounting V5 Filesystem
[  113.130516][ T5195] XFS (loop2): Ending clean mount
[  113.161031][ T5195] XFS (loop2): Quotacheck needed: Please wait.
[  113.399874][ T5195] XFS (loop2): Quotacheck: Done.
[  113.480943][ T5255] loop0: detected capacity change from 0 to 128
[  113.571502][ T5255] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,errors=remount-ro,. Quota mode: none.
[  113.607602][ T5255] ext4 filesystem being mounted at /50/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  113.693565][ T4187] XFS (loop2): Unmounting Filesystem
[  113.858237][ T5255] EXT4-fs error (device loop0): make_indexed_dir:2333: inode #2: block 18: comm syz.0.285: bad entry in directory: rec_len is smaller than minimal - offset=36, inode=128, rec_len=9, size=1000 fake=0
[  113.953816][ T5237] loop4: detected capacity change from 0 to 40427
[  114.035192][ T5237] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  114.043017][ T5237] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  114.063975][ T5255] EXT4-fs (loop0): Remounting filesystem read-only
[  114.118627][ T5237] F2FS-fs (loop4): invalid crc value
[  114.186352][ T5237] F2FS-fs (loop4): Found nat_bits in checkpoint
[  114.503742][ T5237] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  114.529510][ T5237] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  114.878831][ T5285] loop2: detected capacity change from 0 to 16
[  114.917181][ T5285] erofs: (device loop2): mounted with root inode @ nid 36.
[  114.989737][   T26] audit: type=1800 audit(1770863990.283:9): pid=5285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.286" name="file1" dev="loop2" ino=86 res=0 errno=0
[  115.084737][ T5291] loop1: detected capacity change from 0 to 8
[  115.208031][ T5296] netlink: 'syz.2.295': attribute type 1 has an invalid length.
[  115.243642][ T5296] netlink: 'syz.2.295': attribute type 2 has an invalid length.
[  115.252708][ T5291] unable to read fragment index table
[  115.339773][ T5300] rtc_cmos 00:00: Alarms can be up to one day in the future
[  115.433802][ T5291] netlink: 'syz.1.292': attribute type 2 has an invalid length.
[  115.511762][ T5291] netlink: 'syz.1.292': attribute type 2 has an invalid length.
[  115.633343][ T4297] rtc_cmos 00:00: Alarms can be up to one day in the future
[  115.664497][ T4297] rtc_cmos 00:00: Alarms can be up to one day in the future
[  115.716111][ T4297] rtc_cmos 00:00: Alarms can be up to one day in the future
[  115.778434][ T4297] rtc_cmos 00:00: Alarms can be up to one day in the future
[  115.808769][ T4297] rtc rtc0: __rtc_set_alarm: err=-22
[  116.163422][ T5323] loop5: detected capacity change from 0 to 4096
[  116.378508][ T5323] NILFS (loop5): invalid segment: Checksum error in segment payload
[  116.418056][ T5323] NILFS (loop5): trying rollback from an earlier position
[  116.527937][ T5323] NILFS (loop5): recovery complete
[  116.576225][ T5338] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  116.809559][ T5345] loop1: detected capacity change from 0 to 512
[  116.909683][ T5345] EXT4-fs (loop1): Ignoring removed orlov option
[  117.106232][ T5345] EXT4-fs (loop1): mounted filesystem without journal. Opts: nojournal_checksum,orlov,,errors=continue. Quota mode: writeback.
[  117.530779][ T5091] hid-generic 0005:4C4A:5505.0007: item fetching failed at offset 0/1
[  117.541543][ T5091] hid-generic: probe of 0005:4C4A:5505.0007 failed with error -22
[  117.556783][ T5369] loop6: detected capacity change from 0 to 8
[  117.702288][    C0] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  117.718817][    C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  117.730333][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  117.739153][ T5337] loop4: detected capacity change from 0 to 40427
[  117.784801][    C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  117.796430][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  117.847501][    C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  117.859999][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  117.934570][    C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  117.945805][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  117.954031][ T5337] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  117.965636][    C0] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  117.977055][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  117.991011][ T5378] loop5: detected capacity change from 0 to 256
[  117.996252][ T5337] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  118.051941][ T5337] F2FS-fs (loop4): invalid crc value
[  118.089968][ T5378] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  118.186375][ T5337] F2FS-fs (loop4): Found nat_bits in checkpoint
[  118.430538][ T5337] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  118.463966][ T5337] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  118.672153][ T5392] loop7: detected capacity change from 0 to 7
[  118.722220][ T4303] Dev loop7: unable to read RDB block 7
[  118.738744][ T4303]  loop7: AHDI p1 p2 p3
[  118.752706][ T4303] loop7: partition table partially beyond EOD, truncated
[  118.776647][ T4303] loop7: p1 start 1601398130 is beyond EOD, truncated
[  118.798073][ T4303] loop7: p2 start 1702059890 is beyond EOD, truncated
[  118.849117][ T5392] Dev loop7: unable to read RDB block 7
[  118.875929][ T5392]  loop7: AHDI p1 p2 p3
[  118.884197][ T5392] loop7: partition table partially beyond EOD, truncated
[  118.918153][ T5392] loop7: p1 start 1601398130 is beyond EOD, truncated
[  118.937567][ T5371] loop2: detected capacity change from 0 to 32768
[  118.955901][ T5392] loop7: p2 start 1702059890 is beyond EOD, truncated
[  119.171374][ T5375] loop1: detected capacity change from 0 to 32768
[  119.222651][ T5403] loop5: detected capacity change from 0 to 128
[  119.296601][ T5403] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  119.398352][ T5375] XFS (loop1): Mounting V5 Filesystem
[  119.463738][ T5414] loop2: detected capacity change from 0 to 8
[  119.484531][ T5403] hpfs: filesystem error: improperly stopped
[  119.490623][ T5403] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  119.499364][ T5403] hpfs: You really don't want any checks? You are crazy...
[  119.509543][ T5403] hpfs: hpfs_map_sector(): read error
[  119.516866][ T5403] hpfs: code page support is disabled
[  119.523546][ T5403] hpfs: hpfs_map_4sectors(): unaligned read
[  119.536068][ T5403] hpfs: hpfs_map_4sectors(): unaligned read
[  119.542572][ T5403] hpfs: filesystem error: unable to find root dir
[  119.594708][ T5375] XFS (loop1): Ending clean mount
[  119.625665][ T5403] hpfs: hpfs_map_4sectors(): unaligned read
[  119.659530][ T5375] XFS (loop1): User initiated shutdown received.
[  119.710958][ T5375] XFS (loop1): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:495).  Shutting down filesystem.
[  119.829833][ T5375] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  119.895139][ T5426] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  119.922012][ T5426] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on.
