last executing test programs:

1m34.337189711s ago: executing program 3 (id=328):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f00000000c0)={0x0, 0x4, 0x5, 0x7, 0x6, 0x4, 0x49, 0x0, 0x1, 0xde, 0x0, 0x10}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, &(0x7f0000000140)={r1, @in6={{0xa, 0x4e21, 0x9, @remote, 0x7}}, [0x9, 0x9, 0xdd0, 0x10000, 0x200, 0x0, 0x5, 0xe37a, 0x53, 0x81, 0x6, 0x1000, 0x9, 0x789, 0x2]}, &(0x7f0000000040)=0x100)

1m34.111179421s ago: executing program 3 (id=331):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000080)=0x7, 0x4)
syz_emit_ethernet(0x4a, &(0x7f00000023c0)={@multicast, @remote, @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@ipv4={0x800, @udp={{0xc, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0xc7, 0x11, 0x0, @empty, @empty, {[@rr={0x7, 0x1b, 0x13, [@private=0xa010100, @remote, @local, @dev={0xac, 0x14, 0x14, 0x41}, @initdev={0xac, 0x1e, 0x1, 0x0}, @local]}]}}, {0x1, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r0, &(0x7f00000036c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0)

1m33.875724431s ago: executing program 3 (id=333):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r1, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r1, 0x80)

1m33.386922244s ago: executing program 3 (id=337):
syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000100)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000001940)=ANY=[], 0x1, 0xc25, &(0x7f0000002580)="$eJzs3V9oXNl9B/DfmStZY22aaLOJN2mz6UBKYpTa+F9sBZcgZxW1AccbIit0n6LRHzvDyiMjyY03bYPakhb6ErovpS9FNF1ayEPpQ7ePVZotJJRCCXlIHwqCJss+9EEPgdKWjcK9c0Ya2fJau15ZsvfzMePvnTu/OzrnntGdO6AzNwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiM9+7tKp0+mgWwEAPExXJr506myKgYNuBwDw8Fz1+R8AAAAAAAAAAAAAAA67FEUcixSDr2ykqep+R/1yq33r9uTY+O6bHU2RohZFVV/e6qfPnD33qfMXRrr55tu/0z4cz01cvdR4duHGzcW5paW52cZkuzWzMDu352d40O3vNFztgMaNF27NXru21Dhz8uyOh28PvTbwxLGhixdOnB/p1k6OjY9P9NT09b/tn36Xe83wOBJFNCPFG0Ovp2ZE1OLB98V9Xjv77WjVieGqE5Nj41VH5lvN9nL5YKrlqlpEo2ej0e4+eghj8UBGI1bK5pcNHi67N3Gzudicnp9rfLG5uNxabi20U63T2rI/jajFSIpYjYj1XSb59kcRH40UL53aSNMRUXT3wyericH3b09tH/q4B2U7G/0Rq7VHYMwOsYEo4kqk+Nmrx2Om3Gf5Fh+P+EKZr0S8XOZnIlL5wjgX8VOTxR8bfVHEv0WKhbSRZqvjQfe4cvnLjc+3ry301HaPK4/8+8PDdMiPTfUoYro64m+kt3+yAwAAAAAAAAAAAAAAAMA77WgU8e1I8UfP/E41rziqeenvuzjynud/s3fO+NP3eZ6y9mRErNT2Nie3P08dTrXy3z50jD2pRxHfyPP//uCgGwMAAAAAAAAAAAAAAAAAAPCuVsTzkeIrJ46n1aiu/XskqmuKt9rXG1eb0/Odq8J2r/3bvWb65ubmZiN1cjTnVM6VnKs513Ku54xa3j7naM6pnCs5V3Ou5VzPGUXePudozqmcKzlXc67lXM8ZfXn7nKM5p3Ku5FzNuZZzPWcckmv3AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8TmpRxM8jxbe+tpEiRcRoxFR0cm3goFsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJTqqYiTkWLt+Xp1f7UWcTUifr65udm9RcRGmQ/qoPsKAAAAAAAAAAAAAAAAAAAAh1Yq4mOR4qn/20iNiLg99NrAE8eGLl44cX6kiCJSWdJb/9zE1UuNZxdu3FycW1qam21MtlszC7Nze/1x9cut9q3bk2Pj+9KZ+zq6z+0/Wn924eaLi63rX13e9fHB+qXppeXF5szuD8fRqEVM9a4Zrho8OTZeNXq+1WxXm6baPRpYixjda2cAAAAAAAAAAAAAAAAAAAA4NAZTEZ+LFD/5z3OpO2+8rzPn/5c694qt2pd/b/u7AObvyK7e7w/Yy3Laa0OHq4n3jcmx8fGJntV9/XeXlm1KqYinI8UnXvpQNR8+xeCuc+PLuveWdTfO5bqhXynrVnZU1Ycnx8YbVxbaJy7Nzy/MNJeb0/NzjYmbzZn8xQEre+0GAAAAAAAAAAAAAAAAAAAA7GYwFfGjSPHff/vvqXvd+Tz/v69zr2f+/29UU+gr9bQzt1Rz+99bze3vLL/v4sjgR5+51/r9mP9ftimlIr4ZKc7+6EPV9fS78/+n7qgt6/4kUrz+zEdyXe1IWdfsdqfzjNda83Onytq/jBS/+ka3Nqra67n2qe3a02Xt0Ujx5xs7a7+aaz+wXXumrD0eKb73X7vXfnC79mxZ+5NI8Y9/0+jWDpa1v5trj23XnpxZmJ+9324tx/87keKvr/xW6vb5nuPf8/0PK3fklrvG/M2X36nxH+pZt5LH9Y/z+DfvM/7nI8V36h/JdZ19P50ff7L6f3v8PxEp/uNfd9Zey7Xv3649vdduHbRy/L8dKb77Fz/e6nMe//74+/+N7RHfOf6/3Lczt14lBzT+T/asG8rtmnnru+NdZ+nFr7/QnJ+fW7RgwYKFrYWDPjLxMJTv/38aKf7/WJG65zH5/f89nXvb53//843t9/+Ld+SWA3r/f3/Puov5rKW/L6K+fONm/9MR9aUXv36idaN5fe76XPvM6VOf/vT506dOn+8/0j25217a8757HJTj/4NI8cO/++HW55it87/K7uf/g3fklgMa/6d6+7TjvGbPu+JdqRz/v4oUT372x1ufN3eO/87z/+7n/+Mf25lbv38HNP4f6Fk3lNvVeov7AgAAAAAAAAAA4FEymIr4s0jx23/466k7h2gvf/83e0duOaC//zrWs272Ic1r2PNOBgA4RMrzvw9Gin/a/P7WXO6d53/xa93a3vO/ezkM1/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBHXYoifj9SDL6ykdYGyvsd9cut9q3bk2Pju292NEWKWhRVfXmrnz5z9tynzl8Y6eabb/9O+3A8N3H1UuPZhRs3F+eWluZmG5Pt1szC7Nyen+FBt7/TcLUDGjdeuDV77dpS48zJszsevj302sATx4YuXjhxfqRTO9CYHBsfn+ip6et/2z/9Luke649EEd+PFG8MvZ6+OxBRiwffF/d57ey3o1UnhqtOTI6NVx2ZbzXby+WDqZarahGNno1Gu/soj9t+jsUDGY1YKZtfNni47N7EzeZic3p+rvHF5uJya7m10E61TmvL/jSiFiMpYjUi1gfufrr+KOKbkeKlUxvpnwciiu5++OSViS+dOnv/9tT2oY97ULaz0R+xWnsExuwQG4gi/iFS/OzV4/G9gYi+6Nzi4xFfKPOViJfL/ExEKl8Y5yJ+usvriEdTXxRxLlIspI306kB5POgeVy5/ufH59rWFntruceWRf394mA75sakeRfygOuJvpH/xew0AAAAAAAAAAAAAAABwiBSxGim+cuJ4quYHb80pbrWvN642p+c70/q6c/+6c6Y3Nzc3G6mTozmncq7kXM25lnM9Z9Ty9jlHc07lXMm5mnMt53rOKPL2OUdzTuVcybmacy3nes7oy9vnHM05lXMl52rOtZzrOeOQzN0DAAAAAAAAAAAAAAAAAAAeL7Uoqqu4f+trG2lzoHN96ano5JrrgT72fhEAAP//gMd2Mw==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0xc0086c43, &(0x7f0000000080)=0x6ff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

1m32.805137576s ago: executing program 3 (id=344):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f0000000100)={{0xeeee8000, 0xeeee0002, 0xc, 0x1, 0x81, 0x0, 0x0, 0x24}, {0x10000, 0x5000, 0xb, 0xfc, 0x8, 0x0, 0x0, 0x0, 0xe, 0x0, 0x5, 0xfc}, {0x3000, 0x8080000, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x4}, {0x80a0000, 0xffff1000, 0xf, 0x0, 0x0, 0x8, 0x0, 0x7}, {0xeeee0000, 0xffff1000, 0xf, 0x2, 0xfe, 0xf0, 0x3, 0x81, 0x58, 0x8, 0x4}, {0x4000, 0x1000, 0x0, 0x3, 0x0, 0xfd, 0xfc, 0x0, 0x0, 0x5, 0xc0, 0x10}, {0x3000, 0x4000, 0x10, 0x8, 0x7, 0xfb, 0xff, 0x7, 0x1a, 0x2, 0x0, 0x2}, {0x0, 0x3000, 0xe, 0x2, 0xff, 0x6e, 0x7, 0xfd, 0x0, 0x9, 0x7, 0x5}, {0x2000, 0xb}, {}, 0x9df9ffdf, 0x0, 0x2, 0xa8, 0x8, 0x8000, 0x2000, [0xdd41, 0x0, 0x2]})
ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000040)={0x0, 0xdddd0000, 0x2, 0x1c, 0x50})

1m32.297824141s ago: executing program 3 (id=350):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r0, &(0x7f0000000980)={'syz1\x00', {0x6, 0xfffc, 0x0, 0xe}, 0x16, [0x8f, 0xfff, 0x0, 0x0, 0x8, 0xc2e5, 0x7, 0x2ff82659, 0x6, 0xf9f5, 0x3, 0x812, 0x9, 0x2, 0xfffffffd, 0x5, 0x9, 0x100, 0x4, 0x8, 0x3, 0x3, 0xff, 0x2, 0xed, 0x6, 0x7, 0x7ff, 0x5, 0x7, 0x5, 0xfffffe00, 0xee, 0x7, 0x4, 0x3, 0x8001, 0x10000, 0x6, 0x6, 0x9, 0xa3, 0xb, 0x2, 0x9, 0x8, 0x9, 0x4, 0x9, 0x3, 0x1b3, 0x0, 0x7, 0x800, 0x85db, 0x0, 0x63cc, 0x2, 0xfffffff0, 0x68d8, 0x0, 0x7, 0x0, 0x3], [0x7fffffff, 0x80000001, 0x1800000, 0x2, 0x1c0000, 0x3, 0x8001, 0x3, 0x3, 0x9, 0x5, 0x0, 0x7, 0x800, 0x65, 0x1, 0xfffffff7, 0x12, 0x95f, 0x0, 0x0, 0x69d8, 0x5, 0x8, 0xc8, 0x802, 0x7, 0xc2, 0x7fff, 0x7, 0x6, 0x9, 0x2, 0x8001, 0x9, 0x10000, 0x7fa8, 0x0, 0x4, 0x9, 0xfbf2, 0x9, 0x3b, 0x1, 0xfffffffa, 0x7ff, 0x2, 0x8, 0xe, 0xffffffff, 0x7, 0x0, 0x8, 0x6, 0x0, 0x4, 0x0, 0x1000, 0x155c, 0x8, 0x6, 0x2, 0x3, 0x4], [0x74fe, 0x2, 0x5, 0x2, 0x3, 0xfffffffb, 0x4, 0x0, 0xfffffff8, 0x80000000, 0x8, 0x10001, 0x6, 0x0, 0x4, 0x8, 0x4, 0x9, 0x7fb, 0x2, 0x8, 0xd, 0x5, 0x332b, 0x7, 0x1, 0x6, 0x10, 0x108, 0x3, 0x7, 0x6, 0x81, 0x7, 0x3a, 0x400, 0x5, 0x4, 0x9, 0x200, 0x80000001, 0x5, 0x7ff, 0x6, 0x3, 0x0, 0x8, 0xff, 0x40, 0xc, 0x76ef, 0x8e, 0xffffff0e, 0x9, 0x10d3, 0x0, 0x292, 0x1000, 0x1, 0x1, 0x531, 0x9, 0x0, 0x101], [0x1, 0x2beb, 0x6, 0xfffffff7, 0x2, 0x8, 0x800, 0x4, 0xffffffff, 0x5, 0x1, 0xfffffffc, 0x6, 0x0, 0x2, 0x1, 0xfffffffa, 0x8, 0x65e, 0x7, 0x6, 0x48, 0x80000000, 0xfffffff9, 0x3ff, 0x7, 0x9, 0xa, 0x7, 0xfffffffa, 0xd51a, 0x4, 0x8, 0x1, 0xa0a8, 0x9, 0xc, 0x21, 0x86ea, 0x1, 0xc, 0xffffffff, 0x0, 0x6, 0x4, 0xdf, 0x1, 0x30000000, 0x4, 0x9, 0x5d, 0xffffffff, 0x8000000, 0x5de6, 0x42a353c4, 0x3aa2, 0x1, 0x4, 0x6b, 0x7336, 0x10001, 0x5, 0x2, 0x7]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

1m31.74693459s ago: executing program 32 (id=350):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000340)={0x400000100002f})
write$uinput_user_dev(r0, &(0x7f0000000980)={'syz1\x00', {0x6, 0xfffc, 0x0, 0xe}, 0x16, [0x8f, 0xfff, 0x0, 0x0, 0x8, 0xc2e5, 0x7, 0x2ff82659, 0x6, 0xf9f5, 0x3, 0x812, 0x9, 0x2, 0xfffffffd, 0x5, 0x9, 0x100, 0x4, 0x8, 0x3, 0x3, 0xff, 0x2, 0xed, 0x6, 0x7, 0x7ff, 0x5, 0x7, 0x5, 0xfffffe00, 0xee, 0x7, 0x4, 0x3, 0x8001, 0x10000, 0x6, 0x6, 0x9, 0xa3, 0xb, 0x2, 0x9, 0x8, 0x9, 0x4, 0x9, 0x3, 0x1b3, 0x0, 0x7, 0x800, 0x85db, 0x0, 0x63cc, 0x2, 0xfffffff0, 0x68d8, 0x0, 0x7, 0x0, 0x3], [0x7fffffff, 0x80000001, 0x1800000, 0x2, 0x1c0000, 0x3, 0x8001, 0x3, 0x3, 0x9, 0x5, 0x0, 0x7, 0x800, 0x65, 0x1, 0xfffffff7, 0x12, 0x95f, 0x0, 0x0, 0x69d8, 0x5, 0x8, 0xc8, 0x802, 0x7, 0xc2, 0x7fff, 0x7, 0x6, 0x9, 0x2, 0x8001, 0x9, 0x10000, 0x7fa8, 0x0, 0x4, 0x9, 0xfbf2, 0x9, 0x3b, 0x1, 0xfffffffa, 0x7ff, 0x2, 0x8, 0xe, 0xffffffff, 0x7, 0x0, 0x8, 0x6, 0x0, 0x4, 0x0, 0x1000, 0x155c, 0x8, 0x6, 0x2, 0x3, 0x4], [0x74fe, 0x2, 0x5, 0x2, 0x3, 0xfffffffb, 0x4, 0x0, 0xfffffff8, 0x80000000, 0x8, 0x10001, 0x6, 0x0, 0x4, 0x8, 0x4, 0x9, 0x7fb, 0x2, 0x8, 0xd, 0x5, 0x332b, 0x7, 0x1, 0x6, 0x10, 0x108, 0x3, 0x7, 0x6, 0x81, 0x7, 0x3a, 0x400, 0x5, 0x4, 0x9, 0x200, 0x80000001, 0x5, 0x7ff, 0x6, 0x3, 0x0, 0x8, 0xff, 0x40, 0xc, 0x76ef, 0x8e, 0xffffff0e, 0x9, 0x10d3, 0x0, 0x292, 0x1000, 0x1, 0x1, 0x531, 0x9, 0x0, 0x101], [0x1, 0x2beb, 0x6, 0xfffffff7, 0x2, 0x8, 0x800, 0x4, 0xffffffff, 0x5, 0x1, 0xfffffffc, 0x6, 0x0, 0x2, 0x1, 0xfffffffa, 0x8, 0x65e, 0x7, 0x6, 0x48, 0x80000000, 0xfffffff9, 0x3ff, 0x7, 0x9, 0xa, 0x7, 0xfffffffa, 0xd51a, 0x4, 0x8, 0x1, 0xa0a8, 0x9, 0xc, 0x21, 0x86ea, 0x1, 0xc, 0xffffffff, 0x0, 0x6, 0x4, 0xdf, 0x1, 0x30000000, 0x4, 0x9, 0x5d, 0xffffffff, 0x8000000, 0x5de6, 0x42a353c4, 0x3aa2, 0x1, 0x4, 0x6b, 0x7336, 0x10001, 0x5, 0x2, 0x7]}, 0x45c)
ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3)
ioctl$UI_DEV_CREATE(r0, 0x5501)

3.605403931s ago: executing program 2 (id=943):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@xino_auto}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x4, 0x80)
getdents64(r0, &(0x7f0000000400)=""/4096, 0xc00)

2.929867451s ago: executing program 2 (id=945):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x0)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0xe8)
getdents(r2, 0xfffffffffffffffd, 0xbb)

2.804845031s ago: executing program 2 (id=946):
r0 = socket(0x10, 0x803, 0x0)
setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f0000000040)=0x3, 0x4)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000d40)=ANY=[@ANYBLOB="180000000000e3ff000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_int(r0, 0x1, 0x22, &(0x7f0000000000)=0x3, 0x4)
recvmmsg(r0, &(0x7f0000000c40)=[{{0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=""/23, 0x17}, 0x80009}], 0x16c, 0x10002, 0x0)

2.769139525s ago: executing program 1 (id=947):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x8000, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2b2, &(0x7f0000000880)="$eJzs3NFLU28cx/Hvz6mbE91+EEFB9aVu6uag6w+oEQrRoDAn1UVwzLMaO21yzlgsIncT3fZ3SJfdBdU/4E100313EgTdeBGd8Jwd3XTa1M2t+X6BnO/xeT4+jzrlewSf9XtvnhZyrpEzyzIUUxkSqcmGSHKzqvuvfh3y61FpVJMr4z+/nrt7/8GtdCYzM6c6m56/mlLVyQsfnr14e/FTeXzh3eT7qKwlH67/SH1bO712Zv33/JO8q3lXi6WymrpYKpXNRdvSpbxbMFTv2JbpWpovupbTNJ6zS8vLVTWLSxPxZcdyXTWLVS1YVS2XtOxU1Xxs5otqGIZOxOVkG25jTnZ1bs5M7znsRTq6I3RetPl2rNUcx0nXWg9mV7u1LwAA0L/27/+DXn/v/j+zEFw73P+L0P93Sa3p7i/9PwaC46TNeP3ntxn9PwAAAAAAAAAAAAAAAAAAAAAA/4INz0t4npcIr+FbVERiIhLe93qf6I5Dfv+v9Wi76LCGf9yLidivK9lKNrgG4+mc5MUWS6YkIb/810NdUM/ezMxMqW+k/iE38yuVbMQ/m8DPh5Kt8uf/nw7yKh83c5V6fkTijeunJCGnWq+f2s6HxyGsVLKjcvlSQ96QhHx+JCWxZcl/XW/nX06r3rid2bH+mD8PAAAAAIBBYOiWZPPzb3D2o+FPiMnu8SB/gL8P7Hi+Hpaz7RxRCQAAAAAAjsytPi+Ytm05hyiiInKE+KAWEemLbeworotIH2zjuIqYiATv0cPEv2/F20p5bcwZFpGef1kOUPT6NxMAAACATttu+g8Q+vKqizsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODkafc8sHD+rqFwYJ94w3KRY/8EAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD7yJwAA//+j7Rqj")
truncate(&(0x7f0000000140)='./file2\x00', 0x4)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file1\x00', 0x8800d0, 0x0, 0x0, 0x0, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14000000"], &(0x7f0000000000), 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x244b02)

2.682259243s ago: executing program 0 (id=948):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$unix(r1, &(0x7f0000001b80)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)='6', 0x1}], 0x1, 0x0, 0x0, 0x8000}}], 0x1, 0x20008000)
io_setup(0x7, &(0x7f0000000000)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f00000002c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0xfffd, r1, 0x0}])

