last executing test programs:

2m49.365417033s ago: executing program 0 (id=890):
r0 = socket(0xa, 0x5, 0x0)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x8, 0x1, 0x85}]}, 0x10)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c)
setsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000280)=@int=0x200000, 0x4)
sendto$inet6(r0, &(0x7f0000000040)='\x00', 0x1, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c)

2m48.491036838s ago: executing program 0 (id=910):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB="00000000000000006600020000000000180000000000000000000000000000009500040000000000360a020000000000180100002020782500000000002020207b1a00fe00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0a00000004000000060000008000000042000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/21], 0x48)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000000580)=ANY=[@ANYBLOB="900000001900010000000000000000001d0109002900838025b57efaa223b473fe7783bc4a506cf756740574b89d316af9b5963870ef3391f3"], 0x90}}, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000540), &(0x7f0000000080), 0x619, r0}, 0x38)

2m48.402749338s ago: executing program 0 (id=912):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000200)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r5 = msgget$private(0x0, 0x6c2)
msgsnd(r5, &(0x7f0000000340)={0x3}, 0x2000, 0x0)

2m47.534721469s ago: executing program 0 (id=913):
syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000580)='./file0\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x2, 0x222, &(0x7f0000000800)="$eJzsmL9rFEEUx78zu7feiog2KWwsDBjR7GX3UNIcGkGwEiHxV6WHWUPMJieXFUxANNjYaGchpLHwH7BIkcrCzn9A0EIFwcIrLGxsRmZndm9yc3HDcla+TzF8Z9+befPezbziQBDEf8vXL78+Pzs/PXcKwAGMY5/+/t0BGFOaG/6fXt4/+aJ1YfPNx9fvVg4+3B7cTy4RYueH+l/iuwDezjhIi0jF6t9SjOvJHHihr4DjhNbXwBBofQscV7WOwXBD67uG7kj/ILizmMTB7U4yL8WUHEI5RHJoDp6vt8Ewr+dCCMEM++ra+lI7SeKuIVxtG2KqJIpgS2NW/Wrw0JvhaBnnk1W8/vTJhpzntZky6heCI9RJNMEwq79PYzOvjSqJkf8Rt7+/Y+U/JFumLwNQlmRdidbPkRTLFIcnqy2fkOmcs02HUOUY2Lmqhr5JVnK0KVtXJxNu+V08q3/QCrEuDWYhHg1/AM99AP8oU1NUyiIXY73t97bpmxJ81/ssWHkItvf7U9/rmfOHWL1iPmReI/8tgA9bqn+IVwzHjf7kGv2jkS7fa6yurU8uLrcX4oV4JYqaZxjw+HTUyBqRGq2+1+/Pftaf9hv713bx9biHB+007YZq9JgHH2najbJ5ZDyb2a3Oj5t6WYqLAI6piWxpXrGjY8VgnvLhma9UE7YTQRAEQRAEQRAEQRAEQRBEJY6CZf+ClhBdzrz/BAAA//9oglvV")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
open(&(0x7f0000000040)='./file2\x00', 0x600000, 0x1ac)

2m47.435201085s ago: executing program 0 (id=914):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@max_batch_time={'max_batch_time', 0x3d, 0x1}}, {@debug}, {@noload}, {@jqfmt_vfsv1}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x2}}, {@usrjquota}]}, 0xfe, 0x46c, &(0x7f0000000940)="$eJzs3M1vFOUfAPDvTF94+/FrRXwBQapoJL60tLzIwYtGEw6amOgB46m2hVQWamhNhBCtHvBoSLwb/wvjSS9GvWjiVe+GhBguoF7WzM4MLMtu2aXbLrCfTzLd55l5us/znZln95l5djeAvjWW/Uki/hcRv0fESJ69ucBY/nDtyvmZv6+cn0miWn3rr6RW7uqV8zNl0fL/tuSZarXIb2hS74V3I6YrlbkzRX5i6dQHE4tnz70wf2r6xNyJudNTR44cPLB7+PDUoa7EmcV1defHC7t2HH3n4hszxy6+91OSRh53NMTRLWP53m3q6W5X1mNb69LJYP2WPb/cSDc7E+ilgYjIDtdQrf+PxEBsur5tJF77rKeNA9ZUtVqtrvCqvFwF7mNJ9LoFQG+Ub/TZ9W+5rNPQ465w+eX8AiiL+1qx5FsGI80Te4Yarm+7aSwiji3/81W2xBrdhwAAqPddNv55vtn4L42H88Rw9uf/xRzKaEQ8EBHbIuLBiNgeEQ9F1Mo+EhGPdlh/4wzJreOf9NIdB9eGbPz3UjG3dfP4Ly2LjA4Uua21+IeS4/OVuf3FPtkXQxuOzydzkyvU8f2rv33Ralv9+C9bsvrLsWDRjkuDDTfoZqeXplcTc73Ln0bsHGwWfxLlNE4SETsiYucd1jH/7GDLbbePfwWtn7Zt1a8jnsmP/3I0xF9KWs5PTr54eOrQxMaozO2fKM+KW/3864U3W9W/qvi7IDv+m5ue/9fjH002RiyePXeyNl+72HkdF/74vOU1TYfn/9Gtxfk/nLxdWzFcbPhoemnpzGTEcPL6reunbjxbmS/LZ/Hv29u8/2+LG3visYjYFRG7I+Lx7KKwaPsTEfFkROxdIf4fX3nq/c7jX5+50iz+2dsd/6g//p0nBk7+8O3t498YEa2O/8Faal+xpp3Xv3YbuJp9BwAAAPeK/DPwSTp+PZ2m4+P5Z/i3x+a0srC49NzxhQ9Pz+aflR+NobS80zVSdz90srg3XOanGvIHivvGXw5squXHZxYqs70OHvrclhb9P/PnQK9bB6y5LsyjAfco/R/6l/4P/SnR/6Gv6f/Qv5r1/09alh7/Zk0bA6wr7//Qv9ro/8v5Q+tRAXBv8v4P/Uv/h77U8rvx6aq+8r/uiX+L3zO8W9pz/ycivSuacf8nBtv+MYsOEtWRvP9nazY0LdPrVyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDu+C8AAP//F0nluw==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
write$FUSE_STATFS(r0, &(0x7f0000005f00)={0x60, 0x0, 0x0, {{0xfffffffffffffffd, 0x17, 0x4, 0x4, 0x8, 0xfffffc00, 0x1, 0x8}}}, 0x60)
fadvise64(r0, 0x0, 0x60, 0x4)

2m47.214834634s ago: executing program 0 (id=915):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)
mkdir(0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2)
mount$bind(0x0, 0x0, 0x0, 0xa00021, 0x0)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1258438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
open(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000004700)={0x0, 0x0, &(0x7f00000046c0)={&(0x7f0000000040)={0x14, 0x0, 0x2, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x80)

2m47.156230606s ago: executing program 32 (id=915):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$bt_l2cap(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r1, 0xaf01, 0x0)
ioctl$VHOST_RESET_OWNER(r1, 0xaf02, 0x0)
mkdir(0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2)
mount$bind(0x0, 0x0, 0x0, 0xa00021, 0x0)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1258438, &(0x7f0000000f80)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
open(0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000004700)={0x0, 0x0, &(0x7f00000046c0)={&(0x7f0000000040)={0x14, 0x0, 0x2, 0x70bd27, 0x25dfdbff, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x80)

2m42.095514028s ago: executing program 3 (id=955):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000f00)='./file0\x00', 0x800, &(0x7f0000000180), 0x1, 0x27e, &(0x7f0000000500)="$eJzs3T1oO2UcB/DfXZJ/34JWBRHFFxARLZS6CSLoolAQKSKCChURJ2mFanFrnFwcdFbp5FLEzeooLsVF6Fq1Q0UQsThYHHSIXC6RmCZaL82l/+TzgfTuubsnv0vJ97mH0lwCmFqLEfFYRFQiYikiahGRdB9wT/5YbDd35w7WI5rNZ35NWsfl7Vyn30JENCLi4YhqZ9/2/gsnvx89ef+7b9bu+3j/+bkSXlqld8PpyfFTZx89/c5nqw9tp+1t9fay+3Vcottv7LOxmkTcPIJiV0VSHfcZcBFrb336bRaSWyLi3lb+a5G2I/ve1rWvavHgh4P6vv/L4R1lnitw+ZrNWnYNbDSBqZO25sBJuhwR+XqaLi/nc/jvKvPpa5tbbyy9ulnZeKV71Chj+g6MSj3i+IkvZj5f6Mn/T5U8/8DkyvL/7Nre99n62bm/lAET6c58keV/6aWdB0L+YerIP0yG+QJ95B8mQr1gJ/mH613B7BbI/60/Hj5arBhwpVww/z+XeU5AOcz/YYLVOiuNvrvlH6bXhfPvX31h4nTy79IP06f7+g8ATJfmzLg/gQyMy7jHHwAAAAAAAAAAAAAAAAAA4LzduYP1ziMiKaXm1x9EnD4eEdXe+tH6YoO0tZxt/Zz/LckO+1uSd2u7Vqj+i3cPc/bD+2T0n76u9rRnuxs3/DDy+v/qm7tG87xv/7M58A6WOxsRjezglWr1/Psvab//irvpP/bXXh6ywP/Um+pHniuj6uDf4p97ZdQfbPUo4sts/FnpN/6kcVtr2X/8qXffYrmg1/8Y8gkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAozV8BAAD///BWbAI=")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000640)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
creat(&(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
creat(&(0x7f0000000d80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x22)
mknodat(0xffffffffffffff9c, 0x0, 0x1000, 0x103)

2m41.95550002s ago: executing program 3 (id=957):
r0 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="5c00000014006b03000000d86e6c1d00028422fb564500006e23e3f58e76110165f450e71bfc74e3002500028d459e37000f0000000000bf9367a17e51f60a64c9f4d4938037e786a6d0bdd700000000000000000051fd1f33597225", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x40000)

2m41.865233018s ago: executing program 3 (id=959):
r0 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e23, 0x4a3, @local, 0x4ef}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000180)={0x3, {{0xa, 0x4e20, 0xbe, @mcast1, 0xbfd}}, {{0xa, 0x4624, 0x9, @empty, 0xfffffe01}}}, 0x108)

2m41.815493464s ago: executing program 3 (id=960):
sched_setscheduler(0x0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c)
listen(r1, 0x0)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r3 = accept(r0, 0x0, 0x0)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0xc000}, 0x10)
recvfrom(r2, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x4100, 0x0, 0x0)

2m40.832493437s ago: executing program 3 (id=964):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000005c0), 0x10)
recvmmsg(r0, &(0x7f0000005fc0)=[{{0x0, 0x0, 0x0}, 0x2}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f00000006c0)=""/47, 0x2f}, {0x0}], 0x2}, 0x80000000}], 0x2, 0x10002, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0)

2m40.675524771s ago: executing program 3 (id=966):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$nvram(0xffffffffffffff9c, 0x0, 0x88002, 0x0)
preadv(r0, 0x0, 0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sync()
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x103)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000000)='cifs\x00', 0x0, &(0x7f00000001c0)='=\n\x9b\xa1Q\x83\xe9\n@\xf6\"2a\xd7\x1fch\x1a}#\xfa\xe4`\xdc[\x03\x97\xcd\xf1\xa6b\x9a\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nS\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|')

2m25.468810785s ago: executing program 33 (id=966):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$nvram(0xffffffffffffff9c, 0x0, 0x88002, 0x0)
preadv(r0, 0x0, 0x0, 0x6, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sync()
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x103)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000000)='cifs\x00', 0x0, &(0x7f00000001c0)='=\n\x9b\xa1Q\x83\xe9\n@\xf6\"2a\xd7\x1fch\x1a}#\xfa\xe4`\xdc[\x03\x97\xcd\xf1\xa6b\x9a\x1f\xff\xff\xffIT\xe4\x8c&\xac\xe6:\xc5\xe8\xd9\"\x82\xd5\xeb\x90\xef1:\xba\xc3\xc3\xd3\xad\'\xc44\x17,,\x8dZz\x04\x17-#F\xc7<\xe6\xf5]%gC\x9e\xca\nS\xc3\xc8\x98\xd8\xc8\x9eZ\xa76\x9f\xc2=\xaa\xcet7\xb9\xbd\xd47\xe3\xc8@$8\v\x9f\xfd\xe1!\x11\x19Y\x06J\x8f\x80\xef9Tw8\x1b\xe2\xf3\x85\xd5}\xa5\xb7\xd5|')

57.023978821s ago: executing program 1 (id=1775):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000006c000000160a01020000000000000000010000000900010073797a30000000000900020073797a3000000000400003802c00038004000100766c616e31000000000000000000000014000100776c616e3100000000000000000000000800014000000000080002"], 0xfc}}, 0x0)
write$tun(r0, &(0x7f0000000840)={@val={0x8, 0x800}, @val={0x6, 0x0, 0x6, 0x0, 0x14}, @ipv4=@generic={{0x5, 0x4, 0x2, 0x2, 0xfc0, 0x66, 0x89ff, 0xb, 0x89, 0x0, @rand_addr=0x64010102, @broadcast}, "3297e3ba0fa8a2e71bd9fe1a399b5110420b70460c0dad392d66248a43540df968e7fcaab34569c0e36170578c0d3c546a98b26295e2592f360905866eb4720fed03a977a3df4224895629fd6ccec64f13a999f18f518e3ee28798381975e862f1db9dccdb2f1c1fb60f5ffc7a339d40a8bd1f24cede8a32f186f142e194d4fb48224759faf813ea80e6a853e79b4fe27fe3e1aec5897b314a7f0d515b07b1835986b4885e9826d902c40f16cd77c58b6433ab039955ce9db11f36f459e7114ace6c9989eecea80a81fd39f339356c7c3391af83da2486503a7973f6db4806cf3e5ca94cf7e1f79fd00decd76100c18251a59d1474caabf4d3ca6a9a9885df710e68c5b0dc11832dbb5eecb5c88c2f8f02bdbd88569ad4a740359cbca8c378118220d73bdd1e661c3a74f77aa931b11cd38119b0f084bb96e84803fca6566c33ee1e4e34ab0253fbf24f9f5974af5e1fc2a43a4ec9dd9928a8f38a128ea27c429300ae5a6bd7740471f973d8224b2b07879f4fbe7dcbed776a72ebdc713bcf1d7aa45b01c32a1003e6670d58510bd79ba2fde5cb2b82cef2cc315648f4e9d96d848ba327949b8926253cbdef6888a8982108b6ac7a1108533dd3fe125002e2e286362d1055082a9d73ec5ac3080f2a501ff27250b62c8965f371cf92b32d6422d79f66261eb08a2f8fe50049e102c69ce703d116d0834208cc957d0f1376457a90245816d7642412897fdd2f982fdfbc3af65aa0446b00c767b79aec40e460887ea02188e3a0960eea39b144859467b881978378c9fd593259e0f63148179fe2c2f6d40987b63a6e384e63027f03d8039d707522942d5dc88fd842524d006290b6a65e9cc86cc5b401a60ec4aedfb3bf4d0447bb681810a16b9684b72c2f4593ef834a0203e78cd1d9dbc978e9ae8f3ab62c07f1e41d59470decee7b0cc41ac49e4b7589ab6da65849f62ec217bb39ed161e7d337822d96badbd74d66451ea9a74bed591dc9631bf639dcf7846ee428a9fa55bfceedf3b1c23642f3b58dd0a7273664c6c49c9160a4b9cc5b72d0210e305b94e2cb09ae1d4af9d365b5093851f229c8c30aef75d45ccdbab4b86d801a9ad3b27f26ba601d531c0743717aa7aae29d37f496fec7682c5a1abd321ad61941a2d23fcac6af1d1875e308c8d8c64a5152be47b59c09d293f46b857310a99f1885f0a49d432aa0d39a3e8fc885e75e66b63215133175a19267c8d0adf7d8f644e742ed5369d1405e99e63b78727f135e0243f24d9ce354a1562102ee8de4c191508343b86bf7e7519ddd770ce55e17e590561b2f437194c97ad46622a6ae3dd68d9993e6744954f4cd308bd6594fdccedc578e80aed274a65219697229059723ac37d535cca0e9c314e7941b4160bbd2ffba71f26ffe3228431bc81463078ad70583277ef18bce23ca2e5b9a00670956ea8e0e2c739c006106c8c9ee3f92ba728d8490742b74a9a18cbedfc4e69bb87e0da4c7dfb964374c28c837d4641fb99a19b233675f8526af395335e0185cf3934805442ac379980b687a7128e53284ba9e741b5fe9bc969bfbd55cbce76842915e076e2adf844338d16d3802c681bafdcc60465bd34dfc2d1c069ceee40060e0570fc1275ccabfe3f9be3e84ceedf72cd649c082232008e2b0c94594588c00e0fe911bbf1c12eb6c37ce05674a7597feecf27f5e051ffa824d9ff93638dfa9a84c77562aa2cf897f55a97b79c18544ad03480e1011b8f93e0ead9c2c6672448f585c5803ae99be777fbc662ef4450c1e936ed8b3c8047f00e72adc84561f417f8e5e1dde4967005d96a64fc75d9f486b3ebdb5904a0a56ec48542f0efce939f66fd69259e7376ad37e84434ea90f35b2d3bd63b5c36b267d8f2c7dc5a50b46e00ed086dff8b039e07b84c60611269d4f282ad04dc8e0b481eece2f8a614734be73617f0ad5be195446b09dca4cf1f32653dd3e188aece76f3014deb2ba61744835c0f735234b6a4637c948a7b4fd4203b286ca87d669e325d70277075b094f59eb1dff6c9c05c40d5e464c563df79486e1a32e6ed9bcf675aac7968b4e98dc4e210215b0d3b6a2525b2e3df11f3f1490eb39cabffbe32e23659121fde8e4e346e0f595aaf3666a5f6f118c1a1128039502ac04c40b85eb4c54e6c95b8d1c2aac74ae9e1c355ccde9d54d5d833293f5df09224482179e5bcd8e227c99172a6e14c2cd4e6462ceb0a905a1d64804840ce62e350c6efac10a7fcb029f84af64e2256d45afd3b3f59379895740e0cd2fd24c63264f785bb6e3f40ec72ed67d1a7d87dd264743d9c951cb5aa8bc6f1d1bc9b23303d5aa7f8f6f961326757456057000cb2bacf78cc229002777e932c2640b8dfa793846ca49fa93996db95104a8808a1906b19df17e754b90582b6c49efb3ddce067dd9292291cfd2bb0323ce8098f29e4fce0de31cf5c7e2e2da5d0d0996a8be776de8fecfd3ce68e80d21f1701f6b90ac51278abbd727d19415e0ebe001b990b177b8db0c592b18a4b5e4a6221902362e5b20e6e6f2131a5a5e03c1150b179ef40c933c2fef1b79de738652ec4c32565f5cf751a11db177099c4e2e5bd7616cd0dd501d5bfccf5691de3cca590365328648baf8a9487a3c212193c9bb837594460967e823067a9465eba7001eaf609a810488ef5c147aaa5e9e8c75b585ac3582b6915e20b5aa2f79b7a94857122988c56dbce1ea52de1a56652e839bb853be3ee16052b33fb83ca54d8e4e19440a5e81492107043a66286f63ca87a1f7b8a4e9547a7eb6005419cfd28cb37e9e374f4d0143973286e87070754025c1a6fccfdc6858eaca8c35ecb19584ce7141cc79a5bc813469161b87a19fc21f3373d1f25b3427916dd1be2a589b70ea3b39fcc7801e13beaf19b76164faf3dc4ab8faa5648d24eddd6caceaa0d5ac9cad633c19a4a4d059ee823a49b7cf82c5777d376c111f58ea8fd473429907852301a2c856f27bd0c687ab5be0e2bbef64ddee1601375a4440e3f59d60f57caebfe457f82432523ec4a61cdbb7f1e91e4b05fda892df131c274b19929d26f7a5a6d3ca487983f729601ed9bb4bf5c1cc3d453d406e9534688dec6a2dd0b9db149365c125a95e129565e62cc91f7d960abe1055b730ae0994e7eb08392d5745d0e4f529c4defc3d3e43d0815b0cc63effa88d20c13b14e780c2f6c89a1ee5e4db45a5c272186cc3e51b13dab3add5f467e8ca0f4c45a1fc76db2f0cbf794102946aafcd8cd8a3e935a606b9721645c4d550ae0907f345593736506efc626498c974753d474a73626041d3a54f8fb50de2a6335611a3779da3a02daceb2256d9b102d4d30dd3cd389a04b1a7a6076879f36534bb3379debb46ed1fa2c40096c752017dd024345c58313b43070ff7bef94dc3cafbe6ec20d59e5ea3c196ba3b783bfa87384407efc664cd350c80ac397516018e35371956e414755cde304d2a228c1540ba6fd6a7402d11c666964f024da4c016eb556ba2c5fab86c60c12efb1496295d80f0383526e8e0fc55a287bbd3cb966a916f57958d8b6ef97aa0c4b47f7746bab6b99698c1c96b25c4e2e084147866fe0970b109dd26984adc0758eb6442712cc46dcd8ed3038b0595252eed1b8a46525862662d1e67eba66ac341f8d27853eed54854f488f079bd48df6ce7a4be8b1b61fd23a2dc4d3ade0992011539cc63f80fcfc75008c20cb639348cb218f8f476a6d56917f4ca07e67fc20ea2e9642eaf2182b397e279f5f6c70438fb8aa39cba788588c181461ea7efe1a0dd5b95eb26f7158b91012f7ce0ee1b4e79ce4da377bea4551738a0f491a84f19b3be9827b4469c299527aa9c20b8bf12f919976a0356bba720fb91010763c79bcbb10d89280f0f97cdd19aa0d54828b308195fac170613cf4b515e340a9ef2c97f618a9f50b30ae34ebeed9a38b4c6969680accc740b154ecb014fb5d543a59ccb98a7de2823a2dec39f331cb503eb74fef61262c6d4050bc723caee834eb28c64ce007f6027375e936b62387cf1778970e88b0574a0106d4c855be7425767c551b2fa644d9d8a59f787e7610581b768057d229673344571c3d6e3f10975b2859f568398b1f38f89524d9ad0c1588617c3883a1227b714c81cdf28da54f33968c1c50f28da01c308eb31d319b3e77f96bec001c9300000000000000009cc0062283ac112868592619db14d629c47bfb793a723dcd2f7b07ae4ec14ca3ef4b955ea5b2b153a279b080f6236d418075b86850974c8850efb306d5c304e726bf2643b4403e6d46b0e0395b02e93308b4b2c3e957308d497dc51c753344a7878f1f0c91295fd76e3d1cc9ef813161c6b92b7ea6068ceb97d8f45a4ce57af7d7632d699951f7fe3c71c3a32b014c74425c67e5030546b10cf7edcec2eca5ba31dc62c08f83f35bc2e36b93f15f071bc2537ebe9ca19f86dce4e84272e10323d0ceaa2cc47fe4f6ad101d454c761f9863e94af91199ce5f12469bca7ba39314b84aa7efa4bdc18f7700c19511d48d6132450111d70401a8ac73565d5386ca12345e884d08b23f9c901000a95eb4167865e58c28b112f47c96beeaa6657c923e25e56529107c5c30e65bb485d5ed21b91332db4e09df7e59dcfa05c994570deb3f9b838e22ae4abbf9a9a8c319cc9112c8dba7c2278f78b9578b0254c46a4c04b8fa4fedad6bd275f70b1618971ef6503379bfb0a508c9944328af2c820091a89e3f75e68e7f980ddc9154d273f7f2ce7a6294aefe93136860786679b80e41f6636ff45efeacfb52e2ba2bd9bd9c9030079a46caca5c4b340c17d01ba8ecbc5c561b2038481a8321c009d12136a3ad5461881d998eeaac5236fdcd8f81fb5e53848bb096d9198fd0d38830d1809f2a632b31e2b67754140c907ed58aead048b2d8af9a1c407e48db815212cfdcca97222dabdfe01f311a73e1e82c3e189ec5add48d3f8190eb9e14b58e540f7f1388a7c687629eadb19fd8a133dc8177629270ecaabff79efb6c1f750d89b9e6c5f34c6238066f8e3e425e46a27b3c0d2e9e2ed3cffe2a6f39b8e0137ea5de689b94107fb4748a5feb3902f0feba64dae4c2e69bc8d86463575c6b0ef4a8a64fef41121e57a8c67eda07e9fc8f98299677de198ea0a649ef3c00591940b2c27ba1414aaa1633deb52e3a44cfa8d7a00d014317c026a7d7f42a34b97128e1bf9cda4d8315819ac73ed5061bf9b5631d07b09b85b78ff1b6eb86e9e8c4faa0f991cd6fa0b0eb71b39c20ca9bc7c156f3bd255a5b408df172396bafd7f0fb11c6eaf1eb0a06576d37bee00424bf699584b1dfed68f0d8d8a35f0427c783fe2d79b4373628971e87501a5e4bb05b5058d0b2132741f26e76065b6f4017d963c8ee5605c4c5b6eebb96fca0a41893cb6add3fb0d728abeb860f22cedbd36e464bdaf124a7041460f7af3d64b54e9ffd240b5afad9baf6e5dd8406bc1b205da5848f51fc9dd5197716e144e1b0386614bd3cfd5ddb80ada1e5ca74c8960093a553b1f6288aa7f53663cdd867f658e51b95772dc7a6fa45fa03e14988a33250e6c16fbf0351769080d64ddfbdbf77e1215563bf2e82ecc38a682846d7e2e2ac4e87d715f97f15e84c3df04affee49612a735907d3c4d310a54a6f609873ad56f29a138f4d5661f6865e030487"}}, 0xfce)