[  119.975401][ T4186] XFS (loop1): Unmounting Filesystem
[  120.165650][ T4189] libceph: connect (1)[c::]:6789 error -101
[  120.182015][ T4189] libceph: mon0 (1)[c::]:6789 connect error
[  120.201732][ T4189] libceph: connect (1)[c::]:6789 error -101
[  120.208287][ T4189] libceph: mon0 (1)[c::]:6789 connect error
[  120.486768][ T4189] libceph: connect (1)[c::]:6789 error -101
[  120.493419][ T4189] libceph: mon0 (1)[c::]:6789 connect error
[  120.731474][ T5458] loop1: detected capacity change from 0 to 128
[  120.761485][ T5458] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  120.828624][ T5429] ceph: No mds server is up or the cluster is laggy
[  121.033256][ T3162] libceph: connect (1)[c::]:6789 error -101
[  121.040800][ T3162] libceph: mon0 (1)[c::]:6789 connect error
[  121.313675][ T5467] loop1: detected capacity change from 0 to 2048
[  121.407937][ T5467] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  121.602214][   T26] audit: type=1326 audit(1770863996.893:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5473 comm="syz.2.335" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f729127df79 code=0x0
[  121.941036][ T5485] loop2: detected capacity change from 0 to 256
[  121.952501][ T5454] loop0: detected capacity change from 0 to 40427
[  121.963058][ T5488] process 'syz.5.338' launched './file0' with NULL argv: empty string added
[  122.040530][ T5454] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  122.093776][ T5454] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  122.164301][ T5454] F2FS-fs (loop0): invalid crc value
[  122.245840][ T5454] F2FS-fs (loop0): Found nat_bits in checkpoint
[  122.355975][ T5503] loop4: detected capacity change from 0 to 2048
[  122.361564][ T5454] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  122.375702][ T5454] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  122.410759][ T5503] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  123.286705][    C0] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  123.329175][    C0] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  123.340286][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  123.350343][    C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  123.361436][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  123.391439][ T5540] devpts: called with bogus options
[  123.420788][    C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  123.431960][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  123.516198][    C1] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  123.527229][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  123.536179][    C0] blk_update_request: I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  123.547154][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  123.566117][ T5545] binder: 5543:5545 ioctl c0306201 2000000003c0 returned -14
[  124.691900][ T5589] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0
[  124.715844][ T5590] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 1
[  124.738425][ T5594] loop1: detected capacity change from 0 to 512
[  124.740724][ T5595] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 2
[  124.757564][ T5596] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 3
[  124.832233][ T5600] loop4: detected capacity change from 0 to 8
[  124.852445][ T5594] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  124.911078][ T5549] loop2: detected capacity change from 0 to 40427
[  124.929091][ T5600] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  124.942824][ T5594] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.368: inode has both inline data and extents flags
[  124.966203][ T5594] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.368: couldn't read orphan inode 15 (err -117)
[  124.984373][ T5594] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  125.004481][ T4300] udevd[4300]: incorrect cramfs checksum on /dev/loop4
[  125.074099][ T5549] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  125.106216][ T5549] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  125.140983][ T5549] F2FS-fs (loop2): invalid crc value
[  125.164019][ T5091] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  125.167799][ T4300] udevd[4300]: incorrect cramfs checksum on /dev/loop4
[  125.196797][ T5549] F2FS-fs (loop2): Found nat_bits in checkpoint
[  125.262023][ T5549] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  125.277062][ T5549] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  125.434148][ T5091] usb 1-1: Using ep0 maxpacket: 16
[  125.624243][ T5091] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  125.637587][ T5091] usb 1-1: New USB device found, idVendor=046d, idProduct=c531, bcdDevice= 0.00
[  125.659646][ T5091] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.692516][ T5091] usb 1-1: config 0 descriptor??
[  125.786230][ T5624] loop4: detected capacity change from 0 to 8
[  125.809249][ T5624] squashfs: Unknown parameter '18446744073709551615'
[  126.113584][ T5628] netlink: 'syz.5.378': attribute type 21 has an invalid length.
[  126.121551][ T5628] netlink: 'syz.5.378': attribute type 1 has an invalid length.
[  126.131245][ T5628] netlink: 16090 bytes leftover after parsing attributes in process `syz.5.378'.
[  126.143778][ T5627] loop4: detected capacity change from 0 to 512
[  126.196965][ T5091] logitech-djreceiver 0003:046D:C531.0008: unbalanced collection at end of report description
[  126.232508][ T5091] logitech-djreceiver 0003:046D:C531.0008: logi_dj_probe: parse failed
[  126.243738][ T5091] logitech-djreceiver: probe of 0003:046D:C531.0008 failed with error -22
[  126.314123][ T5627] EXT4-fs (loop4): Ignoring removed oldalloc option
[  126.327826][ T5627] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option
[  126.356695][ T5627] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  126.411597][ T5091] usb 1-1: USB disconnect, device number 5
[  126.459242][ T5627] EXT4-fs (loop4): 1 truncate cleaned up
[  126.482124][ T5627] EXT4-fs (loop4): mounted filesystem without journal. Opts: oldalloc,block_validity,jqfmt=vfsv1,debug_want_extra_isize=0x0000000000000080,bsddf,i_version,nomblk_io_submit,nodioread_nolock,,errors=continue. Quota mode: none.
[  126.550855][ T5640] loop2: detected capacity change from 0 to 16
[  126.599812][ T5640] erofs: (device loop2): mounted with root inode @ nid 36.
[  126.651045][ T5627] Invalid ELF header magic: != ELF
[  126.656607][   T26] audit: type=1800 audit(1770864001.943:11): pid=5627 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.379" name="bus" dev="loop4" ino=18 res=0 errno=0
[  127.061817][ T5657] loop0: detected capacity change from 0 to 16
[  127.376377][ T5663] loop1: detected capacity change from 0 to 128
[  127.656214][ T5669] loop8: detected capacity change from 0 to 8
[  127.680830][ T5669]  loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12
[  127.694967][ T5669] loop8: p1 start 791700844 is beyond EOD, truncated
[  127.702195][ T5669] loop8: p2 start 3899975972 is beyond EOD, truncated
[  127.732562][ T5669] loop8: p3 start 1208418304 is beyond EOD, truncated
[  127.763126][  T154] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.785593][ T4185] syz-executor (4185) used greatest stack depth: 21072 bytes left
[  127.819940][ T5669] loop8: p4 start 3931113569 is beyond EOD, truncated
[  127.899572][ T5669] loop8: p5 start 3559565946 is beyond EOD, truncated
[  127.931974][  T154] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  127.949152][ T5669] loop8: p6 start 304760172 is beyond EOD, truncated
[  127.958616][ T5669] loop8: p7 start 356724033 is beyond EOD, truncated
[  127.965675][ T5675] loop5: detected capacity change from 0 to 256
[  127.981108][ T5669] loop8: p8 start 1048593383 is beyond EOD, truncated
[  127.989123][ T5669] loop8: p9 start 3402241790 is beyond EOD, truncated
[  127.999445][ T5675] exfat: Deprecated parameter 'namecase'
[  128.008607][ T5669] loop8: p10 start 2778927597 is beyond EOD, truncated
[  128.028207][ T5669] loop8: p11 start 1052393021 is beyond EOD, truncated
[  128.040033][  T154] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.054651][ T5669] loop8: p12 start 2771965051 is beyond EOD, truncated
[  128.121764][ T5675] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d)
[  128.134229][ T3162] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  128.166477][  T154] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  128.290550][ T5652] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  128.328851][ T5652] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  128.355608][ T5652] F2FS-fs (loop4): invalid crc value
[  128.377215][ T5652] F2FS-fs (loop4): Found nat_bits in checkpoint
[  128.494333][ T3162] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  128.551371][ T3162] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  128.635620][ T5652] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  128.642726][ T5652] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  128.674250][ T3162] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  128.683363][ T3162] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  128.724224][ T5692] netlink: 16 bytes leftover after parsing attributes in process `syz.2.406'.
[  128.742416][ T3162] usb 2-1: Manufacturer: syz
[  128.765682][ T3162] usb 2-1: config 0 descriptor??
[  129.220051][ T5711] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  129.327184][ T5691] chnl_net:caif_netlink_parms(): no params data found
[  129.670743][ T5691] bridge0: port 1(bridge_slave_0) entered blocking state
[  129.698652][ T3162] input: syz Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0009/input/input12
[  129.720498][ T5691] bridge0: port 1(bridge_slave_0) entered disabled state
[  129.752591][ T5691] device bridge_slave_0 entered promiscuous mode
[  129.826328][ T5691] bridge0: port 2(bridge_slave_1) entered blocking state
[  129.834718][ T5691] bridge0: port 2(bridge_slave_1) entered disabled state
[  129.842837][ T3162] input: syz Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0009/input/input13
[  129.852498][ T5691] device bridge_slave_1 entered promiscuous mode
[  129.900103][ T3162] uclogic 0003:256C:006D.0009: input,hidraw0: USB HID v0.00 Keypad [syz] on usb-dummy_hcd.1-1/input0
[  129.982012][ T3162] usb 2-1: USB disconnect, device number 5
[  130.069696][ T5691] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  130.083616][ T1325] kernel read not supported for file /usbmon8 (pid: 1325 comm: kworker/0:3)
[  130.112981][ T5691] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  130.153060][  T154] IPVS: stopping master sync thread 5596 ...
[  130.171499][ T5739] fido_id[5739]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  130.202868][  T154] IPVS: stopping master sync thread 5595 ...
[  130.243109][  T154] IPVS: stopping master sync thread 5590 ...
[  130.259302][  T154] IPVS: stopping master sync thread 5589 ...