2.681547373s ago: executing program 4 (id=949):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2840, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0x41000, 0x8, 0x6f, 0x3, 0x7f, 0x40, 0x29, 0x0, 0x2e, 0x19}, {0xd000, 0x1, 0xc, 0x0, 0x40, 0x5, 0x7d, 0x8, 0x58, 0x3, 0x3, 0xc0}, {0xdddd1000, 0x10000, 0x8, 0x9, 0x3, 0x8, 0xfe, 0x9, 0x5, 0xab, 0x5, 0x81}, {0x3000, 0x26000, 0x3, 0x5d, 0x4, 0x42, 0x9, 0x2, 0x6, 0x7, 0xe}, {0x0, 0x9000, 0x9, 0x4, 0x7, 0x7, 0xab, 0x7f, 0x9e, 0x9, 0xf7, 0x83}, {0x1000, 0x80a0000, 0x10, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0x11, 0x40, 0xfd}, {0x26000, 0x2, 0x0, 0x5, 0x7, 0x0, 0xb, 0x0, 0x5, 0x81, 0xff, 0x70}, {0xc000, 0x1000, 0x8, 0x5, 0xf, 0x7, 0xa, 0x18, 0x2, 0x3, 0x7, 0x9}, {0x5c000, 0x30}, {0x10000, 0x86}, 0x80000031, 0x0, 0x70000, 0x242101, 0xb, 0x0, 0xa000, [0x6840000000000000, 0x4, 0x5a, 0x100]})

2.568753742s ago: executing program 2 (id=950):
r0 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x1)
fchdir(r1)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r2, &(0x7f00000000c0)=""/31, 0x1f)

2.452765513s ago: executing program 0 (id=951):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket(0x80000000000000a, 0x2, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0xfffe, 0x9, @empty, 0x4}}}, 0x108)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @local}}}, 0x108)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000200)={0x1, {{0xa, 0x4e20, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x4e20, 0xa4fffffb, @loopback}}}, 0x108)
close_range(r0, 0xffffffffffffffff, 0x0)

2.345691272s ago: executing program 2 (id=953):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000100)={[{@treelog}, {@nodatacow}, {@skip_balance}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@compress_force_algo={'compress-force', 0x3d, 'lzo'}}, {@max_inline={'max_inline', 0x3d, [0x67, 0x70, 0x6d]}}, {@noenospc_debug}, {@clear_cache}, {@commit}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x2d, 0x32, 0x32]}}]}, 0xff, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
lsetxattr$security_ima(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), &(0x7f00000004c0)=ANY=[], 0x35c, 0x1)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101100, 0x0)
fsync(r0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0/file3\x00', 0x1d0)
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file3\x00', 0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x2)

2.317571785s ago: executing program 0 (id=954):
unshare(0x22020600)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002140)=@base={0x19, 0x4, 0x8, 0x2}, 0x50)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x3}})
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2)
close_range(r0, 0xffffffffffffffff, 0x2)

2.304557686s ago: executing program 1 (id=955):
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)
mremap(&(0x7f0000006000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020)

2.229581453s ago: executing program 4 (id=956):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = socket$inet6(0xa, 0x2, 0x0)
sendmmsg$inet6(r1, &(0x7f00000006c0)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfffffffc}, 0x1c, 0x0}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)="aa", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000300)="307ddfb9", 0x4}, {&(0x7f0000000340)="ced98c1a5f5a93258dfa9a8c31878af8d7be921a531da9e6c50efdba96722424d55ce610a4d9b534b3aa09618dfc04f5504e30a263ad3fedf0a7381a8a", 0x3d}], 0x2}}], 0x3, 0x2000c8c0)
sendmmsg$inet6(r1, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000280)="93503d", 0x3}], 0x1}}], 0x1, 0x40)
recvmmsg(r0, &(0x7f00000046c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{0x0}], 0x1}, 0xc8b}], 0x1, 0x0, 0x0)

2.157324739s ago: executing program 0 (id=957):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xbd, 0x16, 0xf, 0x40, 0x8086, 0x110, 0xbfad, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x12, 0x24}}]}}]}}, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000002c0)={0x40, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.022315681s ago: executing program 4 (id=958):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
close(r0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$sock_int(r1, 0x1, 0x2a, &(0x7f0000000100)=0xfffe, 0x4)
recvmmsg(r1, &(0x7f0000000040), 0x1, 0x40000000, 0x0)
write$binfmt_misc(r0, &(0x7f0000000040), 0xffc1)

1.750257615s ago: executing program 4 (id=959):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x101800, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f00000003c0)={0x48, 0x1, r1, 0x0, 0x2000288})
ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000000c0)={0xc, r1})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000540)={0x48, 0x1, r1, 0x0, 0x7, 0x48000000000003})
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f0000000240)={0x30})