56.606183738s ago: executing program 1 (id=1779):
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x10, 0x13, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000010000000000000000000000180100002020702500000000002020207baaf8ff00000000bd4106000000000047010000f8ffffffb702000008000000b7030000000000008500002dd10000001801000020786c250000000000202020db1af8ffa1000000bda100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

56.536711242s ago: executing program 1 (id=1781):
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0xa4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000001a40)=""/102392, 0x18ff8)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r1 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xc, &(0x7f0000000680)=@assoc_value={<r2=>0x0}, &(0x7f0000000500)=0x8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000000a000000000000000000000008000400", @ANYRES32=r3, @ANYBLOB="06001500070000000c00168008000100", @ANYRES64=r2], 0x38}}, 0x10)
writev(0xffffffffffffffff, 0x0, 0x0)

55.601374276s ago: executing program 1 (id=1787):
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e21, @multicast2}}, 0x0, 0x0, 0x0, 0x0, 0xb3550aa4ba878396}, 0x9c)

55.600444758s ago: executing program 4 (id=1788):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x2, &(0x7f00000011c0)=[{0x54}, {0x6}]})

55.544775685s ago: executing program 1 (id=1789):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000600)='./file0\x00', 0xe8)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='securityfs\x00', 0x11, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

55.469488981s ago: executing program 1 (id=1790):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="140000"], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000001140), 0x700, 0x2, 0x0)

55.467707748s ago: executing program 4 (id=1793):
unshare(0x2040400)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000280)=@o_path={0x0, r1}, 0x18)

55.374756379s ago: executing program 4 (id=1794):
socket$kcm(0x11, 0x2, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000140)="5c00000013006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000200eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x300)

55.374538113s ago: executing program 4 (id=1795):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x8820, &(0x7f0000000240)=ANY=[], 0x1, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.numa_stat\x00', 0x275a, 0x0)
lseek(r0, 0x1, 0x4)

55.145532971s ago: executing program 4 (id=1798):
unshare(0x2c020400)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000d80)='./file1\x00', 0x143042, 0x0)
pwritev2(r0, 0x0, 0x0, 0xe7b, 0x0, 0x0)

54.884427012s ago: executing program 4 (id=1799):
r0 = io_uring_setup(0x38dc, &(0x7f0000000600)={0x0, 0x0, 0x40, 0x0, 0x100})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000180)=[@ioring_restriction_sqe_flags_required={0x3, 0xe}, @ioring_restriction_sqe_flags_allowed={0x2, 0x1e}], 0x2)

54.772647507s ago: executing program 34 (id=1799):
r0 = io_uring_setup(0x38dc, &(0x7f0000000600)={0x0, 0x0, 0x40, 0x0, 0x100})
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000180)=[@ioring_restriction_sqe_flags_required={0x3, 0xe}, @ioring_restriction_sqe_flags_allowed={0x2, 0x1e}], 0x2)

40.041459385s ago: executing program 35 (id=1790):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x7c}}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$unix(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000080)="03", 0x1}], 0x1, &(0x7f0000000280)=ANY=[@ANYBLOB="140000"], 0x18}, 0x0)
recvmmsg(r1, &(0x7f0000001140), 0x700, 0x2, 0x0)

14.83076898s ago: executing program 5 (id=2177):
syz_mount_image$jfs(&(0x7f0000000380), &(0x7f00000006c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2208088, &(0x7f0000000b80)=ANY=[@ANYBLOB="009c1b06223d15055c6d39aecad6836294e3e1fc38b80cd5eb20b39dc7dceb316fa1203f802b4368850fdef916202a989ea54a4e800c324c19bad386d9a72fc1de2fa7f100eae8a434158d0ed0d6a9061d60971bcf895342571bae0ea58240ebdd0f6f3dd42fa0f9754224a9c2045d2e098e01000000943549e2c2e191b7da91b8645dfdb324ceaf445cdc974884e2d5ac6dbf8b92da3a8a65176db66ca798dce71880c5e6837b5a99b6696d5003a06f62bbfb0b9ba0a6ffbfc2dd37662e077430379386d8e3abf802401b0e8382824a68cf51cde62ac99470edf8c757396564c8079d89017df3182005ec9fe433b122f1c02ca72eb68e41fc7ff69975649149ff4be64bd665e56a5fe9ef4d6ee02ff30ad838a9744100d520765c83c0178534e09d2f578bd10d3bfc68d1e75d6965613448d1045b6a0298d0804f82bc984e271c346d1e30886f81feb02b8320d47dc752b2dd23b4d8e20f2bda7ff84c57d63da96f044f8daaac7cb7132ef6", @ANYRES8, @ANYRES32, @ANYRESOCT=0x0, @ANYRES16, @ANYRES64], 0x41, 0x5e97, &(0x7f0000005e00)="$eJzs3UuPFNfZB/CnL9Nz4TWMLL2WhbIYY+dCMDBcDLnb3iRSVpEiNlmBxmMLBScRkCi2UBhrFvkGUbJIlOyzyifIHj6EF1kGCZKNV6moZs6BmkoPzQDT1TPn95OaqqdOVfcp/n2druoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED88Ps/PteLiKu/SguWI/4vBhH9iMW6XomIxZXlvP4wIl6PreZ4rV59PqLefuufYxEXI+L+0YiHj+6s1YvPP2M//n3k/4/9868/OP37v/3u3sk/nnq73f6n9X/c+8nddFsAAADAnlRVVfXSx/zj6fN9v+tOAQBTkV//qyQvV6vVarVaffjqpmq8u80iIjaa29TvGe6OuzIAYHZtxBddd4EOyb9ow4g40nUngJnmuPvD6eGjO2u9lG+v+Xqwst2ejwXZkf9G7/H5HbtNJ2kfYzKt+9dmDOLVXfqzOKU+zJKcf7+d/9Xt9lFab7/zn5bd8h9tn/pUnJz/oJ1/y+HJvz82/1Ll/Id7yn8gfwAAAAAAmGH57//LU/v+t7fjerP5l7M7Ez3t+9+VKfUBAAAAAAAAAF62Fx3/7zHj/wEAAMDMqj+r1/589Mmy3T5j18uv9CJeaa0PFCadLLPUdT8AAAAAAAAAAAAAoCTD7WN4r/Qi5iLilaWlqqrqS1O73qsX3f6gK33/oWRdP8kDAMC2+0db5/L3IhYi4kr6rb+5paWlqlpYXKqWqsX5/H52NL9QLTY+1+ZpvWx+9AxviIejqr6yhcZ2TZM+L09qb19ffVujavAMHZuODgMHgIjYfjV66BXpkKmqY9H1uxwOBo//w8fjn2fR9f0UAAAA2H9VVVW99HPex9N3/v2uOwUATEV+/W9/L6BWq9Vqtfrw1U3VeHebRURsNLep3zPcHXdlAMDs2ogvuu4CHZJ/0YYR8XrXnQBmWq/rDrAvHj66s9ZL+faarwdpfPd8LMiO/Dd6W9vl7cdNJ2kfYzKt+9dmDOLVXfrz2pT6MEty/v12/le320dpvf3Of1p2y7/ez+UO+tO1nP+gnX/L4cm/Pzb/UuX8h3vKfyB/AAAAAACYYfnv/8u+/827DAAAAAAAAAAHzsNHd9byea/5+/8vjVnP+Z+HU86/J/8i5fz7rfy/1lpv0Jh/8P6T/P/16M7aj/7w+fE8fdb85/NML92zeuke0Uu31Bum6XPv2vy4hZtzg1F9S3O9/mCYjvmp5j6M63Ej1mN1x7r99P/xpP3cjva6p3Pprrzdfn5H+3C7vbH9hR3tc+l3B6rF3H4m1uLncSM+2Gqv2+Yn7P/ChPZqQnvOf+DxX6Sc/7BxqfNfSu291rT24LP+/zzum9Nxt/Peb+/dX93/3ZloMwaP962p3r8THfRn6//kyCh+eWv95plfX7t9++a5SJMdS89HmrxkOf+5dHn8/P/mdnt+3m8+Xh98Ntpz/rNiM4a75v9mY77e35NT7lsXcv6jdMn5f5Daxz/+D3L+uz/+T3XQHwAAAAAAAAAAAAAAAHiaqqq2ThF9LyIupfN/ujo3EwCYrvz6XyV5uVqtVqvV6sNXN1XjvdssIuLvzW3q9wy/GXdlAMAs+09EfN51J+iM/AuWf++vnr7VdWeAqbr1yac/vXbjxvrNW133BAAAAAAAAAB4Xnn8z5XG+M9vRcRya70d47++HysvOv7nMM88HmD0+Qf63ovN/mjQbww3/kY8ffzvE/H08b+HE25vbkL7aEL72EHMGxYmtI890aMh5/9GY7zzOv/jreHXSxj/tT3mfQly/ica9+c6/6+21mvmX/3lIOff35H/2dsf/+LsrU8+PX3942sfrX+0/rOLq6uXLlx+Z/Xy6tkPr99YT/922OP9lfPPY187DrQsOf+cufzLkvP/cqrlX5ac/1dSLf+y5Pzz+z35lyXnnz/7yL8sOf+TqZZ/WXL+X0+1/MuS8z+VavmXJef/dqrlX5ac/+lUy78sOf8zqZZ/WXL+Z1Mt/7Lk/PM3XPIvS84/H9kg/7Lk/M+nWv5lyflfSLX8y5Lzv5hq+Zcl5/9OquVflpz/pVTLvyw5/8upln9Zcv7fSLX8y5Lz/2aq5V+WnP+3Ui3/suT8v51q+Zcl5/+dVMu/LDn/76Za/mXJ+X8v1fIvS87/3VTLvyxPfv/fjBkzZvJM189MAAAAAAAAAAAAAEDbNA4n7nofAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+C87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsLevcbIdZZ3AD97c9YOly2E4IYAG8cEkyzZ9T2mNZhbSRPSUiC0pRfj2mtj8K1em1sjxSi0RGrURiof4EO5Fal8qYgAVVSlyJVagQQS+UQrtQ2pAlVEoTW0H6AibDUz7/PuzHivZzb2zDm/nxQ/9uyZmXfOvDO7/3X+awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoN1Nr5398FBRFI3/mr9MFMUzGr/fODnR+OPWV1ztFQIAAAC9eqr566Vn5wsOrOJKbcd89UXf/OL8/Px88dh3X/b8j8zP5w9MFsXENUXR/Fh48p6/3dp+TPJAMT403Pbn4RXufmSFj4+u8PGxFT6+YYWPX7PCx8dX+PhlJ+AyG1vfj2ne2Nbmbydap7S4rhhrfmzrItd6YOia4eH4Xk7TUPM682NHi+PFiWK2mOk4vnXsUPP4L9/UuK87i7iv4bb7urGxQ3543+FYw1A6x1s77mvhNsMPXl1M/uiH9x1+08cev2GxueJp6Li91jq3bWms80PpktZah4pr8jmJdQ63rfPGRZ6TkY51DjWv1/h99zovrXKdIwvLvKK6n/PxYrj5+0eb52m0/dt6+TzdmC778c1FUVxYWHb3MZfdVzFcbOq4ZHjh+Rlv7cjGbTS20nOK0TXt05tWsU8b88jWzn3a/ZqI5/+mdL3RJdbQ/jT94IMbLnve17pPQ+NRL/Va6d6D6/1a6Zc9GPvi0eaDfnDRPbg1Pf77bll6Dy66dxbZg/lxt+3BLSvtweENI8015ydhqHmdhT24veP4keY9DTXnk7csvwenz508Mz33/g+8/PjJQ8dmj82e2jUzs2fn3t0ze2emjx4/MZt+LXm2+9+mYji/BrakcxevgZd2Hdu+Vec/tX6vw/FlXocTXceu9+twtPvBDV2ZF+Tle7r12nhr46SPPzRcLPEaaz4/t/b+OsyPu+11ONr2Olz0c8oir8PRVbwOG8ecuXV1X7OMtv232Bqers8FE217sPvrke49uN5fj/TLHhxP++Jfb136c8GNab0PTq3165GRy/ZgfrjpvadxSf56f/yO5lhsX97Q+MC1G4rzc7Nnb3/foXPnzm4v0rgintu2V7r366a2x1Rctl+H17xfD3z469+4YZHLJ9K5Gn9545fxJZ+rxjG7bl/+uWp+dlv8fHZcuqNIY51d6fO52GfzxvnMWXKZ89k45kPTvX8tnnNp2/vv2BLvv5H7f9a8n635ph4YGRttvX5H8tkZ63g/7nyqRpvvXUPN+740vbr347H035V+P75umffjzV3Hrvf78Vj3g4v346GVvtvRm+7nczztkxMzy78fN47ZvGOte3J02ffjm9McSuf/ZSkp5FzUtneW2rf5vkZHx9LjGo176NynOzuOH0vZrHFfn91Rbp9uu7l1WyP50S24Uvt0suvY9d6n+f1qqX06tNJ338rpfj7H0764bufy+7RxzMVdvb93bozftr13blhpD46NbGiseSxvwtb7/fzG2IO3F4eL08WJ4kjzoxua+2moeV9Tu1e3Bzek/670e+XmZfbgtq5j13sP5s9jS+29odHLH/w66H4+x9O++Oju5fdg45jX7V3fr123pUvyMW1fu3Z/f22p73nd0HWans7veTXW+Q97l//ebOOYE3esNWcuf55uS5dcu8h56n79LvWaOlJcmfO0Oa3z+3csfZ4a62kc85F9q9xPB4qi+MLdB5rf701/v/L589/6YsffuxxofexL+xZu67KvOhb7e58v3H3g4j/f9ZO1PEYA+tvPmr9u3dT6XNf2N1Or+ft/AAAAYCBE7h9OM5P/AQAAoDIi98f/FZ7J/wAAAFAZkftH08xqkv8f/Lfnvfun9xe5mT+fxMfjNJx5onVcdFw/mf48Ob+gcflrPvOPX3/7/au77+GiKH56178sevyDT8S6Wh5O65z8dufll9n87VXd/zvuXTiuvQM4kW4/Hk/3Nvjyfz/RvN7kvta8eNfF5nzzhQcfaHz80r7Wn6M7+eT/tI7781TmPXD07zuuv+2x1v1tfWz5xxXX+9wbN979grct3F9cb2jLs5oP46OvbN1u/Nybh1/bOv5SOm6p9f/dH3/2c43j3/eSxdd///Di638y3e530vzJU63L289p489xvT9M64/7i+vd/umvLLr+R97QOv6R9Lx8Ms3u9b/6T1/4VPv5ivXH/Rx4vHW9uP+Zv/6P5vXi9uL2u9c//qonOs5H9+1f/Hzrdva/539H2o+Py+N+8r57vPN5btxO+34Ln/2jix3nufj31vX+pmv9cXtnHl98/bd1rfPM9k3N6y9VGf/47HcWfbyxngN/9WjH43nke+n8veae5u2O/zjtx/Tx/3u4dXvdPy3h0e91vp/E8Z+caL0u4/amu9b/cNf6L7y4ce5WXv+dP2qt/5FXfbXz+fjP1joO/KA1V1r/sU98s+P6n/pW6/k4+96pU6fnzh+PDvVE+tk/Z77bur1rxjduuvYZz3zWs9N7ZfefD54+987Zs5MzkzNFMTmAPxLv6V7/p9P8r9a4sN63f19RFO9t+7x26+tb+6940aU/efGdn3lnHPdPr2td/tDdrc9bL03HPZwuv5Ce77idj3+s9fmw1/XH/Sw183pX6fzXPrxnVQemx//Rm65vvsqGLrYu7n6/Kite548/r/N1/9hbW/NL6bzOp5/MvOX6rzWP677/+NkID72l9fqOr+Ti+r2u/y/T833Pd1q3H7eb15u+jvnK5s73x3h+vnR/108amGj9FI8L6f2juND6eBwVX1M9dOn6tSxzSXPvn5s+cfzU+fdNn5udOzc99/4PHDx5+vypcwebP5vz4LtWuv7C63tT8/V9ZHbPrqL5aj/dGk+zq73+M/cePrJ35pYjs0cPnT967t4zs2ePHZ6bOzx7ZO6WQ0ePzr53pesfP7J/+459O/fumDp2/Mj+O/bt27lv6vip041ltBa1gj0z7546dfZg8ypz+3ft2757966ZqZOnj8zu3zszM3V+pes3PzdNNa79nqmzsycOnTt+cnZq7vgHZvdv37dnz44Vf7rfyTNH5yanz54/NX1+bvbsdOuxTJ5rXtz43LfS9aFh7hMbF/08NZS+et9+257881kbPvPBJW+qdUjXDxD9fvpZNN/4iz/bvZo/R+4fSzOrSf4HAACAOojcvyHNTP4HAACAyojcf02amfwPAAAAlRG5fzzNrCb5X/9f/1//X/8/6P/r/5eh/6//X4b+v/7/IKxf/1//n971W/8/cv/Goqhl/gcAAIA6iNy/Kc1M/gcAAIDKiNx/bZqZ/A8AAACVEbn/GWlmNcn/+v/6//r/+v9B/1//vwz9f/3/MvT/9f8HYf36//r/9K7f+v+R+5+ZZlaT/A8AAAB1ELn/WWlm8j8AAABURuT+Z6eZyf8AAABQGZH7J9LMapL/9f/1//X/9f+D/r/+fxn6//r/Zej/6/8Pwvr1//X/6V2/9f8j9/9cmllN8j8AAADUQeT+56SZyf8AAABQGZH7n5tmJv8DAABAZUTuvy7NrCb5X/9f/79/+v8LtVj9f/1//f/Bof+v/1+G/r/+/yCsX/9f/5/e9Vv/P3L/89LMapL/AQAAoA4i91+fZib/AwAAQGVE7n9+mpn8DwAAAJURuX9zmllN8r/+v/5///T//fv/Qf9f/3+Q6P/r/5eh/6//Pwjr1//X/6d3/db/j9z/82lmNcn/AAAAUAeR+29IM5P/AQAAoDIi978gzUz+BwAAgMqI3H9jmllN8r/+v/6//r/+f9D/1/8vQ/9f/78M/X/9/0FYv/6//j+967f+f+T+F6aZ1ST/AwAAQB1E7n9Rmpn8DwAAAJURuf/FaWbyPwAAAFRG5P7JNLOa5H/9f/1//X/9/6D/r/9fhv6//n8Z+v/6/4Owfv1//X9612/9/8j9N6WZ1ST/AwAAQB1E7t+SZib/AwAAQGVE7r85zUz+BwAAgMqI3L81zawm+V//X/9f/1//P+j/6/+Xof+v/1+G/r/+/yCsX/9f/5/e9Vv/P3L/S9LMapL/AQAAoA4i99+SZib/AwAAQGVE7n9pmpn8DwAAAJURuX9bmllN8r/+v/6//r/+f9D/1/8vQ/9f/78M/X/9/0FYv/6//j+967f+f+T+l6WZ1ST/AwAAQB1E7r81zUz+BwAAgMqI3H9bmpn8DwAAAJURuX8qzawm+V//X/9f/1//P+j/6/+Xof+v/1+G/r/+/yCsX/9f/5/e9Vv/P3L/y9PMapL/AQAAoA4i99+eZib/AwAAQGVE7p9OM5P/AQAAoDIi98+kmdUk/+v/6//r/+v/B/1//f8y9P/1/8vQ/9f/H4T16//r/9O7fuv/R+7fnmZWk/wPAAAAdRC5f0eamfwPAAAAlRG5f2eamfwPAAAAlRG5f1eaWU3yv/6//r/+v/5/0P/X/y9D/1//vwz9f/3/QVi//r/+P73rt/5/5P7daWY1yf8AAABQB5H796SZyf8AAABQGZH796aZyf8AAABQGZH770gzq0n+1//X/9f/1/8P+v/6/2Xo/+v/l6H/r/8/COu/Iv3/B5b+MQD6/1RBv/X/I/fvSzOrSf4HAACAOojc/4o0M/kfAAAAKiNy/y+kmcn/AAAAUBmR+38xzawm+V//X/9f/1//P+j/6/+Xof+v/1+G/r/+/yCs37//r/9P7/qt/x+5f3+aWU3yPwAAANRB5P5XppnJ/wAAAFAZkftflWYm/wMAAEBlRO4/kGZWk/yv/6//r/+v/x/0/wek//8HqzjmCtL/1/8vQ/9f/38Q1q//r/9P7/qt/x+5/9VpZjXJ/wAAAFAHkftfk2Ym/wMAAEBlRO5/bZqZ/A8AAACVEbn/dWlmNcn/+v/6//r/+v9B/39A+v99Rv9f/78M/X/9/0FYv/6//j+967f+f+T+16eZ1ST/AwAAQB1E7v+lNDP5HwAAACojcv8b0szkfwAAAKiMyP13ppnVJP/r/+v/P139/w3pNvT/2/ad/n+T/r/+/1ro/+v/F2vp/w+lV7D+f9PV7s8P+vr1//X/6V2/9f8j9/9ymllN8j8AAADUQeT+u9LM5H8AAACojMj9d6eZyf8AAABQGZH735hmVpP83/f9/3SH+v9L9v+f2Zj92P8P+v9t+07/v0n/X/9/LfT/9f8L//5/aVe7Pz/o69f/1/+nd/3W/4/cf0+aWU3yPwAAANRB5P5fSTNrz/9L/WUZAAAAMBAi9/9qmpm//wcAAIDKiNz/pjSzmuT/vu//J/r/g/fv/wf9/7Z9p//fpP+v/78W+v/6/4X+f2lXuz8/6OvX/9f/p3f91v+P3P9raWY1yf8AAABQB5H735xmJv8DAABAZUTuf0uamfwPAAAAlRG5/61pZjXJ//r/+v/6//r/Qf9f/78M/X/9/zL0//X/B2H9+v/6//Su3/r/kfvvTTOrSf4HAACAOojc/7Y0M/kfAAAAKiNy/6+nmcn/AAAAUBmR+38jzawm+V//X/9f/1//P+j/6/+Xof+v/1+G/r/+/yCsX/9f/5/e9Vv/P3L/b6aZ1ST/AwAAQB1E7n97mpn8DwAAAJURuf+30szkfwAAAKiMyP2/nWZWk/yv/6//r/+v/x/0//X/y9D/1/8vQ/9f/38Q1q//r/9P7/qt/x+5/3fSzGqS/wEAAKAOIvf/bpqZ/A8AAACVEbn/YJqZ/A8AAACVEbn/HWlmNcn/+v/6//r/+v9B/1//vwz9f/3/MvT/9f8HYf36//r/9K7f+v+R+w+lmdUk/wMAAEAdRO7/vTQz+R8AAAAqI3L/4TQz+R8AAAAqI3L/kTSzmuR//X/9f/1//f+g/6//X4b+v/5/Gfr/+v9huSfkaq9/vfr/I4X+P/XVb/3/yP2zaWY1yf8AAABQB5H7j6aZyf8AAABQGZH7j6WZyf8AAABQGZH735lmVpP8r/+v/6//r/8f9P/1/8vQ/9f/L0P/X/9/ENbv3//X/6d3/db/j9x/PM2sJvkfAAAA6iBy/7vSzOR/AAAAqIzI/e9OM5P/AQAAoDIi959IM6tJ/tf/1//X/9f/D/r/+v9l6P/r/5eh/6//Pwjr1//X/6d3/db/j9x/Ms2sJvkfAAAA6iBy/6k0M/kfAAAAKiNy/+k0M/kfAAAAKiNy/5k0s5rkf/1//X/9f/3/oP+v/1+G/r/+fxn6//r/g7B+/X/9f3rXb/3/yP2/n2ZWk/wPAAAAdRC5/2yamfwPAAAAlRG5fy7NTP4HAACAyojcfy7NrCb5X/9f/1//X/8/6P/r/5eh////7N3Vi2DZEcfxJiTQT/lv4+7u7u6+cXd3d3d3z0NIuqpCspuEPXdm99yqz+eloBeWw9AP82P4cvX/K/T/+v8zvF//r//nuN36/9z9d4hbhux/AAAAmCB3/x3jFvsfAAAA2sjdf6e4xf4HAACANnL33zluGbL/9f/6f/2//j/p//X/K/T/+v8V+n/9/xner//X/3Pcbv1/7v67xC1D9j8AAABMkLv/rnGL/Q8AAABt5O6/W9xi/wMAAEAbufvvHrcM2f/6f/2//l//n/T/+v8V+n/9/wr9v/7/DO/X/+v/OW63/j93/z3iliH7HwAAACbI3X/PuMX+BwAAgDZy998rbrH/AQAAoI3c/feOW4bsf/2//l//r/9P+n/9/wr9v/5/hf5f/3+G9+v/9f8ct1v/n7v/PnHLkP0PAAAAE+Tuv2/cYv8DAABAG7n77xe32P8AAADQRu7++8ctQ/a//l//r//X/yf9v/5/hf5f/79C/6//P8P79f/6f47brf/P3f+AuGXI/gcAAIAJcvc/MG6x/wEAAKCN3P0PilvsfwAAAGgjd/+D45Yh+1//r//X/+v/k/5f/79C/6//X6H/1/+f4f36f/0/x+3W/+fuf0jcMmT/AwAAwAS5+x8at9j/AAAA0Ebu/ofFLfY/AAAAtJG7/+Fxy5D9r//X/+v/9f9J/6//X6H/1/+v0P/r/8/wfv2//p/jduv/c/c/Im4Zsv8BAABggtz9j4xb7H8AAABoI3f/o+KW/9z/l7fkqwAAAIBrKXf/o+OWIf/+r//X/+v/9f9J/6//X6H/1/+v0P/r/8/wfv2//p/jduv/c/c/Jm4Zsv8BAABggtz9j41b7H8AAABoI3f/4+IW+x8AAADayN3/+LhlyP7X/+v/9f/6/6T/1/+v0P/r/1fo//X/Z3i//l//z3G79f+5+58QtwzZ/wAAADBB7v4nxi32PwAAALSRu/9JcYv9DwAAAG3k7n9y3DJk/+v/9f/6f/1/0v/r/1fo//X/K/T/+v8zvF//r//nuN36/9z9T4lbhux/AAAAmCB3/1PjFvsfAAAA2sjd/7S4xf4HAACANnL3Pz1uGbL/9f/6f/2//j/p//X/K/T/+v8V+n/9/xner//X/3Pcbv1/7v5nxC1D9j8AAABMkLv/mXGL/Q8AAABt5O5/Vtxi/wMAAEAbufufHbcM2f/6f/2//l//n/T/+v8VDfv/q18B/b/+X/+v/9f/6/85bLf+P3f/c+KWIfsfAAAAJsjd/9y4xf4HAACANnL3Py9usf8BAACgjdz9z49bhux//b/+X/+v/0/6f/3/iob9v+//X1zr/v/yRj/R/+v/z/B+/b/+n+N26/9z978gbhmy/wEAAGCC3P0vjFvsfwAAAGgjd/+L4hb7HwAAANrI3f/iuGXI/tf/6//1//r/pP/X/6/Q/zft/29z4fv/+n/9v/5f/89hu/X/uftfErcM2f8AAAAwQe7+l8Yt9j8AAAC0kbv/ZXGL/Q8AAABt5O5/edwyZP/r//X/+n/9f9L/6/9X6P+b9v/X9Pv/N6b/1/+f4f36f/0/x+3W/+fuf0XcMmT/AwAAwGndjO2eu/+VcVf+HwAAAMDecve/Km6x/wEAAKCN3P2vjluG7H/9v/5/j/7/houber/+X/9/of/fnv5f/79C/6//P8P7r1P/n7+m+n9G2K3/z93/mrhlyP4HAACACXL33xC32P8AAADQRu7+18Yt9j8AAAC0kbv/dXHLkP2v/9f/79H/z/z+/6X+/9/+PPX/+v+bov/X/1/o/5fd2v382d/v+//6f47brf/P3f/6uGXI/gcAAIAJcve/IW6x/wEAAKCN3P1vjFvsfwAAAGgjd/+b4pYh+1//r//X//v+f9L/6/9X6P/1/yv0//r/M7xf/6//57jd+v/c/W+OW4bsfwAAAJggd/9b4hb7HwAAANrI3f/WuMX+BwAAgDZy978tbhmy//X/+n/9v/4/6f/1/yv0//r/Ffp//f8Z3q//1/9z3G79f+7+t8ctQ/Y/AAAATJC7/x1xi/0PAAAAbeTuf2fcYv8DAABAG7n73xW3DNn/+n/9v/5f/5/0//r/Ffp//f8K/b/+/wzv1//r/zlut/4/d/+745Yh+x8AAAAmyN3/nrjF/gcAAIA2cve/N26x/wEAAKCN3P3vi1uG7H/9v/5f/6//T/p//f8K/b/+f4X+X/9/hvfr//X/HLdb/5+7//1xy5D9DwAAABPk7v9A3GL/AwAAQBu5+z8Yt9j/AAAA0Ebu/g/FLUP2v/5f/6//1/8n/b/+f4X+X/+/Qv+v/z/D+/X/+n+O263/z93/4bhlyP4HAACACXL3fyRusf8BAACgjdz9H41b7H8AAABoI3f/x+KWIftf/6//1//r/5P+X/+/Qv+v/1+h/9f/n+H9+n/9P8ft1v/n7v943DJk/wMAAMAEufs/EbfY/wAAANBG7v5Pxi32PwAAALSRu/9T/7y3/dd/GLL/9f/6f/2//j/p//X/K/T/+v8V+n/9/xner//X/3Pcbv3/1e6/vPh03DJk/wMAAMAEufs/E7fY/wAAANBG7v7Pxi32PwAAALSRu/9zccuQ/a//1//r//X/Sf+v/1+h/9f/r9D/6//P8H79v/6f43br/3P3fz5uGbL/AQAAYILc/V+IW+x/AAAAaCN3/xfjFvsfAAAA2sjd/6W4Zcj+1//r/3v1/1cpnv7/iv7/iv7/+tL/6/9X6P/1/2d4v/5f/89xu/X/ufu/HLcM2f8AAAAwQe7+r8Qt9j8AAAC0kbv/q3GL/Q8AAABt5O7/WtwyZP/r//X/vfr/K/r/K/r/K/r/60v/r/9fof/X/5/h/fp//T/H7db/5+7/etwyZP8DAADABLn7vxG32P8AAADQRu7+b8Yt9j8AAAC0kbv/W3HLkP2v/9f/6//1/0n/r/9fof/X/6/Q/+v//5vbb/R+/b/+n+N26/9z9387bhmy/wEAAGCC3P3fiVvsfwAAAGgjd/934xb7HwAAANrI3f+9uGXI/tf/6//1//r/pP/X/6/Q/+v/V+j/9f9neL/+X//Pcbv1/7n7vx+3DNn/AAAAMEHu/h/ELfY/AAAAtJG7/4dxi/0PAAAAbeTu/1HcMmT/6//1//p//X/S/+v/V+j/9f8r9P/6/zO8X/+v/+e43fr/3P0/jluG7H8AAACYIHf/T+IW+x8AAADayN3/07jF/gcAAIA2cvf/LG4Zsv/1//p//b/+P+n/9f8r9P/6/xX6f/3/Gd6v/9f/c9z/6v/j7/y3aP+fu//nccuQ/Q8AAAAT5O7/Rdxi/wMAAEAbuft/GbfY/wAAANBG7v5fxS1D9r/+X/+v/9f/J/2//n+F/l//v0L/r/8/w/v1//p/jtvt+/+5+38dtwzZ/wAAADBB7v7fxC32PwAAALSRu/+3cYv9DwAAAG3k7v9d3DJk//+//v92cW/F/j+foP/X/+v/9f/6/w3p//X/K/T/+v8zvF//r//nuN36/9z9v49bhux/AAAAmCB3/x/iFvsfAAAA2sjd/8e4xf4HAACANnL3/yluGbL/ff9f/6//1/8n/b/+f4X+X/+/Ynz//48f6/+3f7/+X//Pcbv1/7n7/xy3DNn/AAAAMEHu/r/ELfY/AAAAtJG7/69xi/0PAAAAbeTu/1vcMmT/6//1//p//X/S/+v/V+j/9f8rxvf/vv9/ivfr//X/HLdb/5+7/+8BAAD//xKBZe0=")
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x40)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
creat(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x12)
symlink(&(0x7f00000008c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f00000007c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
symlink(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mknod$loop(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000, 0x1)
creat(&(0x7f0000000100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10)
creat(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