[  130.283558][ T5691] team0: Port device team_slave_0 added
[  130.409477][ T5691] team0: Port device team_slave_1 added
[  130.493399][ T5691] batman_adv: batadv0: Adding interface: batadv_slave_0
[  130.517108][ T5691] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.647647][ T5691] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  130.695253][ T5691] batman_adv: batadv0: Adding interface: batadv_slave_1
[  130.702739][ T5691] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  130.731357][ T5691] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  130.790516][   T13] Bluetooth: hci0: command 0x0409 tx timeout
[  130.799314][ T5691] device hsr_slave_0 entered promiscuous mode
[  130.813887][ T5691] device hsr_slave_1 entered promiscuous mode
[  130.821601][ T5691] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  130.836172][ T5691] Cannot create hsr debugfs directory
[  130.881047][  T154] device hsr_slave_0 left promiscuous mode
[  130.890523][  T154] device hsr_slave_1 left promiscuous mode
[  130.901940][  T154] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  130.912505][  T154] batman_adv: batadv0: Removing interface: batadv_slave_0
[  130.928703][  T154] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  130.940074][  T154] batman_adv: batadv0: Removing interface: batadv_slave_1
[  130.953855][  T154] device bridge_slave_1 left promiscuous mode
[  130.963941][  T154] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.974732][  T154] device bridge_slave_0 left promiscuous mode
[  130.980994][  T154] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.998605][  T154] device veth1_macvtap left promiscuous mode
[  131.004905][  T154] device veth0_macvtap left promiscuous mode
[  131.011201][  T154] device veth1_vlan left promiscuous mode
[  131.017802][  T154] device veth0_vlan left promiscuous mode
[  131.275286][  T154] team0 (unregistering): Port device team_slave_1 removed
[  131.295513][  T154] team0 (unregistering): Port device team_slave_0 removed
[  131.311289][  T154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  131.330084][  T154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.411357][  T154] bond0 (unregistering): Released all slaves
[  131.610076][ T5691] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  131.653396][ T5691] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  131.665348][ T5691] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  131.685512][ T5691] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  131.834963][ T5691] 8021q: adding VLAN 0 to HW filter on device bond0
[  131.852448][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  131.862634][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  131.879177][ T5691] 8021q: adding VLAN 0 to HW filter on device team0
[  131.908292][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  131.927611][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  131.947805][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.955016][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  131.969820][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  131.981154][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  131.997013][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.004173][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  132.016061][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  132.038027][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  132.059942][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  132.082565][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  132.098311][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  132.123609][ T5691] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  132.135851][ T5691] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  132.148508][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  132.159603][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  132.169212][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  132.180266][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  132.190012][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  132.203631][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  132.212863][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  132.228941][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  132.476587][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  132.494399][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  132.522174][ T5691] 8021q: adding VLAN 0 to HW filter on device batadv0
[  132.864239][ T4242] Bluetooth: hci0: command 0x041b tx timeout
[  132.900844][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  132.912560][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  132.947914][ T1422] ieee802154 phy0 wpan0: encryption failed: -22
[  132.954360][ T1422] ieee802154 phy1 wpan1: encryption failed: -22
[  132.969955][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  132.985677][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  133.003852][ T5691] device veth0_vlan entered promiscuous mode
[  133.012022][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  133.029401][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  133.049962][ T5691] device veth1_vlan entered promiscuous mode
[  133.106914][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  133.117436][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  133.127060][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  133.138518][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  133.152608][ T5691] device veth0_macvtap entered promiscuous mode
[  133.165164][ T5691] device veth1_macvtap entered promiscuous mode
[  133.192216][ T5691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  133.219970][ T5691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.251009][ T5691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  133.270540][ T5691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.298050][ T5691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  133.315660][ T5691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.329093][ T5691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  133.342337][ T5691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.359459][ T5691] batman_adv: batadv0: Interface activated: batadv_slave_0
[  133.376463][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  133.391645][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  133.401368][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  133.425395][  T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  133.441343][ T5691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  133.460146][ T5691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.485467][ T5691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  133.503948][ T5691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.523948][ T5691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  133.542153][ T5691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.557631][ T5691] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  133.586397][ T5691] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  133.609120][ T5691] batman_adv: batadv0: Interface activated: batadv_slave_1
[  133.617683][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  133.635954][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  133.674995][ T5691] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  133.683770][ T5691] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  133.717092][ T5691] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  133.726561][ T5691] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  133.861088][ T4265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.880531][ T4265] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.900521][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  133.928040][ T4265] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  133.941109][ T4265] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  133.951957][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  134.081747][ T5826] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(3)
[  134.088745][ T5826] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  134.185511][ T5826] vhci_hcd vhci_hcd.0: Device attached
[  134.414150][ T3162] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  134.456150][ T4189] usb 43-1: new low-speed USB device number 2 using vhci_hcd
[  134.652265][ T5857] set_capacity_and_notify: 2 callbacks suppressed
[  134.652282][ T5857] loop4: detected capacity change from 0 to 512
[  134.814232][ T3162] usb 6-1: config 0 has no interfaces?
[  134.895852][ T3162] usb 6-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[  134.919059][ T3162] usb 6-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[  134.964122][ T3162] usb 6-1: Manufacturer: syz
[  134.990791][ T3162] usb 6-1: config 0 descriptor??
[  135.024905][ T4242] Bluetooth: hci0: command 0x040f tx timeout
[  135.132646][ T5857] EXT4-fs (loop4): Test dummy encryption mode enabled
[  135.145006][ T5857] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  135.196109][ T5857] EXT4-fs error (device loop4): ext4_orphan_get:1426: comm syz.4.430: bad orphan inode 131083
[  135.214538][ T5857] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,init_itable,norecovery,,errors=continue. Quota mode: none.
[  135.326889][ T5842] loop6: detected capacity change from 0 to 40427
[  135.349725][ T5828] vhci_hcd: cannot find a urb of seqnum 1663411776 max seqnum 1
[  135.372761][ T5096] usb 6-1: USB disconnect, device number 3
[  135.391938][ T1275] vhci_hcd: stop threads
[  135.403321][ T5842] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  135.435760][ T5842] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  135.456839][ T1275] vhci_hcd: release socket
[  135.483851][ T1275] vhci_hcd: disconnect device
[  135.489631][ T5842] F2FS-fs (loop6): invalid crc value
[  135.572761][ T5857] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  135.583166][ T5842] F2FS-fs (loop6): Found nat_bits in checkpoint
[  135.759261][ T5842] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  135.811131][ T5842] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  135.991457][ T5907] loop4: detected capacity change from 0 to 1024
[  136.006406][ T5898] loop2: detected capacity change from 0 to 4096
[  136.037025][ T5898] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  136.071558][ T5907] EXT4-fs (loop4): Ignoring removed bh option
[  136.115763][ T5907] EXT4-fs (loop4): inline encryption not supported
[  136.151962][ T5907] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000]
[  136.203390][ T5898] ntfs: (device loop2): ntfs_read_locked_inode(): Corrupt standard information attribute in inode.
[  136.214265][ T5898] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  136.231001][ T5898] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  136.245280][ T5898] ntfs: volume version 3.1.
[  136.274318][ T4243] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  136.399277][ T5907] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 2: comm syz.4.444: lblock 2 mapped to illegal pblock 2 (length 1)
[  136.491604][ T5907] Quota error (device loop4): qtree_write_dquot: dquota write failed
[  136.549091][ T5907] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 48: comm syz.4.444: lblock 0 mapped to illegal pblock 48 (length 1)
[  136.635548][ T4243] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 2015, setting to 1024
[  136.651216][ T5928] loop1: detected capacity change from 0 to 16
[  136.668935][ T5907] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  136.678376][ T4243] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  136.701119][ T5907] EXT4-fs error (device loop4): ext4_acquire_dquot:6234: comm syz.4.444: Failed to acquire dquot type 0
[  136.721036][ T4243] usb 6-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18
[  136.751932][ T5928] erofs: (device loop1): mounted with root inode @ nid 36.