1.670514342s ago: executing program 4 (id=960):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000005d40)='./file0\x00', 0x4000, &(0x7f0000001e40)=ANY=[@ANYBLOB="71756f74612c646973636172642c646973636172642c696f636861727365743d6b6f69382d72752c646973636172642c00f4193eb3ba2a0d5ff2cd7374288ff89ec513a53e007345decb720900f8312da2463eb0edf52fad1a00ebd41c14b3ce75d0cffefd379624b16f7260c835713b263352e03b5cb8fa0c042bd1225ed4ded2b62e12fea4d7e61b738e40781e58d5fff112364ac140f419e5dafecd283b3fab6b142ddbc893b35a81fe9265591ef35fa2928e095fee4c10b22e4212378de59bca0307cc644b9620b63f0000007bbbd422d87856b71348b8f45398b9660b6b3e8ee8a8c32f3234cb46e2cd827ec25c1ca4d046bc004f8df7b1ee690a5e50510700d80c7fa65fa724d0e1b4369f1b64fe249a0312010000004ac983de925f52d735b03fea941b1e948ad8d19cfda5b799325fd69d14fcf6cdde7700a63150eb3699e5314e0827750e244150ec19f3f3f1d8be542c084b5e40bfaa8ad206d2a33b0ddbd7f8e07dc7d17174a4549ffaf5976949cb69658c42ec7cd9fe8ad82852cefb04646edb3a41eb514eb6a772b3ee9f21e25822b54ec33e592d5c040946721101d53aff21f90351c95aa0f73f1853d6afcbf9448b220e988466066fa5c09e6198fc4520d199b93bdedee87c4043815aa05668a06f8da96680ccc1a139ade90f5c79af46208f9762f54e7c29088d9de69bd2d51c6b9c42209ddc3880051303b855853407d959a5777dce25201c5ea1faa084c36e3e349915ebec53435eb2910c59394ee84ba3baf9c440ae5833c23f46b0eaac543ce0c80ba0603213e53ea59755070b18bc10b9224aa082d96700e63d51c5bffa4f712c2d7fafb9cf506c06e1ddad4fc19038407786fedb9afdfb11a5f182676dd84c919f71d5eee2f3b740b68ee7f6518eb9d8baa26f1c3871f863b134ee942eb3af92d19e70d8268839cd7b4637f0627299f99b1873ca165e410f8bd421e1a4859fd9bd6bb34d25c07e1a52b9668a530b10b8585d797124a6975a71aedbe557a17b06bbfe547aa553c3d08b8921a4b0d938c03687bd48a9a387b4c066c056f457fba5738775b900a1e82a89aae1494b05c4bb0fc8ed1a93688bf850a4f7b0942eda1f16ecf043efa6b8c1f9e0fba31f4a58ed0031180fb1b8a00e4a86826b030000002dd1272a3d1609bed545b86ca7a6bf569ed35d0000ca23b0de742f6008fdf20928370d88f8c04bc3b97b9a9e0062e8fc5fd2337d85a66bd20730f3153db2459fb34c134c06c19364e9645e83040dd16ee08f18f0ba69ac9ca3e25e15442b07000000d30d38a64613b535fa808a9b3bae00bc371271d45db200a5cbf433e2f6dd03b7c7fcc040781e5151c9badb787e7e1e2f39d60998919aa8dbd156f31a5b7fa5f9e5ec01e8c799edc322703c7fc4a81ab9bc02dd96714ee9d7e75d28d040ff3566404fd6db547a4b553197c1f316d20ea54f9459cd81351a510d101e90eabe6dc6c6ac3ffa189c073a5fb3fc382df620bf5af9e638819c77a051e6875866a849f6f578c068c0e4c7cfbc15033997efa853c96297b3201dd30ea40dc94d010a0c33da9f63a10b8f813dc789b80be3bb3f00ee58b30d5c03a6ddbf418ac1b3d4a13839e4b273c4f914bed13f8806295495d41609478798396aeec06e8d342efd8ac6b422f6c23a011b1400000000000000bc2a02094e19a1ee8bb3c3c0c088ae8efaf68c85001faf7cf5426fb7c5c367ed93eb25c48a293549d15b91b59f1b574b3f6171f8e56a402ec56bdf51d90312b3ca5398f4050000007504be21456ec953bf06f12fff20c31e7c8b55fee5c49aa939830b09995ff149258118f9aae29206f9731288b56b10de51525665fdb4e289b1c177df97af3085f82045fbd012f1dde94ffecd90b7b63d8197d9c24a6fe5915ac7d7240847f6d0bf9099ee117c83e363f2ad36a4a9f4faa5734afe9770c38c565cae87a408d0acbb2db7db9174acab60a344814ee643fa82ba41706d2360269ed276e13dd83abbc258f07b0d58ab0b65200b18b7f9f871bcb43fec5a2e3789ecd0c1069d2da80b93c86dff8933e70c2108346003ddf6b60379eee63b66e7341cdd8f87ed9f11894c9ae040976321d87405b492f419ebfa77eb367ca6e360b808451102f54893d7d1695c24bcc184b1e7d19940a2b6931ade8638dd2b85a86dc511dbb97f5035d07ca024076e8581db332b1c5f135fe6b2e9d2c18c9d5d5a524d3d5b2657e4b28f1a09696bd5b076a1471c8b2ab2ca3ba57843af1d03590f4e8985e1c463c781bb03ad7ec816ea70bbe06411aae001e0ca72ee7e828ad14bb7a092d883ad000554bf7f00000000000075cc01f8a2e1802192f09e77bc488b3bd3f08a9ce88ba2e2bcc23cf5d7372b339ce1f5003db0ad70fa6e93aa908a2ced81f5514e23e2f94ff03c1c02f5a9195f4735563efd0a1fc7dafcfb3dae043fe0c172ec3a12747d7abf4382bf7453c13df994641017a0f461add956ef8f834b762af30408af6a61f317fd3c7b0816236a768601b7c6606ba52ff126eb13d33c915c5da99d118db488da3f3d7783a608282a93fcbe0910f0389c3ef91de7c84e23daa6554c42b2b3e9f70a9f790f29011a0b5101b23bfeba6e52877ed8a188958e39375dd203d434bef4dc82cc8a21fc40c6e6e6a2475f70bf1503beb9555036e63bdc937f8a4d61b21d06a9d3239d1df6f2e9ef16dee590b15ac028c6d873bb2965374b733d8e11ba763ab157ed91dd871b098c0543dcbba4cf67db8c83c84369dc67735fa4faa0fdcf34b1c6a862ccae9fe4fa28746504643b57f02623a2ef34ea90f2e7f7dd771f8f75217c799d978a3533fcfab6c6f5391b626d61b400f08172fc675e2a062d06c31b85452804f7b125c291f60a02a5d62271e96fe70d64bae36e28b42e197259169ebee8f64355544fb4d8b83c1c8fad02cd1a2e56a6f6e82ec7719a48a1bea803546b8af7a89faf7cef94d8ada45fc0a98a79ba90c95262f0110725c6bf7c81237534dcd6a8a113bd8ac48b7db5526ab762cec103674742476cd6b92b8c7abcfb1f8e08f0a05c1b209187049f3206bd545e8c20f8db6d8a7cdd0c9ecbb9011b611a013cd581521dfcb028d59d5c69d286fb93e4c498b3aaff7e0cdcf1f41fec65ebdbe4c2bf453140251cdd94c32b87c4634d6500000000000000000000000000000000816e6c33f92dca3e03c400"/2303], 0xff, 0x5e5c, &(0x7f0000005d80)="$eJzs3U9vHGcdB/Df/vH6T2kbVagKEQc3hdJSmv8JlH9NOXCAA0ioZxK5bhVIASUB0SoirnJAXICXAJdeOPQt8AL6GhAvgEg2px4og8Z+nmQ8XmcdEu/s+vl8JGfmN8+O95l8PZ5dz8w+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADED77/k7O9iLjym7TgWMTnYhDRj1iu69WoZy7nxw8j4nhsN8fzETFYjKjX3/7n2YgLEfHJMxGbW7fX6sXnDtiPi2du3fjsh9/7x+//dPf4z97+6Uft9h9//vzHf7gTcexHr3/82Z0ns+0AAABQiqqqql56m38ivb/vd90pAGAq8vG/SvJytVqtVj/R+o/92eqPutC6qRrvTrOIiI3mOvVrBqfjAWDObMSnXXeBDsm/aMOIeKrrTgAzrdd1BzgUm1u313op317zeLC6057/Trkr/43e/fs79ptO0r7GZFo/X3djEM/t05/lKfVhluT8++38r+y0j9LjDjv/adkv/9HOrU/FyfkP2vm37Mr/zxExt/n3x+Zfqpz/8FHy3xjM8f4vfwAAAAAAjr789/9jHZ//XXz8TTmQh53/XZ1SHwAAAAAAAADgSXvc8f/uM/4fAAAAzKz6vXrtL888WLbfZ7HVy9/qRTzdejxQmNXGhwMCAAAAAAAAAAAAANMxjFhJ1/UvRMTTKytVVdVfTe36UT3u+vOu9O2HknX9Sx4AAHZ88kzrXv5exFJEvJU+629hZWWlqpaWV6qVankxv54dLS5Vy433tXlaL1scHeAF8XBU1d9sqbFe06T3y5Pa29+vfq5RNThAx6ajw8ABICJ2jkabjkhHTFU9G12/ymE+2P+PHvs/B9H1zykAAABw+Kqqqnrp47xPpHP+/a47BQBMRT7+t88LqNVqtVqtPnp1UzXenWYRERvNderXDIbjB4A5sxGfdt0FOiT/og0j4njXnQBmWq/rDnAoNrdur/VSvr3m8WB1pz1fC7Ir/43e9np5/XHTSdrXmEzr5+tuDOK5ffrz/JT6MEty/v12/ld22vMQ/4ed/7Tsl3+9ncc66E/Xcv6Ddv4tRyf//tj8S5XzHz5S/gP5AwAAAADADMt//z/m/G/eZAAAAAAAAACYO5tbt9fyfa/5/P8Xxzyu15xz/+eRkfPvHTh/9/8eJTn/fjv/1gU5g8b8vTcf5P/vrdtrH9361xfydObzXxiM6ude6PUHw3TNT7XwTlyL67EeZ/Y8frir/eye9oVd7ecmtJ/f0z6q25dz+6lYi1/G9Xj7fvvihAujlia0VxPac/4D+3+Rcv7Dxled/0pq77WmtXsf9vfs983puOe5/Lf/vLR375q+uzG4v21N9fad7KA/2/8nT43i1zfXb5z67dVbt26cjTTZtfRcpMkTlvNfSF85/5df3GnPv/eb++u9D0ePnP+suBvDffN/sTFfb+8rU+5bF3L+o/SV889HoPH7/zznv//+/2oH/QEAAAAAAAAAAAAAAICHqapq+xbRyxFxKd3/09W9mQDAdOXjf5Xk5Wq1Wq1Wq49e3VSN90aziIi/N9epXzP8btw3AwBm2X8j4p9dd4LOyL9g+fP+6umXuu4MMFU33//g51evX1+/cbPrngAAAAAAAAAA/688/udqY/zn7euAWuNG7xr/9c1YndvxP/ujwfZY52mDXoiHj/99Mh4+/vdwwvMtTGgfTWhfnNC+NKF97I0eDTn/F1LGOf8TacNKGv/15Q7607Wc/8k01nPO/yutxzXzr/46z/n3d+V/+tZ7vzp98/0PXrv23tV3199d/8XZM5cunL944fzFi6ffuXZ9/czOvx32+HDl/PPY164DLUvOP2cu/7Lk/L+cavmXJef/UqrlX5acf369J/+y5Pzzex/5lyXn/0qq5V+WnP9XUy3/suT8X021/MuS8/9aquVflpz/a6mWf1ly/qdSLf+y5PxPp1r+Zcn55zNc8i9Lzj9f2SD/suT8z6Va/mXJ+Z9PtfzLkvO/kGr5lyXnfzHV8i9Lzv9SquVflpz/11Mt/7Lk/L+RavmXJef/eqrlX5ac/zdTLf+y5Py/lWr5lyXn/+1Uy78sOf/vpFr+Zcn5fzfV8i9Lzv+NVMu/LA8+/9+MGTNm8kzXv5kAAAAAAAAAAAAAgLZpXE7c9TYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA/duBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFvXuLkbO87wf+7sleGwL+hzNxwDYnAwu76xM4xGCSkD8lPVAS0qYlNY69Nk58qnfNSahsCm2JglSk9oJeNCVRGkVqK1AVqalEI6RGau+aq0bcRK3EhS+gclBSNVVgq3fmeR7PzM7OrLHHnnmfzyfCP3vmfWeeeeed2f1u9J0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGq3/5MyfDBVFUf5X+2NNUVxY/n1VsbP85/y2871CAAAA4Ey9V/vzby9OF+xcxk4N2/zLNf/2vYWFhYXiS++eeP/PFhbSFeuKYmRlUdSui/71Fz9faNwmeK4YHxpu+Pdwl7sf6XL9aJfrx7pcv6LL9Su7XD/e5fpFB2CRVfWfx9Ru7PraX9fUD2lxaTFWu+76Nns9N7RyeDj+LKdmqLbPwti+4kBxsJgpphbtM1T7X1G8vr68r/uLeF/DDfe1tiiKkz99Zk9cw1A4xtcXTXdW0/jcvXNvse7dnz6z5ztzb1/VbnY9DItWWhQbN5TrfL4oTv24qhgqVqZjEtc53LDOtW3WOdK0zqHafuXfW9d5cpnrjI97PKzzRx3WuTZc9uR1RVHMF0tu0+q5YrhY3XKv6XiP18+I8jbKp/LDxehpnSfrl3GelPu8dV3zedJ6Tsbjvz4ck9El1tD4dLzz1RWLjvsHPU/KR90P52p52w+Wdzo+3vij1aZztdzmmRuWPgfaPndtzoF0LjecAxu6nQPDK0Zq58DwqTVvaDoHphftM1wM1e7rxA2dz4HJuUNHJ2efevq2A4d275/ZP3N4emrbls1bt2zeunVy34GDM1P1P0/vkA6Q1cVwOgc3hPeaeA7e1LJt4ym58M2z9zoY75PXQfnYP3djuaALh4slzvFym+c3nvnrIH3db3gdjDa8Dtq+p7Z5HYwu43VQbnNy4/K+Zo42/NduDb16L1zTcA6cz6+H5X0+cvPS74Vrw7peuOV0vx6OLDoH4sMaCq+98pL0/d74neG4LD4vri6vuGBFcXx25tjtT+6emzs2XYRxTlzS8Fy1ni+rGx5Tseh8GT7t82Xn3/zyxqvbXL4mHKvxWzs/V+U2WyY6P1e1d/f2x7Pp0k1FGGfZuT6e7b6alcczZYkOx7Pc5vnbzvx7wZRLGt7/xrq9/42Mjdbf/0bS0Rhrev9b/NSM1FZWFCdvW97731j471y//13aJ+9/5bF65PbO50C5zQuTp3sOjHZ8/7suzKGwnptDYhhvyP3v166fr5+mDc9l1/NmdHQsnDej8R6bz5vNi/Ypb628741TH+y82Xhd83PV9H1LBc+b8lj9+VTn86bc5o3pM3/vWBX/2vDesaLbOTA2sqJc71g6Cervdwur4jlwe7GnOFIcLPamfcpnubyviU3LOwdWhP/O9XvHlX1yDpTH6uVNnc+Bcpsfbj673zttDJekbRq+d2r9+cJSmf/q0VO313rYznbmL9f5qS2dfzZUbvP2ltPNGZ2P063hkgvaHKfW189S5/Te4twcpyvDOg9u7fyzqXKbS7ct83zaWRTFm9Nv1n7eFX6++/fH//17TT/3bfcz5Ten33xg8qEfn876AQD44N6v/Tm/ov69ZsP/Y72c//8fAAAAGAgx9w+Hmcj/AAAAUBkx94+Emcj/AAAAUBkx94+GmWSS/x+7c/ur7z1bpE8DXAji9fEwPHh3fbvY8Z4P/163cEp5+Se+Pfbq155d3n0PF0Xxywc+0nb7x+6O66o7Gtf5sebLF7ny2mXd/6MPn9qu8fMTTm6v3358PMs9DWJX+fXJTbXbXffUdG2+8UBRmw/Nv/Bc/fbr/47bn9hc3/4vw4eW7Nw31LT/xrCe68NcFz5T5sGdp45DOeN+r6695p8v+fyp+4v7DW24qPYwX/6D+u3Gz4h66ZL69vFxL7X+f/r6d18tt3/yhvbrf3a4/fpPhNt9K8xf7Khv33jMv9aw/j8K64/3F/e7/Vs/aLv+166ob/9aOC9eCbN1/ff+6Uffa/d8xfvZeVd9v3j/U/+9pbZfvL14+63rH392uul4tN7+G+/Wb2fH4z8badw+Xh7vJ3r0rubzeyg8v0098qIovvvHRdNxLj5e3+8fW9Yfb+/oXe3Xf2vLOo8OXVvb/9TjWdP0uL7x15vaPt64np1/t6bp8bx0Xzh+707+sLzdEw+F8zFc/78/qt9e62eZvnZf8/tN3P6VNfXXbby9yZb1v9Sy/vlry2PXff33v1tf/2v3rGxa/85Ph/Pp/vrstv79f3Vx0/7f/E79+Tj2xMThI7PHD+xtOKqNr+OV46tWX3Dhhy66OLyXtv5715G5x2aOrZtaN1UU6wbwIwN7vf5vhflf9TF/9u+h7sc/q593L36m/nXrpp/X//1SuPzR8HzGr4/f+IuxpvO19Xmfv6c+z3T9t4R1LNcVX//Pa5e14Ykvvn78H/7w7dbvC+LjOXrZeO3xvbz+8tp1Q2/Ur299v+rmPy5rfl3/ZHSqNr8fjutC+GTmDZfX76/19uNnk7z42frrN34nF/cvWj5PZM1I8+M40/X/JHwf84Mrm9//4vnx/WdbPs15TTFULmE+vD8U8/Xr41bxeL948vK29xc/h6eYv+p0lrmk2admJw8eOHz8ycm5mdm5ydmnnt516Mjxw3O7ap9duuvL3fY/9fpeXXt9753ZtqWovdqP1EePne/1H314z947pm7cO7Nv9/F9cw8fnTm2f8/s7J6ZvbM37t63b+aJbvsf2LtjetP2zXdsmth/YO+OO7dv37x94sDhI+Uy6ovqYtvUVyYOH9tV22V2x5bt01u3bpmaOHRk78yOO6amJo5327/2tWmi3PvxiWMzB3fPHTg0MzF74OmZHdPbt23b1PXTHw8d3Te7bvLY8cOTx2dnjk3WH8u6udrF5de+bvuTh9kj4f2uxVD47vwLt25Ln49b+vZXl7yp+ibN354W74TPgopf37r9O+b+sTCTTPI/AAAA5CDm/vDB/6eukP8BAACgMmLuXxlmIv8DAABAZcTcPx5mkkn+1//X/9f/1//X/9f/7yX9f/3/TvT/9f8Hef36//r/dNdv/f+Y+1cVRZb5HwAAAHIQc//qMBP5HwAAACoj5v4LwkzkfwAAAKiMmPsvDDPJI/+Ptf5V/1//X/+/sf8ft9X/L/T/9f8/IP1//f9O9P/1/wd5/X3Y/1+l/0+/6bf+f8z9HwozySP/AwAAQBZi7r8ozET+BwAAgMqIuf/iMBP5HwAAACoj5v41YSaZ5H+//1//X//f7//X/9f/P8uaDrH+v/5/J/r/+v+DvP4+7P/7/f/0nX7r/8fc///CTDLJ/wAAAJCDmPs/HGYi/wMAAEBlxNx/SZiJ/A8AAACVEXP/pWEmmeR//X/9f/1//X/9f/3/XtL/1//vRP9f/3+Q16//r/9Pd/3W/4+5/7Iwk0zyPwAAAOQg5v7Lw0zkfwAAAKiMmPuvCDOR/wEAAKAyYu6/Mswkk/yv/6//r/+v/6//r//fS/r/+v+d6P/r/w/y+vX/9f/prt/6/zH3XxVmkkn+BwAAgBzE3H91mIn8DwAAAJURc/9HwkzkfwAAAKiMmPvXhplkkv/1//X/9f/1//X/9f97abD6/8NLXqP/X6f/30z/X/9f/1//n876rf8fc/9Hw0wyyf8AAACQg5j7rwkzkf8BAACgMmLuvzbMRP4HAACAyoi5f12YSSb5X/9f/1//X/9f/1//v5cGq/+/NP3/Ov3/Zvr/+v/6//r/dNZv/f+Y+9eHmWSS/wEAACAHMfdvCDOR/wEAAKAyYu6/LsxE/gcAAIDKiLn/+jCTTPK//r/+v/6//r/+v/5/L+n/6/93ov+v/z/I69f/X17/f0W3G6LS+q3/H3P/DWEmmeR/AAAAyEHM/TeGmcj/AAAAUBkx998UZiL/AwAAQGXE3L8xzCST/K//r/+v/6//r/+v/99L+v+L+v9v/U+h/x/p/+v/D/L69f/9/n+667f+f8z9N4eZZJL/AQAAIAcx998SZiL/AwAAQGXE3H9rmIn8DwAAAJURc/9EmEkm+V//X/9f/1//X/9f/7+Xqtr/T++jfv+//r/+v/6//r/+P0vqt/5/zP23hZlkkv8BAAAgBzH33x5mIv8DAABAZcTcPxlmIv8DAABAZcTcPxVmkkn+1//X/9f/1//X/9f/76Wq9v/P4Pf/6/830P/X/x/k9ev/6//TXb/1/2Punw4zyST/AwAAQA5i7t8UZiL/AwAAQGXE3L85zET+BwAAgMqIuX9LmEkm+V//X/9f/1//X/9f/7+X9P/1/zvR/9f/H+T16//r/9NsuM1l/db/j7l/a5hJJvkfAAAAchBz/7YwE/kfAAAAKiPm/jvCTOR/AAAAqIyY++8MM8kk/+v/6//r/+v/6//r//eS/r/+fyf6//r/g7x+/X/9f7rrt/5/zP3bw0wyyf8AAACQg5j7PxZmIv8DAABAZcTcf1eYifwPAAAAA6Xd7yGMYu7/eJhJJvlf/7/q/f+Flfr/+v/6/53Xr//fW/r/+v+d6P/r/w/y+vX/9f/prt/6/zH37wgzyST/AwAAQA5i7r87zET+BwAAgMqIuf+eMBP5HwAAACoj5v6dYSaZ5H/9/6r3//3+f/1//f9u69f/7y39f/3/TvT/B7P/H75t0f8/N/3/8aX2b+z/l+eQ/j/9qN/6/zH33xtmkkn+BwAAgBzE3P+JMBP5HwAAACoj5v5PhpnI/wAAAFAZMfd/Kswkk/yv/6//r/+v/6//r//fS/r/+v+d6P8PZv8/0v/3+//1/+mm3/r/MfffF2aSSf4HAACAHMTc/+kwE/kfAAAAKiPm/v8fZiL/AwAAQGXE3H9/mEkm+V//X/9f/1//X/9f/7+X9P/1/zvR/9f/H+T16//r/9Ndv/X/Y+7/lTCTTPI/AAAA5CDm/gfCTOR/AAAAqIyY+z8TZiL/AwAAQGXE3P+rYSaZ5H/9/3PT/x9Ot6//r/+v/6//r/9/Nun/6/8X+v8f2Pnuzw/6+vX/9f/prt/6/zH3/1qYSSb5HwAAAHIQc/+vh5nI/wAAAFAZMff/RpiJ/A8AAACVEXP/g2EmmeR//X+//1//X/9f/1//v5f0//X/O9H/1/8f5PXr/+v/012/9f9j7v/NMJNM8j8AAADkIOb+h8JM5H8AAACojJj7PxtmIv8DAABAZcTc/7kwk0zyv/6//r/+v/6//r/+fy/p/+v/d6L/r/8/yOvX/9f/p7t+6//H3P9wmEkm+R8AAAByEHP/58NM5H8AAACojJj7fyvMRP4HAACAyoi5/7fDTDLJ//r/+v/6//r/+v/6/72k/7+4/1++h53P/v+K5Wyo/78s+v/6//r/+v901m/9/5j7vxBmkkn+BwAAgBzE3P87YSbyPwAAAFRGzP2/G2Yi/wMAAEBlxNz/SJhJJvlf/1//X/9f/1//X/+/l/T//f7/TvT/9f8Hef36//r/dNdv/f+Y+78YZpJJ/gcAAIAcxNz/e2Em8j8AAABURsz9u8JM5H8AAACojJj7Hw0zyST/6//r/+v/6//r/+v/95L+v/5/J/r/+v+DvH79f/1/uuu3/n/M/bvDTDLJ/wAAAJCDmPu/FGYi/wMAAEBlxNy/J8xE/gcAAIDKiLl/b5hJJvlf/1//X/9f/1//X/+/l/T/9f870f/X/x/k9ev/6//TXb/1/2PunwkzyST/AwAAQA5i7t8XZiL/AwAAQGXE3L8/zET+BwAAgMqIuf+xMJNM8r/+v/6//r/+v/6//n8v6f/r/3ei/6//P8jr1//X/6e7fuv/x9x/IMwkk/wPAAAAOYi5/8thJvI/AAAAVEbM/V8JM5H/AQAAoDJi7j8YZpJJ/tf/1//X/9f/1//X/+8l/X/9/070//X/B3n9+v/6/3TXb/3/mPsPhZlkkv8BAAAgBzH3Hw4zkf8BAACgMmLuPxJmIv8DAABAZcTcfzTMJJP8r/+v/6//r/+v/6//30v6//r/nej/6/8P8vr1//X/6a7f+v8x9/9+mEkm+R8AAAByEHP/sTAT+R8AAAAqI+b+2TAT+R8AAAAqI+b+uTCTTPK//r/+v/6//r/+v/5/L+n/6/93ov+v/z/I69f/1/+nu37r/8fcfzzMJJP8DwAAADmIuf/xMBP5HwAAACoj5v4nwkzkfwAAAKiMmPufDDPJJP/r/+v/6/+f6v+/sr9++Xnq/9d7fv/H3l3vanZWcRx/y2SAhBCuhSvgErgGLgN3Ke7u7u7u7u7uUCiuSUmYtdaB6XTvc9529332sz6ff1bamUyfdpImv0y+2fp//b/+/0L0//r/g/7/aKfu5/f+fv2//p91o/X/ufvvHbc02f8AAADQQe7++8Qt9j8AAABMI3f/feMW+x8AAACmkbv/fnFLk/2v/9f/6/99/1//r//fkv5f/79E/6//3/P79f/6f9aN1v/n7r9/3NJk/wMAAEAHufsfELfY/wAAADCN3P0PjFvsfwAAAJhG7v4HxS1N9r/+X/+v/9f/6//1/1vS/+v/l+j/9f97fr/+X//PutH6/9z9D45bmux/AAAA6CB3/0PiFvsfAAAAppG7/6Fxi/0PAAAA08jd/7C4pcn+1//r//X/+n/9v/5/S/p//f8S/b/+f8/v1//r/1k3Wv+fu//hcUuT/Q8AAAAd5O5/RNxi/wMAAMA0cvc/Mm6x/wEAAGAaufsfFbc02f/6f/2//l//r//X/29J/6//X6L/1//v+f36f/0/6zbv/+95/X/vefv/3P3Xxy1N9j8AAAB0kLv/0XGL/Q8AAADTyN3/mLjF/gcAAIBp5O5/bNzSZP/r//X/Z/3/Tdfp//X/+v+zv6//v23o//X/S/T/o/b/5/svof/X/+v/WbN5/7/S+1/917n7Hxe3NNn/AAAA0EHu/sfHLfY/AAAATCN3/xPiFvsfAAAAppG7/4lxS5P9r//X//v+v/5f/6//35L+X/+/RP8/av/v+/+3tv+/xzner/+ng9H6/9z9T4pbmux/AAAA6CB3/5PjFvsfAAAAppG7/ylxi/0PAAAA08jd/9S4pcn+1//r//X/+n/9v/5/S/p//f8S/b/+f8/v9/1//T/rRuv/c/c/LW5psv8BAACgg9z9T49b7H8AAACYRu7+Z8Qt9j8AAABMI3f/M+OWJvtf/6//1//r/29V/39J/6//X6b/1/8v0f/r//f8fv2//p91o/X/ufufFbc02f8AAADQQe7+Z8ct9j8AAABMI3f/c+IW+x8AAACmkbv/uXFLk/2v/9f/6//1/77/r//fkv5/uv7/Ov3/Gf2//l//r/9n2Wj9f+7+58UtTfY/AAAAdJC7//lxi/0PAAAA08jd/4K4xf4HAACAaeTuf2Hc0mT/6//1//p//b/+X/+/Jf3/dP2/7///D/2//l//r/9n2Wj9f+7+F8Uta8Pv8sqPAwAAAMPI3f/iuKXJn/8DAABAB7n7XxK32P8AAAAwjdz9L41bmux//b/+X/+v/9f/6/+3pP/X/y/R/1+7/7/zLfzz9P9jvV//r/9n3Wj9f+7+l8UtTfY/AAAAdJC7/+Vxi/0PAAAA08jd/4q4xf4HAACAaeTuf2Xc0mT/31L/f+Ndrvy4/v989P/Xfr/+X/+v/9f/6//1/0v0/77/v+f36//1/6wbrf/P3f+quKXJ/gcAAIAOcve/Om6x/wEAAGAauftfE7fY/wAAADCN3P2vjVua7H/f/9f/6//1//p//f+W9P/6/yX6f/3/nt+v/9f/s260/j93/+vilib7HwAAADrI3f/6uMX+BwAAgGnk7n9D3GL/AwAAwDRy978xbmmy//X/+v+T9/930P8n/X/8vur/9f8XoP/X/x/0/0c7dT+/9/fr//X/rBut/8/d/6a4pcn+BwAAgA5y9785brH/AQAAYBq5+98St9j/AAAAMI3c/W+NW5rsf/2//v/k/b/v/xf9f/y+6v/1/xeg/9f/H/T/Rzt1P7/39+v/9f+sG63/z93/trilyf4HAACADnL3vz1usf8BAABgGrn73xG32P8AAAAwjdz974xbmux//b/+X/+v/9f/6/+3pP/X/y/R/+v/9/x+/b/+n3Wj9f+5+98VtzTZ/wAAANBB7v53xy32PwAAAEwjd/974hb7HwAAAKaRu/+9cUuT/a//33v/f68b4gX6f/2//l//PyT9v/5/if5f/7/n9+v/9f+sG63/z93/vrilyf4HAACADnL3vz9usf8BAABgGrn7PxC32P8AAAAwjdz9H4xbmuz/Hv3/5Zv9tHn6f9//1//r//X/Y9P/6/+X6P/1/3t+v/5f/8+60fr/3P0filua7H8AAADoIHf/h+MW+x8AAACmkbv/I3GL/Q8AAADTyN3/0bilyf7v0f/fXIP+P/+1bt/+/6a76f/1/0X/r/8/6P/1/yv0//r/Pb9f/6//Z91o/X/u/o/FLU32PwAAAHSQu//jcYv9DwAAANPI3f+JuMX+BwAAgGnk7v9k3HD3u57uSbcr/f+0/b/v/+v/9f/6/yHo//X/S/T/+v89v1//r/9n3Wj9f+7+T8Ut/vwfAAAAppG7/9Nxi/0PAAAA08jd/5m4xf4HAACAaeTu/2zc0mT/6//1//p//b/+X/+/Jf2//n+J/l//v+f36//1/6wbrf/P3f+5uKXJ/gcAAIAOcvd/Pm6x/wEAAGAaufu/ELfY/wAAADCN3P1fjFua7H/9v/5f/3+b9f+Xr/719f/6f/2//l//v0z/r//f8/v1//p/1o3W/+fu/1Lc0mT/AwAAQAe5+78ct9j/AAAAMI3c/V+JW+x/AAAAmEbu/q/GLU32v/5f/6//9/1//b/+f0v6f/3/Ev2//n/P79f/6/9ZN1r/n7v/a3FLk/0PAAAAHeTu/3rcYv8DAADANHL3fyNusf8BAABgGrn7vxm3NNn/M/f/Sz9N/3+F/l//f9D/6/83pv/X/y/R/+v/9/x+/b/+n3Wj9f+5+78VtzTZ/wAAANBB7v5vxy32PwAAAEwjd/934hb7HwAAAKaRu/+7cUuT/T9z/79E/3+F/l//f9D/6/83pv/X/y/R/+v/9/x+/b/+n3Wj9f+5+78XtzTZ/wAAANBB7v7vxy32PwAAAEwjd/8P4hb7HwAAAKaRu/+HcUuT/a//1//r//X/+n/9/5b0//r/Jfp//f+e36//1/+zbrT+P3f/j+KWJvsfAAAAOsjd/+O4xf4HAACAaeTu/0ncYv8DAADANHL3/zRuabL/9f/6f/3/UP3/Ha/+dfT/+n/9/zL9v/7/oP8/2qn7+b2/X/+v/2fdaP1/7v6fxS1N9j8AAAB0kLv/53GL/Q8AAADTyN3/i7jF/gcAAIBp5O7/ZdzSZP/r//X/+v+j+/9LB9///7/36P/1/9ei/9f/L9H/6//3/H79v/6fdaP1/7n7fxW3NNn/AAAA0EHu/l/HLfY/AAAATCN3/2/iFvsfAAAAppG7/7dxS5P9r//X/+v/h/r+v/5f/6//vyD9v/7/oP8/2qn7+b2/X/+v/2fdaP1/7v4b4pYm+x8AAAA6yN3/u7jF/gcAAIBp5O7/fdxi/wMAAMA0cvffGLc02f/6f/3/lP3/nfT/+n/9/yj0//r/Jfp//f+e36//1/+zbrT+P3f/H+KWJvsfAAAAOsjd/8e4xf4HAACAaeTu/1PcYv8DAADANHL3/zluabL/9f/6/yn7f9//1//vrf+/dPY/YP3/xej/9f8H/f/RTt3P7/39+n/9P+tG6/9z9/8lbmmy/wEAAKCD3P1/jVvsfwAAAJhG7v6/xS32PwAAAEwjd//f45Ym+1//r//X/+v/9f8D9P++/380/b/+/6D/P9qp+/m9v1//r/9n3Wj9f+7+f8QtTfY/AAAAdJC7/59xi/0PAAAA08jd/6+4xf4HAACAaeTu/3fc0mT/6//1//p//b/+X/+/Jf2//n+J/l//v+f36//1/6wbrf/P3f+fAAAA//9nkS0F")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4142, 0x1f7)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
sendfile(r0, r1, 0x0, 0x20fffe82)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x0)
read(r2, &(0x7f0000001400)=""/4096, 0x1000)

950.102556ms ago: executing program 1 (id=961):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000540)={0x0, &(0x7f0000000140)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f0000000280)={&(0x7f0000000400)=[<r3=>0x0, <r4=>0x0], &(0x7f0000000280), 0x2, r2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f0000000380)=[r2], &(0x7f00000003c0)=[0x2], &(0x7f0000000100)=[r4, r3], &(0x7f0000000180), 0x0, 0x8000000000009})

685.643559ms ago: executing program 1 (id=962):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x63d, 0x0, 0x0, 0x0, 0x7}, [@call={0x85, 0x0, 0x0, 0x2c}]}, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000e41621eb70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(0x3)
bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2107, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

476.123578ms ago: executing program 2 (id=963):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x30, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x7}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2b}, @NFTA_SET_OBJ_TYPE={0x8, 0xf, 0x1, 0x0, 0x9}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x58}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b000100627269646765000018000280050019"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

415.727683ms ago: executing program 0 (id=964):
syz_mount_image$vfat(&(0x7f0000000400), &(0x7f0000000280)='./file0\x00', 0x8000, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6f6e756d7461696c2c6e66732c73686f72746e616d653d6c6f7765722c757466383d312c64656275672c696f636861727365743d757466382c73686f72746e616d653d6d697865642c757466383d312c004845160000000000"], 0x1, 0x2b2, &(0x7f0000000880)="$eJzs3NFLU28cx/Hvz6mbE91+EEFB9aVu6uag6w+oEQrRoDAn1UVwzLMaO21yzlgsIncT3fZ3SJfdBdU/4E100313EgTdeBGd8Jwd3XTa1M2t+X6BnO/xeT4+jzrlewSf9XtvnhZyrpEzyzIUUxkSqcmGSHKzqvuvfh3y61FpVJMr4z+/nrt7/8GtdCYzM6c6m56/mlLVyQsfnr14e/FTeXzh3eT7qKwlH67/SH1bO712Zv33/JO8q3lXi6WymrpYKpXNRdvSpbxbMFTv2JbpWpovupbTNJ6zS8vLVTWLSxPxZcdyXTWLVS1YVS2XtOxU1Xxs5otqGIZOxOVkG25jTnZ1bs5M7znsRTq6I3RetPl2rNUcx0nXWg9mV7u1LwAA0L/27/+DXn/v/j+zEFw73P+L0P93Sa3p7i/9PwaC46TNeP3ntxn9PwAAAAAAAAAAAAAAAAAAAAAA/4INz0t4npcIr+FbVERiIhLe93qf6I5Dfv+v9Wi76LCGf9yLidivK9lKNrgG4+mc5MUWS6YkIb/810NdUM/ezMxMqW+k/iE38yuVbMQ/m8DPh5Kt8uf/nw7yKh83c5V6fkTijeunJCGnWq+f2s6HxyGsVLKjcvlSQ96QhHx+JCWxZcl/XW/nX06r3rid2bH+mD8PAAAAAIBBYOiWZPPzb3D2o+FPiMnu8SB/gL8P7Hi+Hpaz7RxRCQAAAAAAjsytPi+Ytm05hyiiInKE+KAWEemLbeworotIH2zjuIqYiATv0cPEv2/F20p5bcwZFpGef1kOUPT6NxMAAACATttu+g8Q+vKqizsCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODkafc8sHD+rqFwYJ94w3KRY/8EAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD7yJwAA//+j7Rqj")
truncate(&(0x7f0000000140)='./file2\x00', 0x4)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file1\x00', 0x8800d0, 0x0, 0x0, 0x0, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14000000"], &(0x7f0000000000), 0x0)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x244b02)