14.361962264s ago: executing program 5 (id=2178):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xa, 0x4, 0x9, 0xc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)

14.272541211s ago: executing program 5 (id=2179):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000140)=0x1)

14.272255515s ago: executing program 5 (id=2180):
syz_mount_image$nilfs2(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', 0x3214212, &(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES32], 0x7, 0xf11, &(0x7f0000001100)="$eJzs3U1sHNUdAPA368/EJl7zaaCEFFoRKNghidT0FgTqEXHpHRQSGmEoauiBiI/QA6ISokiIU8WBigulUorUSqBKFeqp7alVbz2hXqhUpVKiXhopcWXnvfX62ZNdT9az3t3fT/r77Zs3O///eCNnZnb2bQBGVmPt59GjC0UIH3zx/hOvPVv8bnXZva01Dqz9LGKvGUKYaOsX2fa+iguuXHz1xFZtEQ6v/Uz98OSF1nNnQgjnwoHwZWiGT5eWL33y4eMHP3tr+vZ3zz7/+g7tfku+HwAAMIzO/2X5Hw/+688Pz18+v/94mGotT8fnzdificf9h+KBcjpeboSN/aIt2k1m643FaGTrjWXrjWd5xkvyTWTbmShZb7JDvrG2ZVvtJwAAAAyidF7bDEVjcUO/0VhcvHbev+qrucli8cXTy6fO9KlQAAAAoLL/vrF2060QQgghhBBCiB5G6x7lXVCLEKuxMtff6w8AAADA6MnnC9vkXG9n6mptrdld/guPNbZ+PvRA3f/+5R+s/B+/6S8OAADVDevRZNqvdByd5jHI5xEcy5633eP/Rrad8W3WWTav4KDMN1hWZ/573a3K6t/u69gvZfXn82HuVmX15/N07lZl9U/VXEdVZfVP11xHVWX176m5jqrK6t9bcx1VldU/U3MdVZXVP1tzHVWV1X9TzXVUVVb/vprrqKqs/kG5rbas/mbNdVRVVv98zXVUVVb/zTXXUVVZ/bfUXEdVZfXfWnMd/XJPbNPvYX823n7+nJ/TDco5HgAAAIy6/5n/TwghhBBiCOK2XVCDEEKI3Rxv9PsCBAAAANB36XMB6VPvK1EaH+swPt5hfKLD+GSH8akO4wAAAEAIv3/71J3vFeuf87/R+fDSvFFp/qXtzmOUz0e43fw3Ou9Z2tq1+i9tO/+gzFsGAADAaCm+/+XVh5746OX5y+f3H287+74az3fTPKDj8drA57Gf7guYzfpFOoc+vjFPo2S9/PrATWXbe+oGdxQAAABGWDp/b4Zi7ZS70eo3GouL6+fjC2GiOHV6+eSh2E/fz/KnuYmp1eWP1ls2AAAAsA3r5/tFY3GL8//0Pb4LYbJYfPH08qkz1/qzreUTjfbrAnPry4v26wLNbPnhkuVHYj99f+cP5/asLV888aPlZ3u98wAAADAizrxy9vlnlpdP/njLB+nT7NdbZzsP0ucLtvOsEIrQm+weeOBBtw/6+EcJAADYEV9//f7ET47M/uHa5//X579Ln/8/EPvNOLffX+MK6T6B9DmATZ/Xf3pjnrmy9V7auF4zW28sxlRW93TbdkLbfIPpefNl+ZobtzNZkm8myzeb5cvnKRjP1k/59mXL8/kJ03pz2fJ8HsbxLEeR5b8vAAAAQLmll194aenMK2cfOf3CM8+dfO7ki0cOH/vesWOHHv3uo0tr9/Uvtd/dDwAAAAyi9Zt++10JAAAAAAAAAAAAAAAAAAAAjK46vk6s3/sIAAAAo+4/b4QQzgkhSuLaV2D2frvr30TZ/30Uwxt7dkENQggheh2XrzM2tgvqE0Ls2lhZyb9pHgAAAGBnXbn46on2dpNzRU/ztbYW3429GvOmdvaRv8+vRlrtwmMbr5fs7Wk1jLq6//3LP1j5P36zt/mn04Ou//41Nm7geLW8Dyz9aqE9/13jXebP9/+pavkPZvkfCN3lX/koy/90tfwPZvn3dpl/0/6/VC3/QzH/QuwfvL/b/Btf/6nYpv3Y02X+72T7/2zoNn+2/80uE2YejvkBYBQ1+l3ADklHCek4eib20/7Gw82Q3/2w3eP/Rrad8RuufON203HQHbGfjpdms7zJduufybZ3U8U6c4NyV0lZ/b16HXdaWf0TNddRVVn9kzXXUVVZ/VM111FVWf3TNddRVVn93Z6H9ltZ/YNyXbms/pma66iqrP7Zmuuoqqz+7f4/3i9l9e+ruY6qyuqfq7mOqsrqr3hZrXZl9c/XXEdVZfXfXHMdVZXVf0vNdVRVVv+tNdfRL3fHtux8OJ1/zsWx1G9m/aktfpfDem0BAAAABs2/zf8nBiWOzva/BiGE6Fns2QU1iNGO+O5P3+sQYjhiZeXqyqp+1yHE9WJlpd9XIOinnf00MwC7lb//o83rP9q8/qPN68/1pHv4i6yfjHUYH+8wPtFhfDIbz/+9TnUYvyXb7kqUxm/tMH5bh/F9Hcbv6DC+0GH8zg7jd3UYv7vDOAAAAKPh9tg6PwQAAIDh9dqvP3/ntw88fXH+8vn9x8PkpnnnD8X+VHxv/e3Yz+e9Tybie/4/jf1fxvaPsf1ntr77TwAAAGDnpe+J8f4/AAAADK/0PaXO/wEAAGB4zcfW+T8AAAAMr5tj6/wfAAAAhlgxvfXi2KbrAvfFttt5/QCA3e8bsb0ntvtje29svxnbdBxwf2y/VVN9AEDv/OIHPzv2XrE+3/+RbPxKXJ7aTc5du1JQNDbO5L8ntntj++0u68m/D6Db/Mm+LvPsVP65G8wPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyPxtrPo0cXihA++OL9J34++c7fVpfd21rjwNrPIvaaIYSJ1vPS6Hr/N3HFKxdfPdHeXo1tEQ6HIhSt5eHJC61MMyGEc+FA+DI0w6dLy5c++fDxg5+9NX37u2eff30HfwUb9g8AAACG0f8DAAD//+bVG3I=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40000, 0x0)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x81012, r0, 0x0)

14.162049143s ago: executing program 5 (id=2181):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000001c0)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_genetlink_get_family_id$mptcp(&(0x7f00000003c0), 0xffffffffffffffff)

12.429520765s ago: executing program 5 (id=2193):
r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
getdents64(r0, &(0x7f0000000400)=""/176, 0xb0)

12.367045055s ago: executing program 36 (id=2193):
r0 = open(&(0x7f00000000c0)='.\x00', 0x8000, 0x50)
getdents64(r0, &(0x7f0000000400)=""/176, 0xb0)

1.923445491s ago: executing program 6 (id=2278):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000300)={{0x4, 0x7, 0x1, 0x17}, 'syz0\x00', 0xb})
ioctl$UI_DEV_CREATE(r0, 0x5501)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r2}, 0x10)
close(r1)
syz_open_dev$evdev(&(0x7f0000000100), 0x72, 0x0)
close(0x3)
close(r1)

1.813598346s ago: executing program 6 (id=2280):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002420702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000002285000000b400000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x2f)

1.742592144s ago: executing program 6 (id=2281):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c757365725f78617474722c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303031362c646973636172642c6e6f61636c2c6673796e635f6d6f64653d706f7369782c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c6163746976655f6c6f67733d322c6661756c745f747970653d30303030303030303030303031363737373231342c0028f473678e481c01a5166a7bba2191211dbeb315e64c646781d182bb6fc08ed1a9b878f5270212fd44f2e7a4a4114856d260ffcb3200f4f6de3d730463"], 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x8001, 0x0, 0x1, 0x0, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents(r0, 0x0, 0x0)
getdents(r0, 0x0, 0x58)

1.332918738s ago: executing program 2 (id=2286):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000800)={0x28, r0, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x2}, @NL80211_ATTR_KEY_DEFAULT={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x818}, 0x4000)

1.332743578s ago: executing program 2 (id=2287):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0xa194, 0x2)
ioctl$vim2m_VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000100)=@multiplanar_fd={0x5, 0x0, 0x4, 0x400, 0xfff, {0x0, 0x2710}, {0x4, 0x0, 0x80, 0x5, 0x4, 0x7, "8ac23273"}, 0x5, 0x4, {0x0}, 0x4})

1.263501278s ago: executing program 2 (id=2288):
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3da, &(0x7f00000004c0)="$eJzs3N1qHFUcAPD/TPNh0+pGrV5owUgRgx/5aEpssKCCl15ZX2BN0hLdNrZZwZZcKIh9APUBxMv6CF6Id4LgTfHaO6VQJMm1rMxmdjNudmO+ltHu7wcHzpnZ4Zz/zOyek3MOCWBgTUTEpxExEhEfREQlP57kKd7cTtnntjbWF7OURKNx+c+keX5zY30xCtdkTuWFyTQi/TyJZ7vUu3br9ofVWm35Zl6erl/7aHrt1u1XV65Vry5fXb4+N7OwMDN3cX5h/thi/T3u/Hbp3tuVL38+9+uP7787n7X3dH6uGMdxmYiJ9j3pNHXclZXskUI+GSqxIRxIGhEnImKo+f2vxInYeXiV+L5SauMAgL5oNN7oKAMAD79Enw8AA6b1d//mxvpiK5UxD1GWB29tL15t5mubW+34h9orIcMd61vHaSIivvv6teeyFH1ahwQAKPohG/9c7Db+S+Ns4XMnI2Is39t1OiIejYjHCvvFDmuio7x7/JPeP2IVe8rGf5cKe9u2CvHnxk/kpSzm8RhOrqzUlmfy+CdjeDQrz+5Rx9nLT//V61xx/JelrP7WWDBvx/2h0X9es1StV48Sc9GDzyKeGeoWf9Ie/ybNuA/v9Rt3n+p17t/j76/GNxEvdn3+Ozv3kr33J04334fp1lux252XXrjRq/6y48+e/9je8Y8nxf2aawev46cLK7/0OnfY938kea+ZH8mPfVKt12/ORowk7+w+fn7n2la59fks/slz3b//Z2LnTjweEU9ExJMRzeM9X+guXql9+/zh4++vLP6lAz3/g2fGvrh7r1f9+3v+F5q5yfzIfn7/9tvAo9w7AAAA+L9Im/O5STrVzqfp1NT2PO+ZGEtrq2v1l6+sfnx9aXvedzyG09ZMV6UwHzqbzxG2yuc7ynP5HMpXoyeb5anF1dpS2cEDwIA61aP/z/wxWnbrAIC+6dfmdgDgv0v/DwCDR/8PAINH/w8Ag0f/DwCDR/8PAAPlKP/XT0ZG5mHNlP3LBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQrr8DAAD//3JA1T8=")
setxattr$incfs_metadata(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000140)="54c11dc7047af229616f84c1734b80d2522dbcd492f1ad1732f64c9f775c1334ab9386f2ceed3af4e64a24a9571acf4ee39ad3def422845ed60098088bb78e99a25215601b0b724a5d2b8e552cd357b017", 0x51, 0x0)
getxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000)=@known='user.incfs.metadata\x00', 0x0, 0x50)

1.194066201s ago: executing program 6 (id=2289):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SDTEFACILITIES(r0, 0x89eb, &(0x7f0000000300)={0x3ff, 0x3, 0x8, 0x4, 0x5, 0x1b, 0x43, "d6ffdc1e06695e358e53e698e21429e50916bb6c", "3daeb258cc37a691135764fa43031f0d00"})