[  136.783776][ T5907] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5854: Corrupt filesystem
[  136.847295][ T5907] EXT4-fs error (device loop4): ext4_evict_inode:282: inode #11: comm syz.4.444: mark_inode_dirty error
[  136.905805][ T4243] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  136.919008][ T5907] EXT4-fs warning (device loop4): ext4_evict_inode:285: couldn't mark inode dirty (err -117)
[  136.924675][ T4243] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  136.959337][ T5907] EXT4-fs (loop4): 1 orphan inode deleted
[  136.975567][ T5907] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,max_batch_time=0x00000000000008c9,debug,inlinecrypt,,errors=continue. Quota mode: writeback.
[  136.994820][ T4243] usb 6-1: SerialNumber: syz
[  137.001912][ T5883] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:7: lblock 1 mapped to illegal pblock 1 (length 1)
[  137.045991][ T5909] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  137.063228][ T5883] Quota error (device loop4): remove_tree: Can't read quota data block 1
[  137.120733][ T5883] EXT4-fs error (device loop4): ext4_release_dquot:6270: comm kworker/u4:7: Failed to release dquot type 0
[  137.167414][ T4242] Bluetooth: hci0: command 0x0419 tx timeout
[  137.224184][ T3162] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  137.256215][ T5907] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
[  137.287414][ T5907] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  137.323685][ T5909] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  137.344030][ T5907] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000]
[  137.352314][ T5907] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 48: comm syz.4.444: lblock 0 mapped to illegal pblock 48 (length 1)
[  137.399158][ T5941] overlayfs: maximum fs stacking depth exceeded
[  137.415072][ T5907] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=-117
[  137.460131][ T5907] EXT4-fs (loop4): re-mounted. Opts: . Quota mode: writeback.
[  137.520712][ T5947] loop1: detected capacity change from 0 to 64
[  137.582133][ T5944] loop6: detected capacity change from 0 to 8192
[  137.594090][ T3162] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  137.659477][ T3162] usb 3-1: New USB device found, idVendor=0461, idProduct=4e72, bcdDevice= 0.00
[  137.689034][ T5951] netlink: 112 bytes leftover after parsing attributes in process `syz.4.455'.
[  137.701265][ T3162] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  137.721746][ T5951] netlink: 'syz.4.455': attribute type 19 has an invalid length.
[  137.764880][ T3162] usb 3-1: config 0 descriptor??
[  137.798127][ T5944] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  137.856959][ T4243] cdc_ether 6-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.5-1, CDC Ethernet Device, 42:42:42:42:42:42
[  138.059903][ T5961] loop4: detected capacity change from 0 to 1024
[  138.233013][ T4243] usb 6-1: USB disconnect, device number 4
[  138.242134][ T5967] loop8: detected capacity change from 0 to 8
[  138.247878][ T4243] cdc_ether 6-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.5-1, CDC Ethernet Device
[  138.299014][ T4329] Dev loop8: unable to read RDB block 8
[  138.316775][ T4329]  loop8: unable to read partition table
[  138.328471][ T3162] hid-rmi 0003:0461:4E72.000A: hidraw0: USB HID v10.00 Device [HID 0461:4e72] on usb-dummy_hcd.2-1/input0
[  138.350298][ T4329] loop8: partition table beyond EOD, truncated
[  138.393599][ T5967] Dev loop8: unable to read RDB block 8
[  138.427423][ T5967]  loop8: unable to read partition table
[  138.433279][ T5967] loop8: partition table beyond EOD, truncated
[  138.505429][ T5967] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  138.692336][ T5096] usb 3-1: USB disconnect, device number 5
[  139.235433][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  139.496886][ T6006] netlink: 'syz.2.468': attribute type 13 has an invalid length.
[  139.529908][ T6006] netlink: 24859 bytes leftover after parsing attributes in process `syz.2.468'.
[  139.594053][ T4189] vhci_hcd: vhci_device speed not set
[  139.880896][ T6012] loop2: detected capacity change from 0 to 8192
[  140.001091][ T6012]  loop2: p2 p3 p4 < >
[  140.012456][ T6012] loop2: partition table partially beyond EOD, truncated
[  140.044255][ T6012] loop2: p2 size 590592 extends beyond EOD, truncated
[  140.084491][ T6012] loop2: p3 start 4294967295 is beyond EOD, truncated
[  140.128169][ T6012] loop2: p4 start 117440516 is beyond EOD, truncated
[  140.533475][ T6033] loop1: detected capacity change from 0 to 4096
[  140.807037][ T6045] binder: 6044:6045 ioctl c0306201 0 returned -14
[  140.826281][ T4303] udevd[4303]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  140.930094][ T6047] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  140.957370][ T6045] binder: 6044:6045 ioctl 40046104 0 returned -22
[  141.064337][   T26] audit: type=1800 audit(1770864016.353:12): pid=6033 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.476" name="file1" dev="loop1" ino=15 res=0 errno=0
[  141.277903][ T6018] loop6: detected capacity change from 0 to 32768
[  141.544546][ T6042] loop4: detected capacity change from 0 to 131072
[  141.609155][ T6018] 
[  141.609155][ T6018]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  141.609155][ T6018] 
[  141.665734][ T6042] F2FS-fs (loop4): QUOTA feature is enabled, so ignore qf_name
[  141.678953][ T6018] ERROR: (device loop6): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0
[  141.678953][ T6018] 
[  141.736451][ T6042] F2FS-fs (loop4): invalid crc value
[  141.758045][ T6042] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  141.815128][ T6042] F2FS-fs (loop4): recover fsync data on readonly fs
[  141.830284][ T6042] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b
[  141.858386][ T6018] ERROR: (device loop6): remounting filesystem as read-only
[  141.916784][ T6018] JFS: Invalid stbl[1] = -128 for inode 2, block = 0
[  141.946817][ T6057] ERROR: (device loop6): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 0
[  141.946817][ T6057] 
[  141.972014][ T6042] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=ba0003, run fsck to fix.
[  142.001700][ T6030] loop2: detected capacity change from 0 to 32768
[  142.026725][ T6057] JFS: Invalid stbl[1] = -128 for inode 2, block = 0
[  142.329018][ T6030] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.475 (6030)
[  143.230643][ T6087] input: syz1 as /devices/virtual/input/input14
[  143.603944][    C1] sched: RT throttling activated
[  143.639199][ T6030] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  143.650678][ T6030] BTRFS info (device loop2): enabling auto defrag
[  143.664482][ T6030] BTRFS info (device loop2): use no compression
[  143.682482][ T6030] BTRFS info (device loop2): force clearing of disk cache
[  143.734256][ T5091] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  143.815399][ T6030] BTRFS info (device loop2): max_inline at 4096
[  143.821756][ T6030] BTRFS info (device loop2): disabling free space tree
[  143.918066][ T6030] BTRFS info (device loop2): has skinny extents
[  143.935826][ T6069] loop5: detected capacity change from 0 to 262144
[  144.014162][ T4242] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  144.052555][ T6069] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop5 scanned by syz.5.488 (6069)
[  144.074247][ T5091] usb 7-1: Using ep0 maxpacket: 16
[  144.232754][ T5091] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  144.250687][ T5091] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  144.264011][ T4242] usb 2-1: Using ep0 maxpacket: 8
[  144.271864][ T5091] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  144.295332][ T5091] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.338020][ T5091] usb 7-1: config 0 descriptor??
[  144.384248][ T4242] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  144.403412][ T4242] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  144.422823][ T4242] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  144.443995][ T4242] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  144.456072][    C0] vkms_vblank_simulate: vblank timer overrun
[  144.470117][ T4242] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  144.486597][ T4242] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  144.508309][ T4242] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.580843][ T6069] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm
[  144.590183][ T6030] BTRFS error (device loop2): open_ctree failed: -12
[  144.591506][ T6069] BTRFS info (device loop5): using free space tree
[  144.603810][ T6069] BTRFS info (device loop5): has skinny extents
[  144.610558][ T6069] BTRFS info (device loop5): flagging fs with big metadata feature
[  144.721689][ T4300] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by udevd (4300)
[  144.857515][ T5091] corsair 0003:1B1C:1B02.000B: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.6-1/input0
[  144.881465][ T6132] netlink: 8 bytes leftover after parsing attributes in process `syz.2.496'.