415.567723ms ago: executing program 1 (id=965):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000440), 0x2)
r1 = memfd_create(&(0x7f00000009c0)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdbU\xb1\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\x90i\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14O\xf8\xb5C\x1f\xb6b8b\x06A2@D\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\x05\x00\x00\x00\x00\x00\x00\x00\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\x88\xd1\x1eQB\x18\xc1-\xc4\x8fK\xf8\xfa\xb6\xf8\v;\xaa\x8fW\xcc\n\x17\x7f\x98\xb7\xcdqV\xd4\xf0)\xfa\x0fG\xc8\xbf\xfd\xe8>K\f\xcd+\xb0\x99Q\xba/\xa8\xb9`k\b\xd1\xcc\xfc\xeaA\"\v=\x83fC\x90%\xa1d\x91\xf8:\x16<\xad\xc2\x18\xdf\x01\xe2\x96\xfcj\xe9\xa4\x065m\x03\x05Np\xda\"\xf1\xb6\xbcP\x8fP\x8d\x89%\xf2\x12T\xd0\xc3\x15W\x9c\x87\x1b\x8c\xc9\xd9\xc6\xad\x96-d\xa2wFB\xcaB\xa5\x15\xf8,\x04\x1c*\xd98\x8bG\x90\x81`\x03\xe0\xde\x9c\x9a\x0f\x1b\x8f\xd2%*&$Wc\xb3\xa6\xc4TK1}2\xb3\xab\xf4\xb7\xb7\x85\apa\xaf\x1c\x10i\xb9\x9f\x06\xff4%\"7f \x0e\xf5Bk\r\xac\"\x13tNx\xc0$\x85\x9f', 0x3)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000100)={r1, 0x1, 0x0, 0x10000})
ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f00000000c0)=0x5)

162.314545ms ago: executing program 0 (id=966):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1, 0x0, 0x0, 0x3}})
ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000440)={0x0, 0x20000006})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)

105.75441ms ago: executing program 1 (id=967):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[<r3=>0x0, 0x0, <r4=>0x0], &(0x7f0000000040), 0x3, r2})
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000580)={0x601, 0x1, &(0x7f0000000180)=[r2], &(0x7f00000003c0)=[0x3], &(0x7f0000000640)=[r4, r3, r3], &(0x7f0000000340), 0x0, 0xffffffffffffffff})

0s ago: executing program 4 (id=968):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
syz_usb_connect$cdc_ecm(0x5, 0x4d, &(0x7f00000011c0)=ANY=[@ANYBLOB="12010000020000402505a1a44000000001010902"], 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
ioctl$HIDIOCSFEATURE(r1, 0xc0404806, &(0x7f0000000040))
write$UHID_SET_REPORT_REPLY(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="0e00000001"], 0xc)

kernel console output (not intermixed with test programs):