1.121007819s ago: executing program 2 (id=2291):
syz_mount_image$minix(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="fee1c24738970b9646bec7f1bd150782113bab51ce745bc91b6f5ca5e831bfbea8eebf43bd917b5a0f341baf265c35ed527d37bb3aa5d29d9fb07f1144b49df6f9db30e0eaf29990830d9cea2cb8d285c432ac65414f46d4c153836eef9306b0548b4d9c2547996ea9a7b577811d218090dd5ef006ec2a69240cc9540d3ed38b01557027554bd91da28abaef89ed62eee712770abb70be98ed426a1799303eaa0b23a779406ab7b068cd"], 0x1, 0x173, &(0x7f0000000240)="$eJzs281qE1EYBuBvkviDK8GduLNq/WmmzWitu3oppR1LcarFumkRxEvxyvQGXHgDRjo2I5kEhEhySPM8q++dl2HOLE7mbBLA6urtRhZZrF3M927e/nwnS70iYEGGiZ//awik0/2eegVAGj9eR5xExLefn/ajuzbxfb7od0d958Fk/yXibu+yzx7Go1Y//Br1tT/9+tT7bzX946n9+v3R85/E03gWG9GPPDZj67I/aO5//p+nEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABWVRb9dh670Ik3R1W52eRrdd5q8vU6D1q5aPKNOvf331cH83oFYEadf+z/bmv/91r7H1hep2fnb/eqqvxgMBgMzZD6lwmYt/zj8Ul+ena+cXS8d1gelu+KF9vFYOfV9sudvD755+Pnf+Dq+PvRT70SAAAAAAAAAGBWgyhSLwEAAFiQRfydKPU7AgAAAAAAAAAAAADAsvsdAAD//4Ptq2k=")
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x12, 0x3, 0x8, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000001d80), &(0x7f0000001d40)=r0}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f00000002c0)={r2, &(0x7f0000000340), 0x0}, 0x20)

920.109624ms ago: executing program 2 (id=2294):
r0 = syz_open_dev$swradio(&(0x7f00000004c0), 0x1, 0x2)
pread64(r0, &(0x7f0000000700)=""/115, 0x73, 0x5)
ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000000)=@mmap={0x2, 0xb, 0x4, 0x0, 0x4, {0x77359400}, {0x3, 0x2, 0x10, 0x8, 0x80, 0x60, "ad322947"}, 0x7, 0x1, {}, 0x5})

861.462239ms ago: executing program 6 (id=2295):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x4e21, @multicast1}}, 0x0, 0x8000, 0x2, 0x6, 0x54, 0x0, 0xf9}, &(0x7f0000000000)=0x9c)

861.255147ms ago: executing program 7 (id=2296):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="2c0000001d00070f000000000000000007000000", @ANYRES32=r1, @ANYBLOB="000052000600050001000000080008"], 0x2c}}, 0x20008000)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2004c800)

788.706433ms ago: executing program 2 (id=2297):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102400, 0x19000)
mbind(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x4001, 0x0, 0x7, 0x1)
sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)

788.565353ms ago: executing program 6 (id=2298):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket(0x10, 0x803, 0x0)
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_int(r1, 0x0, 0x18, 0x0, 0x0)

718.584432ms ago: executing program 7 (id=2299):
syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "6410a6", 0x0, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, @mcast2}}}}, 0x0)

563.756754ms ago: executing program 7 (id=2300):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0x2)
ioctl$TIOCL_SETSEL(r0, 0x40087101, &(0x7f0000000180)={0x2, {0x2, 0x4, 0x800, 0x7, 0x5}})

438.016554ms ago: executing program 7 (id=2301):
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x402)
r1 = dup(r0)
ioctl$USBDEVFS_CONTROL(r1, 0xc0185500, &(0x7f0000000040)={0x23, 0x3, 0x2, 0x41, 0x0, 0x5, 0x0})

267.814522ms ago: executing program 7 (id=2302):
r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xfc, 0x2, 0x4})
ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405668, &(0x7f0000000100)={0x0, 0x20, 0x2})

0s ago: executing program 7 (id=2303):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x0)
semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000080)=""/121)

kernel console output (not intermixed with test programs):