[  144.961572][ T5883] BTRFS warning (device loop5): checksum verify failed on 30654464 wanted 0x6191332ca3bfabbd found 0x1eb22ab8dd59a02d level 0
[  145.002227][ T6069] BTRFS info (device loop5): read error corrected: ino 0 off 30654464 (dev /dev/loop5 sector 76256)
[  145.014701][ T6069] BTRFS info (device loop5): read error corrected: ino 0 off 30658560 (dev /dev/loop5 sector 76264)
[  145.032434][ T6069] BTRFS info (device loop5): read error corrected: ino 0 off 30662656 (dev /dev/loop5 sector 76272)
[  145.055579][ T6069] BTRFS info (device loop5): read error corrected: ino 0 off 30666752 (dev /dev/loop5 sector 76280)
[  145.074402][ T5091] corsair 0003:1B1C:1B02.000B: Read invalid backlight brightness: f0.
[  145.114071][ T6069] BTRFS info (device loop5): enabling ssd optimizations
[  145.155504][ T6096] loop4: detected capacity change from 0 to 32768
[  145.271382][ T6096] XFS (loop4): Mounting V5 Filesystem
[  145.307533][ T5091] usb 7-1: USB disconnect, device number 2
[  145.404579][ T6155] usbtmc 2-1:16.0: simple usb_control_msg failed -32
[  145.435303][ T6143] fido_id[6143]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  145.640308][ T6157] netlink: 4 bytes leftover after parsing attributes in process `syz.2.500'.
[  145.728007][ T6159] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  145.811766][ T4303] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 9 /dev/loop5 scanned by udevd (4303)
[  145.813659][ T6118] usb 2-1: USB disconnect, device number 6
[  145.843136][ T6096] XFS (loop4): Ending clean mount
[  145.966056][ T4195] XFS (loop4): Unmounting Filesystem
[  146.632859][ T6172] loop5: detected capacity change from 0 to 40427
[  146.695186][ T6172] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  146.703329][ T6172] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  146.778560][ T6172] F2FS-fs (loop5): Found nat_bits in checkpoint
[  146.794246][ T4189] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  146.952187][ T6172] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  146.971735][ T6172] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  147.054165][ T4189] usb 5-1: Using ep0 maxpacket: 16
[  147.174468][ T4189] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  147.204484][ T4189] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  147.228258][ T4189] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  147.249354][ T6196] device veth0 entered promiscuous mode
[  147.266966][ T6198] loop1: detected capacity change from 0 to 512
[  147.275934][ T6195] device veth0 left promiscuous mode
[  147.354425][ T6198] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  147.412755][ T6198] EXT4-fs (loop1): 1 truncate cleaned up
[  147.414847][ T4189] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  147.438495][ T4189] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.458783][ T4189] usb 5-1: Product: syz
[  147.463098][ T4189] usb 5-1: Manufacturer: syz
[  147.467668][ T6198] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,jqfmt=vfsold,minixdf,quota,,errors=continue. Quota mode: writeback.
[  147.489745][ T4189] usb 5-1: SerialNumber: syz
[  147.689111][ T6208] loop6: detected capacity change from 0 to 128
[  147.984344][ T4189] usb 5-1: 0:2 : does not exist
[  148.247950][ T6221] pimreg: tun_chr_ioctl cmd 1074025677
[  148.281335][ T6221] pimreg: linktype set to 769
[  148.300765][ T6227] pimreg: tun_chr_ioctl cmd 2147767506
[  148.638293][ T4189] usb 5-1: USB disconnect, device number 6
[  148.733602][ T6240] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead.
[  148.751924][    C0] vkms_vblank_simulate: vblank timer overrun
[  148.780598][ T6246] loop5: detected capacity change from 0 to 512
[  148.881836][ T6246] EXT4-fs (loop5): Ignoring removed mblk_io_submit option
[  148.909303][ T6246] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  148.969803][ T6246] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=b002c118, mo2=0002]
[  148.984154][ T6246] System zones: 1-12
[  148.995541][ T6246] EXT4-fs error (device loop5): ext4_iget_extra_inode:4566: inode #15: comm syz.5.529: corrupted in-inode xattr
[  149.044012][ T4242] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  149.100414][ T6246] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.529: couldn't read orphan inode 15 (err -117)
[  149.201015][ T6246] EXT4-fs (loop5): mounted filesystem without journal. Opts: jqfmt=vfsold,data_err=abort,debug,noload,mblk_io_submit,commit=0x0000000000000005,init_itable=0x0000000000000601,debug,,errors=continue. Quota mode: none.
[  149.404237][ T4242] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  149.430604][ T4242] usb 2-1: config 0 interface 0 has no altsetting 0
[  149.440542][ T4242] usb 2-1: New USB device found, idVendor=17ef, idProduct=60a3, bcdDevice= 0.00
[  149.450115][ T4242] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.459355][    C0] vkms_vblank_simulate: vblank timer overrun
[  149.504950][ T4243] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  149.512674][ T4242] usb 2-1: config 0 descriptor??
[  149.750898][ T6280] capability: warning: `syz.4.541' uses 32-bit capabilities (legacy support in use)
[  149.836460][ T6285] Zero length message leads to an empty skb
[  149.889271][ T4243] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  149.915818][ T4243] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  149.943693][ T4243] usb 7-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  149.953646][ T4243] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.977423][ T4243] usb 7-1: config 0 descriptor??
[  149.997769][ T4242] lenovo 0003:17EF:60A3.000C: unbalanced collection at end of report description
[  150.014758][ T6291] netlink: 4 bytes leftover after parsing attributes in process `syz.5.547'.
[  150.018888][ T6289] loop4: detected capacity change from 0 to 4096
[  150.032085][ T4242] lenovo 0003:17EF:60A3.000C: hid_parse failed
[  150.042471][ T4242] lenovo: probe of 0003:17EF:60A3.000C failed with error -22
[  150.157521][ T6293] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  150.181882][ T6289] NILFS error (device loop4): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  150.198439][ T4189] usb 2-1: USB disconnect, device number 7
[  150.208317][ T6294] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  150.251592][ T6289] NILFS (loop4): mounting fs with errors
[  150.337225][   T26] audit: type=1800 audit(1770864025.633:13): pid=6289 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.546" name="file1" dev="loop4" ino=15 res=0 errno=0
[  150.506595][ T4243] isku 0003:1E7D:319C.000D: invalid report_count 23075
[  150.524722][ T4243] isku 0003:1E7D:319C.000D: item 0 2 1 9 parsing failed
[  150.548937][ T4243] isku 0003:1E7D:319C.000D: parse failed
[  150.574224][ T4243] isku: probe of 0003:1E7D:319C.000D failed with error -22
[  150.620948][ T6306] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  150.754111][ T6310] loop2: detected capacity change from 0 to 512
[  150.786731][ T4242] usb 7-1: USB disconnect, device number 3
[  150.807870][ T6310] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  150.837790][ T6314] netlink: 'syz.4.557': attribute type 12 has an invalid length.
[  150.870812][ T6314] netlink: 'syz.4.557': attribute type 29 has an invalid length.
[  150.897501][ T6310] EXT4-fs (loop2): 1 truncate cleaned up
[  150.904383][ T6314] netlink: 148 bytes leftover after parsing attributes in process `syz.4.557'.
[  150.957942][ T6320] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-61)
[  150.974311][ T6310] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  151.206793][ T6328] Invalid ELF header magic: != ELF
[  151.333389][ T6333] loop4: detected capacity change from 0 to 512
[  151.394151][ T4242] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  151.764475][ T4242] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  151.778817][ T4242] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  151.789286][ T4242] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  151.804454][ T4242] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  151.816441][ T4242] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.854332][ T4242] usb 6-1: config 0 descriptor??
[  151.995569][ T6163] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  152.250815][ T6363] loop1: detected capacity change from 0 to 2048
[  152.304249][ T6163] usb 7-1: Using ep0 maxpacket: 16
[  152.337174][ T4242] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  152.356364][ T4242] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  152.390257][ T4242] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  152.424031][ T4242] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  152.443549][ T4242] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  152.454393][ T6163] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  152.474477][ T4242] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  152.477987][ T6163] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3
[  152.498760][ T4242] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[  152.547689][ T4242] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  152.638870][ T6119] usb 6-1: USB disconnect, device number 5
[  152.695176][ T6163] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  152.718661][ T6163] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.746687][ T6163] usb 7-1: Product: syz
[  152.789530][ T6370] fido_id[6370]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  152.828684][ T6163] usb 7-1: Manufacturer: syz
[  152.833476][ T6163] usb 7-1: SerialNumber: syz
[  153.224320][ T6163] usb 7-1: 0:2 : does not exist
[  153.229277][ T6389] netlink: 20 bytes leftover after parsing attributes in process `syz.2.584'.