de_dirty error
[  105.809620][ T5773] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  105.830634][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.852998][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.886922][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.896093][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.905226][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.914370][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.930845][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.939995][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.949131][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.967576][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.976717][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  105.985867][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  106.007888][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  106.017066][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  106.026203][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  106.035326][    C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  106.074210][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.113961][ T5852] usb 2-1: USB disconnect, device number 4
[  106.311545][ T6178] loop0: detected capacity change from 0 to 2048
[  106.373209][ T6178] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  106.663962][ T6187] netlink: 28 bytes leftover after parsing attributes in process `syz.3.99'.
[  106.713889][ T6187] netlink: 28 bytes leftover after parsing attributes in process `syz.3.99'.
[  106.729689][ T6187] netlink: 28 bytes leftover after parsing attributes in process `syz.3.99'.
[  106.765863][ T6187] netlink: 28 bytes leftover after parsing attributes in process `syz.3.99'.
[  106.793305][ T6191] loop0: detected capacity change from 0 to 512
[  106.813811][ T6189] loop6: detected capacity change from 0 to 8
[  106.814938][ T6191] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  106.834333][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  106.843711][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  106.853746][ T6191] EXT4-fs (loop0): invalid journal inode
[  106.860586][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  106.861162][ T6191] EXT4-fs (loop0): can't get journal size
[  106.869779][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  106.890557][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  106.899767][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  106.911699][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  106.920933][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  106.931847][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  106.956036][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  106.965358][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  106.973759][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  106.982972][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  106.989832][ T6191] EXT4-fs (loop0): 1 truncate cleaned up
[  107.005837][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  107.015114][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  107.025578][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  107.034815][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  107.041734][ T6191] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.043231][ T6189] ldm_validate_partition_table(): Disk read failed.
[  107.090049][ T6195] process 'syz.3.102' launched './file2' with NULL argv: empty string added
[  107.096360][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  107.108065][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  107.119344][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  107.136520][ T6189] Dev loop6: unable to read RDB block 0
[  107.146879][ T6189]  loop6: unable to read partition table
[  107.159414][ T6189] loop6: partition table beyond EOD, truncated
[  107.170173][ T6189] loop_reread_partitions: partition scan of loop6 (�N�h*h�������p��� "�o��?<��ʺ��XD��
b��p0�O{���>.) failed (rc=-5)
[  107.254235][ T5140] ldm_validate_partition_table(): Disk read failed.
[  107.275209][ T5140] Dev loop6: unable to read RDB block 0
[  107.299742][ T5140]  loop6: unable to read partition table
[  107.305672][ T5140] loop6: partition table beyond EOD, truncated
[  107.311913][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.509619][ T6200] vxcan1: tx drop: invalid sa for name 0x0000000000000005
[  107.564551][ T6199] GUP no longer grows the stack in syz.2.104 (6199): 200000063000-200000200000 (20000005f000)
[  107.608241][ T6199] CPU: 1 PID: 6199 Comm: syz.2.104 Not tainted syzkaller #0
[  107.615703][ T6199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  107.625844][ T6199] Call Trace:
[  107.629182][ T6199]  <TASK>
[  107.632155][ T6199]  dump_stack_lvl+0x18c/0x250
[  107.636904][ T6199]  ? show_regs_print_info+0x20/0x20
[  107.642157][ T6199]  ? load_image+0x400/0x400
[  107.646705][ T6199]  ? find_vma+0x134/0x1b0
[  107.651109][ T6199]  __get_user_pages+0xf0e/0x1380
[  107.656124][ T6199]  ? populate_vma_page_range+0x380/0x380
[  107.661839][ T6199]  get_user_pages_remote+0x3ea/0xbd0
[  107.667189][ T6199]  ? __might_sleep+0x40/0xe0
[  107.671854][ T6199]  ? get_dump_page+0x200/0x200
[  107.676709][ T6199]  __access_remote_vm+0x1fd/0x570
[  107.681784][ T6199]  ? asm_exc_page_fault+0x26/0x30
[  107.686863][ T6199]  ? generic_access_phys+0x650/0x650
[  107.692278][ T6199]  ? _copy_from_user+0xa1/0xe0
[  107.697104][ T6199]  ? rep_movs_alternative+0x4a/0x90
[  107.702382][ T6199]  proc_pid_cmdline_read+0x453/0x840
[  107.707773][ T6199]  ? schedule+0xc7/0x170
[  107.712102][ T6199]  ? comm_show+0x150/0x150
[  107.716579][ T6199]  ? common_file_perm+0x120/0x1f0
[  107.721667][ T6199]  ? fsnotify_perm+0x271/0x5e0
[  107.726491][ T6199]  do_iter_read+0x4fa/0xc90
[  107.731072][ T6199]  ? comm_show+0x150/0x150
[  107.735551][ T6199]  ? vfs_iter_read+0xa0/0xa0
[  107.740207][ T6199]  ? __import_iovec+0x5f2/0x850
[  107.745139][ T6199]  ? import_iovec+0x73/0xa0
[  107.749715][ T6199]  do_preadv+0x236/0x390
[  107.754031][ T6199]  ? do_writev+0x480/0x480
[  107.758538][ T6199]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  107.764592][ T6199]  ? lock_chain_count+0x20/0x20
[  107.769513][ T6199]  ? lockdep_hardirqs_on+0x98/0x150
[  107.774779][ T6199]  do_syscall_64+0x55/0xa0
[  107.779252][ T6199]  ? clear_bhb_loop+0x40/0x90
[  107.783986][ T6199]  ? clear_bhb_loop+0x40/0x90
[  107.788723][ T6199]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  107.794700][ T6199] RIP: 0033:0x7fa440f9c629
[  107.799165][ T6199] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  107.818833][ T6199] RSP: 002b:00007fa441e3e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  107.827319][ T6199] RAX: ffffffffffffffda RBX: 00007fa441215fa0 RCX: 00007fa440f9c629
[  107.835342][ T6199] RDX: 0000000000000001 RSI: 0000200000001200 RDI: 0000000000000003
[  107.843359][ T6199] RBP: 00007fa441032b39 R08: 0000000000006a76 R09: 0000000000000000
[  107.851388][ T6199] R10: 000000000000003f R11: 0000000000000246 R12: 0000000000000000
[  107.859406][ T6199] R13: 00007fa441216038 R14: 00007fa441215fa0 R15: 00007ffcdcfeddf8
[  107.867463][ T6199]  </TASK>
[  108.080574][ T6214] pim6reg1: entered promiscuous mode
[  108.085955][ T6214] pim6reg1: entered allmulticast mode
[  108.284414][ T6216] loop2: detected capacity change from 0 to 8192
[  108.452371][ T6225] team_slave_0: entered allmulticast mode
[  108.502510][ T6227] team_slave_0: entered promiscuous mode
[  108.730849][ T6232] loop0: detected capacity change from 0 to 2048
[  108.776806][ T6232] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.822499][ T6232] ext4 filesystem being mounted at /25/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.874650][ T6237] Bluetooth: MGMT ver 1.22
[  109.021439][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.252976][ T6239] loop1: detected capacity change from 0 to 32768
[  109.271358][ T6239] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.120 (6239)
[  109.297445][ T6239] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  109.307769][ T6239] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  109.316532][ T6239] BTRFS info (device loop1): force clearing of disk cache
[  109.323851][ T6239] BTRFS info (device loop1): enabling auto defrag
[  109.330373][ T6239] BTRFS info (device loop1): enabling ssd optimizations
[  109.337382][ T6239] BTRFS info (device loop1): setting nodatacow, compression disabled
[  109.346945][ T6239] BTRFS info (device loop1): enabling disk space caching
[  109.354066][ T6239] BTRFS info (device loop1): disk space caching is enabled
[  109.464841][ T6239] BTRFS info (device loop1): rebuilding free space tree
[  109.487532][ T6239] BTRFS info (device loop1): disabling free space tree
[  109.494842][ T6239] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  109.504617][ T6239] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  109.532074][ T6239] BTRFS info (device loop1): checking UUID tree
[  109.747763][ T6239] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  109.968367][ T6267] loop0: detected capacity change from 0 to 4096
[  110.022739][ T6267] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  110.248339][ T6267] ntfs3: loop0: Failed to initialize $Extend/$Reparse.
[  110.305013][ T6277] loop3: detected capacity change from 0 to 256
[  110.314341][ T6277] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  110.407232][ T6277] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  110.464486][ T6277] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  110.503468][ T6277] UDF-fs: Scanning with blocksize 512 failed
[  110.521801][ T6277] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  110.571985][ T6277] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  110.835680][ T6285] netlink: 9 bytes leftover after parsing attributes in process `syz.1.133'.
[  110.852209][ T6285] netlink: 9 bytes leftover after parsing attributes in process `syz.1.133'.
[  111.131185][ T6292] loop0: detected capacity change from 0 to 128
[  111.179123][ T6292] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  111.201087][ T6292] ext4 filesystem being mounted at /29/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  111.338086][   T23] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  111.451377][ T5769] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  111.533805][   T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  111.565462][   T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  111.595689][   T23] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  111.629260][   T23] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  111.648190][   T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  111.677853][   T23] usb 4-1: config 0 descriptor??
[  111.684480][ T6301] loop2: detected capacity change from 0 to 8192
[  112.133578][   T23] plantronics 0003:047F:FFFF.0005: unknown main item tag 0xd
[  112.170788][   T23] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving
[  112.210638][   T23] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  112.537030][ T5852] usb 4-1: USB disconnect, device number 2
[  112.738828][ T6332] loop2: detected capacity change from 0 to 4096
[  112.752914][ T6332] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[  112.859192][ T5820] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  113.058143][ T5820] usb 2-1: Using ep0 maxpacket: 16
[  113.072526][ T5820] usb 2-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  113.083460][ T5820] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  113.092414][ T5820] usb 2-1: Product: syz
[  113.108120][ T5820] usb 2-1: Manufacturer: syz
[  113.112784][ T5820] usb 2-1: SerialNumber: syz
[  113.131487][ T5820] usb 2-1: config 0 descriptor??
[  113.371775][   T23] usb 2-1: USB disconnect, device number 5
[  114.444464][ T6375] batadv_slave_0: entered promiscuous mode
[  114.458637][ T6374] batadv_slave_0: left promiscuous mode
[  114.628564][ T6369] loop3: detected capacity change from 0 to 32768
[  114.671466][ T6366] loop1: detected capacity change from 0 to 32768
[  114.746848][ T6369] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  114.790734][   T28] audit: type=1800 audit(1771482769.720:3): pid=6366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.167" name="file1" dev="loop1" ino=4 res=0 errno=0
[  114.833309][ T6364] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  114.833309][ T6364] 
[  114.850646][ T1190] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  114.870169][ T6364] ERROR: (device loop1): remounting filesystem as read-only
[  114.887877][ T6364] xtLookup: xtSearch returned -5
[  114.908429][ T6366] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  114.908429][ T6366] 
[  114.925503][ T6369] syz.3.166 (6369) used greatest stack depth: 19240 bytes left
[  114.933242][ T6366] xtLookup: xtSearch returned -5
[  114.955072][ T6366] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  114.955072][ T6366] 
[  114.979714][ T6366] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  114.979714][ T6366] 
[  114.995257][ T6366] xtLookup: xtSearch returned -5
[  115.000573][ T6366] ERROR: (device loop1): xtSearch: XT_GETPAGE: xtree page corrupt
[  115.000573][ T6366] 
[  115.022996][ T6383] loop0: detected capacity change from 0 to 128
[  115.049342][ T6383] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  115.061385][ T1190] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  115.089920][ T1190] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  115.095438][ T6383] hpfs: filesystem error: improperly stopped
[  115.112190][ T5773] ocfs2: Unmounting device (7,3) on (node local)
[  115.116140][ T1190] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  115.128660][ T6383] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  115.136472][ T6383] hpfs: You really don't want any checks? You are crazy...
[  115.162152][ T6383] hpfs: hpfs_map_sector(): read error
[  115.162262][ T1190] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.203193][ T1190] usb 3-1: config 0 descriptor??
[  115.208758][ T6383] hpfs: code page support is disabled
[  115.215351][ T6383] hpfs: hpfs_map_4sectors(): unaligned read
[  115.290676][ T6383] hpfs: hpfs_map_4sectors(): unaligned read
[  115.312013][ T6383] hpfs: filesystem error: unable to find root dir
[  115.657865][ T1190] cp2112 0003:10C4:EA90.0006: unknown main item tag 0x0
[  115.707695][ T1190] cp2112 0003:10C4:EA90.0006: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0
[  115.752430][   T28] audit: type=1326 audit(1771482770.690:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2039c629 code=0x7ffc0000
[  115.815477][   T28] audit: type=1326 audit(1771482770.690:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2039c629 code=0x7ffc0000
[  115.872267][ T1190] cp2112 0003:10C4:EA90.0006: Part Number: 0x82 Device Version: 0xFE
[  115.905206][   T28] audit: type=1326 audit(1771482770.690:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2039c629 code=0x7ffc0000
[  116.000532][   T28] audit: type=1326 audit(1771482770.690:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2039c629 code=0x7ffc0000
[  116.030267][   T28] audit: type=1326 audit(1771482770.720:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f5d2039c629 code=0x7ffc0000
[  116.112756][   T28] audit: type=1326 audit(1771482770.720:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2039c629 code=0x7ffc0000
[  116.160779][   T28] audit: type=1326 audit(1771482770.720:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2039c629 code=0x7ffc0000
[  116.212984][   T28] audit: type=1326 audit(1771482770.720:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5d2039c629 code=0x7ffc0000
[  116.235682][ T6399] netlink: 8 bytes leftover after parsing attributes in process `syz.1.179'.
[  116.247287][   T28] audit: type=1326 audit(1771482770.720:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6388 comm="syz.1.175" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f5d2039c629 code=0x7ffc0000
[  116.281118][ T1190] cp2112 0003:10C4:EA90.0006: error setting SMBus config
[  116.299816][ T1190] cp2112: probe of 0003:10C4:EA90.0006 failed with error -71
[  116.328371][ T1190] usb 3-1: USB disconnect, device number 2
[  116.952253][ T6422] netlink: 256 bytes leftover after parsing attributes in process `syz.2.187'.
[  117.713275][ T6447] netlink: 4 bytes leftover after parsing attributes in process `syz.2.198'.
[  117.923090][ T6451] loop1: detected capacity change from 0 to 2048
[  117.975477][ T6451] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  118.284513][ T6453] loop2: detected capacity change from 0 to 8192
[  118.318428][ T6453] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  118.335107][ T6453] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  118.345317][ T6453] REISERFS (device loop2): using ordered data mode
[  118.352752][ T6453] reiserfs: using flush barriers
[  118.381683][ T6453] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  118.418685][ T6453] REISERFS (device loop2): checking transaction log (loop2)
[  118.675778][ T6453] REISERFS (device loop2): Using tea hash to sort names
[  118.687448][ T6453] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  118.696751][ T6445] loop3: detected capacity change from 0 to 32768
[  118.713586][ T6445] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.197 (6445)
[  118.777567][ T6445] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  118.790575][ T6445] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  118.804522][ T6445] BTRFS info (device loop3): using free space tree
[  118.859676][ T6453] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 1) not found (pos 2)
[  118.936599][ T6445] BTRFS info (device loop3): enabling ssd optimizations
[  118.957701][ T6445] BTRFS info (device loop3): auto enabling async discard
[  119.348352][ T5773] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  120.104042][ T6502] loop1: detected capacity change from 0 to 256
[  120.276226][ T6502] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x204dac4c, utbl_chksum : 0xe619d30d)
[  120.637999][    C1] sched: RT throttling activated
[  120.839123][ T6497] loop3: detected capacity change from 0 to 131072
[  120.862706][ T6497] F2FS-fs (loop3): invalid crc value
[  120.904918][ T6497] F2FS-fs (loop3): Found nat_bits in checkpoint
[  120.965533][ T6511] netlink: 'syz.1.214': attribute type 6 has an invalid length.
[  120.976828][ T6497] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  121.006780][ T6497] F2FS-fs (loop3): lookup inode (7) has corrupted xattr
[  121.301181][ T6519] netlink: 'syz.2.216': attribute type 39 has an invalid length.
[  121.838538][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  122.048153][    T9] usb 1-1: Using ep0 maxpacket: 8
[  122.086957][    T9] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  122.119160][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  122.154419][    T9] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  122.186036][ T6541] syz.2.224 uses obsolete (PF_INET,SOCK_PACKET)
[  122.198326][    T9] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  122.240097][    T9] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  122.268179][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.310877][ T6543] loop1: detected capacity change from 0 to 1024
[  122.352024][ T6543] EXT4-fs: Ignoring removed nomblk_io_submit option
[  122.381376][ T6543] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  122.405524][ T6543] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  122.414364][ T6543] System zones: 0-1, 3-36
[  122.432771][ T6543] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.437197][ T6545] loop3: detected capacity change from 0 to 512
[  122.493278][ T6543] capability: warning: `syz.1.226' uses 32-bit capabilities (legacy support in use)
[  122.538946][    T9] usb 1-1: GET_CAPABILITIES returned 0
[  122.568946][    T9] usbtmc 1-1:16.0: can't read capabilities
[  122.586155][ T5776] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.792787][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.801976][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.811099][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.820237][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.832770][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.841930][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.851057][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.863141][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.872286][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.881422][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.896423][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.905559][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.914691][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.923810][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.934022][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.943138][    C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  122.962575][ T1190] usb 1-1: USB disconnect, device number 6
[  123.161708][ T6555] loop2: detected capacity change from 0 to 4096
[  123.215461][ T6559] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  123.240716][ T6555] ntfs3: loop2: ino=21, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" fiemap is not supported for compressed file (cp -r)
[  123.271895][    C0] vkms_vblank_simulate: vblank timer overrun
[  123.433129][ T6562] Illegal XDP return value 4294967294 on prog  (id 17) dev N/A, expect packet loss!
[  123.729984][ T6571] netlink: 8 bytes leftover after parsing attributes in process `syz.2.239'.
[  123.744713][ T6571] netlink: 'syz.2.239': attribute type 30 has an invalid length.
[  123.794703][ T6571] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  123.804264][ T6571] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  123.813104][ T6571] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  123.821935][ T6571] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  123.840451][ T6571] netlink: 8 bytes leftover after parsing attributes in process `syz.2.239'.
[  123.850675][ T6571] netlink: 'syz.2.239': attribute type 30 has an invalid length.
[  124.375547][ T6573] loop3: detected capacity change from 0 to 40427
[  124.388428][ T6573] F2FS-fs (loop3): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  124.401300][ T6573] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  124.424982][ T6573] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7
[  124.436266][ T6573] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff
[  124.447474][ T6573] F2FS-fs (loop3): Image doesn't support compression
[  124.466129][ T6573] F2FS-fs (loop3): invalid crc value
[  124.476907][ T6573] F2FS-fs (loop3): Found nat_bits in checkpoint
[  124.541318][ T6573] F2FS-fs (loop3): Start checkpoint disabled!
[  124.555741][ T6573] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  124.563301][ T6573] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  124.588595][   T28] kauditd_printk_skb: 25 callbacks suppressed
[  124.588609][   T28] audit: type=1800 audit(1771482779.530:38): pid=6573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.238" name="file2" dev="loop3" ino=10 res=0 errno=0
[  124.615008][    C0] vkms_vblank_simulate: vblank timer overrun
[  124.687066][ T6573] F2FS-fs (loop3): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x127/0xb50
[  124.703308][ T6573] syz.3.238: attempt to access beyond end of device
[  124.703308][ T6573] loop3: rw=2049, sector=45096, nr_sectors = 56 limit=40427
[  124.855013][  T986] kworker/u4:5: attempt to access beyond end of device
[  124.855013][  T986] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  124.888200][  T986] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  124.895623][  T986] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  125.078717][ T5820] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  125.300462][ T5820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  125.324032][ T5820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  125.336114][ T5820] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  125.350795][ T5820] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  125.360191][ T5820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.372110][ T5820] usb 2-1: config 0 descriptor??
[  125.598295][    T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  125.812668][ T5820] plantronics 0003:047F:FFFF.0007: unknown main item tag 0xd
[  125.821890][    T9] usb 4-1: Using ep0 maxpacket: 8
[  125.841667][    T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  125.858641][ T5820] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  125.866986][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  125.890105][ T5820] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  125.904700][    T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  125.919908][    T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  125.945875][    T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  125.955402][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.195295][ T5820] usb 2-1: USB disconnect, device number 6
[  126.225397][    T9] usb 4-1: GET_CAPABILITIES returned 0
[  126.242018][    T9] usbtmc 4-1:16.0: can't read capabilities
[  126.320224][ T6609] loop2: detected capacity change from 0 to 1024
[  126.360962][ T6609] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  126.449919][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.459130][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.468280][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.477427][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.486589][    C0] vkms_vblank_simulate: vblank timer overrun
[  126.495966][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.505134][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.514288][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.514673][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  126.523395][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.523436][    C0] vkms_vblank_simulate: vblank timer overrun
[  126.549034][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.558225][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.567413][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.576562][    C1] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.599538][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.608796][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.617932][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.627112][    C0] usbtmc 4-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  126.636303][    C0] vkms_vblank_simulate: vblank timer overrun
[  126.657097][ T1190] usb 4-1: USB disconnect, device number 3
[  126.738178][   T23] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  126.928155][   T23] usb 1-1: Using ep0 maxpacket: 8
[  126.938227][   T23] usb 1-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  126.947604][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.956959][   T23] usb 1-1: Product: syz
[  126.961909][   T23] usb 1-1: Manufacturer: syz
[  126.966587][   T23] usb 1-1: SerialNumber: syz
[  126.985379][   T23] usb 1-1: config 0 descriptor??
[  127.001066][   T23] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  127.138176][ T5833] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  127.340581][ T5833] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  127.350635][ T5833] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  127.364427][ T5833] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  127.375675][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.596842][ T5833] usb 2-1: usb_control_msg returned -32
[  127.602646][ T5833] usbtmc 2-1:16.0: can't read capabilities
[  128.017462][   T23] usb 1-1: USB disconnect, device number 7
[  128.185145][ T1190] usb 2-1: USB disconnect, device number 7
[  128.305814][ T6639] loop3: detected capacity change from 0 to 128
[  128.323975][ T6639] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  128.640521][ T2184] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  128.677432][ T2184] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  129.446876][ T6666] loop1: detected capacity change from 0 to 4096
[  129.520828][ T6672] loop3: detected capacity change from 0 to 1024
[  129.637371][   T28] audit: type=1800 audit(1771482784.570:39): pid=6672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.275" name="bus" dev="loop3" ino=26 res=0 errno=0
[  129.793689][   T12] hfsplus: b-tree write err: -5, ino 4
[  129.972539][ T6682] loop3: detected capacity change from 0 to 512
[  130.002109][ T6682] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  130.262488][ T6692] netlink: 'syz.0.283': attribute type 39 has an invalid length.
[  130.753352][ T6706] loop2: detected capacity change from 0 to 256
[  131.171268][ T6717] netlink: 20 bytes leftover after parsing attributes in process `syz.3.294'.
[  131.432549][ T6724] mmap: syz.0.296 (6724) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  131.635814][ T6731] netlink: 16 bytes leftover after parsing attributes in process `syz.1.308'.
[  132.165153][ T6746] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  132.295036][ T2184] libceph: connect (1)[c::]:6789 error -101
[  132.301395][ T2184] libceph: mon0 (1)[c::]:6789 connect error