imal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  223.230551][T10212] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 18: comm syz.2.1528: lblock 23 mapped to illegal pblock 18 (length 1)
[  223.238071][T10212] EXT4-fs error (device loop2): ext4_readdir:264: inode #2: block 19: comm syz.2.1528: path /573/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  223.264939][ T1278] rc_core: IR keymap rc-hauppauge not found
[  223.266998][ T1278] Registered IR keymap rc-empty
[  223.269612][ T1278] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[  223.283548][ T1278] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input16
[  223.288964][T10218] loop4: detected capacity change from 0 to 65
[  223.293123][T10218] BFS-fs: bfs_fill_super(): NOTE: filesystem loop4 was created with 512 inodes, the real maximum is 511, mounting anyway
[  223.431474][T10221] loop4: detected capacity change from 0 to 1024
[  223.459726][T10221] EXT4-fs (loop4): orphan cleanup on readonly fs
[  223.483603][T10221] EXT4-fs (loop4): 1 truncate cleaned up
[  223.500657][    C0] igorplugusb 2-1:0.0: Error: urb status = -32
[  223.501535][T10221] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  223.513106][T10200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  223.526271][T10200] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  223.535622][ T8929] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  223.542136][ T6249] usb 2-1: USB disconnect, device number 28
[  223.953699][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.025050][ T6249] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  224.073388][T10239] loop1: detected capacity change from 0 to 24
[  224.076066][T10239] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  224.080736][T10239] romfs: bad initial checksum on dev loop1.
[  224.188284][ T6249] usb 5-1: not running at top speed; connect to a high speed hub
[  224.196278][ T6249] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  224.200516][ T6249] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  224.225064][ T6249] usb 5-1: config 1 has no interface number 1
[  224.228551][ T6249] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  224.233957][ T6249] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  224.258228][ T6249] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  224.262130][ T6249] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  224.267315][T10237] loop2: detected capacity change from 0 to 32768
[  224.274329][ T6249] usb 5-1: Product: syz
[  224.278800][ T6249] usb 5-1: Manufacturer: syz
[  224.289051][ T6249] usb 5-1: SerialNumber: syz
[  224.332017][T10237] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  224.332039][T10237]   allowing incompatible features above 0.0: (unknown version)
[  224.332043][T10237]   features: 
[  224.346152][T10237] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  224.348873][T10237] bcachefs (loop2): initializing new filesystem
[  224.356303][T10237] bcachefs (loop2): going read-write
[  224.360187][T10237] bcachefs (loop2): marking superblocks
[  224.373584][T10237] bcachefs (loop2): initializing freespace
[  224.378763][T10237] bcachefs (loop2): done initializing freespace
[  224.384997][T10237] bcachefs (loop2): reading snapshots table
[  224.387119][T10237] bcachefs (loop2): reading snapshots done
[  224.406275][T10237] bcachefs (loop2): done starting filesystem
[  224.459490][   T33] audit: type=1800 audit(1756336963.412:93): pid=10237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1537" name="file1" dev="loop2" ino=4098 res=0 errno=0
[  224.484955][   T33] audit: type=1800 audit(1756336963.412:94): pid=10237 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1537" name="file1" dev="loop2" ino=4098 res=0 errno=0
[  224.506342][T10247] loop1: detected capacity change from 0 to 32768
[  224.544439][T10247] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1542 (10247)
[  224.552041][ T6249] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor
[  224.571710][T10247] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  224.580419][T10247] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  224.594288][ T6249] usb 5-1: USB disconnect, device number 8
[  224.671460][T10247] BTRFS info (device loop1): enabling ssd optimizations
[  224.679192][T10247] BTRFS info (device loop1): enabling free space tree
[  224.688010][ T7883] udevd[7883]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  224.776836][ T5853] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  225.004060][ T5850] bcachefs (loop2): shutting down
[  225.009208][ T5850] bcachefs (loop2): going read-only
[  225.011344][ T5850] bcachefs (loop2): finished waiting for writes to stop
[  225.015111][ T5850] bcachefs (loop2): flushing journal and stopping allocators, journal seq 5
[  225.042585][ T5850] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 6
[  225.046668][ T5850] bcachefs (loop2): clean shutdown complete, journal seq 7
[  225.049928][ T5850] bcachefs (loop2): marking filesystem clean
[  225.066826][ T5850] bcachefs (loop2): shutdown complete
[  225.199712][T10283] loop1: detected capacity change from 0 to 1024
[  225.271345][T10283] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.326288][ T5853] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  226.483466][T10308] loop4: detected capacity change from 0 to 32768
[  226.536764][T10308] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  226.606779][T10308] XFS (loop4): Ending clean mount
[  226.626371][T10308] XFS (loop4): Quotacheck needed: Please wait.
[  226.696070][T10308] XFS (loop4): Quotacheck: Done.
[  226.769148][ T8929] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  226.795004][T10318] loop2: detected capacity change from 0 to 1764
[  226.929539][T10318] iso9660: Corrupted directory entry in block 2 of inode 1920
[  227.039918][T10324] binder: BC_ACQUIRE_RESULT not supported
[  227.053725][T10324] binder: 10323:10324 ioctl c0306201 200000000480 returned -22
[  227.128904][T10322] loop1: detected capacity change from 0 to 4096
[  227.128937][T10329] loop2: detected capacity change from 0 to 128
[  227.138540][T10322] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  227.149070][T10329] EXT4-fs: Ignoring removed nobh option
[  227.151590][T10329] EXT4-fs (loop2): Invalid log block size: 4294967295
[  227.341195][T10337] overlayfs: failed to verify upper root origin
[  227.670466][T10343] loop1: detected capacity change from 0 to 32768
[  227.682041][T10343] 
[  227.682041][T10343]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  227.682041][T10343] 
[  227.699130][T10343] ERROR: (device loop1): diWrite: ixpxd invalid
[  227.699130][T10343] 
[  227.705893][T10343] ERROR: (device loop1): txCommit: 
[  227.705893][T10343] 
[  227.713773][T10343] ERROR: (device loop1): diWrite: ixpxd invalid
[  227.713773][T10343] 
[  227.719070][T10343] ERROR: (device loop1): txCommit: 
[  227.719070][T10343] 
[  227.725832][T10343] 
[  227.725832][T10343]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  227.725832][T10343] 
[  227.730781][T10343] 
[  227.730781][T10343]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  227.730781][T10343] 
[  227.739309][T10343] ERROR: (device loop1): diWrite: ixpxd invalid
[  227.739309][T10343] 
[  227.742956][T10343] ERROR: (device loop1): txCommit: 
[  227.742956][T10343] 
[  227.773488][ T5853] ERROR: (device loop1): diFree: wmap shows inode already free
[  227.773488][ T5853] 
[  227.782499][ T5853] 
[  227.782499][ T5853]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  227.782499][ T5853] 
[  227.790307][ T5853] 
[  227.790307][ T5853]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  227.790307][ T5853] 
[  227.924464][ T6249] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  227.983912][T10357] loop2: detected capacity change from 0 to 4096
[  228.074575][ T6249] usb 5-1: Using ep0 maxpacket: 8
[  228.077879][ T6249] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  228.088839][ T5237] Bluetooth: hci2: ACL packet for unknown connection handle 200
[  228.089652][ T6249] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  228.112056][ T6249] usb 5-1: New USB device found, idVendor=0566, idProduct=3004, bcdDevice= 0.00
[  228.131102][ T6249] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  228.137227][ T6249] usb 5-1: config 0 descriptor??
[  228.162898][T10369] loop1: detected capacity change from 0 to 1024
[  228.201565][T10369] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  228.205014][T10369] hfsplus: xattr searching failed
[  228.213216][T10369] hfsplus: inconsistency in B*Tree (9,1,255,1,0)
[  228.216651][T10369] hfsplus: xattr search failed
[  228.232125][ T1089] hfsplus: b-tree write err: -5, ino 4
[  228.294474][T10373] trusted_key: syz.1.1582 sent an empty control message without MSG_MORE.
[  228.419301][T10376] netlink: 'syz.2.1581': attribute type 3 has an invalid length.
[  228.422603][T10376] netlink: 'syz.2.1581': attribute type 1 has an invalid length.
[  228.426100][T10376] netlink: 193500 bytes leftover after parsing attributes in process `syz.2.1581'.
[  228.781383][ T6249] monterey 0003:0566:3004.0008: report_id 1108778202 is invalid
[  228.784853][ T6249] monterey 0003:0566:3004.0008: item 0 4 1 8 parsing failed
[  228.789446][ T6249] monterey 0003:0566:3004.0008: probe with driver monterey failed with error -22
[  228.800958][ T6249] usb 5-1: USB disconnect, device number 9
[  229.248528][T10386] loop1: detected capacity change from 0 to 32768
[  229.457890][T10394] loop4: detected capacity change from 0 to 164
[  229.458911][T10390] loop2: detected capacity change from 0 to 32768
[  229.490763][T10390] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1588 (10390)
[  229.522052][T10390] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  229.527503][T10390] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  229.629951][T10390] BTRFS info (device loop2): enabling ssd optimizations
[  229.632912][T10390] BTRFS info (device loop2): enabling free space tree
[  229.664257][T10390] BTRFS info (device loop2): use lzo compression, level 0
[  229.712948][ T5850] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  229.826498][   T51] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  229.994941][   T51] usb 5-1: Using ep0 maxpacket: 16
[  229.998951][   T51] usb 5-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 253, changing to 11
[  230.016397][   T51] usb 5-1: config 0 interface 0 has no altsetting 0
[  230.019277][   T51] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  230.052927][T10429] loop1: detected capacity change from 0 to 8
[  230.065965][   T51] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.071975][   T51] usb 5-1: config 0 descriptor??
[  230.144222][T10429] SQUASHFS error: Failed to read block 0x4de: -5
[  230.165696][T10429] SQUASHFS error: Failed to read block 0x4de: -5
[  230.179078][T10429] SQUASHFS error: Failed to read block 0x4de: -5
[  230.181991][T10429] SQUASHFS error: Failed to read block 0x4de: -5
[  230.213466][T10429] SQUASHFS error: Failed to read block 0x4de: -5
[  230.230540][   T33] audit: type=1800 audit(1756336969.183:95): pid=10429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1599" name="file1" dev="loop1" ino=5 res=0 errno=0
[  230.508876][   T51] nzxt-smart2 0003:1E71:2009.0009: hidraw0: USB HID v0.06 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0
[  230.615683][ T6248] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[  230.709193][   T51] usb 5-1: USB disconnect, device number 10
[  230.764680][ T6248] usb 3-1: Using ep0 maxpacket: 8
[  230.768907][ T6248] usb 3-1: config 0 has no interfaces?
[  230.772612][ T6248] usb 3-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f
[  230.776386][ T6248] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.779172][ T6248] usb 3-1: Product: syz
[  230.780856][ T6248] usb 3-1: Manufacturer: syz
[  230.782769][ T6248] usb 3-1: SerialNumber: syz
[  230.795568][ T6248] usb 3-1: config 0 descriptor??
[  231.328002][T10444] loop4: detected capacity change from 0 to 256
[  231.348800][T10444] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  231.456503][T10448] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1608'.
[  231.513367][T10439] loop1: detected capacity change from 0 to 262144
[  231.517488][T10439] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1604 (10439)
[  231.527014][T10439] BTRFS info (device loop1): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  231.531072][T10439] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  231.622186][T10439] BTRFS info (device loop1): enabling ssd optimizations
[  231.625540][T10439] BTRFS info (device loop1): using spread ssd allocation scheme
[  231.628763][T10439] BTRFS info (device loop1): enabling free space tree
[  231.642310][T10466] program syz.4.1610 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  231.968918][ T5853] BTRFS info (device loop1): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  232.596938][T10472] loop1: detected capacity change from 0 to 32768
[  232.616725][T10472] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1611 (10472)
[  232.664451][T10472] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  232.668925][T10472] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  232.825239][T10472] BTRFS info (device loop1): enabling ssd optimizations
[  232.833307][T10472] BTRFS info (device loop1): enabling free space tree
[  232.948483][ T5853] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  233.344324][T10491] hub 9-0:1.0: USB hub found
[  233.347463][T10491] hub 9-0:1.0: 1 port detected
[  233.581573][ T6248] usb 3-1: USB disconnect, device number 30
[  233.829739][T10497] loop2: detected capacity change from 0 to 1024
[  235.513642][    T9] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[  235.667075][    T9] usb 3-1: Using ep0 maxpacket: 32
[  235.687709][    T9] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  235.690848][    T9] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  235.718464][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  235.722226][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  235.746746][    T9] usb 3-1: config 1 has no interface number 0
[  235.750264][    T9] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  235.762514][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.794684][    T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  235.853186][T10533] loop1: detected capacity change from 0 to 16
[  235.904608][T10533] erofs (device loop1): mounted with root inode @ nid 36.
[  236.028752][    T9] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[  236.031852][    T9] snd_usb_pod 3-1:1.1: invalid control EP
[  236.052721][    T9] snd_usb_pod 3-1:1.1: cannot start listening: -22
[  236.059263][    T9] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  236.063651][    T9] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[  236.363724][   T51] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  236.523828][   T51] usb 5-1: Using ep0 maxpacket: 8
[  236.544314][   T51] usb 5-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=dc.f4
[  236.557165][    T9] usb 3-1: USB disconnect, device number 31
[  236.557736][   T51] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  236.568019][   T51] usb 5-1: Product: syz
[  236.572448][   T51] usb 5-1: Manufacturer: syz
[  236.576790][   T51] usb 5-1: SerialNumber: syz
[  236.585823][   T51] usb 5-1: config 0 descriptor??
[  236.596210][   T51] gl620a 5-1:0.0: probe with driver gl620a failed with error -22
[  237.350960][T10549] loop1: detected capacity change from 0 to 32768
[  237.415509][T10559] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1634'.
[  237.424501][T10559] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1634'.
[  237.434763][T10559] usb usb8: usbfs: process 10559 (syz.2.1634) did not claim interface 0 before use
[  237.439286][T10549] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  237.439297][T10549]   allowing incompatible features above 0.0: (unknown version)
[  237.439301][T10549]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  237.455469][T10549] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[  237.458189][T10549] bcachefs (loop1): initializing new filesystem
[  237.464832][T10549] bcachefs (loop1): going read-write
[  237.467788][T10549] bcachefs (loop1): marking superblocks
[  237.472854][T10549] bcachefs (loop1): initializing freespace
[  237.476321][T10549] bcachefs (loop1): done initializing freespace
[  237.479352][T10549] bcachefs (loop1): reading snapshots table
[  237.481292][T10549] bcachefs (loop1): reading snapshots done
[  237.504640][T10549] bcachefs (loop1): done starting filesystem
[  237.529177][T10549] bcachefs (loop1): shutdown by ioctl type 1emergency read only at seq 2
[  237.534690][    T9] bcachefs (loop1): going read-only
[  237.536757][    T9] bcachefs (loop1): finished waiting for writes to stop
[  237.552907][    T9] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2
[  237.555971][    T9] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 2
[  237.559782][ T5853] bcachefs (loop1): shutting down
[  237.560624][    T9] bcachefs (loop1): unclean shutdown complete, journal seq 2
[  237.568786][    T9] bcachefs (loop1): done going read-only, filesystem not clean
[  237.646176][ T5853] bcachefs (loop1): shutdown complete
[  238.606577][T10565] loop1: detected capacity change from 0 to 32768
[  238.611350][T10565] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1636 (10565)
[  238.617872][T10565] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  238.622177][T10565] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  238.648234][T10565] BTRFS info (device loop1): enabling ssd optimizations
[  238.651259][T10565] BTRFS info (device loop1): enabling free space tree
[  238.702358][ T5853] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  238.849637][T10585] loop1: detected capacity change from 0 to 8
[  238.932361][T10587] loop1: detected capacity change from 0 to 2048
[  238.992041][   T51] usb 5-1: USB disconnect, device number 11
[  239.001922][T10588] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  239.058021][T10587] NILFS error (device loop1): nilfs_check_folio: bad entry in directory #2: rec_len is too small for name_len - offset=16, inode=2, rec_len=16, name_len=255
[  239.074617][T10587] Remounting filesystem read-only
[  239.226217][T10596] loop1: detected capacity change from 0 to 4096
[  239.282027][T10592] loop4: detected capacity change from 0 to 32768
[  239.286967][T10592] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1641 (10592)
[  239.294943][T10592] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  239.298408][T10592] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  239.411559][T10592] BTRFS info (device loop4): rebuilding free space tree
[  239.421548][T10592] BTRFS info (device loop4): enabling ssd optimizations
[  239.424291][T10592] BTRFS info (device loop4): using spread ssd allocation scheme
[  239.427088][T10592] BTRFS info (device loop4): enabling free space tree
[  239.429690][T10592] BTRFS info (device loop4): force clearing of disk cache
[  239.526254][ T8929] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  239.845443][T10619] loop4: detected capacity change from 0 to 32768
[  239.881012][T10619] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  239.906579][T10619] XFS (loop4): Ending clean mount
[  239.925978][ T8929] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  240.702945][ T6248] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  240.865121][ T6248] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  240.869055][ T6248] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  240.881183][ T6248] usb 2-1: New USB device found, idVendor=1223, idProduct=3f07, bcdDevice= 0.00
[  240.886944][ T6248] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  240.903455][ T6248] usb 2-1: config 0 descriptor??
[  241.335100][ T6248] ortek 0003:1223:3F07.000A: unknown main item tag 0x3
[  241.348321][ T6248] ortek 0003:1223:3F07.000A: item fetching failed at offset 48/69
[  241.352081][ T6248] ortek 0003:1223:3F07.000A: probe with driver ortek failed with error -22
[  241.504973][T10650] loop2: detected capacity change from 0 to 4096
[  241.510490][T10650] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  241.536779][ T1278] usb 2-1: USB disconnect, device number 29
[  241.550967][T10650] overlayfs: upper fs does not support tmpfile.
[  241.566936][T10650] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  241.755001][T10652] loop2: detected capacity change from 0 to 512
[  241.771718][T10654] loop4: detected capacity change from 0 to 256
[  241.776402][T10652] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  241.799561][T10654] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e06c6e, utbl_chksum : 0xe619d30d)
[  241.808288][T10652] EXT4-fs (loop2): 1 truncate cleaned up
[  241.811960][T10652] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  241.865940][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  241.888531][T10658] loop4: detected capacity change from 0 to 4096
[  241.891761][T10658] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  241.913594][T10658] ntfs3(loop4): Failed to initialize $Extend/$Reparse.
[  242.059208][T10666] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  242.085352][ T1092] Bluetooth: hci4: Frame reassembly failed (-84)
[  242.090333][ T1092] Bluetooth: hci4: Frame reassembly failed (-84)
[  242.257537][T10674] loop1: detected capacity change from 0 to 32768
[  242.322643][ T1278] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  242.370529][T10676] usb usb1: check_ctrlrecip: process 10676 (syz.1.1668) requesting ep 01 but needs 81
[  242.374339][T10676] usb usb1: usbfs: process 10676 (syz.1.1668) did not claim interface 0 before use
[  242.482791][ T1278] usb 5-1: Using ep0 maxpacket: 16
[  242.488158][ T1278] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  242.493014][ T1278] usb 5-1: config 0 interface 0 has no altsetting 0
[  242.495956][ T1278] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  242.500080][ T1278] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.511005][ T1278] usb 5-1: config 0 descriptor??
[  242.943835][ T1278] nzxt-smart2 0003:1E71:2009.000B: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0
[  243.353838][ T1278] usb 5-1: USB disconnect, device number 12
[  243.960485][   T33] audit: type=1326 audit(1756336982.905:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10686 comm="syz.4.1672" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f710b58ebe9 code=0x0
[  244.124616][ T5852] Bluetooth: hci4: command 0x1003 tx timeout
[  244.128956][ T5237] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  244.568455][T10702] loop2: detected capacity change from 0 to 4096
[  244.707101][T10704] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  244.871766][T10705] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  245.219493][T10716] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1681'.
[  246.702210][    T9] usb 3-1: new low-speed USB device number 32 using dummy_hcd
[  246.884644][    T9] usb 3-1: unable to get BOS descriptor or descriptor too short
[  246.896408][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  246.900247][    T9] usb 3-1: config 1 interface 0 altsetting 195 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  246.912187][    T9] usb 3-1: config 1 interface 0 has no altsetting 0
[  246.937477][    T9] usb 3-1: string descriptor 0 read error: -22
[  246.940099][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  246.946253][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.971281][    T9] cdc_ether 3-1:1.0: skipping garbage
[  246.981540][    T9] usb 3-1: bad CDC descriptors
[  247.160953][    T9] usb 3-1: USB disconnect, device number 32
[  247.652740][    T9] usb 2-1: new low-speed USB device number 30 using dummy_hcd
[  247.733733][T10752] netlink: 'syz.4.1698': attribute type 3 has an invalid length.
[  247.739808][T10752] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1698'.
[  247.820925][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 8
[  247.827105][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  247.833787][    T9] usb 2-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  247.838242][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  247.844248][    T9] usb 2-1: config 0 descriptor??
[  247.847402][T10746] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  247.965579][T10758] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1702'.
[  248.373031][    T9] logitech-djreceiver 0003:046D:C71B.000C: unbalanced delimiter at end of report description
[  248.389818][    T9] logitech-djreceiver 0003:046D:C71B.000C: logi_dj_probe: parse failed
[  248.393887][    T9] logitech-djreceiver 0003:046D:C71B.000C: probe with driver logitech-djreceiver failed with error -22
[  248.564254][    T9] usb 2-1: USB disconnect, device number 30
[  248.784275][T10765] loop4: detected capacity change from 0 to 32768
[  248.786940][T10765] XFS: ikeep mount option is deprecated.
[  248.834417][T10765] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  248.863741][T10765] XFS (loop4): Ending clean mount
[  248.872049][T10765] XFS (loop4): Quotacheck needed: Please wait.
[  248.905610][T10765] XFS (loop4): Quotacheck: Done.
[  249.116053][T10787] No control pipe specified
[  249.389835][T10792] loop2: detected capacity change from 0 to 128
[  249.396204][T10792] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  249.428690][T10792] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  249.643076][ T8929] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  250.414751][T10802] loop2: detected capacity change from 0 to 32768
[  250.767692][   T33] audit: type=1326 audit(1756336989.716:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10817 comm="syz.2.1721" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa2edf8ebe9 code=0x0
[  251.333049][   T25] block nbd0: Possible stuck request ffff8880222a0000: control (read@0,1024B). Runtime 180 seconds
[  251.336730][   T25] block nbd0: Possible stuck request ffff8880222a0200: control (read@1024,1024B). Runtime 180 seconds
[  251.340520][   T25] block nbd0: Possible stuck request ffff8880222a0400: control (read@2048,1024B). Runtime 180 seconds
[  251.344402][   T25] block nbd0: Possible stuck request ffff8880222a0600: control (read@3072,1024B). Runtime 180 seconds
[  251.477672][T10833] loop4: detected capacity change from 0 to 16384
[  251.514861][T10833] bcachefs (loop4): starting version 1.13: inode_has_child_snapshots opts=metadata_checksum=none,data_checksum=none,norecovery,reconstruct_alloc,version_upgrade=incompatible
[  251.514871][T10833]   features: new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  251.525684][T10833] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  251.528694][T10833] bcachefs (loop4): recovering from clean shutdown, journal seq 18
[  251.532150][T10833] bcachefs (loop4): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.28: inode_has_case_insensitive
[  251.532150][T10833]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  251.540584][T10833] bcachefs (loop4): Now allowing incompatible features up to 1.28: inode_has_case_insensitive, previously allowed up to 1.13: inode_has_child_snapshots
[  251.540584][T10833] 
[  251.547178][T10833] bcachefs (loop4): dropping and reconstructing all alloc info
[  251.565888][T10833] bcachefs (loop4): accounting_read... done
[  251.569944][T10833] bcachefs (loop4): alloc_read... done
[  251.572395][T10833] bcachefs (loop4): snapshots_read... done
[  251.574781][T10833] bcachefs (loop4): done starting filesystem
[  251.638786][ T8929] bcachefs (loop4): shutting down
[  251.739554][ T8929] bcachefs (loop4): shutdown complete
[  253.489770][T10908] loop1: detected capacity change from 0 to 1024
[  253.503732][T10908] hfsplus: bad catalog entry type
[  253.518995][   T52] hfsplus: b-tree write err: -5, ino 4
[  253.531516][ T6248] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[  253.681471][ T6248] usb 3-1: Using ep0 maxpacket: 16
[  253.691369][ T6248] usb 3-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  253.695311][ T6248] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  253.698839][ T6248] usb 3-1: Product: syz
[  253.700682][ T6248] usb 3-1: Manufacturer: syz
[  253.702923][ T6248] usb 3-1: SerialNumber: syz
[  253.709213][ T6248] usb 3-1: config 0 descriptor??
[  253.810298][T10913] loop1: detected capacity change from 0 to 32768
[  253.832842][T10913] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  253.843502][T10913] XFS (loop1): Ending clean mount
[  253.849492][T10913] XFS (loop1): Quotacheck needed: Please wait.
[  253.878351][T10913] XFS (loop1): Quotacheck: Done.
[  253.918734][ T6248] speedtch 3-1:0.0: speedtch_bind: wrong device class 68
[  253.924996][ T6248] speedtch 3-1:0.0: usbatm_usb_probe: bind failed: -19!
[  253.928165][ T5853] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  253.933362][ T6248] usb 3-1: USB disconnect, device number 33
[  254.361887][T10923] loop1: detected capacity change from 0 to 40427
[  254.423203][T10923] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  254.426957][T10923] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  254.658786][T10939] syz.1.1763: attempt to access beyond end of device
[  254.658786][T10939] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  254.668323][ T6248] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  254.841348][ T6248] usb 5-1: Using ep0 maxpacket: 16
[  254.859787][ T6248] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  254.875301][ T6248] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  254.890720][ T6248] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  254.905295][ T6248] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  254.910866][ T6248] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.917831][ T6248] usb 5-1: Product: syz
[  254.920392][ T6248] usb 5-1: Manufacturer: syz
[  254.922901][ T6248] usb 5-1: SerialNumber: syz
[  255.054392][ T5853] syz-executor: attempt to access beyond end of device
[  255.054392][ T5853] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  255.059711][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  255.059721][ T5853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  255.059726][ T5853] Call Trace:
[  255.059729][ T5853]  <TASK>
[  255.059732][ T5853]  dump_stack_lvl+0x189/0x250
[  255.059747][ T5853]  ? __pfx_dump_stack_lvl+0x10/0x10
[  255.059756][ T5853]  ? __pfx_queue_work_on+0x10/0x10
[  255.059764][ T5853]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  255.059774][ T5853]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  255.059788][ T5853]  f2fs_handle_critical_error+0x37c/0x540
[  255.059819][ T5853]  f2fs_write_end_io+0x886/0xb60
[  255.059842][ T5853]  __submit_merged_bio+0x27a/0x6a0
[  255.059860][ T5853]  __submit_merged_write_cond+0x255/0x530
[  255.059873][ T5853]  f2fs_write_data_pages+0x261d/0x3000
[  255.059882][ T5853]  ? is_bpf_text_address+0x26/0x2b0
[  255.059926][ T5853]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  255.059969][ T5853]  ? __mod_zone_page_state+0xd7/0x140
[  255.059993][ T5853]  ? folios_put_refs+0x560/0x640
[  255.060006][ T5853]  ? __pfx_folios_put_refs+0x10/0x10
[  255.060012][ T5853]  ? rcu_is_watching+0x15/0xb0
[  255.060023][ T5853]  ? __lock_acquire+0xab9/0xd20
[  255.060046][ T5853]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  255.060063][ T5853]  do_writepages+0x32e/0x550
[  255.060086][ T5853]  ? do_raw_spin_unlock+0x4d/0x240
[  255.060103][ T5853]  filemap_fdatawrite+0x199/0x240
[  255.060113][ T5853]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  255.060166][ T5853]  ? do_raw_spin_unlock+0x4d/0x240
[  255.060177][ T5853]  f2fs_sync_dirty_inodes+0x31f/0x830
[  255.060192][ T5853]  f2fs_write_checkpoint+0x95a/0x1df0
[  255.060209][ T5853]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  255.060237][ T5853]  ? kill_f2fs_super+0x298/0x6c0
[  255.060247][ T5853]  kill_f2fs_super+0x2c3/0x6c0
[  255.060262][ T5853]  ? __pfx_kill_f2fs_super+0x10/0x10
[  255.060272][ T5853]  ? radix_tree_delete_item+0x2b6/0x400
[  255.060293][ T5853]  ? shrinker_free+0x2ce/0x3e0
[  255.060307][ T5853]  deactivate_locked_super+0xbc/0x130
[  255.060323][ T5853]  cleanup_mnt+0x425/0x4c0
[  255.060334][ T5853]  ? lockdep_hardirqs_on+0x9c/0x150
[  255.060346][ T5853]  task_work_run+0x1d4/0x260
[  255.060357][ T5853]  ? __pfx_task_work_run+0x10/0x10
[  255.060365][ T5853]  ? __x64_sys_umount+0x122/0x160
[  255.060383][ T5853]  ? exit_to_user_mode_loop+0x40/0x110
[  255.060402][ T5853]  exit_to_user_mode_loop+0xec/0x110
[  255.060417][ T5853]  do_syscall_64+0x2bd/0x3b0
[  255.060431][ T5853]  ? lockdep_hardirqs_on+0x9c/0x150
[  255.060444][ T5853]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.060455][ T5853]  ? exc_page_fault+0x9f/0xf0
[  255.060471][ T5853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  255.060481][ T5853] RIP: 0033:0x7f6bc678ff17
[  255.060491][ T5853] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  255.060500][ T5853] RSP: 002b:00007ffe4f90fec8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  255.060510][ T5853] RAX: 0000000000000000 RBX: 00007f6bc6811c05 RCX: 00007f6bc678ff17
[  255.060515][ T5853] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe4f90ff80
[  255.060519][ T5853] RBP: 00007ffe4f90ff80 R08: 0000000000000000 R09: 0000000000000000
[  255.060523][ T5853] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe4f911010
[  255.060527][ T5853] R13: 00007f6bc6811c05 R14: 000000000003e1e8 R15: 00007ffe4f911050
[  255.060540][ T5853]  </TASK>
[  255.061163][ T5853] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  255.078497][T10937] loop2: detected capacity change from 0 to 32768
[  255.209825][T10937] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  255.306952][T10937] XFS (loop2): Ending clean mount
[  255.319493][T10937] XFS (loop2): Quotacheck needed: Please wait.
[  255.369629][ T6248] usb 5-1: 0:2 : does not exist
[  255.374338][T10937] XFS (loop2): Quotacheck: Done.
[  255.465871][ T5850] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  255.782488][ T6248] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1)
[  255.792955][ T6248] usb 5-1: USB disconnect, device number 13
[  255.805843][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  255.808783][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  255.820511][ T6311] udevd[6311]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  256.162936][T10957] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1771'.
[  256.166967][T10957] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1771'.
[  257.018036][T10985] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  257.021779][T10985] IPv6: NLM_F_CREATE should be set when creating new route
[  257.875298][   T33] audit: type=1326 audit(1756336996.827:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11001 comm="syz.4.1788" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f710b58ebe9 code=0x0
[  258.099498][T11012] loop4: detected capacity change from 0 to 512
[  258.130754][T11012] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  258.157906][T11012] EXT4-fs (loop4): 1 truncate cleaned up
[  258.162534][T11012] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  258.179110][ T5237] Bluetooth: hci1: Unable to find connection with handle 0x0000
[  258.229528][ T8929] EXT4-fs error (device loop4): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  258.468192][ T8929] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  258.537786][ T8522] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  258.544281][ T8522] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.615462][ T8522] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  258.618851][ T8522] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.688229][ T8522] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  258.701830][ T8522] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.779552][ T8522] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  258.784607][ T8522] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  258.844263][ T5852] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  258.849298][ T5852] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  258.855835][ T5852] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  258.863331][ T5852] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  258.866161][ T5852] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  258.924841][ T8522] bridge_slave_1: left allmulticast mode
[  258.928961][ T8522] bridge_slave_1: left promiscuous mode
[  258.933501][ T8522] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.950268][ T8522] bridge_slave_0: left allmulticast mode
[  258.954309][ T8522] bridge_slave_0: left promiscuous mode
[  258.956715][ T8522] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.317776][ T8522] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  259.327564][ T8522] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  259.333254][ T8522] bond0 (unregistering): Released all slaves
[  259.364717][T11022] lo speed is unknown, defaulting to 1000
[  259.601288][T11022] chnl_net:caif_netlink_parms(): no params data found
[  259.686795][ T5877] nci: nci_rsp_packet: unknown rsp opcode 0x211
[  259.741463][T11022] bridge0: port 1(bridge_slave_0) entered blocking state
[  259.745903][T11022] bridge0: port 1(bridge_slave_0) entered disabled state
[  259.748907][T11022] bridge_slave_0: entered allmulticast mode
[  259.752347][T11022] bridge_slave_0: entered promiscuous mode
[  259.773036][ T8522] hsr_slave_0: left promiscuous mode
[  259.775749][ T8522] hsr_slave_1: left promiscuous mode
[  259.778424][ T8522] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  259.782051][ T8522] batman_adv: batadv0: Removing interface: batadv_slave_0
[  259.785680][ T8522] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  259.788740][ T8522] batman_adv: batadv0: Removing interface: batadv_slave_1
[  259.809912][ T8522] veth1_macvtap: left promiscuous mode
[  259.813604][ T8522] veth0_macvtap: left promiscuous mode
[  259.815897][ T8522] veth1_vlan: left promiscuous mode
[  259.818090][ T8522] veth0_vlan: left promiscuous mode
[  260.198526][ T8522] team0 (unregistering): Port device team_slave_1 removed
[  260.233850][ T8522] team0 (unregistering): Port device team_slave_0 removed
[  260.545213][T11049] loop2: detected capacity change from 0 to 8192
[  260.625872][T11022] bridge0: port 2(bridge_slave_1) entered blocking state
[  260.628769][T11022] bridge0: port 2(bridge_slave_1) entered disabled state
[  260.632358][T11022] bridge_slave_1: entered allmulticast mode
[  260.633960][T11050] FAT-fs (loop2): error, clusters badly computed (384 != 1)
[  260.635993][T11022] bridge_slave_1: entered promiscuous mode
[  260.637894][T11050] FAT-fs (loop2): Filesystem has been set read-only
[  260.648028][T11049] FAT-fs (loop2): error, clusters badly computed (386 != 385)
[  260.651990][T11049] FAT-fs (loop2): error, clusters badly computed (387 != 386)
[  260.655675][T11050] FAT-fs (loop2): error, clusters badly computed (387 != 2)
[  260.659382][T11049] FAT-fs (loop2): error, clusters badly computed (389 != 387)
[  260.663009][T11049] FAT-fs (loop2): error, clusters badly computed (390 != 388)
[  260.666523][T11050] FAT-fs (loop2): error, clusters badly computed (390 != 3)
[  260.670029][T11050] FAT-fs (loop2): error, clusters badly computed (391 != 4)
[  260.676683][T11049] FAT-fs (loop2): error, clusters badly computed (393 != 389)
[  260.680057][T11049] FAT-fs (loop2): error, clusters badly computed (394 != 390)
[  260.714359][T11022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  260.732376][T11022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  260.792834][T11022] team0: Port device team_slave_0 added
[  260.803776][T11022] team0: Port device team_slave_1 added
[  260.853977][T11022] batman_adv: batadv0: Adding interface: batadv_slave_0
[  260.856361][T11022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  260.869004][T11022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  260.873932][T11022] batman_adv: batadv0: Adding interface: batadv_slave_1
[  260.876504][T11022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  260.887628][T11022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  260.921409][ T5852] Bluetooth: hci3: command tx timeout
[  260.976039][T11022] hsr_slave_0: entered promiscuous mode
[  260.979168][T11022] hsr_slave_1: entered promiscuous mode
[  260.993371][T11022] debugfs: 'hsr0' already exists in 'hsr'
[  260.995862][T11022] Cannot create hsr debugfs directory
[  261.209892][T11022] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  261.221270][T11022] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  261.226715][T11022] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  261.232032][T11022] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  261.314618][T11022] 8021q: adding VLAN 0 to HW filter on device bond0