[  153.268636][ T6163] usb 7-1: USB disconnect, device number 4
[  153.352411][ T6397] loop1: detected capacity change from 0 to 1024
[  153.510670][ T6397] hfsplus: unable to load nls mapping "cp43²ô΃ÍMn[™ªñ¶>7"
[  153.526821][ T4303] udevd[4303]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  153.549967][ T6397] hfsplus: unable to parse mount options
[  153.911599][ T6423] netlink: 12 bytes leftover after parsing attributes in process `syz.2.593'.
[  154.374295][ T6119] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  154.538862][  T144] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.642554][  T144] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.808549][  T144] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.822117][ T6119] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  154.859693][ T6119] usb 6-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  154.889823][ T6119] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.951135][ T6119] usb 6-1: config 0 descriptor??
[  154.994467][ T6435] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  155.040369][  T144] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  155.487372][ T6119] elan 0003:04F3:0755.000F: unknown main item tag 0x1
[  155.536733][ T6119] elan 0003:04F3:0755.000F: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.5-1/input0
[  155.689867][ T6435] elan 0003:04F3:0755.000F: pid 6435 passed too short report
[  155.760538][ T6495] loop4: detected capacity change from 0 to 128
[  155.771290][ T4189] usb 6-1: USB disconnect, device number 6
[  155.851197][ T6492] fido_id[6492]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  156.026638][ T6479] chnl_net:caif_netlink_parms(): no params data found
[  156.035370][ T6495] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  156.047009][ T6495] ext4 filesystem being mounted at /116/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  156.199534][ T6483] loop1: detected capacity change from 0 to 40427
[  156.357146][ T6483] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x1ffff
[  156.411124][ T6483] F2FS-fs (loop1): invalid crc value
[  156.493798][ T6483] F2FS-fs (loop1): Found nat_bits in checkpoint
[  156.520126][ T6479] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.559608][ T6479] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.570989][ T6479] device bridge_slave_0 entered promiscuous mode
[  156.602766][ T6479] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.618824][ T6479] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.667604][ T6479] device bridge_slave_1 entered promiscuous mode
[  156.738445][ T6483] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  156.761431][ T6479] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  156.784218][ T6162] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  156.805263][ T6479] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  156.912100][ T6483] attempt to access beyond end of device
[  156.912100][ T6483] loop1: rw=2049, want=45104, limit=40427
[  156.968165][ T6483] attempt to access beyond end of device
[  156.968165][ T6483] loop1: rw=2049, want=77952, limit=40427
[  156.995571][ T6479] team0: Port device team_slave_0 added
[  157.005420][ T6483] attempt to access beyond end of device
[  157.005420][ T6483] loop1: rw=2049, want=45104, limit=40427
[  157.027037][ T6479] team0: Port device team_slave_1 added
[  157.094332][ T6162] usb 5-1: Using ep0 maxpacket: 8
[  157.115791][ T4186] attempt to access beyond end of device
[  157.115791][ T4186] loop1: rw=2049, want=45112, limit=40427
[  157.172993][ T6479] batman_adv: batadv0: Adding interface: batadv_slave_0
[  157.181474][ T6479] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.213764][ T6479] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  157.236559][ T6479] batman_adv: batadv0: Adding interface: batadv_slave_1
[  157.246260][ T6162] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  157.268585][ T6162] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  157.280646][ T6479] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  157.318936][ T6162] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  157.341287][ T6162] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  157.346408][ T3162] Bluetooth: hci0: command 0x0409 tx timeout
[  157.356852][ T6479] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  157.379039][ T6162] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  157.414039][ T6162] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  157.484466][  T144] device hsr_slave_0 left promiscuous mode
[  157.533550][  T144] device hsr_slave_1 left promiscuous mode
[  157.553570][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  157.571797][  T144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  157.582394][  T144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  157.591624][  T144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  157.620652][  T144] device bridge_slave_1 left promiscuous mode
[  157.641705][  T144] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.703022][  T144] device bridge_slave_0 left promiscuous mode
[  157.721282][  T144] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.752526][  T144] device veth1_macvtap left promiscuous mode
[  157.775288][ T6162] usb 5-1: GET_CAPABILITIES returned 0
[  157.792832][  T144] device veth0_macvtap left promiscuous mode
[  157.799261][ T6162] usbtmc 5-1:16.0: can't read capabilities
[  157.806133][  T144] device veth1_vlan left promiscuous mode
[  157.813279][  T144] device veth0_vlan left promiscuous mode
[  157.899419][ T6548] loop5: detected capacity change from 0 to 128
[  157.981753][ T6553] loop2: detected capacity change from 0 to 256
[  158.034830][ T6553] exfat: Deprecated parameter 'namecase'
[  158.041286][ T6548] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  158.081624][ T6548] hpfs: filesystem error: improperly stopped
[  158.106919][ T6162] usb 5-1: USB disconnect, device number 7
[  158.126103][ T6548] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  158.154912][ T6553] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d)
[  158.177594][ T6548] hpfs: You really don't want any checks? You are crazy...
[  158.215451][ T6548] hpfs: hpfs_map_sector(): read error
[  158.262005][ T6548] hpfs: code page support is disabled
[  158.280677][ T6548] hpfs: hpfs_map_4sectors(): unaligned read
[  158.307230][ T6548] hpfs: hpfs_map_4sectors(): unaligned read
[  158.334110][ T6548] hpfs: filesystem error: unable to find root dir
[  158.877903][ T6551] loop1: detected capacity change from 0 to 32768
[  158.965096][ T6551] (syz.1.624,6551,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  159.022560][ T6551] (syz.1.624,6551,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  159.112599][ T6551] JBD2: Ignoring recovery information on journal
[  159.234862][ T6551] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  159.339670][  T144] team0 (unregistering): Port device team_slave_1 removed
[  159.384758][  T144] team0 (unregistering): Port device team_slave_0 removed
[  159.413417][  T144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  159.426435][ T4189] Bluetooth: hci0: command 0x041b tx timeout
[  159.461833][  T144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  159.570330][ T6575] loop5: detected capacity change from 0 to 32768
[  159.609293][ T4186] ocfs2: Unmounting device (7,1) on (node local)
[  159.670965][ T6575] JBD2: Ignoring recovery information on journal
[  159.677863][ T6583] block nbd2: NBD_DISCONNECT
[  159.711272][ T6581] block nbd2: Disconnected due to user request.
[  159.749464][ T6581] block nbd2: shutting down sockets
[  159.787228][  T144] bond0 (unregistering): Released all slaves
[  159.825772][ T6575] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  159.991732][   T26] audit: type=1800 audit(1770864035.283:14): pid=6575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.634" name="file0" dev="loop5" ino=17058 res=0 errno=0
[  160.055354][ T6479] device hsr_slave_0 entered promiscuous mode
[  160.099391][ T6593] loop4: detected capacity change from 0 to 512
[  160.106057][ T6479] device hsr_slave_1 entered promiscuous mode
[  160.250084][ T6593] EXT4-fs (loop4): Ignoring removed mblk_io_submit option
[  160.268764][ T6593] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  160.366545][ T6593] EXT4-fs (loop4): 1 truncate cleaned up
[  160.372576][ T6593] EXT4-fs (loop4): mounted filesystem without journal. Opts: minixdf,max_dir_size_kb=0x0000000000000203,mblk_io_submit,noblock_validity,debug_want_extra_isize=0x0000000000000006,,errors=continue. Quota mode: none.