[  132.336228][ T6749] ceph: No mds server is up or the cluster is laggy
[  133.191565][ T6779] loop3: detected capacity change from 0 to 128
[  133.228233][ T6779] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  133.249500][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  133.256946][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  133.280816][ T6779] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  133.321892][ T6783] netlink: 'syz.2.321': attribute type 10 has an invalid length.
[  133.382278][ T6783] 8021q: adding VLAN 0 to HW filter on device batadv0
[  133.450635][ T6783] bond0: (slave batadv0): Enslaving as an active interface with an up link
[  133.588974][ T6783] bond0: entered promiscuous mode
[  133.594086][ T6783] bond_slave_0: entered promiscuous mode
[  133.620319][ T6783] bond_slave_1: entered promiscuous mode
[  133.626194][ T6783] batadv0: entered promiscuous mode
[  133.765661][ T6793] loop1: detected capacity change from 0 to 512
[  133.826958][ T6793] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  133.879845][ T6793] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  133.927132][ T6793] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  133.967091][ T6793] System zones: 1-12
[  134.020942][ T6793] EXT4-fs (loop1): 1 truncate cleaned up
[  134.027937][ T6793] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  134.307871][ T5776] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.439224][ T6814] loop2: detected capacity change from 0 to 512
[  134.470486][ T6814] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  134.824087][ T6820] loop3: detected capacity change from 0 to 2048
[  134.835568][ T6823] loop5: detected capacity change from 0 to 7
[  134.877904][ T6823]  loop5: [POWERTEC] p1 p2
[  134.887548][ T6820] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  134.898372][ T6823] loop5: p1 size 4294901760 extends beyond EOD, truncated
[  134.918466][ T6823] loop5: p2 size 4294901760 extends beyond EOD, truncated
[  134.957688][ T6820] overlayfs: upper fs needs to support d_type.
[  135.005058][ T6820] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  135.029515][ T6820] overlayfs: failed to set xattr on upper
[  135.078286][ T6820] overlayfs: ...falling back to redirect_dir=nofollow.
[  135.101878][ T5966] udevd[5966]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[  135.106471][ T6820] overlayfs: ...falling back to index=off.
[  135.129425][ T6084] udevd[6084]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory
[  135.150880][ T6820] overlayfs: ...falling back to uuid=null.
[  135.308039][ T5773] UDF-fs: error (device loop3): udf_read_inode: (ino 1410) failed !bh
[  135.334083][ T5773] UDF-fs: error (device loop3): udf_read_inode: (ino 1410) failed !bh
[  135.528216][   T23] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  135.701793][ T6844] delete_channel: no stack
[  135.711227][   T23] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  135.733207][   T23] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  135.760521][ T5852] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  135.795337][   T23] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  135.824268][   T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.850887][ T6833] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  135.859973][   T42] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  135.906627][   T23] usb 3-1: Quirk or no altest; falling back to MIDI 1.0
[  135.979704][ T5852] usb 1-1: Using ep0 maxpacket: 32
[  136.009005][ T5852] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  136.014386][   T42] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.027867][ T5852] usb 1-1: config 0 has no interface number 0
[  136.028639][ T5852] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  136.086066][ T5852] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  136.123578][ T5852] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.154326][ T5852] usb 1-1: Product: syz
[  136.188114][ T5852] usb 1-1: Manufacturer: syz
[  136.204980][   T42] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.219399][ T5852] usb 1-1: SerialNumber: syz
[  136.234170][ T5852] usb 1-1: config 0 descriptor??
[  136.272332][ T5852] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  136.301690][ T5852] em28xx 1-1:0.132: Video interface 132 found:
[  136.312933][   T23] usb 3-1: USB disconnect, device number 3
[  136.412458][ T6848] af_packet: tpacket_rcv: packet too big, clamped from 32 to 4294967272. macoff=96
[  136.423775][   T42] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  136.667838][ T5852] em28xx 1-1:0.132: unknown em28xx chip ID (0)
[  137.098724][ T5852] em28xx 1-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[  137.135386][ T5852] em28xx 1-1:0.132: board has no eeprom
[  137.222422][ T5085] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  137.228167][ T5852] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  137.250005][ T5085] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  137.261617][ T5085] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  137.280074][ T5085] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  137.288965][ T5085] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  137.291459][ T5852] em28xx 1-1:0.132: analog set to bulk mode.
[  137.303093][ T5085] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  137.360602][   T23] em28xx 1-1:0.132: Registering V4L2 extension
[  137.397682][ T5852] usb 1-1: USB disconnect, device number 8
[  137.436858][ T5852] em28xx 1-1:0.132: Disconnecting em28xx
[  137.742450][   T23] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[  137.765896][ T6874] loop2: detected capacity change from 0 to 4096
[  137.772596][   T23] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[  137.809574][   T23] em28xx 1-1:0.132: No AC97 audio processor
[  137.865881][   T23] usb 1-1: Decoder not found
[  137.883434][   T23] em28xx 1-1:0.132: failed to create media graph
[  137.917912][   T23] em28xx 1-1:0.132: V4L2 device video103 deregistered
[  137.941683][ T6883] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  137.984134][   T23] em28xx 1-1:0.132: Remote control support is not available for this card.
[  138.016500][ T5852] em28xx 1-1:0.132: Closing input extension
[  138.124362][ T5852] em28xx 1-1:0.132: Freeing device
[  138.647564][ T6862] chnl_net:caif_netlink_parms(): no params data found
[  138.897924][ T6879] loop1: detected capacity change from 0 to 40427
[  138.931184][ T6879] F2FS-fs (loop1): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  138.958677][ T6879] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  138.974094][ T6879] F2FS-fs (loop1): build fault injection attr: rate: 0, type: 0x35f7
[  138.992633][ T6879] F2FS-fs (loop1): build fault injection attr: rate: 690, type: 0x7ffff
[  139.022878][ T6879] F2FS-fs (loop1): Image doesn't support compression
[  139.055991][ T6879] F2FS-fs (loop1): invalid crc value
[  139.118101][ T6879] F2FS-fs (loop1): Found nat_bits in checkpoint
[  139.395317][ T6879] F2FS-fs (loop1): Start checkpoint disabled!
[  139.407271][ T5779] Bluetooth: hci1: command tx timeout
[  139.443621][ T6879] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  139.460360][ T6879] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  139.474562][ T6862] bridge0: port 1(bridge_slave_0) entered blocking state
[  139.492402][ T6862] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.506281][ T6862] bridge_slave_0: entered allmulticast mode
[  139.520618][ T6862] bridge_slave_0: entered promiscuous mode
[  139.546039][   T28] audit: type=1800 audit(1771482794.480:40): pid=6879 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.359" name="file2" dev="loop1" ino=10 res=0 errno=0
[  139.586973][ T6862] bridge0: port 2(bridge_slave_1) entered blocking state
[  139.638912][ T6862] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.661189][ T6862] bridge_slave_1: entered allmulticast mode
[  139.678600][ T6862] bridge_slave_1: entered promiscuous mode
[  139.710170][   T42] hsr_slave_0: left promiscuous mode
[  139.733408][   T42] hsr_slave_1: left promiscuous mode
[  139.798655][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  139.806209][   T42] batman_adv: batadv0: Removing interface: batadv_slave_0
[  139.855886][ T6879] F2FS-fs (loop1): inject no more block in inc_valid_block_count of f2fs_reserve_new_blocks+0x127/0xb50
[  139.872980][   T42] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  139.881520][   T42] batman_adv: batadv0: Removing interface: batadv_slave_1
[  139.889832][ T6879] syz.1.359: attempt to access beyond end of device
[  139.889832][ T6879] loop1: rw=2049, sector=45096, nr_sectors = 56 limit=40427
[  139.908869][   T42] bridge_slave_1: left allmulticast mode
[  139.914585][   T42] bridge_slave_1: left promiscuous mode
[  139.930742][   T42] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.951118][ T6925] loop2: detected capacity change from 0 to 512
[  139.970147][   T42] bridge_slave_0: left allmulticast mode
[  139.975938][   T42] bridge_slave_0: left promiscuous mode
[  140.028253][   T42] bridge0: port 1(bridge_slave_0) entered disabled state
[  140.077368][   T28] audit: type=1800 audit(1771482795.010:41): pid=6925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.365" name="file2" dev="loop2" ino=1048599 res=0 errno=0
[  140.131886][ T6925] FAT-fs (loop2): error, corrupted file size (i_pos 51, 2896)
[  140.160289][ T6925] FAT-fs (loop2): Filesystem has been set read-only
[  140.169731][   T42] veth1_macvtap: left promiscuous mode
[  140.175906][   T42] veth0_macvtap: left promiscuous mode
[  140.199734][   T42] veth1_vlan: left promiscuous mode
[  140.205439][   T42] veth0_vlan: left promiscuous mode
[  140.273840][ T1134] kworker/u4:8: attempt to access beyond end of device
[  140.273840][ T1134] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  140.316548][ T1134] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  140.337010][ T1134] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  141.350634][   T42] team0 (unregistering): Port device team_slave_1 removed
[  141.410673][   T42] team0 (unregistering): Port device team_slave_0 removed
[  141.461480][   T42] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  141.486050][ T5779] Bluetooth: hci1: command tx timeout
[  141.526959][   T42] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  141.911713][   T42] bond0 (unregistering): Released all slaves
[  142.126543][ T6862] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  142.165978][ T6862] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  142.344178][ T6862] team0: Port device team_slave_0 added
[  142.367408][ T6862] team0: Port device team_slave_1 added
[  142.456914][ T6862] batman_adv: batadv0: Adding interface: batadv_slave_0
[  142.466155][ T6862] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.547443][ T6862] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  142.578254][ T5852] usb 3-1: new full-speed USB device number 4 using dummy_hcd
[  142.598803][ T6862] batman_adv: batadv0: Adding interface: batadv_slave_1
[  142.605808][ T6862] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  142.641777][ T6862] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  142.789547][ T6862] hsr_slave_0: entered promiscuous mode
[  142.793948][ T5852] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  142.814176][ T6862] hsr_slave_1: entered promiscuous mode
[  142.837009][ T6862] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  142.839146][ T5852] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  142.875500][ T6862] Cannot create hsr debugfs directory
[  142.908669][ T5852] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.940177][ T5852] usb 3-1: config 0 descriptor??
[  142.946273][ T6945] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  143.426113][ T5852] elan 0003:04F3:0755.0009: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[  143.562189][ T5779] Bluetooth: hci1: command tx timeout
[  143.666184][ T5833] usb 3-1: USB disconnect, device number 4
[  143.786465][ T6862] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  143.827148][ T6862] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  143.855417][ T6862] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  143.901850][ T6862] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  144.104535][ T6862] 8021q: adding VLAN 0 to HW filter on device bond0
[  144.166107][ T6862] 8021q: adding VLAN 0 to HW filter on device team0
[  144.216938][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  144.225170][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  144.270515][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  144.277719][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  144.385669][ T6862] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  144.429804][ T7002] Invalid argument reading file caps for ./file0
[  145.057434][ T6862] 8021q: adding VLAN 0 to HW filter on device batadv0
[  145.457357][ T7033] ALSA: mixer_oss: invalid OSS volume ''
[  145.638877][ T5779] Bluetooth: hci1: command tx timeout
[  146.108845][ T5852] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  146.355043][ T5852] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  146.384252][ T5852] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  146.457784][ T5852] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  146.492634][ T5852] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  146.588080][ T5852] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  146.643685][ T6862] veth0_vlan: entered promiscuous mode
[  146.677869][ T5852] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  146.720612][ T5852] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  146.738739][ T6862] veth1_vlan: entered promiscuous mode
[  146.781340][ T5852] usb 3-1: Product: syz
[  146.800286][ T5852] usb 3-1: Manufacturer: syz
[  146.842269][ T5852] cdc_wdm 3-1:1.0: skipping garbage
[  146.897820][ T6862] veth0_macvtap: entered promiscuous mode
[  146.907618][ T5852] cdc_wdm 3-1:1.0: skipping garbage
[  146.924220][ T6862] veth1_macvtap: entered promiscuous mode
[  146.928755][ T5852] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  146.935976][ T5852] cdc_wdm 3-1:1.0: Unknown control protocol
[  147.000617][ T6862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.036643][ T6862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.058047][ T6862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.088716][ T6862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.120107][ T6862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  147.142344][ T6862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.172521][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  147.179433][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  147.185859][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  147.192528][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  147.199054][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  147.205711][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  147.212047][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  147.218690][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  147.225247][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  147.231910][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  147.241157][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  147.247833][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  147.254155][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  147.260801][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  147.267222][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  147.273858][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  147.280189][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  147.284481][ T6862] batman_adv: batadv0: Interface activated: batadv_slave_0
[  147.286810][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  147.301173][    C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71
[  147.307957][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  147.342329][    C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  147.351241][ T2184] usb 3-1: USB disconnect, device number 5
[  147.386414][ T6862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.409932][ T6862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.428910][ T6862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.462207][ T6862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.473772][ T6862] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  147.490060][ T6862] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  147.504708][ T6862] batman_adv: batadv0: Interface activated: batadv_slave_1
[  147.521300][ T6862] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  147.531147][ T6862] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  147.541508][ T6862] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  147.550970][ T6862] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  147.813674][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.852632][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  147.874333][ T7071] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  147.947851][ T1133] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  147.984305][ T1133] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  148.297364][ T7077] loop1: detected capacity change from 0 to 4096
[  148.401663][ T7086] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  148.531367][ T5852] kernel write not supported for file /240/attr/exec (pid: 5852 comm: kworker/1:4)
[  149.462981][ T7113] loop2: detected capacity change from 0 to 256
[  149.596552][ T7113] FAT-fs (loop2): Directory bread(block 64) failed
[  149.628319][ T7113] FAT-fs (loop2): Directory bread(block 65) failed
[  149.635031][ T7113] FAT-fs (loop2): Directory bread(block 66) failed
[  149.671073][ T7113] FAT-fs (loop2): Directory bread(block 67) failed
[  149.677778][ T7113] FAT-fs (loop2): Directory bread(block 68) failed
[  149.728601][ T7113] FAT-fs (loop2): Directory bread(block 69) failed
[  149.735306][ T7113] FAT-fs (loop2): Directory bread(block 70) failed
[  149.767695][ T7095] loop4: detected capacity change from 0 to 32768
[  149.774676][ T7113] FAT-fs (loop2): Directory bread(block 71) failed
[  149.789424][ T7113] FAT-fs (loop2): Directory bread(block 72) failed
[  149.796020][ T7113] FAT-fs (loop2): Directory bread(block 73) failed
[  149.952069][ T7095] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  150.157658][ T7095] XFS (loop4): Ending clean mount
[  150.421485][   T28] audit: type=1804 audit(1771482805.360:42): pid=7095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.409" name="/newroot/1/file1/file1" dev="loop4" ino=4422 res=1 errno=0
[  150.501258][ T7140] loop2: detected capacity change from 0 to 2048
[  150.599831][ T6862] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  150.629474][ T7140] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  150.688540][ T7140] ext4 filesystem being mounted at /105/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.937206][ T7140] overlayfs: Failed to create volatile/dirty file.
[  151.102064][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  151.160661][ T7155] syzkaller1: entered promiscuous mode
[  151.166207][ T7155] syzkaller1: entered allmulticast mode
[  151.378606][ T7162] vlan2: entered allmulticast mode
[  151.389110][ T7162] vlan1: entered allmulticast mode
[  151.402522][ T7162] veth0_vlan: entered allmulticast mode
[  151.432556][ T7162] bridge0: port 3(vlan2) entered blocking state
[  151.440064][ T7162] bridge0: port 3(vlan2) entered disabled state
[  151.448791][ T7162] vlan2: entered promiscuous mode
[  151.454045][ T7162] vlan1: entered promiscuous mode
[  151.461635][ T7162] bridge0: port 3(vlan2) entered blocking state
[  151.469546][ T7162] bridge0: port 3(vlan2) entered forwarding state
[  152.802485][ T7181] loop2: detected capacity change from 0 to 40427
[  152.821130][ T7181] F2FS-fs (loop2): invalid crc value
[  152.864727][ T7181] F2FS-fs (loop2): Found nat_bits in checkpoint
[  153.036383][ T7181] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  153.354382][ T5775] syz-executor: attempt to access beyond end of device
[  153.354382][ T5775] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  153.387654][ T5775] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  153.398672][ T5779] Bluetooth: hci0: command 0x0401 tx timeout
[  153.573905][ T7231] bond0: entered promiscuous mode
[  153.589943][ T7231] bond_slave_0: entered promiscuous mode
[  153.595853][ T7231] bond_slave_1: entered promiscuous mode
[  154.300063][ T5852] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  154.355728][ T7249] loop2: detected capacity change from 0 to 47
[  154.530778][ T5852] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  154.559008][ T5852] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  154.578209][ T5852] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  154.587245][ T5852] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  154.607266][ T5852] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  154.655011][ T5852] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  154.676030][ T5852] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  154.700725][ T5852] usb 5-1: Product: syz
[  154.705351][ T5852] usb 5-1: Manufacturer: syz
[  154.724652][ T5852] cdc_wdm 5-1:1.0: skipping garbage
[  154.745262][ T5852] cdc_wdm 5-1:1.0: skipping garbage
[  154.760024][ T5852] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  154.766000][ T5852] cdc_wdm 5-1:1.0: Unknown control protocol
[  154.990402][    C1] wdm_int_callback: 124 callbacks suppressed
[  154.990427][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  155.003189][    C1] wdm_int_callback: 124 callbacks suppressed
[  155.003207][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  155.016512][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  155.023165][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  155.029885][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  155.036546][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  155.042899][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  155.049524][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  155.055847][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  155.062491][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  155.069176][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  155.075823][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  155.082523][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  155.089201][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  155.095543][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  155.102189][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  155.108600][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  155.115268][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  155.121937][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  155.128588][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  155.137146][ T5852] usb 5-1: USB disconnect, device number 2
[  155.143061][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  155.229463][ T7260] loop1: detected capacity change from 0 to 4096
[  155.806782][ T7278] batman_adv: batadv0: Adding interface: gretap1
[  155.818059][ T7278] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  155.851562][ T7278] batman_adv: batadv0: Interface activated: gretap1
[  156.199367][ T7291] loop2: detected capacity change from 0 to 4096
[  156.276793][ T7290] loop1: detected capacity change from 0 to 4096
[  156.313137][ T7296] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  156.447354][ T7291] NILFS (loop2): error -2 reading inode: ino=51539607560
[  156.728866][    T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  156.763825][ T7307] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  156.948626][    T9] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  156.974570][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.998402][    T9] usb 1-1: config 0 descriptor??
[  157.011632][ T7309] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  157.027188][    T9] cp210x 1-1:0.0: cp210x converter detected
[  157.318324][ T5833] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  157.439754][    T9] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32
[  157.524441][ T5833] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  157.545714][ T5833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  157.570578][ T5833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  157.592087][ T5833] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  157.619957][ T5833] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  157.633856][ T5833] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  157.649145][ T5833] usb 3-1: Manufacturer: syz
[  157.670189][ T5833] usb 3-1: config 0 descriptor??
[  157.676072][    T9] usb 1-1: cp210x converter now attached to ttyUSB0
[  157.873062][    T9] usb 1-1: USB disconnect, device number 9
[  157.924049][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  157.960525][    T9] cp210x 1-1:0.0: device disconnected
[  158.119650][ T5833] appleir 0003:05AC:8243.000A: unknown main item tag 0x0
[  158.144385][ T5833] appleir 0003:05AC:8243.000A: No inputs registered, leaving
[  158.213313][ T5833] appleir 0003:05AC:8243.000A: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0
[  158.483428][    T9] usb 3-1: USB disconnect, device number 6
[  158.685024][ T7337] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[  159.624228][ T5833] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  159.643447][ T7354] loop2: detected capacity change from 0 to 164
[  159.692760][ T7354] Unable to read rock-ridge attributes
[  159.714706][ T7354] Unable to read rock-ridge attributes
[  159.828093][ T5833] usb 2-1: Using ep0 maxpacket: 16
[  159.867922][ T5833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  159.943520][ T5833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  159.992844][ T5833] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  160.066435][ T5833] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  160.106406][ T5833] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.155228][ T5833] usb 2-1: config 0 descriptor??
[  160.608162][   T23] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  160.623708][ T5833] input: HID 05ac:8241 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:05AC:8241.000B/input/input8
[  160.746177][ T5833] appleir 0003:05AC:8241.000B: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0
[  160.820898][ T5833] usb 2-1: USB disconnect, device number 8
[  160.837053][   T23] usb 5-1: Using ep0 maxpacket: 16
[  160.846229][   T23] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  160.864556][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.916284][   T23] usb 5-1: config 0 descriptor??
[  160.943754][   T23] gspca_main: sonixj-2.14.0 probing 0471:0327
[  160.979014][ T7371] fido_id[7371]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  161.944435][   T23] gspca_sonixj: reg_w1 err -71
[  161.949425][ T5833] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  161.988303][   T23] sonixj: probe of 5-1:0.0 failed with error -71
[  161.997094][   T23] usb 5-1: USB disconnect, device number 3
[  162.152247][ T5833] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  162.161651][ T5833] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.170176][ T5833] usb 2-1: Product: syz
[  162.174543][ T5833] usb 2-1: Manufacturer: syz
[  162.179953][ T5833] usb 2-1: SerialNumber: syz
[  162.186658][ T5833] usb 2-1: config 0 descriptor??
[  162.195857][ T5833] hub 2-1:0.0: bad descriptor, ignoring hub
[  162.202149][ T5833] hub: probe of 2-1:0.0 failed with error -5
[  162.404199][ T5833] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  162.417320][ T5833] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  162.429240][ T5833] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  162.439916][ T5833] usb 2-1: media controller created
[  162.470730][ T5833] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  162.613346][ T7400] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  162.622121][ T5833] DVB: Unable to find symbol dib7000p_attach()
[  162.628711][ T5833] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  162.858741][ T5833] rc_core: IR keymap rc-dib0700-rc5 not found
[  162.875127][ T5833] Registered IR keymap rc-empty
[  162.888810][ T5833] dvb-usb: could not initialize remote control.
[  162.908120][ T5833] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  163.246475][ T7416] syzkaller1: entered promiscuous mode
[  163.258228][ T7416] syzkaller1: entered allmulticast mode
[  163.772799][ T7428] netlink: 104 bytes leftover after parsing attributes in process `syz.4.518'.
[  164.168521][   T27] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  164.371386][   T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  164.418110][   T27] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  164.427236][   T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  164.472210][   T27] usb 3-1: config 0 descriptor??
[  164.496103][ T7433] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  164.553882][ T7456] loop4: detected capacity change from 0 to 256
[  164.698462][ T7456] FAT-fs (loop4): Directory bread(block 64) failed
[  164.744120][ T7456] FAT-fs (loop4): Directory bread(block 65) failed