[  261.332917][T11022] 8021q: adding VLAN 0 to HW filter on device team0
[  261.342721][ T1092] bridge0: port 1(bridge_slave_0) entered blocking state
[  261.345217][ T1092] bridge0: port 1(bridge_slave_0) entered forwarding state
[  261.351933][ T1092] bridge0: port 2(bridge_slave_1) entered blocking state
[  261.355397][ T1092] bridge0: port 2(bridge_slave_1) entered forwarding state
[  261.494616][T11022] 8021q: adding VLAN 0 to HW filter on device batadv0
[  261.625174][T11022] veth0_vlan: entered promiscuous mode
[  261.629994][T11022] veth1_vlan: entered promiscuous mode
[  261.645822][T11022] veth0_macvtap: entered promiscuous mode
[  261.649701][T11022] veth1_macvtap: entered promiscuous mode
[  261.664425][T11022] batman_adv: batadv0: Interface activated: batadv_slave_0
[  261.674395][T11022] batman_adv: batadv0: Interface activated: batadv_slave_1
[  261.683803][ T5717] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  261.689489][ T5717] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  261.694663][ T5717] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  261.702048][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  261.761333][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  261.764022][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  261.782674][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  261.786102][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  262.117216][T11103] loop5: detected capacity change from 0 to 8192
[  262.131230][T11107] loop2: detected capacity change from 0 to 16
[  262.135568][T11107] erofs (device loop2): mounted with root inode @ nid 36.
[  262.164310][T11103] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  262.184705][T11107] erofs (device loop2): readahead error at folio 340 @ nid 36
[  262.188179][T11107] erofs (device loop2): readahead error at folio 339 @ nid 36
[  262.194270][T11107] erofs (device loop2): readahead error at folio 338 @ nid 36
[  262.197354][T11107] erofs (device loop2): readahead error at folio 337 @ nid 36
[  262.202457][T11107] erofs (device loop2): readahead error at folio 336 @ nid 36
[  262.208001][T11107] syz.2.1813: attempt to access beyond end of device
[  262.208001][T11107] loop2: rw=524288, sector=22873858832, nr_sectors = 16 limit=16
[  262.217185][T11107] syz.2.1813: attempt to access beyond end of device
[  262.217185][T11107] loop2: rw=524288, sector=14519143264, nr_sectors = 16 limit=16
[  262.224075][T11107] syz.2.1813: attempt to access beyond end of device
[  262.224075][T11107] loop2: rw=524288, sector=63675288, nr_sectors = 16 limit=16
[  262.231976][T11107] syz.2.1813: attempt to access beyond end of device
[  262.231976][T11107] loop2: rw=524288, sector=16438238104, nr_sectors = 16 limit=16
[  262.238289][T11107] syz.2.1813: attempt to access beyond end of device
[  262.238289][T11107] loop2: rw=524288, sector=16377420696, nr_sectors = 16 limit=16
[  262.245787][T11107] syz.2.1813: attempt to access beyond end of device
[  262.245787][T11107] loop2: rw=524288, sector=15495015272, nr_sectors = 16 limit=16
[  262.252393][T11107] syz.2.1813: attempt to access beyond end of device
[  262.252393][T11107] loop2: rw=524288, sector=15353996136, nr_sectors = 16 limit=16
[  262.258412][T11107] syz.2.1813: attempt to access beyond end of device
[  262.258412][T11107] loop2: rw=524288, sector=13612835600, nr_sectors = 16 limit=16
[  262.266560][T11107] syz.2.1813: attempt to access beyond end of device
[  262.266560][T11107] loop2: rw=524288, sector=14552337248, nr_sectors = 16 limit=16
[  262.272503][T11107] syz.2.1813: attempt to access beyond end of device
[  262.272503][T11107] loop2: rw=524288, sector=14546590680, nr_sectors = 16 limit=16
[  262.365981][T11110] loop5: detected capacity change from 0 to 1024
[  262.383891][T11110] EXT4-fs: Ignoring removed mblk_io_submit option
[  262.412637][T11110] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  262.422352][T11112] loop2: detected capacity change from 0 to 4096
[  262.458927][T11022] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.498213][T11112] ntfs3(loop2): ino=1a, mi_enum_attr
[  262.504152][T11112] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  262.817776][T11129] loop2: detected capacity change from 0 to 4096
[  262.822975][T11129] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  262.853955][T11129] ntfs3(loop2): Failed to initialize $Extend/$Reparse.
[  263.000952][ T5852] Bluetooth: hci3: command tx timeout
[  263.221600][T11150] tipc: Started in network mode
[  263.223614][T11150] tipc: Node identity 00000000000000000000ffff, cluster identity 4711
[  263.227254][T11150] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[  263.270258][ T6249] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  263.420883][ T6249] usb 6-1: Using ep0 maxpacket: 16
[  263.431826][ T6249] usb 6-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  263.435270][ T6249] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  263.438051][ T6249] usb 6-1: Product: syz
[  263.439521][ T6249] usb 6-1: Manufacturer: syz
[  263.441916][ T6249] usb 6-1: SerialNumber: syz
[  263.446481][ T6249] usb 6-1: config 0 descriptor??
[  263.450567][ T6249] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  263.653250][T11167] loop2: detected capacity change from 0 to 2048
[  263.657070][ T6249] gp8psk: usb in 128 operation failed.
[  263.663925][ T6249] gp8psk: usb in 137 operation failed.
[  263.666100][ T6249] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  263.669234][T11168] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  263.673536][ T6249] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  263.676858][ T6249] usb 6-1: media controller created
[  263.684181][T11168] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  263.688281][T11168] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4)
[  263.701962][ T6249] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  263.704093][T11168] Remounting filesystem read-only
[  263.722413][ T6249] gp8psk_fe: Frontend revision 1 attached
[  263.725407][ T6249] usb 6-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  263.732702][ T5850] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer
[  263.734908][ T6249] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  264.005842][ T6249] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  264.010986][T11177] loop2: detected capacity change from 0 to 256
[  264.013383][ T6249] gp8psk: found Genpix USB device pID = 201 (hex)
[  264.022748][T11177] FAT-fs (loop2): Directory bread(block 64) failed
[  264.025249][T11177] FAT-fs (loop2): Directory bread(block 65) failed
[  264.030775][T11177] FAT-fs (loop2): Directory bread(block 66) failed
[  264.039651][T11177] FAT-fs (loop2): Directory bread(block 67) failed
[  264.050094][T11177] FAT-fs (loop2): Directory bread(block 68) failed
[  264.053053][T11177] FAT-fs (loop2): Directory bread(block 69) failed
[  264.056487][T11177] FAT-fs (loop2): Directory bread(block 70) failed
[  264.058686][T11177] FAT-fs (loop2): Directory bread(block 71) failed
[  264.061364][T11177] FAT-fs (loop2): Directory bread(block 72) failed
[  264.063448][T11177] FAT-fs (loop2): Directory bread(block 73) failed
[  264.220686][    T9] usb 6-1: USB disconnect, device number 2
[  264.287151][    T9] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  264.476140][T11185] loop2: detected capacity change from 0 to 32768
[  264.497904][   T33] audit: type=1800 audit(1756337003.447:99): pid=11185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1847" name="file1" dev="loop2" ino=7 res=0 errno=0
[  264.521744][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  264.671888][T11185] ERROR: (device loop2): dbAdjCtl: the maximum free buddy is not the old root
[  264.671888][T11185] 
[  264.676449][T11185] ERROR: (device loop2): remounting filesystem as read-only
[  265.080247][ T5852] Bluetooth: hci3: command tx timeout
[  265.083442][    T9] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  265.169965][T11192] loop2: detected capacity change from 0 to 512
[  265.173946][T11192] EXT4-fs: Ignoring removed nomblk_io_submit option
[  265.176998][T11192] EXT4-fs: Ignoring removed i_version option
[  265.194368][T11192] EXT4-fs (loop2): 1 orphan inode deleted
[  265.199187][T11192] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  265.229286][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  265.231733][    T9] usb 6-1: Using ep0 maxpacket: 32
[  265.260255][    T9] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  265.273789][    T9] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  265.289163][    T9] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  265.302820][    T9] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  265.322774][    T9] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  265.326804][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.333565][    T9] usb 6-1: Product: syz
[  265.335699][    T9] usb 6-1: Manufacturer: syz
[  265.337896][    T9] usb 6-1: SerialNumber: syz
[  265.530100][ T6248] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  265.552319][T11190] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  265.680073][ T6248] usb 3-1: Using ep0 maxpacket: 32
[  265.687369][ T6248] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[  265.691370][ T6248] usb 3-1: config 0 has no interface number 0
[  265.693844][ T6248] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  265.698315][ T6248] usb 3-1: config 0 interface 85 has no altsetting 0
[  265.705550][ T6248] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  265.709153][ T6248] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.712500][ T6248] usb 3-1: Product: syz
[  265.714197][ T6248] usb 3-1: Manufacturer: syz
[  265.716036][ T6248] usb 3-1: SerialNumber: syz
[  265.720405][ T6248] usb 3-1: config 0 descriptor??
[  266.133192][ T6248] appletouch 3-1:0.85: Failed to request geyser raw mode
[  266.136689][ T6248] appletouch 3-1:0.85: probe with driver appletouch failed with error -5
[  266.144249][ T6248] usb 3-1: USB disconnect, device number 34
[  266.158445][T11190] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  266.365464][    T9] cdc_ncm 6-1:1.0: bind() failure
[  266.373146][    T9] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  266.376036][    T9] cdc_ncm 6-1:1.1: bind() failure
[  266.577283][ T6248] usb 6-1: USB disconnect, device number 3
[  266.777450][ T6248] hid-generic 0005:16BF:5505.000D: unknown main item tag 0x0
[  266.786289][ T6248] hid-generic 0005:16BF:5505.000D: hidraw0: BLUETOOTH HID vc3.b8 Device [syz0] on aa:aa:aa:aa:aa:aa
[  266.855512][ T5852] Bluetooth: hci1: unexpected cc 0x203e length: 2 > 1
[  266.862307][ T5852] Bluetooth: hci1: unexpected event for opcode 0x203e
[  267.161003][ T5852] Bluetooth: hci3: command tx timeout
[  268.137443][T11231] loop2: detected capacity change from 0 to 1024
[  268.223031][T11235] loop2: detected capacity change from 0 to 1024
[  268.514323][T11242] loop5: detected capacity change from 0 to 4096
[  268.902671][ T5884] usb 3-1: new low-speed USB device number 35 using dummy_hcd
[  269.055284][ T5884] usb 3-1: unable to get BOS descriptor or descriptor too short
[  269.059451][ T5884] usb 3-1: unable to read config index 0 descriptor/start: -71
[  269.062877][ T5884] usb 3-1: can't read configurations, error -71
[  269.664929][T11249] ufs: You didn't specify the type of your ufs filesystem
[  269.664929][T11249] 
[  269.664929][T11249] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  269.664929][T11249] 
[  269.664929][T11249] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  269.675980][T11249] ufs: ufstype=old is supported read-only
[  269.685365][T11249] blk_print_req_error: 89 callbacks suppressed
[  269.685421][T11249] I/O error, dev loop11, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  270.290230][ T5884] usb 3-1: new high-speed USB device number 36 using dummy_hcd
[  270.346729][T11261] loop5: detected capacity change from 0 to 512
[  270.352949][T11261] EXT4-fs: Ignoring removed orlov option
[  270.355396][T11261] EXT4-fs (loop5): Test dummy encryption mode enabled
[  270.373227][T11261] EXT4-fs (loop5): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.383523][T11261] EXT4-fs error (device loop5): ext4_add_entry:2417: inode #2: comm syz.5.1875: Directory hole found for htree leaf block 0
[  270.390345][T11261] EXT4-fs (loop5): Remounting filesystem read-only
[  270.402367][T11022] EXT4-fs (loop5): unmounting filesystem 00000005-0000-0000-0000-000000000000.
[  270.442037][T11265] loop5: detected capacity change from 0 to 512
[  270.450352][ T5884] usb 3-1: Using ep0 maxpacket: 32
[  270.452425][T11265] EXT4-fs error (device loop5): ext4_validate_block_bitmap:432: comm syz.5.1876: bg 0: block 5: invalid block bitmap
[  270.464186][T11265] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  270.467188][ T5884] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  270.472938][T11265] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.1876: invalid indirect mapped block 3 (level 2)
[  270.477919][ T5884] usb 3-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  270.484769][T11265] EXT4-fs (loop5): 1 orphan inode deleted
[  270.486830][T11265] EXT4-fs (loop5): 1 truncate cleaned up
[  270.489006][ T5884] usb 3-1: config 0 interface 0 has no altsetting 0
[  270.496178][ T5884] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  270.501183][T11265] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.505645][ T5884] usb 3-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3
[  270.508343][ T5884] usb 3-1: Product: syz
[  270.513520][ T5884] usb 3-1: Manufacturer: syz
[  270.515337][ T5884] usb 3-1: SerialNumber: syz
[  270.528544][ T5884] usb 3-1: config 0 descriptor??
[  270.545249][T11022] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.596150][T11268] loop5: detected capacity change from 0 to 256
[  270.605524][T11268] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  270.611324][T11268] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  270.616614][T11268] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  270.821297][   T33] audit: type=1800 audit(1756337009.778:100): pid=11274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1880" name="/" dev="9p" ino=2 res=0 errno=0
[  270.917098][T11278] openvswitch: netlink: Message has 4 unknown bytes.
[  270.923155][ T5852] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  270.926349][ T5852] Bluetooth: hci1: Injecting HCI hardware error event
[  270.932147][ T5237] Bluetooth: hci1: hardware error 0x00
[  270.939314][T11278] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  270.939551][ T5884] gs_usb 3-1:0.0: Configuring for 1 interfaces
[  271.065529][T11284] loop5: detected capacity change from 0 to 8192
[  271.302587][T11288] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1887'.
[  271.343971][ T5884] gs_usb 3-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[  271.347778][ T5884] gs_usb 3-1:0.0: probe with driver gs_usb failed with error -71
[  271.354519][ T5884] usb 3-1: USB disconnect, device number 36
[  271.975734][T11298] loop2: detected capacity change from 0 to 512
[  271.988093][T11298] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  272.006809][T11298] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002]
[  272.017459][T11298] System zones: 0-2, 18-18, 34-34
[  272.026181][T11298] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  272.052905][T11298] ext4 filesystem being mounted at /714/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  272.142232][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  273.074541][T11318] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1890'.
[  273.272745][ T5237] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  273.322978][ T4309] Bluetooth: hci4: Frame reassembly failed (-84)
[  273.812374][ T5855] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  273.818044][ T5855] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  273.825610][ T5855] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  273.835287][ T5855] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  273.839095][ T5855] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  273.886892][T11335] lo speed is unknown, defaulting to 1000
[  274.024703][T11335] chnl_net:caif_netlink_parms(): no params data found
[  274.089984][T11335] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.092781][T11335] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.095644][T11335] bridge_slave_0: entered allmulticast mode
[  274.101744][T11335] bridge_slave_0: entered promiscuous mode
[  274.109416][T11335] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.112297][T11335] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.115207][T11335] bridge_slave_1: entered allmulticast mode
[  274.122589][T11335] bridge_slave_1: entered promiscuous mode
[  274.164493][T11335] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  274.172016][T11335] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  274.209094][T11335] team0: Port device team_slave_0 added
[  274.211836][T11350] loop5: detected capacity change from 0 to 32768
[  274.213954][T11335] team0: Port device team_slave_1 added
[  274.230227][T11350] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  274.249322][T11350] OCFS2: ERROR (device loop5): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 2048 but claims that 39166 are free
[  274.260873][T11350] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  274.264562][T11350] OCFS2: File system is now read-only.
[  274.266503][T11350] (syz.5.1899,11350,0):ocfs2_search_chain:1817 ERROR: status = -30
[  274.271960][T11350] (syz.5.1899,11350,0):ocfs2_search_chain:1940 ERROR: status = -30
[  274.275479][T11350] (syz.5.1899,11350,0):ocfs2_claim_suballoc_bits:2010 ERROR: status = -30
[  274.278329][T11350] (syz.5.1899,11350,0):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30
[  274.282401][T11350] (syz.5.1899,11350,0):ocfs2_claim_new_inode:2298 ERROR: status = -30
[  274.284344][T11335] batman_adv: batadv0: Adding interface: batadv_slave_0
[  274.285622][T11350] (syz.5.1899,11350,0):ocfs2_claim_new_inode:2313 ERROR: status = -30
[  274.287717][T11335] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  274.287731][T11335] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  274.289123][T11335] batman_adv: batadv0: Adding interface: batadv_slave_1
[  274.290840][T11350] (syz.5.1899,11350,0):ocfs2_mknod_locked:641 ERROR: status = -30
[  274.302191][T11335] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  274.304261][T11350] (syz.5.1899,11350,0):ocfs2_mknod:388 ERROR: status = -30
[  274.306770][T11335] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  274.327552][T11350] (syz.5.1899,11350,0):ocfs2_mknod:505 ERROR: status = -30
[  274.330641][T11350] (syz.5.1899,11350,0):ocfs2_create:678 ERROR: status = -30
[  274.356497][T11335] hsr_slave_0: entered promiscuous mode
[  274.359763][T11022] ocfs2: Unmounting device (7,5) on (node local)
[  274.385295][T11335] hsr_slave_1: entered promiscuous mode
[  274.389252][T11335] debugfs: 'hsr0' already exists in 'hsr'
[  274.391370][T11335] Cannot create hsr debugfs directory
[  274.547248][T11335] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  274.551581][T11335] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  274.556859][T11335] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  274.562959][T11335] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  274.584306][T11335] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.586903][T11335] bridge0: port 2(bridge_slave_1) entered forwarding state
[  274.589613][T11335] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.592301][T11335] bridge0: port 1(bridge_slave_0) entered forwarding state
[  274.627925][T11335] 8021q: adding VLAN 0 to HW filter on device bond0
[  274.638571][ T4340] bridge0: port 1(bridge_slave_0) entered disabled state
[  274.643734][ T4340] bridge0: port 2(bridge_slave_1) entered disabled state
[  274.657406][T11335] 8021q: adding VLAN 0 to HW filter on device team0
[  274.664176][ T4340] bridge0: port 1(bridge_slave_0) entered blocking state
[  274.666632][ T4340] bridge0: port 1(bridge_slave_0) entered forwarding state
[  274.679990][ T4340] bridge0: port 2(bridge_slave_1) entered blocking state
[  274.682368][ T4340] bridge0: port 2(bridge_slave_1) entered forwarding state
[  274.748906][ T5751] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  274.811286][T11335] 8021q: adding VLAN 0 to HW filter on device batadv0
[  274.910416][ T5751] usb 6-1: config 0 has an invalid interface number: 251 but max is 0
[  274.913047][ T5751] usb 6-1: config 0 has no interface number 0
[  274.920450][ T5751] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  274.923593][ T5751] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.926523][ T5751] usb 6-1: Product: syz
[  274.928262][ T5751] usb 6-1: Manufacturer: syz
[  274.930720][ T5751] usb 6-1: SerialNumber: syz
[  274.934587][ T5751] usb 6-1: config 0 descriptor??
[  274.983845][T11335] veth0_vlan: entered promiscuous mode
[  274.991079][T11335] veth1_vlan: entered promiscuous mode
[  275.014730][T11335] veth0_macvtap: entered promiscuous mode
[  275.021871][T11335] veth1_macvtap: entered promiscuous mode
[  275.035361][T11335] batman_adv: batadv0: Interface activated: batadv_slave_0
[  275.046563][T11335] batman_adv: batadv0: Interface activated: batadv_slave_1
[  275.054983][ T8522] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  275.059038][ T5877] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  275.061844][ T5877] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  275.065394][ T5877] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  275.155684][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  275.160807][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  275.193962][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  275.197228][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  275.330183][ T5237] Bluetooth: hci4: command 0x1003 tx timeout
[  275.332906][ T5852] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  275.467543][T11376] loop2: detected capacity change from 0 to 2048
[  275.539736][T11377] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  275.571660][   T33] audit: type=1800 audit(1756337014.519:101): pid=11376 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1901" name="file2" dev="loop2" ino=16 res=0 errno=0
[  275.762307][ T5751] asix 6-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  275.778687][ T5751] asix 6-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[  275.789865][ T5751] asix 6-1:0.251: probe with driver asix failed with error -71
[  275.800437][ T5751] usb 6-1: USB disconnect, device number 4
[  275.881052][ T5852] Bluetooth: hci2: command tx timeout
[  275.906129][T11385] loop2: detected capacity change from 0 to 256
[  275.928219][T11385] FAT-fs (loop2): Directory bread(block 64) failed
[  275.932398][T11385] FAT-fs (loop2): Directory bread(block 65) failed
[  275.934625][T11385] FAT-fs (loop2): Directory bread(block 66) failed
[  275.937180][T11385] FAT-fs (loop2): Directory bread(block 67) failed
[  275.939681][T11385] FAT-fs (loop2): Directory bread(block 68) failed
[  275.942061][T11385] FAT-fs (loop2): Directory bread(block 69) failed
[  275.944667][T11385] FAT-fs (loop2): Directory bread(block 70) failed
[  275.947002][T11385] FAT-fs (loop2): Directory bread(block 71) failed
[  275.952049][T11385] FAT-fs (loop2): Directory bread(block 72) failed
[  275.956234][T11385] FAT-fs (loop2): Directory bread(block 73) failed
[  276.272695][ T6248] IPVS: starting estimator thread 0...
[  276.275328][T11395] IPVS: wlc: UDP 224.0.0.2:0 - no destination available
[  276.379849][T11401] IPVS: using max 47 ests per chain, 112800 per kthread
[  276.393595][T11407] tipc: Started in network mode
[  276.395733][T11407] tipc: Node identity ac14140f, cluster identity 4711
[  276.412133][T11407] tipc: New replicast peer: 255.255.255.255
[  276.416790][T11407] tipc: Enabled bearer <udp:syz2>, priority 10
[  276.430530][T11411] loop6: detected capacity change from 0 to 16
[  276.472817][T11411] erofs (device loop6): mounted with root inode @ nid 36.
[  276.682136][T11422] netlink: 'syz.6.1916': attribute type 10 has an invalid length.
[  276.684821][T11422] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1916'.
[  276.696626][T11422] batman_adv: batadv0: Adding interface: virt_wifi0
[  276.699135][T11422] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  276.708168][T11422] batman_adv: batadv0: Interface activated: virt_wifi0
[  276.971076][T11431] loop2: detected capacity change from 0 to 1024
[  277.017545][   T68] hfsplus: b-tree write err: -5, ino 4
[  277.064726][T11435] loop5: detected capacity change from 0 to 512
[  277.067479][T11435] EXT4-fs: Ignoring removed mblk_io_submit option
[  277.076880][T11435] EXT4-fs: inline encryption not supported
[  277.079603][T11435] EXT4-fs: Ignoring removed mblk_io_submit option
[  277.082042][T11435] EXT4-fs (loop5): Test dummy encryption mode enabled
[  277.084420][T11435] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  277.102221][T11435] EXT4-fs (loop5): 1 truncate cleaned up
[  277.107199][T11435] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  277.209805][T11435] EXT4-fs (loop5): shut down requested (1)
[  277.258191][T11022] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.621159][ T6249] tipc: Node number set to 2886997007
[  277.978748][ T5852] Bluetooth: hci2: command tx timeout
[  278.065721][T11459] loop2: detected capacity change from 0 to 4096
[  278.073669][T11459] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  278.371516][ T6249] usb 3-1: new full-speed USB device number 37 using dummy_hcd
[  278.536401][ T6249] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  278.549035][ T6249] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  278.552440][ T6249] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.568919][ T6249] usb 3-1: config 0 descriptor??
[  278.574860][T11461] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  278.950051][T11477] loop6: detected capacity change from 0 to 40427
[  278.961313][T11477] F2FS-fs (loop6): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  278.964474][T11477] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  278.987936][T11483] loop5: detected capacity change from 0 to 32768
[  278.993550][T11477] F2FS-fs (loop6): invalid crc value
[  278.996015][T11483] Only 4K block size supported!
[  278.998599][T11483] Mount JFS Failure: -22
[  279.000477][T11483] jfs_mount failed w/return code = -22
[  279.009641][ T6249] elan 0003:04F3:0755.000E: unknown main item tag 0x0
[  279.019732][ T6249] elan 0003:04F3:0755.000E: item fetching failed at offset 3/5
[  279.059127][ T6249] elan 0003:04F3:0755.000E: Hid Parse failed
[  279.061764][ T6249] elan 0003:04F3:0755.000E: probe with driver elan failed with error -22
[  279.135207][T11477] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  279.155541][T11477] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  279.158823][T11477] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4
[  279.219195][    T9] usb 3-1: USB disconnect, device number 37
[  279.296744][T11487] loop5: detected capacity change from 0 to 32768
[  279.315154][T11487] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1948 (11487)
[  279.337858][T11487] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  279.343966][T11487] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  279.403833][T11487] BTRFS info (device loop5): enabling ssd optimizations
[  279.416859][T11487] BTRFS info (device loop5): enabling free space tree
[  279.562732][T11022] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  280.039645][ T5852] Bluetooth: hci2: command tx timeout
[  280.284721][T11522] loop2: detected capacity change from 0 to 512
[  280.332138][T11522] EXT4-fs (loop2): Test dummy encryption mode enabled
[  280.340414][T11522] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  280.426021][T11524] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1957'.
[  280.445185][T11522] EXT4-fs error (device loop2): xattr_find_entry:333: inode #15: comm syz.2.1956: corrupted xattr entries
[  280.479157][T11522] EXT4-fs (loop2): 1 orphan inode deleted
[  280.496377][T11522] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  280.575896][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.585237][T11527] loop6: detected capacity change from 0 to 4096
[  280.616492][T11527] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512).
[  280.699292][T11527] ntfs3(loop6): $AttrDef is corrupted.
[  280.960558][T11542] loop2: detected capacity change from 0 to 128
[  281.033795][T11542] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  281.082362][T11542] ext4 filesystem being mounted at /740/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  281.208671][T11545] loop5: detected capacity change from 0 to 4096
[  281.345077][ T5850] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  281.356504][   T33] audit: type=1804 audit(1756337020.309:102): pid=11545 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.1966" name="/newroot/69/file0/file0" dev="loop5" ino=0 res=1 errno=0
[  281.418087][   T25] block nbd0: Possible stuck request ffff8880222a0000: control (read@0,1024B). Runtime 210 seconds
[  281.422069][   T25] block nbd0: Possible stuck request ffff8880222a0200: control (read@1024,1024B). Runtime 210 seconds
[  281.428025][   T25] block nbd0: Possible stuck request ffff8880222a0400: control (read@2048,1024B). Runtime 210 seconds
[  281.431681][   T25] block nbd0: Possible stuck request ffff8880222a0600: control (read@3072,1024B). Runtime 210 seconds
[  281.936265][T11555] loop5: detected capacity change from 0 to 2048
[  281.963917][T11555] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  282.117927][ T5852] Bluetooth: hci2: command tx timeout
[  282.188252][T11563] loop2: detected capacity change from 0 to 16
[  282.196504][T11563] erofs (device loop2): mounted with root inode @ nid 36.
[  282.233224][   T33] audit: type=1800 audit(1756337021.189:103): pid=11563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1974" name="file1" dev="loop2" ino=86 res=0 errno=0
[  282.338170][ T6249] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  282.447399][T11567] loop2: detected capacity change from 0 to 512
[  282.474934][T11567] EXT4-fs (loop2): bad s_want_extra_isize: 11962
[  282.499427][ T6249] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  282.504648][ T6249] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  282.508710][ T6249] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  282.513204][ T6249] usb 6-1: config 0 interface 0 has no altsetting 0
[  282.517289][ T6249] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  282.526471][ T6249] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  282.539986][ T6249] usb 6-1: config 0 interface 0 has no altsetting 0
[  282.545179][ T6249] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  282.557119][ T6249] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  282.573767][ T6249] usb 6-1: config 0 interface 0 has no altsetting 0
[  282.582889][ T6249] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  282.586598][ T6249] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  282.591647][ T6249] usb 6-1: config 0 interface 0 has no altsetting 0
[  282.595717][ T6249] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  282.600141][ T6249] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  282.604998][ T6249] usb 6-1: config 0 interface 0 has no altsetting 0
[  282.610353][ T6249] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  282.627840][ T6249] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  282.632537][ T6249] usb 6-1: config 0 interface 0 has no altsetting 0
[  282.643773][ T6249] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  282.647596][ T6249] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  282.653016][ T6249] usb 6-1: config 0 interface 0 has no altsetting 0
[  282.664845][ T6249] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  282.670617][ T6249] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  282.682296][ T6249] usb 6-1: config 0 interface 0 has no altsetting 0
[  282.694066][ T6249] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  282.698154][ T6249] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  282.701768][ T6249] usb 6-1: Product: syz
[  282.703590][ T6249] usb 6-1: Manufacturer: syz
[  282.705643][ T6249] usb 6-1: SerialNumber: syz
[  282.726438][T11573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1979'.
[  282.730925][ T6249] usb 6-1: config 0 descriptor??
[  282.732404][T11573] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  282.753307][ T6249] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[  283.135362][    C1] usb 6-1: yurex_control_callback - control failed: -71
[  283.135753][ T5884] usb 6-1: USB disconnect, device number 5
[  283.150883][ T5884] yurex 6-1:0.0: USB YUREX #0 now disconnected
[  283.251654][T11592] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.1985'.
[  284.328368][ T5884] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  284.517823][ T5884] usb 3-1: Using ep0 maxpacket: 32
[  284.547393][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  284.559772][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  284.577812][ T5884] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  284.584047][ T5884] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  284.596053][ T5884] usb 3-1: config 0 descriptor??
[  285.132049][ T5884] koneplus 0003:1E7D:2D51.000F: unknown main item tag 0x0
[  285.135340][ T5884] koneplus 0003:1E7D:2D51.000F: unknown main item tag 0x0
[  285.150417][ T5884] koneplus 0003:1E7D:2D51.000F: unknown main item tag 0x0
[  285.153417][ T5884] koneplus 0003:1E7D:2D51.000F: unknown main item tag 0x0
[  285.156349][ T5884] koneplus 0003:1E7D:2D51.000F: unknown main item tag 0x0
[  285.163239][ T5884] koneplus 0003:1E7D:2D51.000F: hidraw0: USB HID v0.00 Device [HID 1e7d:2d51] on usb-dummy_hcd.2-1/input0
[  285.207317][T11609] loop5: detected capacity change from 0 to 1024
[  285.223639][T11609] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  285.279321][ T5884] koneplus 0003:1E7D:2D51.000F: couldn't init struct koneplus_device
[  285.288380][ T5884] koneplus 0003:1E7D:2D51.000F: couldn't install mouse
[  285.294204][ T5884] koneplus 0003:1E7D:2D51.000F: probe with driver koneplus failed with error -71
[  285.305768][T11609] EXT4-fs (loop5): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  285.314184][ T5884] usb 3-1: USB disconnect, device number 38
[  285.354839][T11022] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.592132][T11631] block nbd6: Attempted send on invalid socket
[  285.595431][T11631] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[  285.871189][T11639] loop2: detected capacity change from 0 to 1024
[  285.904206][T11639] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2006'.
[  285.955914][T11641] loop2: detected capacity change from 0 to 1764
[  285.962052][T11641] iso9660: Unexpected value for 'overriderockperm'
[  286.096915][T11649] overlayfs: workdir and upperdir must reside under the same mount
[  286.192173][T11647] loop2: detected capacity change from 0 to 32768
[  286.291948][T11655] loop5: detected capacity change from 0 to 2048
[  286.323141][T11655] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  286.400898][T11659] loop2: detected capacity change from 0 to 512
[  286.404026][T11659] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  286.416240][T11659] EXT4-fs (loop2): 1 truncate cleaned up
[  286.420749][T11659] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  286.450538][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  286.497685][   T51] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  286.664376][   T51] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  286.668270][   T51] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  286.673867][   T51] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  286.680127][   T51] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  286.683756][   T51] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.691491][   T51] usb 7-1: config 0 descriptor??
[  287.037365][ T5884] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  287.110150][   T51] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  287.207737][ T5884] usb 3-1: Using ep0 maxpacket: 16
[  287.214743][ T5884] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  287.221598][ T5884] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  287.225530][ T5884] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.229426][ T5884] usb 3-1: Product: syz
[  287.231307][ T5884] usb 3-1: Manufacturer: syz
[  287.233362][ T5884] usb 3-1: SerialNumber: syz
[  287.237722][ T5884] usb 3-1: config 0 descriptor??
[  287.241814][ T5884] hub 3-1:0.0: bad descriptor, ignoring hub
[  287.244445][ T5884] hub 3-1:0.0: probe with driver hub failed with error -5
[  287.253148][ T5884] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input18
[  287.612241][T11683] loop5: detected capacity change from 0 to 64
[  287.620412][   T24] usb 3-1: USB disconnect, device number 39
[  287.680268][T11685] gretap0: entered promiscuous mode
[  287.682611][T11685] vlan2: entered promiscuous mode
[  288.377752][ T6249] usb 6-1: new full-speed USB device number 6 using dummy_hcd
[  288.530593][ T6249] usb 6-1: config 8 has an invalid interface number: 177 but max is 0
[  288.533871][ T6249] usb 6-1: config 8 has no interface number 0
[  288.536375][ T6249] usb 6-1: config 8 interface 177 altsetting 9 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[  288.543557][ T6249] usb 6-1: config 8 interface 177 has no altsetting 0
[  288.546619][ T6249] usb 6-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  288.550556][ T6249] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.557976][T11701] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  288.766323][ T6249] usb 6-1: string descriptor 0 read error: -71
[  288.775463][    C1] ir_toy 6-1:8.177: out urb status: -71
[  289.063107][T11712] loop2: detected capacity change from 0 to 16
[  289.076454][T11712] erofs (device loop2): mounted with root inode @ nid 36.
[  289.153594][   T51] usb 7-1: USB disconnect, device number 2
[  289.159522][T11710] loop6: detected capacity change from 0 to 32768
[  289.166481][T11710] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2039 (11710)
[  289.197242][T11710] BTRFS info (device loop6): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  289.200911][T11710] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  289.301876][ T6249] ir_toy 6-1:8.177: could not write reset command: -110
[  289.305346][ T6249] ir_toy 6-1:8.177: probe with driver ir_toy failed with error -110
[  289.313836][T11710] BTRFS info (device loop6): enabling ssd optimizations
[  289.315421][ T6249] usb 6-1: USB disconnect, device number 6
[  289.325779][T11710] BTRFS info (device loop6): enabling free space tree
[  289.393195][T11335] BTRFS info (device loop6): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  290.098241][ T6249] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  290.259003][ T6249] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  290.264748][ T6249] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  290.270246][ T6249] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  290.273737][ T6249] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67
[  290.276537][ T6249] usb 6-1: SerialNumber: syz
[  290.495586][ T6249] usb 6-1: 0:2 : does not exist
[  290.511929][ T6249] usb 6-1: USB disconnect, device number 7
[  290.534768][ T6311] udevd[6311]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  290.638701][T11749] Bluetooth: hci0: Opcode 0x080f failed: -4
[  290.732737][T11759] loop6: detected capacity change from 0 to 512
[  290.753743][T11759] EXT4-fs (loop6): couldn't mount as ext3 due to feature incompatibilities
[  290.763946][T11759] netlink: 260 bytes leftover after parsing attributes in process `syz.6.2053'.
[  290.808136][T11761] loop6: detected capacity change from 0 to 4096
[  290.811706][T11761] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512).
[  290.823245][T11761] ntfs3(loop6): ino=1a, mi_enum_attr
[  290.825146][T11761] ntfs3(loop6): Mark volume as dirty due to NTFS errors
[  291.014707][T11769] loop6: detected capacity change from 0 to 2048
[  291.034922][T11772] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  291.170886][T11776] loop2: detected capacity change from 0 to 2048
[  291.179667][T11776] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  291.184459][T11776] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  291.188137][T11776] UDF-fs: Scanning with blocksize 512 failed