[  160.525656][ T6575] syz.5.634 (6575) used greatest stack depth: 18328 bytes left
[  160.625423][ T6611] EXT4-fs (loop4): shut down requested (2)
[  160.790297][ T4645] ocfs2: Unmounting device (7,5) on (node local)
[  161.028202][ T6479] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  161.059772][ T6607] loop1: detected capacity change from 0 to 32768
[  161.142992][ T6479] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  161.191839][ T6479] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  161.235889][ T6607] (syz.1.642,6607,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  161.277858][ T6479] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  161.306163][ T6607] (syz.1.642,6607,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  161.430112][ T6607] JBD2: Ignoring recovery information on journal
[  161.504194][ T4243] Bluetooth: hci0: command 0x040f tx timeout
[  161.557281][ T6479] 8021q: adding VLAN 0 to HW filter on device bond0
[  161.585219][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  161.594503][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  161.626369][ T6479] 8021q: adding VLAN 0 to HW filter on device team0
[  161.631142][ T6607] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  161.717739][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  161.739305][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  161.759704][ T6648] loop5: detected capacity change from 0 to 256
[  161.766836][ T4242] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  161.775744][ T4265] bridge0: port 1(bridge_slave_0) entered blocking state
[  161.782996][ T4265] bridge0: port 1(bridge_slave_0) entered forwarding state
[  161.832225][ T6648] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  161.850699][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  161.890916][ T6648] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  161.903435][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  161.932640][ T6648] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  161.944865][ T4265] bridge0: port 2(bridge_slave_1) entered blocking state
[  161.944955][ T4265] bridge0: port 2(bridge_slave_1) entered forwarding state
[  161.947258][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  161.978758][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  162.021421][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  162.047488][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  162.079968][ T4186] ocfs2: Unmounting device (7,1) on (node local)
[  162.101744][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  162.131427][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  162.153417][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  162.166001][ T4242] usb 5-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  162.199289][ T4242] usb 5-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 13
[  162.225314][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  162.251198][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  162.294993][ T4242] usb 5-1: config 0 interface 0 has no altsetting 0
[  162.305326][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  162.324039][ T4242] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.00
[  162.348883][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  162.364502][ T4242] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  162.383061][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  162.414945][ T4242] usb 5-1: config 0 descriptor??
[  162.455807][ T6479] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  162.900078][ T4242] cmedia_hs100b 0003:0D8C:0014.0010: hidraw0: USB HID v0.00 Device [HID 0d8c:0014] on usb-dummy_hcd.4-1/input0
[  163.051969][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  163.106874][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  163.132220][ T6163] usb 5-1: USB disconnect, device number 8
[  163.140062][ T5096] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  163.160496][ T6479] 8021q: adding VLAN 0 to HW filter on device batadv0
[  163.196479][ T6684] fido_id[6684]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory
[  163.434758][ T5096] usb 3-1: Using ep0 maxpacket: 8
[  163.584179][ T4189] Bluetooth: hci0: command 0x0419 tx timeout
[  163.596539][ T5096] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  163.616648][ T5096] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  163.647034][ T5096] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  163.668067][ T6708] sctp: [Deprecated]: syz.5.664 (pid 6708) Use of int in max_burst socket option deprecated.
[  163.668067][ T6708] Use struct sctp_assoc_value instead
[  163.714119][ T5096] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  163.744351][ T5096] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  163.805090][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  163.813354][ T5096] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  163.828091][ T6711] loop4: detected capacity change from 0 to 256
[  163.840357][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  163.875608][ T5096] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.903393][ T1152] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  163.949492][ T6711] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  163.961810][ T1152] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  163.991888][ T6711] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  164.004681][ T1152] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  164.040606][ T6711] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  164.054472][ T1152] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  164.092673][ T6479] device veth0_vlan entered promiscuous mode
[  164.148901][ T6479] device veth1_vlan entered promiscuous mode
[  164.184150][ T5096] usb 3-1: GET_CAPABILITIES returned 0
[  164.190345][ T5096] usbtmc 3-1:16.0: can't read capabilities
[  164.255855][ T5883] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  164.270367][ T5883] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  164.334919][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  164.370757][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  164.422229][ T6162] usb 3-1: USB disconnect, device number 6
[  164.433062][ T6479] device veth0_macvtap entered promiscuous mode
[  164.503508][ T6479] device veth1_macvtap entered promiscuous mode
[  164.609689][ T6479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.644453][ T6479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.697506][ T6479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.733425][ T6699] loop1: detected capacity change from 0 to 40427
[  164.740700][ T6479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.774276][ T6479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.799546][ T6479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.820267][ T6479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  164.850070][ T6479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  164.873615][ T6479] batman_adv: batadv0: Interface activated: batadv_slave_0
[  164.935147][ T5883] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  164.946928][ T5883] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  164.964725][ T6699] F2FS-fs (loop1): invalid crc value
[  164.976932][ T6699] F2FS-fs (loop1): Found nat_bits in checkpoint
[  165.005955][ T5883] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  165.065690][ T5883] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  165.106964][ T6479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.155797][ T6479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.178256][ T6699] F2FS-fs (loop1): Start checkpoint disabled!
[  165.197132][ T6479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.238494][ T6479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.260880][ T6699] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  165.316295][ T6479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.353349][ T6699] attempt to access beyond end of device
[  165.353349][ T6699] loop1: rw=2049, want=45104, limit=40427
[  165.369778][ T6479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.396583][ T6479] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  165.416277][ T6479] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  165.490264][ T6479] batman_adv: batadv0: Interface activated: batadv_slave_1
[  165.544444][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  165.559745][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  165.614095][ T6479] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  165.637867][ T6479] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  165.658339][ T6479] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  165.700082][ T6479] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  165.754639][ T4265] attempt to access beyond end of device
[  165.754639][ T4265] loop1: rw=2049, want=40976, limit=40427
[  165.976894][ T4265] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.014146][ T4265] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.044583][ T4265] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  166.152625][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  166.203954][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  166.218326][ T4309] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  166.987691][ T6761] loop2: detected capacity change from 0 to 32768
[  167.061649][ T6761] (syz.2.677,6761,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  167.131370][ T6761] (syz.2.677,6761,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  167.218456][ T6761] JBD2: Ignoring recovery information on journal
[  167.357698][ T6761] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  167.371313][ T6781] loop7: detected capacity change from 0 to 32768
[  167.472437][ T6781] JBD2: Ignoring recovery information on journal
[  167.665447][ T6781] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  167.682789][ T6802] netlink: 28 bytes leftover after parsing attributes in process `syz.4.685'.
[  167.692085][ T6162] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  167.720124][ T4187] ocfs2: Unmounting device (7,2) on (node local)
[  167.789110][   T26] audit: type=1800 audit(1770864043.083:15): pid=6781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.681" name="file0" dev="loop7" ino=17058 res=0 errno=0
[  168.134220][ T6162] usb 6-1: config 0 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  168.160136][ T6162] usb 6-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 13
[  168.234298][ T6162] usb 6-1: config 0 interface 0 has no altsetting 0
[  168.238125][ T6479] 
[  168.243408][ T6479] ======================================================
[  168.250450][ T6479] WARNING: possible circular locking dependency detected
[  168.257588][ T6479] syzkaller #0 Not tainted
[  168.262053][ T6479] ------------------------------------------------------
[  168.269086][ T6479] syz-executor/6479 is trying to acquire lock:
[  168.272097][ T6162] usb 6-1: New USB device found, idVendor=0d8c, idProduct=0014, bcdDevice= 0.00
[  168.275264][ T6479] ffff88805c3ac2c8 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8){+.+.}-{3:3}, at: __ocfs2_flush_truncate_log+0x357/0x1110
[  168.297571][ T6479] 
[  168.297571][ T6479] but task is already holding lock:
[  168.305044][ T6479] ffff88805c3b2648 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}, at: ocfs2_flush_truncate_log+0x43/0x60
[  168.318407][ T6479] 
[  168.318407][ T6479] which lock already depends on the new lock.