[  164.762879][ T7456] FAT-fs (loop4): Directory bread(block 66) failed
[  164.779960][ T7456] FAT-fs (loop4): Directory bread(block 67) failed
[  164.805603][ T7456] FAT-fs (loop4): Directory bread(block 68) failed
[  164.834108][ T7456] FAT-fs (loop4): Directory bread(block 69) failed
[  164.863272][ T7456] FAT-fs (loop4): Directory bread(block 70) failed
[  164.876224][ T7456] FAT-fs (loop4): Directory bread(block 71) failed
[  164.884733][ T7456] FAT-fs (loop4): Directory bread(block 72) failed
[  164.898297][ T7456] FAT-fs (loop4): Directory bread(block 73) failed
[  165.001582][   T27] elan 0003:04F3:0755.000C: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[  165.322028][   T23] usb 3-1: USB disconnect, device number 7
[  166.935658][ T5820] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  167.142987][ T5820] usb 5-1: Using ep0 maxpacket: 32
[  167.159977][ T5820] usb 5-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 140, changing to 11
[  167.236728][ T5820] usb 5-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  167.260123][ T5820] usb 5-1: config 0 interface 0 has no altsetting 0
[  167.267019][ T5820] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  167.321610][ T5820] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.378239][ T5820] usb 5-1: config 0 descriptor??
[  167.835651][ T5820] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  167.848160][ T5820] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  167.858940][ T5820] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  167.866877][ T5820] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  167.905211][ T5820] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  167.935657][ T5820] hid-thrustmaster 0003:044F:B65D.000D: hidraw0: USB HID v4.06 Device [HID 044f:b65d] on usb-dummy_hcd.4-1/input0
[  167.979639][ T5820] hid-thrustmaster 0003:044F:B65D.000D: Wrong number of endpoints?
[  168.124148][    C0] hid-thrustmaster 0003:044F:B65D.000D: Unknown packet type 0x0, unable to proceed further with wheel init
[  168.155301][ T5833] usb 2-1: USB disconnect, device number 9
[  168.291099][ T5833] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  168.338637][ T5820] usb 5-1: USB disconnect, device number 4
[  169.352870][ T7538] binder: 7537:7538 ioctl c0306201 0 returned -14
[  169.487121][ T7543] loop1: detected capacity change from 0 to 512
[  169.672135][ T7543] FAT-fs (loop1): error, corrupted directory (invalid entries)
[  170.193481][ T5833] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  170.429363][ T5833] usb 5-1: Using ep0 maxpacket: 16
[  170.448449][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  170.472519][ T5833] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  170.513334][ T5833] usb 5-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  170.593980][ T5833] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.643138][ T5833] usb 5-1: config 0 descriptor??
[  170.967188][ T7560] loop2: detected capacity change from 0 to 1764
[  171.127862][ T5833] hid-picolcd 0003:04D8:F002.000E: unknown main item tag 0x0
[  171.184409][ T5833] hid-picolcd 0003:04D8:F002.000E: unknown main item tag 0x0
[  171.224194][ T5833] hid-picolcd 0003:04D8:F002.000E: item fetching failed at offset 2/11
[  171.234319][ T7560]  nullb0: [CUMANA/ADFS] p1 [Linux] p2 < >
[  171.241919][ T7553] loop1: detected capacity change from 0 to 131072
[  171.290172][ T5833] hid-picolcd 0003:04D8:F002.000E: device report parse failed
[  171.360139][ T5833] hid-picolcd: probe of 0003:04D8:F002.000E failed with error -22
[  171.396699][ T7553] XFS (loop1): Mounting V5 Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  171.429831][ T5833] usb 5-1: USB disconnect, device number 5
[  171.599125][ T7553] XFS (loop1): Starting recovery (logdev: internal)
[  171.685202][ T7553] XFS (loop1): Ending recovery (logdev: internal)
[  171.899278][ T7553] XFS (loop1): EXPERIMENTAL online shrink feature in use. Use at your own risk!
[  172.088486][ T5776] XFS (loop1): Unmounting Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  172.764885][ T7599] loop4: detected capacity change from 0 to 512
[  172.863380][ T7599] FAT-fs (loop4): error, corrupted directory (invalid entries)
[  173.244153][ T7463] Set syz1 is full, maxelem 65536 reached
[  173.519533][ T7612] binder: 7611:7612 ioctl c0306201 200000000100 returned -14
[  174.229300][ T7627] input: syz0 as /devices/virtual/input/input10
[  174.259378][ T7627] input: failed to attach handler leds to device input10, error: -6
[  175.082990][ T7655] netlink: 64 bytes leftover after parsing attributes in process `syz.4.567'.
[  176.598413][    T9] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  176.795568][ T7702] netlink: 'syz.2.582': attribute type 20 has an invalid length.
[  176.814969][    T9] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  176.838109][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.877088][    T9] usb 2-1: config 0 descriptor??
[  176.889306][    T9] gspca_main: cpia1-2.14.0 probing 0813:0001
[  177.313123][    T9] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  177.463931][ T7709] loop2: detected capacity change from 0 to 32768
[  177.474397][ T7709] (syz.2.585,7709,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  177.499957][ T7709] (syz.2.585,7709,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  177.561664][ T7709] JBD2: Ignoring recovery information on journal
[  177.614562][ T7709] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  177.699352][ T2184] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  177.735630][    T9] cpia1 2-1:0.0: only firmware version 1 is supported (got: 0)
[  177.744450][ T7721] 9pnet: p9_errstr2errno: server reported unknown error �0x0000000000000004
[  177.928476][ T2184] usb 5-1: Using ep0 maxpacket: 16
[  177.940058][ T2184] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  177.957315][ T2184] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  177.976751][ T5833] usb 2-1: USB disconnect, device number 10
[  177.983557][ T2184] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  178.003658][ T2184] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  178.013893][ T5775] ocfs2: Unmounting device (7,2) on (node local)
[  178.044049][ T2184] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  178.077839][ T2184] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  178.102871][ T2184] usb 5-1: SerialNumber: syz
[  178.141489][ T2184] hub 5-1:1.0: bad descriptor, ignoring hub
[  178.147477][ T2184] hub: probe of 5-1:1.0 failed with error -5
[  178.172819][ T2184] cdc_ether: probe of 5-1:1.0 failed with error -22
[  178.575811][ T7711] raw-gadget.1 gadget.4: fail, usb_ep_set_wedge returned -11
[  178.708468][ T2184] usb 5-1: USB disconnect, device number 6
[  178.975930][ T7737] loop1: detected capacity change from 0 to 2048
[  179.001973][ T7737] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  179.018966][ T7737] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  179.738206][    T9] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  179.847393][ T7743] loop4: detected capacity change from 0 to 40427
[  179.858327][ T7743] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  179.868176][ T7743] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  179.884489][ T7743] F2FS-fs (loop4): invalid crc value
[  179.901694][ T7743] F2FS-fs (loop4): Found nat_bits in checkpoint
[  179.932981][    T9] usb 1-1: config index 0 descriptor too short (expected 39, got 27)
[  179.956521][    T9] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  179.968935][ T7743] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  179.979762][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  179.988198][ T7743] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  180.002209][    T9] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  180.016638][    T9] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  180.026458][    T9] usb 1-1: Product: syz
[  180.034421][    T9] usb 1-1: Manufacturer: syz
[  180.040948][    T9] usb 1-1: SerialNumber: syz
[  180.054458][    T9] usb 1-1: config 0 descriptor??
[  180.072638][    T9] hub 1-1:0.0: bad descriptor, ignoring hub
[  180.080897][    T9] hub: probe of 1-1:0.0 failed with error -5
[  180.112709][    T9] usb 1-1: selecting invalid altsetting 0
[  180.119127][ T2184] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  180.308226][ T2184] usb 2-1: Using ep0 maxpacket: 8
[  180.321603][ T2184] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  180.357566][ T2184] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  180.378153][ T2184] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  180.400431][ T2184] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  180.414565][   T28] audit: type=1326 audit(1771482835.360:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7752 comm="syz.2.605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa440f9c629 code=0x7fc00000
[  180.415092][ T2184] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  180.452708][ T2184] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  180.647014][ T7769] loop2: detected capacity change from 0 to 128
[  180.692567][ T7769] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  180.693898][ T2184] usb 2-1: GET_CAPABILITIES returned 0
[  180.710097][ T7769] hpfs: filesystem error: improperly stopped
[  180.716313][ T7769] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  180.724435][ T7769] hpfs: You really don't want any checks? You are crazy...
[  180.735037][ T2184] usbtmc 2-1:16.0: can't read capabilities
[  180.760645][ T7769] hpfs: hpfs_map_sector(): read error
[  180.779898][ T7769] hpfs: code page support is disabled
[  180.785740][ T7769] hpfs: hpfs_map_4sectors(): unaligned read
[  180.800454][ T7769] hpfs: hpfs_map_4sectors(): unaligned read
[  180.806543][ T7769] hpfs: filesystem error: unable to find root dir
[  180.900403][ T7751] usb 1-1: reset high-speed USB device number 10 using dummy_hcd
[  180.947656][ T7771] input: syz1 as /devices/virtual/input/input11
[  180.959557][ T2184] usb 2-1: USB disconnect, device number 11
[  181.124581][ T7751] usb 1-1: device firmware changed
[  181.145359][ T5820] usb 1-1: USB disconnect, device number 10
[  181.368350][ T5820] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  181.417691][ T7783] loop2: detected capacity change from 0 to 8192
[  181.429636][ T7783] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  181.590553][ T5820] usb 1-1: config index 0 descriptor too short (expected 39, got 27)
[  181.609247][ T5820] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  181.619283][  T787] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  181.652560][ T5820] usb 1-1: config 0 interface 0 has no altsetting 0
[  181.672352][ T5820] usb 1-1: string descriptor 0 read error: -22
[  181.688885][ T5820] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  181.708671][ T5820] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  181.746256][ T5820] usb 1-1: config 0 descriptor??
[  181.764520][ T5820] hub 1-1:0.0: bad descriptor, ignoring hub
[  181.778504][ T5820] hub: probe of 1-1:0.0 failed with error -5
[  181.800015][ T5820] usb 1-1: selecting invalid altsetting 0
[  181.812579][ T7789] vivid-000: disconnect
[  181.820081][ T7788] vivid-000: reconnect
[  181.839052][  T787] usb 5-1: Using ep0 maxpacket: 8
[  181.859114][  T787] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  181.870985][  T787] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  181.885174][  T787] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  181.895733][  T787] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  181.909943][  T787] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  181.919817][  T787] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.045155][ T5820] usb 1-1: USB disconnect, device number 11
[  182.144855][ T7793] vivid-000: disconnect
[  182.157583][ T7793] vivid-000: reconnect
[  182.213558][  T787] usb 5-1: GET_CAPABILITIES returned 0
[  182.223335][  T787] usbtmc 5-1:16.0: can't read capabilities
[  182.451492][ T5820] usb 5-1: USB disconnect, device number 7
[  182.569986][ T7796] loop1: detected capacity change from 0 to 32768
[  182.586052][ T7796] (syz.1.622,7796,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  182.601004][ T2184] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  182.612208][ T7796] (syz.1.622,7796,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  182.645642][ T7796] JBD2: Ignoring recovery information on journal
[  182.693907][ T7796] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  182.808345][ T2184] usb 3-1: Using ep0 maxpacket: 8
[  182.815887][ T2184] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  182.839233][ T2184] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  182.853606][ T2184] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  182.865087][ T2184] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  182.878774][ T2184] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  182.887895][ T2184] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  182.990461][ T5776] ocfs2: Unmounting device (7,1) on (node local)
[  183.118550][ T2184] usb 3-1: GET_CAPABILITIES returned 0
[  183.124115][ T2184] usbtmc 3-1:16.0: can't read capabilities
[  183.393286][ T2184] usb 3-1: USB disconnect, device number 8
[  184.056686][ T5779] Bluetooth: hci2: Received unexpected HCI Event 0x00
[  184.069184][ T7824] netlink: 16 bytes leftover after parsing attributes in process `syz.2.634'.
[  184.188367][ T7822] loop4: detected capacity change from 0 to 8192
[  184.220332][ T7822] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  184.261444][ T7822] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  184.271772][ T7822] REISERFS (device loop4): using ordered data mode
[  184.279496][ T7822] reiserfs: using flush barriers
[  184.287367][ T7822] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  184.305913][ T7822] REISERFS (device loop4): checking transaction log (loop4)
[  184.326333][ T7822] REISERFS (device loop4): Using r5 hash to sort names
[  184.338872][ T7822] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  184.628227][ T2184] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  184.828392][ T2184] usb 3-1: Using ep0 maxpacket: 32
[  184.836504][ T2184] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  184.855727][ T2184] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  184.864788][ T2184] usb 3-1: config 0 interface 0 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  184.904361][ T2184] usb 3-1: config 0 interface 0 has no altsetting 1
[  184.915931][ T2184] usb 3-1: New USB device found, idVendor=0582, idProduct=0033, bcdDevice=8e.57
[  184.932037][ T2184] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  184.944816][ T2184] usb 3-1: Product: syz
[  184.953443][ T2184] usb 3-1: Manufacturer: syz
[  184.958441][ T2184] usb 3-1: SerialNumber: syz
[  184.974013][ T2184] usb 3-1: config 0 descriptor??
[  184.991718][ T2184] usb 3-1: Quirk or no altest; falling back to MIDI 1.0
[  185.002963][ T7848] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  185.045648][ T2184] snd-usb-audio: probe of 3-1:0.0 failed with error -2
[  185.092330][ T6084] udevd[6084]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  185.229716][ T2184] usb 3-1: USB disconnect, device number 9
[  185.635510][ T7853] loop4: detected capacity change from 0 to 40427
[  185.664263][ T7853] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  185.699564][ T7853] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  185.713689][ T7853] F2FS-fs (loop4): invalid crc value
[  185.776122][ T7853] F2FS-fs (loop4): Found nat_bits in checkpoint
[  185.967814][ T7853] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  185.978477][ T7853] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  186.770876][ T7870] loop1: detected capacity change from 0 to 32768
[  187.458056][ T5833] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  187.662274][ T5833] usb 5-1: unable to get BOS descriptor or descriptor too short
[  187.678039][ T5833] usb 5-1: not running at top speed; connect to a high speed hub
[  187.718975][ T5833] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  187.732690][ T5833] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  187.763270][ T5833] usb 5-1: string descriptor 0 read error: -22
[  187.778233][ T5833] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  187.804984][ T5833] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  187.842843][ T5833] usb 5-1: 0:2 : does not exist
[  188.312683][ T7921] batadv_slave_1: entered promiscuous mode
[  188.330970][ T7920] batadv_slave_1: left promiscuous mode
[  188.938186][ T5833] usb 5-1: 5:0: failed to get current value for ch 0 (-22)
[  188.976746][ T5833] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[  189.011317][ T5833] usb 5-1: 5:0: failed to get current value for ch 1 (-22)
[  189.091545][ T5833] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[  189.126034][ T5833] usb 5-1: USB disconnect, device number 8
[  189.382223][ T7929] loop2: detected capacity change from 0 to 32768
[  189.424393][ T7929] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  189.506378][ T7929] XFS (loop2): Ending clean mount
[  189.710234][ T5775] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  190.295903][ T7951] loop4: detected capacity change from 0 to 32768
[  190.546656][ T7959] loop2: detected capacity change from 0 to 512
[  190.645557][ T7957] loop1: detected capacity change from 0 to 8192
[  190.687060][ T7959] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.711320][ T7957] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  190.728903][ T7959] ext4 filesystem being mounted at /177/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  190.783972][ T7957] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  190.818211][ T7957] REISERFS (device loop1): using ordered data mode
[  190.824797][ T7957] reiserfs: using flush barriers
[  190.847874][ T7957] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  190.898610][ T7957] REISERFS (device loop1): checking transaction log (loop1)
[  190.941336][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.134615][ T7957] REISERFS (device loop1): Using tea hash to sort names
[  191.175349][ T7957] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2)
[  191.223870][ T7957] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage.
[  191.671578][ T7973] loop1: detected capacity change from 0 to 128
[  191.857030][ T7975] hsr0: entered promiscuous mode
[  191.876346][ T7975] netlink: 4 bytes leftover after parsing attributes in process `syz.4.689'.
[  191.897519][ T7975] hsr_slave_0: left promiscuous mode
[  191.907567][ T7975] hsr_slave_1: left promiscuous mode
[  191.988144][ T7975] hsr0 (unregistering): left promiscuous mode
[  192.302744][ T7983] loop1: detected capacity change from 0 to 2048
[  192.335072][ T7983] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  192.620148][ T7987] batadv_slave_0: entered promiscuous mode
[  192.637512][ T7987] batadv_slave_0: left promiscuous mode
[  192.983244][ T7985] loop2: detected capacity change from 0 to 32768
[  193.014180][ T7985] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.694 (7985)
[  193.075345][ T7985] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  193.107858][ T7985] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  193.129346][ T7985] BTRFS info (device loop2): use no compression
[  193.145922][ T7985] BTRFS info (device loop2): using free space tree
[  193.309629][ T7985] BTRFS info (device loop2): enabling ssd optimizations
[  193.328050][ T7985] BTRFS info (device loop2): auto enabling async discard
[  193.854031][ T5775] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  194.504580][ T8038] loop4: detected capacity change from 0 to 128
[  194.516421][ T8038] EXT4-fs: Ignoring removed orlov option
[  194.555082][ T8038] EXT4-fs: Ignoring removed nomblk_io_submit option
[  194.588439][ T8038] EXT4-fs: Ignoring removed nomblk_io_submit option
[  194.668579][ T8038] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  194.696919][ T1282] ieee802154 phy0 wpan0: encryption failed: -22
[  194.711660][ T1282] ieee802154 phy1 wpan1: encryption failed: -22
[  194.795123][ T8038] ext4 filesystem being mounted at /71/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  194.951916][ T8046] EXT4-fs (loop4): shut down requested (2)
[  195.116254][ T6862] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  195.322497][ T8040] loop2: detected capacity change from 0 to 32768
[  195.347584][ T8040] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.711 (8040)
[  195.399321][ T8040] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  195.430811][ T8040] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  195.445669][ T8040] BTRFS info (device loop2): using free space tree
[  195.565204][ T8040] BTRFS info (device loop2): enabling ssd optimizations
[  195.596149][ T8040] BTRFS info (device loop2): auto enabling async discard
[  195.768916][   T28] audit: type=1800 audit(1771482850.700:44): pid=8040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.711" name="bus" dev="loop2" ino=263 res=0 errno=0
[  195.836214][   T28] audit: type=1800 audit(1771482850.750:45): pid=8040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.711" name="bus" dev="loop2" ino=263 res=0 errno=0
[  195.943798][ T5775] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  196.247383][ T8057] loop4: detected capacity change from 0 to 32768
[  196.366876][ T8057] JBD2: Ignoring recovery information on journal
[  196.522750][ T8057] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  196.964082][ T6862] ocfs2: Unmounting device (7,4) on (node local)
[  197.301487][ T8103] netlink: 16 bytes leftover after parsing attributes in process `syz.2.730'.
[  197.318055][ T8103] netem: incorrect gi model size
[  197.325071][ T8103] netem: change failed
[  197.337310][ T8104] loop4: detected capacity change from 0 to 2048
[  197.383737][ T8104] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  197.496777][ T8104] EXT4-fs (loop4): shut down requested (2)
[  197.589768][ T6862] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.784848][ T8117] syzkaller1: entered promiscuous mode
[  197.792652][ T8117] syzkaller1: entered allmulticast mode
[  197.808383][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  198.302209][ T8130] loop2: detected capacity change from 0 to 4096
[  198.397727][ T8134] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  198.421964][ T8138] loop4: detected capacity change from 0 to 128
[  198.436769][ T8139] loop1: detected capacity change from 0 to 256
[  198.461665][ T8139] exfat: Deprecated parameter 'namecase'
[  198.491131][   T28] audit: type=1800 audit(1771482853.430:46): pid=8130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.741" name="file1" dev="loop2" ino=15 res=0 errno=0
[  198.547684][ T8139] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xee17df4f, utbl_chksum : 0xe619d30d)
[  198.820863][ T8143] loop4: detected capacity change from 0 to 2048
[  198.893390][ T8143] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  199.024707][ T8143] EXT4-fs (loop4): shut down requested (0)
[  199.172706][ T6862] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.206888][ T8156] input: syz0 as /devices/virtual/input/input12
[  199.248775][ T5833] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  199.405386][ T8162] loop1: detected capacity change from 0 to 512
[  199.449380][ T5833] usb 3-1: Using ep0 maxpacket: 16
[  199.457116][ T5833] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  199.470817][ T5833] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  199.470910][ T8162] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  199.495777][ T5833] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  199.505169][ T5833] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  199.524471][ T5833] usb 3-1: Product: syz
[  199.536964][ T5833] usb 3-1: Manufacturer: syz
[  199.553058][ T8162] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  199.579174][ T5833] usb 3-1: SerialNumber: syz
[  199.658087][ T8162] EXT4-fs (loop1): 1 truncate cleaned up
[  199.696043][ T8162] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.779472][   T28] audit: type=1800 audit(1771482854.720:47): pid=8162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.755" name="file1" dev="loop1" ino=15 res=0 errno=0
[  199.806674][ T8170] loop4: detected capacity change from 0 to 256
[  199.845760][ T5833] usb 3-1: 0:2 : does not exist
[  199.865604][   T28] audit: type=1800 audit(1771482854.740:48): pid=8162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.755" name="file1" dev="loop1" ino=15 res=0 errno=0
[  199.912446][ T5833] usb 3-1: 5:0: failed to get current value for ch 0 (-22)
[  199.924532][   T28] audit: type=1800 audit(1771482854.760:49): pid=8162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.755" name="file1" dev="loop1" ino=15 res=0 errno=0
[  199.992376][ T5776] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.015931][ T5833] usb 3-1: USB disconnect, device number 10
[  200.107422][ T7764] udevd[7764]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  200.658283][   T23] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  200.697596][ T8185] loop1: detected capacity change from 0 to 2048
[  200.724678][ T8185] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  200.860715][   T23] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  200.880157][   T23] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  200.898840][   T23] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  200.909103][   T23] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.114538][ T8191] loop2: detected capacity change from 0 to 128
[  201.122077][ T8191] EXT4-fs: Ignoring removed orlov option
[  201.143516][ T8191] EXT4-fs: Ignoring removed nomblk_io_submit option
[  201.156164][ T8191] EXT4-fs: Ignoring removed nomblk_io_submit option
[  201.159681][   T23] usb 5-1: usb_control_msg returned -32
[  201.189053][   T23] usbtmc 5-1:16.0: can't read capabilities
[  201.196191][ T8191] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  201.226849][ T8191] ext4 filesystem being mounted at /194/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  201.345724][ T8197] Bluetooth: MGMT ver 1.22
[  201.384038][ T8191] EXT4-fs (loop2): shut down requested (2)
[  201.567600][ T5775] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  201.910081][ T8216] netlink: 'syz.1.778': attribute type 5 has an invalid length.
[  201.989883][ T8218] netlink: 44 bytes leftover after parsing attributes in process `syz.2.779'.
[  202.015275][ T8218] netlink: 43 bytes leftover after parsing attributes in process `syz.2.779'.
[  202.024737][ T8218] netlink: 'syz.2.779': attribute type 6 has an invalid length.
[  202.045059][ T8218] netlink: 'syz.2.779': attribute type 5 has an invalid length.
[  202.068098][ T8218] netlink: 43 bytes leftover after parsing attributes in process `syz.2.779'.
[  202.538098][  T787] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  202.718150][  T787] usb 3-1: Using ep0 maxpacket: 8
[  202.730961][  T787] usb 3-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11
[  202.740607][  T787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.749143][  T787] usb 3-1: Product: syz
[  202.753968][  T787] usb 3-1: Manufacturer: syz
[  202.759246][  T787] usb 3-1: SerialNumber: syz
[  202.768914][  T787] usb 3-1: config 0 descriptor??
[  202.780236][  T787] gspca_main: vc032x-2.14.0 probing 046d:0896
[  202.838811][ T5779] Bluetooth: hci1: command 0x0405 tx timeout
[  203.432408][   T23] usb 5-1: USB disconnect, device number 9
[  203.655453][ T8243] loop1: detected capacity change from 0 to 4096
[  203.801474][  T787] gspca_vc032x: reg_r err -71
[  203.818135][  T787] vc032x: probe of 3-1:0.0 failed with error -71
[  203.831953][  T787] usb 3-1: USB disconnect, device number 11
[  204.328133][ T2184] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  204.532142][ T2184] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  204.558382][ T2184] usb 5-1: config 0 has no interfaces?
[  204.571400][ T2184] usb 5-1: New USB device found, idVendor=13d8, idProduct=0010, bcdDevice=8f.72
[  204.584360][ T2184] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.624437][ T2184] usb 5-1: Product: syz
[  204.629074][ T2184] usb 5-1: Manufacturer: syz
[  204.633749][ T2184] usb 5-1: SerialNumber: syz
[  204.646327][ T2184] usb 5-1: config 0 descriptor??
[  204.728425][ T5852] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  204.947478][ T5852] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  204.960890][ T5852] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  205.001677][ T5852] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  205.016174][ T2184] usb 5-1: USB disconnect, device number 10
[  205.019466][ T5852] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  205.059230][ T5852] usb 2-1: Product: syz
[  205.074043][ T5852] usb 2-1: Manufacturer: syz
[  205.080685][ T5852] usb 2-1: SerialNumber: syz
[  205.108930][ T5852] usb 2-1: config 0 descriptor??
[  205.114652][ T8263] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  205.123183][ T8263] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  205.348620][ T8263] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  205.356186][ T8263] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[  205.703438][ T8285] loop4: detected capacity change from 0 to 1024