[  291.193992][T11776] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  291.263072][T11778] loop5: detected capacity change from 0 to 1024
[  291.670775][T11805] loop6: detected capacity change from 0 to 256
[  291.704300][T11805] FAT-fs (loop6): Directory bread(block 64) failed
[  291.711716][T11805] FAT-fs (loop6): Directory bread(block 65) failed
[  291.714232][T11805] FAT-fs (loop6): Directory bread(block 66) failed
[  291.726653][T11805] FAT-fs (loop6): Directory bread(block 67) failed
[  291.728957][T11805] FAT-fs (loop6): Directory bread(block 68) failed
[  291.738851][T11805] FAT-fs (loop6): Directory bread(block 69) failed
[  291.744594][T11808] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2077'.
[  291.747260][T11805] FAT-fs (loop6): Directory bread(block 70) failed
[  291.755473][T11808] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2077'.
[  291.758913][T11805] FAT-fs (loop6): Directory bread(block 71) failed
[  291.759038][T11808] netlink: 'syz.5.2077': attribute type 15 has an invalid length.
[  291.761657][T11805] FAT-fs (loop6): Directory bread(block 72) failed
[  291.783314][T11811] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2078'.
[  291.791917][T11805] FAT-fs (loop6): Directory bread(block 73) failed
[  291.799323][T11813] tipc: Enabling of bearer <udp:s> rejected, failed to enable media
[  291.879627][ T5852] Bluetooth: hci0: command 0x0c1a tx timeout
[  292.009508][T11819] loop2: detected capacity change from 0 to 32768
[  292.017656][T11819] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section disk_groups: label 3 empty
[  292.017656][T11819] disk_groups (size 2912):
[  292.017656][T11819] [deleted] [deleted] [parent 1028 name ] [parent 1028 name ] [parent 0 name ] [parent 32 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [deleted] [parent 146317 name ] [deleted] [deleted] [deleted] [deleted] [deleted] [deleted] [deleted] [deleted] [deleted] [parent 175370 name ] [deleted] [deleted] [deleted] [deleted] [deleted] [deleted] [deleted] [parent 95120 name ] [deleted] [deleted] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 name ] [parent 0 
[  292.017735][T11819] bcachefs: bch2_fs_get_tree() error: invalid_sb_disk_groups
[  292.844864][T11845] loop2: detected capacity change from 0 to 4096
[  292.858316][T11845] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  292.919932][T11851] loop6: detected capacity change from 0 to 256
[  292.931750][T11851] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  293.056334][T11855] loop2: detected capacity change from 0 to 4096
[  293.066358][T11855] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  293.105834][T11858] loop6: detected capacity change from 0 to 256
[  293.331625][T11860] loop5: detected capacity change from 0 to 8192
[  293.382283][ T6311]  loop5: p1 p2 p4 < >
[  293.384034][ T6311] loop5: partition table partially beyond EOD, truncated
[  293.394896][T11869] loop6: detected capacity change from 0 to 1024
[  293.397880][ T6311] loop5: p1 start 16777216 is beyond EOD, truncated
[  293.401952][ T6311] loop5: p2 size 515840 extends beyond EOD, truncated
[  293.406332][T11869] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  293.412426][T11869] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  293.415953][T11869] EXT4-fs (loop6): orphan cleanup on readonly fs
[  293.419654][T11869] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.2105: Freeing blocks not in datazone - block = 0, count = 4096
[  293.426105][T11869] EXT4-fs (loop6): 1 orphan inode deleted
[  293.433337][ T6311] loop5: p4 start 16777216 is beyond EOD, truncated
[  293.437692][T11869] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  293.454036][T11860]  loop5: p1 p2 p4 < >
[  293.455917][T11860] loop5: partition table partially beyond EOD, truncated
[  293.469498][T11860] loop5: p1 start 16777216 is beyond EOD, truncated
[  293.471129][T11870] loop2: detected capacity change from 0 to 4096
[  293.473762][T11335] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.479228][T11860] loop5: p2 size 515840 extends beyond EOD, truncated
[  293.485214][T11860] loop5: p4 start 16777216 is beyond EOD, truncated
[  293.516591][T11870] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  293.566018][T11870] ntfs3(loop2): ino=19, mi_enum_attr
[  293.576196][ T6311] udevd[6311]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[  293.576536][T11870] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  293.619577][T11870] ntfs3(loop2): failed to convert "c46c" to ascii
[  293.622918][T11870] ntfs3(loop2): ino=20, mi_enum_attr
[  293.627627][ T6311] udevd[6311]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[  293.638747][T11875] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2108'.
[  293.695596][T11877] loop6: detected capacity change from 0 to 16
[  293.714747][T11877] erofs (device loop6): mounted with root inode @ nid 36.
[  294.010897][T11897] netlink: 'syz.6.2118': attribute type 1 has an invalid length.
[  294.017286][T11897] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  294.158108][T11908] loop6: detected capacity change from 0 to 512
[  294.184232][T11908] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  294.189305][T11908] ext4 filesystem being mounted at /66/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  294.215299][T11335] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  294.241569][T11913] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  294.249359][T11913] block device autoloading is deprecated and will be removed.
[  294.254500][T11909] md: md2 stopped.
[  294.375581][T11920] overlayfs: conflicting lowerdir path
[  295.873149][T11936] loop2: detected capacity change from 0 to 32768
[  295.941882][T11936] XFS (loop2): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  295.971549][T11936] XFS (loop2): Ending clean mount
[  296.040065][ T5850] XFS (loop2): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  296.579022][T11976] IPVS: nq: UDP 224.0.0.2:0 - no destination available
[  296.821981][T11988] loop6: detected capacity change from 0 to 32768
[  296.828324][T11988] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2153 (11988)
[  296.892218][T11988] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  296.909989][T11988] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  296.921261][T11988] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  296.970999][T11988] BTRFS info (device loop6): rebuilding free space tree
[  296.994501][T11988] BTRFS info (device loop6): disabling free space tree
[  297.000758][T11988] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  297.013571][T11988] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  297.028882][T11988] BTRFS info (device loop6): setting nodatasum
[  297.032861][T11988] BTRFS info (device loop6): setting nodatacow
[  297.039493][T11988] BTRFS info (device loop6): enabling ssd optimizations
[  297.046150][T11988] BTRFS info (device loop6): using spread ssd allocation scheme
[  297.051800][T11988] BTRFS info (device loop6): turning off barriers
[  297.058136][T11988] BTRFS info (device loop6): enabling disk space caching
[  297.064607][T11988] BTRFS info (device loop6): force clearing of disk cache
[  297.079713][   T33] audit: type=1800 audit(1756337036.041:104): pid=11988 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.2153" name="bus" dev="loop6" ino=263 res=0 errno=0
[  297.204015][T11335] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  297.286602][T11990] loop5: detected capacity change from 0 to 40427
[  297.302811][T11990] F2FS-fs (loop5): Small segment_count (9 < 1 * 24)
[  297.305543][T11990] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  297.450021][T11990] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  297.465238][T11990] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  297.472187][T11990] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  297.506296][T11022] bio_check_eod: 4 callbacks suppressed
[  297.506306][T11022] syz-executor: attempt to access beyond end of device
[  297.506306][T11022] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  297.538784][T11022] CPU: 0 UID: 0 PID: 11022 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  297.538805][T11022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  297.538812][T11022] Call Trace:
[  297.538818][T11022]  <TASK>
[  297.538823][T11022]  dump_stack_lvl+0x189/0x250
[  297.538854][T11022]  ? __pfx_dump_stack_lvl+0x10/0x10
[  297.538868][T11022]  ? __pfx_queue_work_on+0x10/0x10
[  297.538880][T11022]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  297.538897][T11022]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  297.538920][T11022]  f2fs_handle_critical_error+0x37c/0x540
[  297.538942][T11022]  f2fs_write_end_io+0x886/0xb60
[  297.538967][T11022]  __submit_merged_bio+0x27a/0x6a0
[  297.538988][T11022]  __submit_merged_write_cond+0x255/0x530
[  297.539009][T11022]  f2fs_write_data_pages+0x261d/0x3000
[  297.539051][T11022]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  297.539109][T11022]  ? arch_stack_walk+0xfc/0x150
[  297.539146][T11022]  ? __mod_zone_page_state+0xd7/0x140
[  297.539169][T11022]  ? folios_put_refs+0x560/0x640
[  297.539191][T11022]  ? __lock_acquire+0xab9/0xd20
[  297.539214][T11022]  ? do_raw_spin_lock+0x121/0x290
[  297.539236][T11022]  ? do_raw_spin_unlock+0x4d/0x240
[  297.539251][T11022]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  297.539269][T11022]  do_writepages+0x32e/0x550
[  297.539292][T11022]  ? do_raw_spin_unlock+0x4d/0x240
[  297.539310][T11022]  filemap_fdatawrite+0x199/0x240
[  297.539326][T11022]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  297.539375][T11022]  ? do_raw_spin_unlock+0x4d/0x240
[  297.539392][T11022]  f2fs_sync_dirty_inodes+0x31f/0x830
[  297.539415][T11022]  f2fs_write_checkpoint+0x95a/0x1df0
[  297.539444][T11022]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  297.539486][T11022]  ? call_rcu+0x6ff/0x9c0
[  297.539498][T11022]  ? lockdep_hardirqs_on+0x9c/0x150
[  297.539513][T11022]  ? kill_f2fs_super+0x298/0x6c0
[  297.539528][T11022]  kill_f2fs_super+0x2c3/0x6c0
[  297.539542][T11022]  ? __pfx_kill_f2fs_super+0x10/0x10
[  297.539550][T11022]  ? radix_tree_delete_item+0x2b6/0x400
[  297.539570][T11022]  ? shrinker_free+0x2ce/0x3e0
[  297.539584][T11022]  deactivate_locked_super+0xbc/0x130
[  297.539598][T11022]  cleanup_mnt+0x425/0x4c0
[  297.539610][T11022]  ? lockdep_hardirqs_on+0x9c/0x150
[  297.539627][T11022]  task_work_run+0x1d4/0x260
[  297.539644][T11022]  ? __pfx_task_work_run+0x10/0x10
[  297.539656][T11022]  ? __x64_sys_umount+0x122/0x160
[  297.539672][T11022]  ? exit_to_user_mode_loop+0x40/0x110
[  297.539689][T11022]  exit_to_user_mode_loop+0xec/0x110
[  297.539703][T11022]  do_syscall_64+0x2bd/0x3b0
[  297.539717][T11022]  ? lockdep_hardirqs_on+0x9c/0x150
[  297.539730][T11022]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.539740][T11022]  ? exc_page_fault+0x9f/0xf0
[  297.539754][T11022]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.539763][T11022] RIP: 0033:0x7f196398ff17
[  297.539774][T11022] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  297.539783][T11022] RSP: 002b:00007ffd44ac7e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  297.539796][T11022] RAX: 0000000000000000 RBX: 00007f1963a11c05 RCX: 00007f196398ff17
[  297.539803][T11022] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd44ac7f10
[  297.539809][T11022] RBP: 00007ffd44ac7f10 R08: 0000000000000000 R09: 0000000000000000
[  297.539816][T11022] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd44ac8fa0
[  297.539823][T11022] R13: 00007f1963a11c05 R14: 00000000000487f6 R15: 00007ffd44ac8fe0
[  297.539848][T11022]  </TASK>
[  297.539854][T11022] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  297.802497][T12013] loop6: detected capacity change from 0 to 32768
[  297.828585][T12013] ERROR: (device loop6): dtSearch: DT_GETPAGE: dtree page corrupt
[  297.828585][T12013] 
[  297.834621][T12013] ERROR: (device loop6): remounting filesystem as read-only
[  297.837909][T12013] jfs_lookup: dtSearch returned -5
[  297.840404][T12013] ERROR: (device loop6): dtReadFirst: DT_GETPAGE: dtree page corrupt
[  297.840404][T12013] 
[  297.844939][T12013] jfs_readdir: unexpected rc = -5 from dtReadNext
[  298.268686][T12051] loop6: detected capacity change from 0 to 512
[  298.282920][T12051] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2168: iget: bad i_size value: 38620345925642
[  298.293959][T12051] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.2168: couldn't read orphan inode 15 (err -117)
[  298.305703][T12051] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  298.331018][T11335] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.663698][T12078] lo speed is unknown, defaulting to 1000
[  298.666058][T12078] lo speed is unknown, defaulting to 1000
[  298.673730][T12078] lo speed is unknown, defaulting to 1000
[  298.717729][T12078] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  298.818470][T12078] lo speed is unknown, defaulting to 1000
[  298.822399][T12078] lo speed is unknown, defaulting to 1000
[  298.826522][T12078] lo speed is unknown, defaulting to 1000
[  298.830468][T12078] lo speed is unknown, defaulting to 1000
[  298.834265][T12078] lo speed is unknown, defaulting to 1000
[  298.838340][T12078] lo speed is unknown, defaulting to 1000
[  298.953922][T12077] loop5: detected capacity change from 0 to 32768
[  299.156089][T12084] loop5: detected capacity change from 0 to 4096
[  299.170266][T12085] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  300.294288][T12097] netlink: 216 bytes leftover after parsing attributes in process `syz.2.2187'.
[  300.300667][T12097] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2187'.
[  300.304457][T12097] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2187'.
[  300.525800][ T6249] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  300.660100][T12105] loop2: detected capacity change from 0 to 256
[  300.664163][T12105] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  300.673177][T12105] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  300.677261][ T6249] usb 7-1: Using ep0 maxpacket: 16
[  300.687454][ T6249] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.691930][ T6249] usb 7-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[  300.703694][T12105] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  300.709131][ T6249] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.723428][ T6249] usb 7-1: config 0 descriptor??
[  300.726675][   T33] audit: type=1800 audit(1756337039.692:105): pid=12105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2190" name="file1" dev="loop2" ino=1048747 res=0 errno=0
[  300.811850][T12107] loop2: detected capacity change from 0 to 7
[  300.817408][T12107]  loop2:
[  300.818824][T12107] loop2: partition table partially beyond EOD, truncated
[  301.143593][ T6249] waterforce 0003:1044:7A4D.0011: hidraw0: USB HID v0.03 Device [HID 1044:7a4d] on usb-dummy_hcd.6-1/input0
[  301.206370][ T6249] waterforce 0003:1044:7A4D.0011: fw version request failed with -38
[  301.234373][ T5237] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  301.248575][ T5237] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  301.253920][ T5237] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  301.266632][ T5237] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  301.270596][ T5237] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  301.333400][T12112] lo speed is unknown, defaulting to 1000
[  301.337968][T12112] lo speed is unknown, defaulting to 1000
[  301.339179][ T6249] usb 7-1: USB disconnect, device number 3
[  301.517711][T12112] chnl_net:caif_netlink_parms(): no params data found
[  301.594248][T12112] bridge0: port 1(bridge_slave_0) entered blocking state
[  301.597559][T12112] bridge0: port 1(bridge_slave_0) entered disabled state
[  301.600083][T12112] bridge_slave_0: entered allmulticast mode
[  301.602876][T12112] bridge_slave_0: entered promiscuous mode
[  301.607906][T12112] bridge0: port 2(bridge_slave_1) entered blocking state
[  301.610950][T12112] bridge0: port 2(bridge_slave_1) entered disabled state
[  301.614129][T12112] bridge_slave_1: entered allmulticast mode
[  301.618622][T12112] bridge_slave_1: entered promiscuous mode
[  301.653410][T12112] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  301.658947][T12112] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  301.687352][T12112] team0: Port device team_slave_0 added
[  301.691595][T12112] team0: Port device team_slave_1 added
[  301.710591][T12112] batman_adv: batadv0: Adding interface: batadv_slave_0
[  301.713572][T12112] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.723766][T12112] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  301.729455][T12112] batman_adv: batadv0: Adding interface: batadv_slave_1
[  301.732093][T12112] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  301.742528][T12112] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  301.773641][T12112] hsr_slave_0: entered promiscuous mode
[  301.776542][T12112] hsr_slave_1: entered promiscuous mode
[  301.779015][T12112] debugfs: 'hsr0' already exists in 'hsr'
[  301.781061][T12112] Cannot create hsr debugfs directory
[  302.113151][   T33] audit: type=1326 audit(1756337041.072:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12127 comm="syz.6.2198" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f236238ebe9 code=0x0
[  302.126869][T12112] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  302.135768][T12112] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  302.141860][T12112] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  302.151450][T12112] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  302.190990][T12112] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.194147][T12112] bridge0: port 2(bridge_slave_1) entered forwarding state
[  302.197396][T12112] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.200397][T12112] bridge0: port 1(bridge_slave_0) entered forwarding state
[  302.271488][T12112] 8021q: adding VLAN 0 to HW filter on device bond0
[  302.286454][   T52] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.290400][   T52] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.309154][T12112] 8021q: adding VLAN 0 to HW filter on device team0
[  302.322157][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[  302.325092][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[  302.333281][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[  302.336387][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[  302.492847][T12112] 8021q: adding VLAN 0 to HW filter on device batadv0
[  302.611611][T12112] veth0_vlan: entered promiscuous mode
[  302.618479][T12112] veth1_vlan: entered promiscuous mode
[  302.634759][T12112] veth0_macvtap: entered promiscuous mode
[  302.639234][T12112] veth1_macvtap: entered promiscuous mode
[  302.652667][T12112] batman_adv: batadv0: Interface activated: batadv_slave_0
[  302.661474][T12112] batman_adv: batadv0: Interface activated: batadv_slave_1
[  302.679336][   T13] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  302.683086][   T13] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  302.700549][   T13] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  302.704754][   T13] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  302.791683][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.797280][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.834889][ T1091] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.839408][ T1091] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  303.200469][T12172] loop2: detected capacity change from 0 to 1024
[  303.211213][T12172] hfsplus: bad catalog entry type
[  303.263051][ T4298] hfsplus: b-tree write err: -5, ino 4
[  303.326001][ T5237] Bluetooth: hci3: command tx timeout
[  303.461155][T12191] loop6: detected capacity change from 0 to 128
[  303.487799][T12191] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; going on - but anything won't be destroyed because it's read-only
[  303.496536][T12191] hpfs: filesystem error: improperly stopped
[  303.500168][T12191] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  303.506530][T12191] hpfs: Proceeding, but your filesystem could be corrupted if you delete files or directories
[  303.511588][T12191] hpfs: filesystem error: sector(s) 'dir_band' badly placed at 7b318cc2
[  304.533670][T12212] loop6: detected capacity change from 0 to 1024
[  304.542892][T12212] EXT4-fs: Ignoring removed oldalloc option
[  304.546225][T12212] EXT4-fs: Ignoring removed orlov option
[  304.553997][T12212] EXT4-fs (loop6): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  304.571629][T12212] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  304.686827][T11335] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.066327][ T5912] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  305.070927][T12233] loop2: detected capacity change from 0 to 16
[  305.073684][T12233] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  305.092189][T12233] cramfs: empty filesystem
[  305.166166][T12235] loop2: detected capacity change from 0 to 4096
[  305.180132][T12235] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  305.182929][T12235] ntfs3(loop2): Failed to initialize $Extend/$ObjId.
[  305.226455][ T5912] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  305.235366][ T5912] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  305.240704][ T5912] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  305.251721][ T5912] usb 7-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  305.256252][ T5912] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.259712][ T5912] usb 7-1: Product: syz
[  305.262291][ T5912] usb 7-1: Manufacturer: syz
[  305.263945][ T5912] usb 7-1: SerialNumber: syz
[  305.270364][ T5912] usb 7-1: config 0 descriptor??
[  305.395292][ T5852] Bluetooth: hci3: command tx timeout
[  305.486283][ T5912] adutux 7-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0
[  305.689715][ T6249] usb 7-1: USB disconnect, device number 4
[  306.179616][T12248] loop2: detected capacity change from 0 to 8
[  306.189263][T12248] SQUASHFS error: xz decompression failed, data probably corrupt
[  306.193418][T12248] SQUASHFS error: Failed to read block 0x108: -5
[  306.199785][T12248] SQUASHFS error: Unable to read metadata cache entry [106]
[  306.202965][T12248] SQUASHFS error: Unable to read inode 0x11f
[  306.555190][ T6249] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[  306.711685][ T6249] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  306.716519][ T6249] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  306.720111][ T6249] usb 7-1: Product: syz
[  306.721991][ T6249] usb 7-1: Manufacturer: syz
[  306.724007][ T6249] usb 7-1: SerialNumber: syz
[  306.726282][ T6248] usb 3-1: new high-speed USB device number 40 using dummy_hcd
[  306.732670][ T6249] usb 7-1: config 0 descriptor??
[  306.739628][ T6249] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  306.744607][ T6249] usb 7-1: setting power ON
[  306.747836][ T6249] dvb-usb: bulk message failed: -22 (2/0)
[  306.754596][ T6249] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  306.761833][ T6249] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) error while loading driver (-19)
[  306.767111][ T6249] dvb_usb_cxusb 7-1:0.0: probe with driver dvb_usb_cxusb failed with error -22
[  306.874938][ T6248] usb 3-1: Using ep0 maxpacket: 32
[  306.879319][ T6248] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  306.883049][ T6248] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.890381][ T6248] usb 3-1: config 0 descriptor??
[  306.895743][ T6248] gspca_main: sq930x-2.14.0 probing 041e:403c
[  306.946868][    T9] usb 7-1: USB disconnect, device number 5
[  307.475347][ T5852] Bluetooth: hci3: command 0x040f tx timeout
[  307.823139][T12270] loop6: detected capacity change from 0 to 32768
[  307.834013][T12270] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2253 (12270)
[  308.158470][T12268] loop7: detected capacity change from 0 to 131072
[  308.164052][T12268] F2FS-fs (loop7): Wrong CP boundary, start(512) end(1536) blocks(0)
[  308.167150][T12268] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  308.174771][T12268] F2FS-fs (loop7): invalid crc value
[  308.184427][T12270] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  308.208728][T12270] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  308.212370][T12268] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  308.217826][T12268] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  308.220153][T12268] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  308.235783][T12268] F2FS-fs (loop7): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 75c4e831
[  308.279491][ T6248] gspca_sq930x: ucbus_write failed -71
[  308.281820][ T6248] sq930x 3-1:0.0: probe with driver sq930x failed with error -71
[  308.289657][ T6248] usb 3-1: USB disconnect, device number 40
[  308.318709][T12270] BTRFS info (device loop6): enabling ssd optimizations
[  308.320994][T12270] BTRFS info (device loop6): enabling free space tree
[  308.398235][T11335] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  308.761273][T12302] syzkaller0: mtu greater than device maximum
[  308.800857][T12300] lo speed is unknown, defaulting to 1000
[  308.804191][T12300] lo speed is unknown, defaulting to 1000
[  308.949555][T12315] loop7: detected capacity change from 0 to 512
[  308.968132][T12315] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  309.010097][T12112] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.081957][T12323] loop6: detected capacity change from 0 to 16
[  309.100757][T12323] erofs (device loop6): mounted with root inode @ nid 36.
[  309.124865][ T5912] usb 3-1: new high-speed USB device number 41 using dummy_hcd
[  309.219450][T12328] loop6: detected capacity change from 0 to 128
[  309.284655][ T5912] usb 3-1: Using ep0 maxpacket: 8
[  309.289204][ T5912] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  309.292690][ T5912] usb 3-1: config 179 has no interface number 0
[  309.300628][ T5912] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  309.306157][ T5912] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  309.310853][ T5912] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  309.319460][ T5912] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0
[  309.323559][ T5912] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  309.330816][ T5912] usb 3-1: config 179 interface 65 has no altsetting 0
[  309.342206][ T5912] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  309.347298][ T5912] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.378484][ T5912] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input20
[  309.594568][ T5237] Bluetooth: hci3: command 0x040f tx timeout
[  309.679913][ T5912] usb 3-1: USB disconnect, device number 41
[  309.693966][ T6311] udevd[6311]: setting owner of /dev/input/js0 to uid=0, gid=104 failed: No such file or directory
[  310.198726][T12337] loop2: detected capacity change from 0 to 2048
[  310.214219][T12337] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  310.218172][T12337] UDF-fs: Scanning with blocksize 512 failed
[  310.233922][T12337] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  311.479302][   T25] block nbd0: Possible stuck request ffff8880222a0000: control (read@0,1024B). Runtime 240 seconds
[  311.484102][   T25] block nbd0: Possible stuck request ffff8880222a0200: control (read@1024,1024B). Runtime 240 seconds
[  311.488438][T12346] input: syz0 as /devices/virtual/input/input21
[  311.489131][   T25] block nbd0: Possible stuck request ffff8880222a0400: control (read@2048,1024B). Runtime 240 seconds
[  311.497820][   T25] block nbd0: Possible stuck request ffff8880222a0600: control (read@3072,1024B). Runtime 240 seconds
[  311.644657][ T5237] Bluetooth: hci3: command 0x040f tx timeout
[  311.656155][T12350] loop2: detected capacity change from 0 to 512
[  311.683928][T12350] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  311.705486][   T33] audit: type=1800 audit(1756337050.673:107): pid=12350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2279" name="file0" dev="loop2" ino=13 res=0 errno=0
[  311.753868][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.880261][T12352] loop6: detected capacity change from 0 to 40427
[  311.898560][T12352] F2FS-fs (loop6): build fault injection rate: 14
[  311.901220][T12352] F2FS-fs (loop6): build fault injection type: 0x3bfe8c
[  311.919299][T12352] F2FS-fs (loop6): invalid crc value
[  311.925768][    C0] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  311.935802][    C0] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  311.973396][T12364] netlink: 'syz.2.2285': attribute type 10 has an invalid length.
[  311.974518][T12352] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  311.978022][T12364] veth1_vlan: entered allmulticast mode
[  311.981967][T12352] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  311.988774][T12364] team0: Device veth1_vlan failed to register rx_handler
[  311.993096][T12352] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  312.044085][T12352] F2FS-fs (loop6): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  312.052276][T12352] F2FS-fs (loop6): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x249/0x1cf0
[  312.067320][T12352] F2FS-fs (loop6): inconsistent node block, node_type:1, nid:3, node_footer[nid:3,ino:3,ofs:0,cpver:1219692001,blkaddr:4098]
[  312.094010][T12352] syz.6.2281: attempt to access beyond end of device
[  312.094010][T12352] loop6: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  312.105883][T12352] syz.6.2281: attempt to access beyond end of device
[  312.105883][T12352] loop6: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  312.138431][T12370] syz.6.2281: attempt to access beyond end of device
[  312.138431][T12370] loop6: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  312.164016][T12372] loop2: detected capacity change from 0 to 512
[  312.185907][T11335] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_folio of f2fs_grab_meta_folio+0x6a/0x1d0
[  312.214624][T12372] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  312.289097][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.365272][T12379] loop2: detected capacity change from 0 to 128
[  312.368476][T12379] minix: Unknown parameter 'G8F;Qt[o\1C{Z4&\5R}7:ҝD0򙐃'
[  312.387756][ T5884] kernel write not supported for file /50/net/fib_triestat (pid: 5884 comm: kworker/0:4)
[  312.719768][T12395] netlink: 'syz.2.2297': attribute type 10 has an invalid length.
[  312.926445][T12395] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  314.034224][   T34] INFO: task syz.3.966:8633 blocked for more than 143 seconds.
[  314.044706][   T34]       Not tainted syzkaller #0
[  314.047105][   T34] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  314.050977][   T34] task:syz.3.966       state:D stack:28936 pid:8633  tgid:8632  ppid:8477   task_flags:0x400140 flags:0x00004004
[  314.056685][   T34] Call Trace:
[  314.059834][   T34]  <TASK>
[  314.063148][   T34]  __schedule+0x1798/0x4cc0
[  314.065727][   T34]  ? __lock_acquire+0xab9/0xd20
[  314.067969][   T34]  ? __lock_acquire+0xab9/0xd20
[  314.070027][   T34]  ? __pfx___schedule+0x10/0x10
[  314.071756][   T34]  ? schedule+0x91/0x360
[  314.073627][   T34]  schedule+0x165/0x360
[  314.078346][   T34]  schedule_preempt_disabled+0x13/0x30
[  314.083330][   T34]  __mutex_lock+0x7e6/0x1350
[  314.086640][   T34]  ? __mutex_lock+0x5bb/0x1350
[  314.091370][   T34]  ? sync_bdevs+0x1ac/0x340
[  314.093196][   T34]  ? __pfx___mutex_lock+0x10/0x10
[  314.097982][   T34]  ? iput+0x398/0x9d0
[  314.102304][   T34]  ? do_raw_spin_unlock+0x4d/0x240
[  314.108386][   T34]  sync_bdevs+0x1ac/0x340
[  314.110148][   T34]  ksys_sync+0xb9/0x150
[  314.120188][   T34]  ? __pfx_ksys_sync+0x10/0x10
[  314.124997][   T34]  ? rcu_is_watching+0x15/0xb0
[  314.127172][   T34]  ? do_syscall_64+0xbe/0x3b0
[  314.128949][   T34]  __ia32_sys_sync+0xe/0x20
[  314.130858][   T34]  do_syscall_64+0xfa/0x3b0
[  314.132707][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.140267][   T34]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.146540][   T34]  ? exc_page_fault+0x9f/0xf0
[  314.148399][   T34]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.150900][   T34] RIP: 0033:0x7f6cf118ebe9
[  314.152734][   T34] RSP: 002b:00007f6cf201a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  314.157174][   T34] RAX: ffffffffffffffda RBX: 00007f6cf13b5fa0 RCX: 00007f6cf118ebe9
[  314.162800][   T34] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  314.168203][   T34] RBP: 00007f6cf13b5fa0 R08: 0000000000000000 R09: 0000000000000000
[  314.171454][   T34] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  314.179143][   T34] R13: 00007f6cf13b6038 R14: 00007f6cf13b5fa0 R15: 00007ffdbb1fd9e8
[  314.183106][   T34]  </TASK>
[  314.189019][   T34] 
[  314.189019][   T34] Showing all locks held in the system:
[  314.193433][   T34] 2 locks held by kworker/u9:1/28:
[  314.198551][   T34]  #0: ffff888106191148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  314.205115][   T34]  #1: ffffc9000061fbc0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  314.209852][   T34] 1 lock held by khungtaskd/34:
[  314.211715][   T34]  #0: ffffffff8e139ee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  314.223220][   T34] 2 locks held by getty/5671:
[  314.225803][   T34]  #0: ffff888020fbf0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  314.229281][   T34]  #1: ffffc900029062f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  314.232977][   T34] 1 lock held by udevd/5942:
[  314.239633][   T34]  #0: ffff8880221db358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xd30
[  314.242792][   T34] 1 lock held by syz.3.966/8633:
[  314.248011][   T34]  #0: ffff8880221db358 (&disk->open_mutex){+.+.}-{4:4}, at: sync_bdevs+0x1ac/0x340
[  314.253362][   T34] 1 lock held by syz-executor/12112:
[  314.257874][   T34] 
[  314.260538][   T34] =============================================
[  314.260538][   T34] 
[  314.265750][   T34] NMI backtrace for cpu 1
[  314.265760][   T34] CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  314.265784][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  314.265790][   T34] Call Trace:
[  314.265794][   T34]  <TASK>
[  314.265797][   T34]  dump_stack_lvl+0x189/0x250
[  314.265812][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.265821][   T34]  ? __pfx__printk+0x10/0x10
[  314.265834][   T34]  nmi_cpu_backtrace+0x39e/0x3d0
[  314.265846][   T34]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  314.265855][   T34]  ? nmi_trigger_cpumask_backtrace+0x14d/0x300
[  314.265863][   T34]  ? kasan_check_range+0x9f/0x2c0
[  314.265875][   T34]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  314.265887][   T34]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  314.265897][   T34]  watchdog+0xf93/0xfe0
[  314.265909][   T34]  ? watchdog+0x1de/0xfe0
[  314.265919][   T34]  kthread+0x711/0x8a0
[  314.265929][   T34]  ? __pfx_watchdog+0x10/0x10
[  314.265938][   T34]  ? __pfx_kthread+0x10/0x10
[  314.265951][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  314.265961][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.265971][   T34]  ? __pfx_kthread+0x10/0x10
[  314.265980][   T34]  ret_from_fork+0x3fc/0x770
[  314.265988][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  314.265997][   T34]  ? __switch_to_asm+0x39/0x70
[  314.266005][   T34]  ? __switch_to_asm+0x33/0x70
[  314.266013][   T34]  ? __pfx_kthread+0x10/0x10
[  314.266022][   T34]  ret_from_fork_asm+0x1a/0x30
[  314.266035][   T34]  </TASK>
[  314.266084][   T34] Sending NMI from CPU 1 to CPUs 0:
[  314.326820][    C0] NMI backtrace for cpu 0
[  314.326839][    C0] CPU: 0 UID: 0 PID: 5778 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  314.326851][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  314.326857][    C0] RIP: 0010:native_apic_msr_write+0x39/0x50
[  314.326870][    C0] Code: 74 2a 83 ff 30 74 25 eb 10 81 ff d0 00 00 00 74 1b 81 ff e0 00 00 00 74 13 c1 ef 04 81 c7 00 08 00 00 89 f9 89 f0 31 d2 0f 30 <66> 90 c3 cc cc cc cc cc f3 0f 1e fa 89 f6 31 d2 e9 d2 a4 8e 03 66
[  314.326875][    C0] RSP: 0018:ffffc900033efaf8 EFLAGS: 00000046
[  314.326882][    C0] RAX: 000000000000ffde RBX: ffff88804b023900 RCX: 0000000000000838
[  314.326887][    C0] RDX: 0000000000000000 RSI: 000000000000ffde RDI: 0000000000000838
[  314.326891][    C0] RBP: 0000000000000001 R08: 0000000000000000 R09: ffffffff81ae022e
[  314.326894][    C0] R10: 0000000000000003 R11: ffffffff81703490 R12: 000000000ffff441
[  314.326898][    C0] R13: dffffc0000000000 R14: 000000000000ffde R15: 0000000000000020
[  314.326903][    C0] FS:  000055555b599500(0000) GS:ffff8880b861b000(0000) knlGS:0000000000000000
[  314.326908][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  314.326912][    C0] CR2: 00007ffdfd549f48 CR3: 000000010e722000 CR4: 00000000000006f0
[  314.326938][    C0] Call Trace:
[  314.326942][    C0]  <TASK>
[  314.326945][    C0]  lapic_next_event+0x11/0x20
[  314.326953][    C0]  clockevents_program_event+0x1cf/0x360
[  314.326963][    C0]  hrtimer_start_range_ns+0xda6/0x1080
[  314.326975][    C0]  do_nanosleep+0x191/0x600
[  314.326983][    C0]  ? do_nanosleep+0x7f/0x600
[  314.326990][    C0]  ? __pfx_do_nanosleep+0x10/0x10
[  314.326997][    C0]  ? __hrtimer_setup+0x187/0x210
[  314.327002][    C0]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  314.327008][    C0]  hrtimer_nanosleep+0x169/0x360
[  314.327015][    C0]  ? __pfx_hrtimer_nanosleep+0x10/0x10
[  314.327021][    C0]  ? __pfx_hrtimer_wakeup+0x10/0x10
[  314.327027][    C0]  ? __pfx_get_timespec64+0x10/0x10
[  314.327035][    C0]  ? __rseq_handle_notify_resume+0x37e/0x11f0
[  314.327044][    C0]  __se_sys_clock_nanosleep+0x2f1/0x380
[  314.327095][    C0]  ? __pfx___se_sys_clock_nanosleep+0x10/0x10
[  314.327104][    C0]  ? do_syscall_64+0xbe/0x3b0
[  314.327114][    C0]  do_syscall_64+0xfa/0x3b0
[  314.327123][    C0]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.327129][    C0]  ? asm_sysvec_call_function_single+0x1a/0x20
[  314.327136][    C0]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  314.327141][    C0] RIP: 0033:0x7fbb0c7c1463
[  314.327148][    C0] Code: 1f 84 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d fe 70 1c 00 00 74 14 b8 e6 00 00 00 0f 05 <f7> d8 c3 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10
[  314.327153][    C0] RSP: 002b:00007ffcc1dbd608 EFLAGS: 00000202 ORIG_RAX: 00000000000000e6
[  314.327159][    C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbb0c7c1463
[  314.327163][    C0] RDX: 00007ffcc1dbd620 RSI: 0000000000000000 RDI: 0000000000000000
[  314.327167][    C0] RBP: 0000000000000000 R08: 000000001e75a58a R09: 7fffffffffffffff
[  314.327171][    C0] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffcc1dbda70
[  314.327174][    C0] R13: 0000000000000004 R14: 00007ffcc1dbd65c R15: 00007ffcc1dbd6f0
[  314.327181][    C0]  </TASK>
[  314.328526][   T34] Kernel panic - not syncing: hung_task: blocked tasks
[  314.328542][   T34] CPU: 1 UID: 0 PID: 34 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) 
[  314.328557][   T34] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  314.328565][   T34] Call Trace:
[  314.328571][   T34]  <TASK>
[  314.328578][   T34]  dump_stack_lvl+0x99/0x250
[  314.328598][   T34]  ? __asan_memcpy+0x40/0x70
[  314.328614][   T34]  ? __pfx_dump_stack_lvl+0x10/0x10
[  314.328626][   T34]  ? __pfx__printk+0x10/0x10
[  314.328652][   T34]  vpanic+0x281/0x750
[  314.328668][   T34]  ? __pfx_vpanic+0x10/0x10
[  314.328681][   T34]  ? preempt_schedule+0xae/0xc0
[  314.328700][   T34]  ? preempt_schedule_common+0x83/0xd0
[  314.328719][   T34]  panic+0xb9/0xc0
[  314.328733][   T34]  ? __pfx_panic+0x10/0x10
[  314.328747][   T34]  ? preempt_schedule_thunk+0x16/0x30
[  314.328767][   T34]  ? nmi_trigger_cpumask_backtrace+0x2bb/0x300
[  314.328782][   T34]  watchdog+0xfd2/0xfe0
[  314.328803][   T34]  ? watchdog+0x1de/0xfe0
[  314.494848][   T34]  kthread+0x711/0x8a0
[  314.496624][   T34]  ? __pfx_watchdog+0x10/0x10
[  314.498584][   T34]  ? __pfx_kthread+0x10/0x10
[  314.500520][   T34]  ? _raw_spin_unlock_irq+0x23/0x50
[  314.502668][   T34]  ? lockdep_hardirqs_on+0x9c/0x150
[  314.504829][   T34]  ? __pfx_kthread+0x10/0x10
[  314.506754][   T34]  ret_from_fork+0x3fc/0x770
[  314.508689][   T34]  ? __pfx_ret_from_fork+0x10/0x10
[  314.510841][   T34]  ? __switch_to_asm+0x39/0x70
[  314.512884][   T34]  ? __switch_to_asm+0x33/0x70
[  314.514937][   T34]  ? __pfx_kthread+0x10/0x10
[  314.516902][   T34]  ret_from_fork_asm+0x1a/0x30
[  314.518949][   T34]  </TASK>
[  314.521083][   T34] Kernel Offset: disabled
[  314.522832][   T34] Rebooting in 86400 seconds..