[  168.318407][ T6479] 
[  168.321598][ T6162] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  168.329041][ T6479] 
[  168.329041][ T6479] the existing dependency chain (in reverse order) is:
[  168.329050][ T6479] 
[  168.329050][ T6479] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}:
[  168.329087][ T6479]        down_write+0x38/0x60
[  168.329113][ T6479]        __ocfs2_move_extents_range+0x1a5f/0x35d0
[  168.329137][ T6479]        ocfs2_move_extents+0x3ad/0x9c0
[  168.329156][ T6479]        ocfs2_ioctl_move_extents+0x523/0x6c0
[  168.329177][ T6479]        ocfs2_ioctl+0x31f/0x7a0
[  168.329193][ T6479]        __se_sys_ioctl+0xfa/0x170
[  168.329209][ T6479]        do_syscall_64+0x4c/0xa0
[  168.395493][ T6479]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  168.402032][ T6479] 
[  168.402032][ T6479] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8){+.+.}-{3:3}:
[  168.412585][ T6479]        __lock_acquire+0x2c42/0x7d10
[  168.417992][ T6479]        lock_acquire+0x19e/0x400
[  168.423048][ T6479]        down_write+0x38/0x60
[  168.427759][ T6479]        __ocfs2_flush_truncate_log+0x357/0x1110
[  168.434168][ T6479]        ocfs2_flush_truncate_log+0x4b/0x60
[  168.440093][ T6479]        ocfs2_sync_fs+0x119/0x330
[  168.445237][ T6479]        sync_filesystem+0x1be/0x220
[  168.450550][ T6479]        generic_shutdown_super+0x6b/0x300
[  168.456382][ T6479]        kill_block_super+0x7c/0xe0
[  168.461606][ T6479]        deactivate_locked_super+0x93/0xf0
[  168.467456][ T6479]        cleanup_mnt+0x42d/0x4e0
[  168.472440][ T6479]        task_work_run+0x125/0x1a0
[  168.477667][ T6479]        exit_to_user_mode_loop+0x10f/0x130
[  168.483588][ T6479]        exit_to_user_mode_prepare+0xee/0x180
[  168.490477][ T6479]        syscall_exit_to_user_mode+0x16/0x40
[  168.496523][ T6479]        do_syscall_64+0x58/0xa0
[  168.501500][ T6479]        entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  168.504974][ T6162] usb 6-1: config 0 descriptor??
[  168.507948][ T6479] 
[  168.507948][ T6479] other info that might help us debug this:
[  168.507948][ T6479] 
[  168.507956][ T6479]  Possible unsafe locking scenario:
[  168.507956][ T6479] 
[  168.530695][ T6479]        CPU0                    CPU1
[  168.536621][ T6479]        ----                    ----
[  168.542013][ T6479]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7);
[  168.549552][ T6479]                                lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8);
[  168.559543][ T6479]                                lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7);
[  168.569382][ T6479]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#8);
[  168.576708][ T6479] 
[  168.576708][ T6479]  *** DEADLOCK ***
[  168.576708][ T6479] 
[  168.584963][ T6479] 2 locks held by syz-executor/6479:
[  168.590364][ T6479]  #0: ffff888073eba0e0 (&type->s_umount_key#70){+.+.}-{3:3}, at: deactivate_super+0xa0/0xd0
[  168.600694][ T6479]  #1: ffff88805c3b2648 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#7){+.+.}-{3:3}, at: ocfs2_flush_truncate_log+0x43/0x60
[  168.614231][ T6479] 
[  168.614231][ T6479] stack backtrace:
[  168.620155][ T6479] CPU: 1 PID: 6479 Comm: syz-executor Not tainted syzkaller #0
[  168.627725][ T6479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026
[  168.637819][ T6479] Call Trace:
[  168.641122][ T6479]  <TASK>
[  168.644085][ T6479]  dump_stack_lvl+0x188/0x250
[  168.648886][ T6479]  ? load_image+0x400/0x400
[  168.653532][ T6479]  ? show_regs_print_info+0x20/0x20
[  168.658797][ T6479]  ? print_circular_bug+0x12b/0x1a0
[  168.664032][ T6479]  check_noncircular+0x296/0x330
[  168.669025][ T6479]  ? add_chain_block+0x940/0x940
[  168.674036][ T6479]  ? lockdep_lock+0xf1/0x1f0
[  168.678673][ T6479]  ? mark_lock+0x94/0x320
[  168.683020][ T6479]  ? _find_first_zero_bit+0xce/0xf0
[  168.688258][ T6479]  __lock_acquire+0x2c42/0x7d10
[  168.693150][ T6479]  ? verify_lock_unused+0x140/0x140
[  168.698374][ T6479]  ? __mutex_unlock_slowpath+0x1b0/0x6c0
[  168.704052][ T6479]  ? do_raw_spin_lock+0x128/0x2f0
[  168.709148][ T6479]  ? mutex_unlock+0x10/0x10
[  168.713689][ T6479]  ? __rwlock_init+0x140/0x140
[  168.718483][ T6479]  ? do_raw_spin_unlock+0x11d/0x230
[  168.723722][ T6479]  lock_acquire+0x19e/0x400
[  168.728265][ T6479]  ? __ocfs2_flush_truncate_log+0x357/0x1110
[  168.734282][ T6479]  ? __wake_up+0x11c/0x180
[  168.738736][ T6479]  ? __might_sleep+0xf0/0xf0
[  168.743354][ T6479]  ? read_lock_is_recursive+0x10/0x10
[  168.748757][ T6479]  ? __bpf_trace_jbd2_shrink_checkpoint_list+0x50/0x50
[  168.755641][ T6479]  down_write+0x38/0x60
[  168.759825][ T6479]  ? __ocfs2_flush_truncate_log+0x357/0x1110
[  168.765835][ T6479]  __ocfs2_flush_truncate_log+0x357/0x1110
[  168.771689][ T6479]  ? ocfs2_truncate_log_needs_flush+0x300/0x300
[  168.777986][ T6479]  ? ocfs2_sync_fs+0xe1/0x330
[  168.782725][ T6479]  ? rwsem_write_trylock+0x135/0x1c0
[  168.788043][ T6479]  ? clear_nonspinnable+0x60/0x60
[  168.793118][ T6479]  ? __rwlock_init+0x140/0x140
[  168.797918][ T6479]  ocfs2_flush_truncate_log+0x4b/0x60
[  168.803355][ T6479]  ocfs2_sync_fs+0x119/0x330
[  168.807987][ T6479]  ? ocfs2_put_super+0x1b0/0x1b0
[  168.812960][ T6479]  ? get_nr_dirty_inodes+0x248/0x2d0
[  168.818283][ T6479]  sync_filesystem+0x1be/0x220
[  168.823085][ T6479]  generic_shutdown_super+0x6b/0x300
[  168.828403][ T6479]  kill_block_super+0x7c/0xe0
[  168.833115][ T6479]  deactivate_locked_super+0x93/0xf0
[  168.838434][ T6479]  cleanup_mnt+0x42d/0x4e0
[  168.842987][ T6479]  ? lockdep_hardirqs_on+0x94/0x140
[  168.848239][ T6479]  task_work_run+0x125/0x1a0
[  168.853037][ T6479]  exit_to_user_mode_loop+0x10f/0x130
[  168.858444][ T6479]  exit_to_user_mode_prepare+0xee/0x180
[  168.864020][ T6479]  syscall_exit_to_user_mode+0x16/0x40
[  168.869515][ T6479]  do_syscall_64+0x58/0xa0
[  168.873961][ T6479]  ? clear_bhb_loop+0x30/0x80
[  168.878665][ T6479]  ? clear_bhb_loop+0x30/0x80
[  168.883364][ T6479]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  168.889295][ T6479] RIP: 0033:0x7fda59d931d7
[  168.893735][ T6479] Code: a2 c7 05 bc e3 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  168.913563][ T6479] RSP: 002b:00007ffefd84ed98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  168.922021][ T6479] RAX: 0000000000000000 RBX: 00007fda59e27c3b RCX: 00007fda59d931d7
[  168.930030][ T6479] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffefd84ee50
[  168.938055][ T6479] RBP: 00007ffefd84ee50 R08: 00007ffefd84fe50 R09: 00000000ffffffff
[  168.946068][ T6479] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffefd84fee0
[  168.954076][ T6479] R13: 00007fda59e27c3b R14: 000000000002906f R15: 00007ffefd84ff20
[  168.962175][ T6479]  </TASK>
[  169.068903][ T6479] ocfs2: Unmounting device (7,7) on (node local)
[  169.088145][ T6162] cmedia_hs100b 0003:0D8C:0014.0011: hidraw0: USB HID v0.00 Device [HID 0d8c:0014] on usb-dummy_hcd.5-1/input0
[  169.340100][ T6162] usb 6-1: USB disconnect, device number 7