[  205.730004][ T8285] EXT4-fs: Ignoring removed orlov option
[  205.770591][ T5852] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  205.797338][ T8285] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  205.940397][  T787] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  206.026494][ T6862] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.148110][  T787] usb 1-1: Using ep0 maxpacket: 8
[  206.157683][  T787] usb 1-1: config index 0 descriptor too short (expected 301, got 45)
[  206.171767][  T787] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  206.183015][ T5852] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  206.204494][  T787] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  206.220333][ T5852] usb 2-1: USB disconnect, device number 12
[  206.226427][  T787] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  206.246327][  T787] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  206.265350][  T787] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  206.275222][  T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  206.519049][  T787] usb 1-1: usb_control_msg returned -32
[  206.524737][  T787] usbtmc 1-1:16.0: can't read capabilities
[  206.555504][ T8294] loop2: detected capacity change from 0 to 1024
[  206.573665][ T8294] EXT4-fs: inline encryption not supported
[  206.586349][ T8294] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  206.626332][ T8294] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.699903][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  206.763458][ T5085] Bluetooth: hci1: command 0x0405 tx timeout
[  206.814019][ T8298] loop2: detected capacity change from 0 to 128
[  206.856288][ T8298] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  206.881562][ T8298] hpfs: filesystem error: improperly stopped
[  206.887811][ T8298] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  206.896271][ T8298] hpfs: You really don't want any checks? You are crazy...
[  206.927516][ T8298] hpfs: hpfs_map_sector(): read error
[  206.948302][ T8298] hpfs: code page support is disabled
[  206.953880][ T8298] hpfs: hpfs_map_4sectors(): unaligned read
[  206.968175][ T8298] hpfs: hpfs_map_4sectors(): unaligned read
[  206.974141][ T8298] hpfs: filesystem error: unable to find root dir
[  206.998280][ T5085] Bluetooth: hci2: command 0x0406 tx timeout
[  207.592811][  T787] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  207.716451][ T8305] loop2: detected capacity change from 0 to 32768
[  207.734042][ T8305] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.816 (8305)
[  207.780103][  T787] usb 5-1: config 0 has an invalid interface number: 249 but max is 0
[  207.798753][  T787] usb 5-1: config 0 has no interface number 0
[  207.805690][  T787] usb 5-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87
[  207.827616][ T8305] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  207.836868][  T787] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  207.855989][ T8305] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  207.877518][ T8305] BTRFS info (device loop2): setting nodatacow, compression disabled
[  207.881725][  T787] usb 5-1: config 0 descriptor??
[  207.912209][ T8305] BTRFS info (device loop2): turning on flush-on-commit
[  207.927646][ T8305] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8)
[  207.937520][  T787] port100 5-1:0.249: NFC: Could not find bulk-in or bulk-out endpoint
[  207.950840][ T8305] BTRFS info (device loop2): use lzo compression, level 0
[  207.966132][ T8305] BTRFS info (device loop2): setting nodatasum
[  207.995408][ T8305] BTRFS info (device loop2): use no compression
[  208.015525][ T8305] BTRFS info (device loop2): trying to use backup root at mount time
[  208.037753][ T8305] BTRFS info (device loop2): max_inline at 0
[  208.054370][ T8305] BTRFS info (device loop2): using free space tree
[  208.269709][   T11] BTRFS warning (device loop2): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xcee3a718 level 0
[  208.300941][ T8305] BTRFS warning (device loop2): couldn't read tree root
[  208.318077][ T8305] BTRFS warning (device loop2): try to load backup roots slot 1
[  208.333267][   T11] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0xe06dfc66 level 0
[  208.350495][ T8307] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  208.382430][ T8307] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  208.403837][ T8305] BTRFS warning (device loop2): couldn't read tree root
[  208.420527][   T27] usb 5-1: USB disconnect, device number 11
[  208.449466][ T8305] BTRFS warning (device loop2): try to load backup roots slot 2
[  208.458270][   T11] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  208.477602][ T8305] BTRFS warning (device loop2): couldn't read tree root
[  208.495801][ T8305] BTRFS warning (device loop2): try to load backup roots slot 3
[  208.538482][ T8305] BTRFS info (device loop2): enabling ssd optimizations
[  208.547885][ T8305] BTRFS info (device loop2): auto enabling async discard
[  208.560675][ T8305] BTRFS info (device loop2): rebuilding free space tree
[  208.592358][ T8305] BTRFS info (device loop2): checking UUID tree
[  208.750515][ T5775] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  208.782992][ T5820] usb 1-1: USB disconnect, device number 12
[  208.918245][ T8327] Invalid argument reading file caps for ./file0
[  209.636790][   T27] IPVS: starting estimator thread 0...
[  209.742727][ T8346] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0
[  209.758246][ T8343] IPVS: using max 19 ests per chain, 45600 per kthread
[  209.897596][ T8350] netlink: 8 bytes leftover after parsing attributes in process `syz.2.828'.
[  210.473164][ T8362] loop2: detected capacity change from 0 to 512
[  210.868052][   T27] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  211.068027][   T27] usb 1-1: Using ep0 maxpacket: 32
[  211.080253][   T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.094730][   T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  211.120840][   T27] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  211.130824][   T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.143723][   T27] usb 1-1: config 0 descriptor??
[  211.157930][   T27] hub 1-1:0.0: USB hub found
[  211.378743][   T27] hub 1-1:0.0: 1 port detected
[  211.629894][ T8377] loop2: detected capacity change from 0 to 32768
[  211.665367][ T8377] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  211.738982][ T8377] XFS (loop2): Ending clean mount
[  211.798910][   T27] usb 1-1: USB disconnect, device number 13
[  212.095042][ T5775] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  212.942644][ T8399] loop1: detected capacity change from 0 to 32768
[  212.964582][ T8399] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.847 (8399)
[  213.004000][ T8399] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  213.016388][ T8399] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  213.026818][ T8399] BTRFS info (device loop1): using free space tree
[  213.058086][   T23] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  213.188462][ T8399] BTRFS info (device loop1): enabling ssd optimizations
[  213.195496][ T8399] BTRFS info (device loop1): auto enabling async discard
[  213.267828][ T8438] loop2: detected capacity change from 0 to 1024
[  213.289179][   T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  213.338063][   T23] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  213.391598][ T5776] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  213.391627][   T23] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  213.458018][   T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  213.466091][   T23] usb 1-1: SerialNumber: syz
[  213.519755][ T1000] hfsplus: b-tree write err: -5, ino 8
[  213.724540][   T23] usb 1-1: 0:2 : does not exist
[  213.777831][   T23] usb 1-1: USB disconnect, device number 14
[  213.895303][ T7764] udevd[7764]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  213.998187][ T5820] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  214.198230][ T5820] usb 3-1: Using ep0 maxpacket: 32
[  214.220400][ T5820] usb 3-1: config index 0 descriptor too short (expected 156, got 27)
[  214.248576][ T5820] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  214.278837][ T5820] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  214.294482][ T5820] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  214.309459][ T5820] usb 3-1: config 0 interface 0 has no altsetting 0
[  214.320110][ T5820] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  214.330155][ T5820] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  214.339146][ T5820] usb 3-1: Product: syz
[  214.343472][ T5820] usb 3-1: Manufacturer: syz
[  214.349371][ T5820] usb 3-1: SerialNumber: syz
[  214.370687][ T5820] usb 3-1: config 0 descriptor??
[  214.387694][ T5820] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  214.420215][ T5820] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  214.499824][ T8447] loop1: detected capacity change from 0 to 32768
[  214.526316][ T8447] JBD2: Ignoring recovery information on journal
[  214.802623][ T8447] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  215.016871][   T28] audit: type=1804 audit(1771482869.950:50): pid=8447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.858" name="/newroot/220/file1/file1" dev="loop1" ino=17058 res=1 errno=0
[  215.048413][ T8445] ldusb 3-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  215.130248][ T5852] usb 3-1: USB disconnect, device number 12
[  215.136253][    C1] ldusb 3-1:0.0: usb_submit_urb failed (-19)
[  215.149789][ T8462] ldusb 3-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  215.212435][ T5852] ldusb 3-1:0.0: LD USB Device #0 now disconnected
[  215.324208][ T5776] ocfs2: Unmounting device (7,1) on (node local)
[  215.744382][ T8456] loop4: detected capacity change from 0 to 131072
[  215.754359][ T8456] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0)
[  215.762576][ T8456] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  215.800578][ T8456] F2FS-fs (loop4): invalid crc value
[  215.821242][ T8456] F2FS-fs (loop4): Found nat_bits in checkpoint
[  215.876315][ T8456] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  215.883544][ T8456] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  216.191972][ T8479] netlink: 64535 bytes leftover after parsing attributes in process `syz.1.872'.
[  216.431117][ T8482] loop2: detected capacity change from 0 to 512
[  216.453153][ T8482] EXT4-fs: Ignoring removed nomblk_io_submit option
[  216.482114][ T8482] EXT4-fs (loop2): filesystem is read-only
[  216.500527][ T8482] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  216.540600][ T8482] EXT4-fs (loop2): filesystem is read-only
[  216.546618][ T8482] EXT4-fs (loop2): orphan cleanup on readonly fs
[  216.573915][ T8482] EXT4-fs error (device loop2): ext4_orphan_get:1398: inode #16: comm syz.2.873: iget: bad i_size value: 648518346341360424
[  216.636909][ T8488] netlink: 24 bytes leftover after parsing attributes in process `syz.0.876'.
[  216.669598][ T8482] EXT4-fs error (device loop2): ext4_orphan_get:1403: comm syz.2.873: couldn't read orphan inode 16 (err -117)
[  216.729702][ T8482] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  216.929765][ T5775] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  217.993129][ T8506] loop1: detected capacity change from 0 to 32768
[  218.082427][ T8506] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  218.272988][ T8506] XFS (loop1): Ending clean mount
[  218.310433][ T8506] XFS (loop1): Quotacheck needed: Please wait.
[  218.445891][ T8506] XFS (loop1): Quotacheck: Done.
[  218.679645][ T5776] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  219.929766][ T8568] loop2: detected capacity change from 0 to 128
[  219.947274][ T8568] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  219.984182][ T8568] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  220.059707][ T1134] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  220.360340][ T8578] loop2: detected capacity change from 0 to 64
[  220.391501][ T8578] BFS-fs: bfs_fill_super(): loop2 is unclean, continuing
[  220.541190][ T8583] loop1: detected capacity change from 0 to 128
[  220.912251][ T1000] kworker/u4:6: attempt to access beyond end of device
[  220.912251][ T1000] loop1: rw=1, sector=145, nr_sectors = 616 limit=128
[  221.106545][ T8596] netlink: 'syz.4.919': attribute type 10 has an invalid length.
[  221.124174][ T8596] bridge0: port 3(vlan2) entered disabled state
[  221.130810][ T8596] bridge0: port 2(bridge_slave_1) entered disabled state
[  221.141304][ T8596] bridge0: port 1(bridge_slave_0) entered disabled state
[  221.182365][ T8596] bridge0: port 3(vlan2) entered blocking state
[  221.188924][ T8596] bridge0: port 3(vlan2) entered forwarding state
[  221.195735][ T8596] bridge0: port 2(bridge_slave_1) entered blocking state
[  221.203154][ T8596] bridge0: port 2(bridge_slave_1) entered forwarding state
[  221.210760][ T8596] bridge0: port 1(bridge_slave_0) entered blocking state
[  221.218071][ T8596] bridge0: port 1(bridge_slave_0) entered forwarding state
[  221.244159][ T8596] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  221.678900][ T8590] loop2: detected capacity change from 0 to 32768
[  221.740184][ T8590] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  221.870475][ T8590] XFS (loop2): Ending clean mount
[  222.180735][ T5775] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  222.450875][ T8628] loop4: detected capacity change from 0 to 512
[  222.478833][ T8628] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  222.898545][ T6862] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.705803][ T8652] loop4: detected capacity change from 0 to 1024
[  223.718458][  T787] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  223.733376][ T8652] EXT4-fs: Ignoring removed nomblk_io_submit option
[  223.776226][ T8652] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  223.884778][ T8658] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  223.928437][  T787] usb 1-1: Using ep0 maxpacket: 32
[  223.939217][  T787] usb 1-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  223.959765][  T787] usb 1-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  223.983269][  T787] usb 1-1: config 0 interface 0 has no altsetting 0
[  223.998140][  T787] usb 1-1: New USB device found, idVendor=05ac, idProduct=021c, bcdDevice= 0.00
[  224.017554][  T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  224.044018][  T787] usb 1-1: config 0 descriptor??
[  224.380796][ T8667] IPVS: Scheduler module ip_vs_sip not found
[  224.394465][ T8669] IPVS: length: 141 != 8
[  224.401169][ T6862] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.483781][  T787] apple 0003:05AC:021C.000F: unknown global tag 0xe
[  224.511312][  T787] apple 0003:05AC:021C.000F: item 0 0 1 14 parsing failed
[  224.548816][  T787] apple 0003:05AC:021C.000F: parse failed
[  224.554727][  T787] apple: probe of 0003:05AC:021C.000F failed with error -22
[  224.582441][ T8673] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  224.625631][ T8673] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  224.676249][ T8673] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3)
[  224.684640][ T8675] loop4: detected capacity change from 0 to 4096
[  224.699230][ T8675] EXT4-fs: Ignoring removed mblk_io_submit option
[  224.709387][ T8673] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3)
[  224.724056][ T8673] overlayfs: d_ino too big (243, ino=9223372036854777102, xinobits=3)
[  224.737576][ T8673] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3)
[  224.757656][ T8673] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3)
[  224.768881][ T8673] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3)
[  224.781610][ T5820] usb 1-1: USB disconnect, device number 15
[  224.820272][ T8673] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3)
[  224.837724][ T8673] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3)
[  224.852797][ T8673] overlayfs: d_ino too big (dev, ino=4611686018427387909, xinobits=3)
[  224.872741][ T8673] overlayfs: d_ino too big (kernel, ino=4611686018427389232, xinobits=3)
[  224.923524][ T8675] EXT4-fs (loop4): Test dummy encryption mode enabled
[  224.961152][ T8675] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  225.036525][ T8675] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  225.085500][ T8675] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  225.099242][ T8675] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  225.139539][ T6862] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.421244][ T8690] loop1: detected capacity change from 0 to 128
[  225.458457][ T8690] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  225.522875][ T8690] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  225.651860][ T1000] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  226.258199][  T787] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  226.394624][ T8702] loop2: detected capacity change from 0 to 32768
[  226.411491][ T8702] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.953 (8702)
[  226.463061][  T787] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  226.472501][ T8702] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  226.496681][  T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.505397][ T8702] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  226.521243][ T8702] BTRFS info (device loop2): setting nodatacow, compression disabled
[  226.531274][  T787] usb 1-1: config 0 descriptor??
[  226.549784][  T787] gspca_main: spca508-2.14.0 probing 8086:0110
[  226.562716][ T8702] BTRFS info (device loop2): enabling disk space caching
[  226.573534][ T8702] BTRFS info (device loop2): turning off barriers
[  226.584714][ T8702] BTRFS info (device loop2): turning on flush-on-commit
[  226.608203][ T8702] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8)
[  226.627844][ T8702] BTRFS info (device loop2): force lzo compression, level 0
[  226.635939][ T8702] BTRFS info (device loop2): max_inline at 0
[  226.652706][ T8702] BTRFS info (device loop2): force clearing of disk cache
[  226.668102][ T8702] BTRFS info (device loop2): using default commit interval 30s
[  226.686387][ T8702] BTRFS info (device loop2): enabling ssd optimizations
[  226.708179][ T8702] BTRFS info (device loop2): max_inline at 868
[  226.714464][ T8702] BTRFS info (device loop2): disk space caching is enabled
[  226.748897][  T787] gspca_spca508: reg_read err -32
[  226.765389][  T787] gspca_spca508: reg_read err -32
[  226.778921][  T787] gspca_spca508: reg_read err -32
[  226.795298][  T787] gspca_spca508: reg_read err -32
[  226.914610][ T8702] BTRFS info (device loop2): auto enabling async discard
[  226.945002][ T8702] BTRFS info (device loop2): rebuilding free space tree
[  226.986007][ T8702] BTRFS info (device loop2): disabling free space tree
[  227.013106][ T8702] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  227.015238][  T787] gspca_spca508: reg write: error -71
[  227.048082][  T787] spca508: probe of 1-1:0.0 failed with error -71
[  227.064004][ T8702] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  227.068766][  T787] usb 1-1: USB disconnect, device number 16
[  227.361966][ T8719] loop4: detected capacity change from 0 to 32768
[  227.425496][   T28] audit: type=1800 audit(1771482882.360:51): pid=8719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.960" name="file1" dev="loop4" ino=7 res=0 errno=0
[  227.445821][    C1] vkms_vblank_simulate: vblank timer overrun
[  227.542126][   T28] audit: type=1800 audit(1771482882.480:52): pid=8741 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.960" name="file1" dev="loop4" ino=7 res=0 errno=0
[  227.562339][    C1] vkms_vblank_simulate: vblank timer overrun
[  227.628324][ T5775] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  227.942561][ T8747] netlink: 8 bytes leftover after parsing attributes in process `syz.2.963'.
[  227.968104][ T8747] netlink: 'syz.2.963': attribute type 15 has an invalid length.
[  227.976045][ T8747] netlink: 4 bytes leftover after parsing attributes in process `syz.2.963'.
[  228.163252][  T112] ==================================================================
[  228.171394][  T112] BUG: KASAN: slab-use-after-free in jfs_lazycommit+0x751/0xa70
[  228.179095][  T112] Read of size 4 at addr ffff888025e19c94 by task jfsCommit/112
[  228.186766][  T112] 
[  228.189125][  T112] CPU: 1 PID: 112 Comm: jfsCommit Not tainted syzkaller #0
[  228.196433][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  228.206541][  T112] Call Trace:
[  228.209872][  T112]  <TASK>
[  228.212840][  T112]  dump_stack_lvl+0x18c/0x250
[  228.217558][  T112]  ? __lock_acquire+0x7d40/0x7d40
[  228.222669][  T112]  ? show_regs_print_info+0x20/0x20
[  228.227926][  T112]  ? load_image+0x400/0x400
[  228.232479][  T112]  ? __virt_addr_valid+0x469/0x540
[  228.237651][  T112]  print_report+0xa8/0x210
[  228.242108][  T112]  ? jfs_lazycommit+0x751/0xa70
[  228.247050][  T112]  kasan_report+0x117/0x150
[  228.251593][  T112]  ? _raw_spin_lock_irqsave+0xc0/0x100
[  228.257103][  T112]  ? jfs_lazycommit+0x751/0xa70
[  228.262007][  T112]  jfs_lazycommit+0x751/0xa70
[  228.266729][  T112]  ? txFreelock+0x5a0/0x5a0
[  228.271295][  T112]  ? do_task_dead+0xd0/0xd0
[  228.275833][  T112]  ? __kthread_parkme+0x7a/0x1c0
[  228.280825][  T112]  kthread+0x2fa/0x390
[  228.284922][  T112]  ? txFreelock+0x5a0/0x5a0
[  228.289482][  T112]  ? kthread_blkcg+0xd0/0xd0
[  228.294092][  T112]  ret_from_fork+0x48/0x80
[  228.298531][  T112]  ? kthread_blkcg+0xd0/0xd0
[  228.303146][  T112]  ret_from_fork_asm+0x11/0x20
[  228.307950][  T112]  </TASK>
[  228.311002][  T112] 
[  228.313342][  T112] Allocated by task 8719:
[  228.317771][  T112]  kasan_set_track+0x4e/0x70
[  228.322395][  T112]  __kasan_kmalloc+0x8f/0xa0
[  228.327025][  T112]  jfs_fill_super+0xdc/0xad0
[  228.331643][  T112]  mount_bdev+0x221/0x2d0
[  228.335996][  T112]  legacy_get_tree+0xea/0x180
[  228.340725][  T112]  vfs_get_tree+0x8c/0x280
[  228.345205][  T112]  do_new_mount+0x24b/0xa40
[  228.349736][  T112]  __se_sys_mount+0x2e7/0x3d0
[  228.354455][  T112]  do_syscall_64+0x55/0xa0
[  228.358901][  T112]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  228.364829][  T112] 
[  228.367176][  T112] Freed by task 6862:
[  228.371170][  T112]  kasan_set_track+0x4e/0x70
[  228.375810][  T112]  kasan_save_free_info+0x2e/0x50
[  228.380860][  T112]  ____kasan_slab_free+0x126/0x1e0
[  228.386011][  T112]  slab_free_freelist_hook+0x130/0x1a0
[  228.391501][  T112]  __kmem_cache_free+0xba/0x1e0
[  228.396391][  T112]  generic_shutdown_super+0x134/0x2b0
[  228.401782][  T112]  kill_block_super+0x44/0x90
[  228.406480][  T112]  deactivate_locked_super+0x97/0x100
[  228.411864][  T112]  cleanup_mnt+0x43b/0x4d0
[  228.416300][  T112]  task_work_run+0x1d4/0x260
[  228.420910][  T112]  exit_to_user_mode_loop+0xe6/0x110
[  228.426219][  T112]  exit_to_user_mode_prepare+0xee/0x180
[  228.431795][  T112]  syscall_exit_to_user_mode+0x1a/0x50
[  228.437369][  T112]  do_syscall_64+0x61/0xa0
[  228.441805][  T112]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  228.447723][  T112] 
[  228.450066][  T112] Last potentially related work creation:
[  228.455805][  T112]  kasan_save_stack+0x3e/0x60
[  228.460504][  T112]  __kasan_record_aux_stack+0xaf/0xc0
[  228.465914][  T112]  kvfree_call_rcu+0xee/0x790
[  228.470643][  T112]  inetdev_event+0x2c8/0x1630
[  228.475358][  T112]  notifier_call_chain+0x197/0x380
[  228.480510][  T112]  dev_close_many+0x2a9/0x410
[  228.485212][  T112]  unregister_netdevice_many_notify+0x4c4/0x1900
[  228.491710][  T112]  default_device_exit_batch+0x9ee/0xa80
[  228.497369][  T112]  cleanup_net+0x795/0xbb0
[  228.501809][  T112]  process_scheduled_works+0xa5d/0x15d0
[  228.507398][  T112]  worker_thread+0xa55/0xfc0
[  228.512018][  T112]  kthread+0x2fa/0x390
[  228.516112][  T112]  ret_from_fork+0x48/0x80
[  228.520562][  T112]  ret_from_fork_asm+0x11/0x20
[  228.525369][  T112] 
[  228.527714][  T112] The buggy address belongs to the object at ffff888025e19c00
[  228.527714][  T112]  which belongs to the cache kmalloc-256 of size 256
[  228.541872][  T112] The buggy address is located 148 bytes inside of
[  228.541872][  T112]  freed 256-byte region [ffff888025e19c00, ffff888025e19d00)
[  228.555779][  T112] 
[  228.558121][  T112] The buggy address belongs to the physical page:
[  228.564551][  T112] page:ffffea0000978600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25e18
[  228.574742][  T112] head:ffffea0000978600 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  228.583704][  T112] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  228.592244][  T112] page_type: 0xffffffff()
[  228.596609][  T112] raw: 00fff00000000840 ffff888017c41b40 ffffea0000b82380 dead000000000005
[  228.605231][  T112] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000
[  228.613836][  T112] page dumped because: kasan: bad access detected
[  228.620280][  T112] page_owner tracks the page as allocated
[  228.626014][  T112] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 42, tgid 42 (kworker/u4:2), ts 87228914303, free_ts 86933558619
[  228.647056][  T112]  post_alloc_hook+0x1c1/0x200
[  228.651858][  T112]  get_page_from_freelist+0x1951/0x19e0
[  228.657420][  T112]  __alloc_pages+0x1f0/0x460
[  228.662025][  T112]  alloc_slab_page+0x5d/0x160
[  228.666721][  T112]  new_slab+0x87/0x2d0
[  228.670815][  T112]  ___slab_alloc+0xc5d/0x12f0
[  228.675522][  T112]  __kmem_cache_alloc_node+0x19e/0x250
[  228.681009][  T112]  kmalloc_trace+0x2a/0xe0
[  228.685451][  T112]  sta_info_insert_rcu+0x66b/0x1770
[  228.690676][  T112]  ieee80211_ibss_finish_sta+0x294/0x370
[  228.696341][  T112]  ieee80211_ibss_rx_queued_mgmt+0x14f4/0x2c80
[  228.702516][  T112]  ieee80211_iface_work+0x717/0xc70
[  228.707735][  T112]  cfg80211_wiphy_work+0x225/0x260
[  228.712876][  T112]  process_scheduled_works+0xa5d/0x15d0
[  228.718464][  T112]  worker_thread+0xa55/0xfc0
[  228.723087][  T112]  kthread+0x2fa/0x390
[  228.727176][  T112] page last free stack trace:
[  228.731864][  T112]  free_unref_page_prepare+0x7b2/0x8c0
[  228.737352][  T112]  free_unref_page+0x32/0x2e0
[  228.742069][  T112]  __unfreeze_partials+0x1cf/0x210
[  228.747358][  T112]  put_cpu_partial+0x17c/0x250
[  228.752144][  T112]  __slab_free+0x319/0x400
[  228.756582][  T112]  qlist_free_all+0x75/0xd0
[  228.761109][  T112]  kasan_quarantine_reduce+0x143/0x160
[  228.766599][  T112]  __kasan_slab_alloc+0x22/0x80
[  228.771470][  T112]  slab_post_alloc_hook+0x6e/0x4b0
[  228.776611][  T112]  __kmem_cache_alloc_node+0x13a/0x250
[  228.782098][  T112]  kmalloc_trace+0x2a/0xe0
[  228.786539][  T112]  device_add+0xbe/0xc20
[  228.790805][  T112]  wiphy_register+0x1dad/0x2ae0
[  228.795682][  T112]  ieee80211_register_hw+0x3464/0x4250
[  228.801167][  T112]  mac80211_hwsim_new_radio+0x2a00/0x4d10
[  228.807101][  T112]  hwsim_new_radio_nl+0xdc9/0x1a90
[  228.812413][  T112] 
[  228.814754][  T112] Memory state around the buggy address:
[  228.820411][  T112]  ffff888025e19b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  228.828487][  T112]  ffff888025e19c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.836573][  T112] >ffff888025e19c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  228.844651][  T112]                          ^
[  228.849262][  T112]  ffff888025e19d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  228.857338][  T112]  ffff888025e19d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  228.865415][  T112] ==================================================================
[  228.873502][  T112] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  228.880796][  T112] CPU: 1 PID: 112 Comm: jfsCommit Not tainted syzkaller #0
[  228.888007][  T112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  228.898086][  T112] Call Trace:
[  228.901397][  T112]  <TASK>
[  228.904350][  T112]  dump_stack_lvl+0x18c/0x250
[  228.909059][  T112]  ? show_regs_print_info+0x20/0x20
[  228.914305][  T112]  ? load_image+0x400/0x400
[  228.918889][  T112]  panic+0x2dc/0x730
[  228.922828][  T112]  ? bpf_jit_dump+0xd0/0xd0
[  228.927366][  T112]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  228.933315][  T112]  ? _raw_spin_unlock+0x40/0x40
[  228.938227][  T112]  ? print_memory_metadata+0x314/0x400
[  228.943739][  T112]  ? jfs_lazycommit+0x751/0xa70
[  228.948631][  T112]  check_panic_on_warn+0x84/0xa0
[  228.953609][  T112]  ? jfs_lazycommit+0x751/0xa70
[  228.958494][  T112]  end_report+0x6f/0x130
[  228.962861][  T112]  kasan_report+0x128/0x150
[  228.967476][  T112]  ? _raw_spin_lock_irqsave+0xc0/0x100
[  228.972968][  T112]  ? jfs_lazycommit+0x751/0xa70
[  228.977860][  T112]  jfs_lazycommit+0x751/0xa70
[  228.982582][  T112]  ? txFreelock+0x5a0/0x5a0
[  228.987105][  T112]  ? do_task_dead+0xd0/0xd0
[  228.991627][  T112]  ? __kthread_parkme+0x7a/0x1c0
[  228.996581][  T112]  kthread+0x2fa/0x390
[  229.000664][  T112]  ? txFreelock+0x5a0/0x5a0
[  229.005222][  T112]  ? kthread_blkcg+0xd0/0xd0
[  229.009831][  T112]  ret_from_fork+0x48/0x80
[  229.014290][  T112]  ? kthread_blkcg+0xd0/0xd0
[  229.018912][  T112]  ret_from_fork_asm+0x11/0x20
[  229.023724][  T112]  </TASK>
[  229.027346][  T112] Kernel Offset: disabled
[  229.031692][  T112] Rebooting in 86400 seconds..