VM DIAGNOSIS:
23:11:24  Registers:
info registers vcpu 0

CPU#0
RAX=00000000000000fb RBX=00000000000000fb RCX=0000000000000830 RDX=0000000000000001
RSI=00000000000000fb RDI=0000000000000001 RBP=ffffc90000007e60 RSP=ffffc90000007d70
R8 =ffffffff8fa38a37 R9 =1ffffffff1f47146 R10=dffffc0000000000 R11=ffffffff81705100
R12=dffffc0000000000 R13=0000000000000000 R14=ffff8881366201b0 R15=ffffffff8dbdfd18
RIP=ffffffff81716273 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fa87fac66c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fbb0a7c826d CR3=000000002419e000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000017 000000000003bf12
XMM02=ff04021000000800 0601589c00100001 XMM03=8080808010000201 77840fffffffffff
XMM04=0000000000000000 0000000000000000 XMM05=000055555b5bca42 000055555b5bc580
XMM06=000055555b5baeb4 000055555b5baeb0 XMM07=ffff040210000008 000601589c001000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=8a2fdb01ea916200 RBX=ffffffff819683c8 RCX=8a2fdb01ea916200 RDX=0000000000000001
RSI=ffffffff8d9b7819 RDI=ffffffff8be33680 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa38a30 R13=0000000000000001 R14=0000000000000001 R15=1ffff110200d4000
RIP=ffffffff8b79a3f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000048000 CR3=00000001089b0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fa87ec12e53
XMM06=0000000000000000 00007fa87ec12e4d XMM07=0000000000000000 00007fa87ec12e61
XMM08=0000000000000000 00007fa87ec12ee7 XMM09=0000000000000000 00007fa87ec12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
