last executing test programs:

4m13.887305401s ago: executing program 1 (id=151):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$unix(0x1, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x800)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20004800}, 0x4000000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}, 0x0, 0x0, 0xff, 0x0, 0x0, 0x3}, 0x20)
r4 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
read$midi(r4, &(0x7f00000001c0)=""/147, 0x93)
socket$nl_route(0x10, 0x3, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

4m12.913176501s ago: executing program 1 (id=161):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000100), 0x6)
recvmmsg(r1, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}}], 0x1, 0x12142, 0x0)

4m12.909736672s ago: executing program 1 (id=162):
syz_io_uring_setup(0x6440, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x10000}, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac1414000c00090008"], 0x30}}, 0x4004)

4m12.857620216s ago: executing program 1 (id=163):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000002, &(0x7f0000000300)={[{@volume={'volume', 0x3d, 0x3e}}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@unhide}, {@noadinicb}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@longad}]}, 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000440)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f00000001c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './bus'}}], [], 0x2c})
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000002340)='./file0\x00', 0x1010052, &(0x7f0000000240)={[{}, {@discard}, {@errors_remount_ro}, {@errors_remount_ro}, {@nobarrier}, {@order_strict}, {@errors_continue}, {@order_relaxed}], [], 0x2c}, 0x2, 0xebd, &(0x7f0000004540)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgUI+IS++gkNAIQ1FDD0T8MT0gKiGKhDhVHKi4UCqlSK0EqlShntqeWvXWE+qFSlUqBfVSpMRV7PfWu8+e7npsz9q7v5/07ds3b3a+b7yRMzOefRuAkdVYfTx5cr4I4d1P33n05aeK315fdld7jSOrj0XstUIIzY5+kW3v87jg6pWXzmzWFuH46mPqh8cut187HUJYDkfCZ6EVPlpc+vLD9x45+vHrU7e8dfGZV3Zp99vy/QAAgGF06c9Lf7/vn396YO6rS4dPh8n28nR83or96XjcfyweKKfj5Ubo7hcd0WkiW28sRiNbbyxbbzzLM16Sr5ltp1my3kSPfGMdyzbbTwAAANiP0nltKxSNha5+o7GwsHbef93nsxPFwnPnl85dGFChAAAAQGX/eXX1plshhBBCCCGEEEIMcazMDvoKBAAAADBq8vnCNlje2Zm62ltr9Zf/8sONzV8PO6Duf//y76/8H7zmNw4AANUN69Fk2q90HJ3mMcjnERzLXrfV4/9Gtp3xLdZZNq/gfplvsKzO/Oe6V5XVv9X3cVDK6s/nw9yryurP5+ncq8rqn6y5jqrK6p+quY6qyuo/UHMdVZXVf7DmOqoqq3+65jqqKqt/puY6qiqr/4aa66iqrP5DNddRVVn9++W22rL6WzXXUVVZ/XM111FVWf031lxHVWX131RzHVWV1X9zzXUMyp2xTT+Hw9l45/lzfk63X87xAAAAYNT91/x/QgghhBBCCCHE0Merg74AAQAAAAxc+lxA+tT7SpTGx3qMj/cYb/YYn+gxPtljHAAAAAjhd2+cu+3tYv1z/tudDy/NG5XmX9rqPEb5fIRbzb/dec+2m3+/zFsGAADAaCm+99m1+x99/4W5ry4dPt1x9nstnu+meUDH47WBT2I/3Rcwk/WLdA59ujtPo2S9/PrADWXbe3ybOwoAAAAjLJ2/t0LRWOg4726FRmNhYf18fD40i3Pnl84ei/30/Sx/nG1OXl/+UM11AwAAAP1bP9/f/Pw/fY/vfJgoFp47v3Tuwlp/pr282ei8LjC7vrzovC7QypYfL1l+IvbT93f+YPbA6vKFMz9cemqndx4AAABGxIUXLz7z5NLS2R954oknnrSfDPo3EwAAsNO++OKd5o9PzPx+7fP/6/Pfpc//H4n9Vpzb7y9xhXSfQPocwIbP6z/RnWe2bL3nu9drZeuNxZjM6p7q2E7omG8wvW6uLF+rezsTJfmms3wzWb58noLxbP2U71C2PJ+fMK03my3P52Ecz3IUWf67AwAAAJRbfOHZ5xcvvHjxwfPPPvn02afPPnfi+Knvnjp17KHvPLS4el//Yufd/QAAAMB+tH7T76ArAQAAAAAAAAAAAAAAAAAAgNFVx9eJDXofAQAAYNT9+9UQwrIQoiTWvgJz8HUIIYQQQvSOsT1QgxBiz8bKSv5N8wAAAAC76+qVl850thssFzuar7211lpzLeZN7cyDf5u7Hmm1yw93Xy85uKPVMOrq/vcv//7K/8FrO5t/Kj3p+/dfo3sDp6vlvXfxl/Od+W8f7zN/vv+PV8t/NMt/b+gv/8r7Wf4nquW/L8t/sM/8G/b/+Wr574/552P/6D395u9+/ydjm/bjQJ/5v53t/1Oh3/zZ/rf6TJh5IOYHgFHUGHQBuyQdJaTj6OnYT/sbDzdDfvfDVo//G9l2xrddefd203HQrbGfjpdmsrzJVuufzrZ3Q8U6c/vlrpKy+nfqfdxtZfU3a66jqrL6J2quo6qy+idrrqOqsvqnaq6jqrL6+z0PHbSy+vfLdeWy+qdrrqOqsvpnaq6jqrL6t/r/+KCU1X+o5jqqKqt/tuY6qiqrv+JltdqV1T9Xcx1VldV/Y811VFVW/00111FVWf0311zHoNwR27Lz4XT+ORvHUr+V9Sc3+VkO67UFAAAA2G/+Zf4/IYQQQgghhBBi6GNlZdBXIBik3f00MwB7ld//o837P9q8/6PN+8//k+7hL7J+MtZjfLzHeLPH+EQ2nv97newxflO23ZUojd/cY/xrPcYP9Ri/tcf4fI/x23qM395j/I4e4wAAAIyGW2Lr/BAAAACG18u/+uTN39z7xJW5ry4dPh0mNsw7fyz2J+Pf1t+I/Xze+6QZ/+b/k9j/RWz/ENt/ZOu7/wQAAAB2X/qeGH//BwAAgOGVvqfU+T8AAAAMr7nYOv8HAACA4XVjbJ3/AwAAwBArpjZfHNt0XeDu2PY7rx8AsPd9PbZ3xvZwbO+K7Tdim44D7ontN2uqDwDYOT///k9PvV2sz/d/Ihu/GpendoPltSsFRaN7Jv8DsT0Y22/1WU/+fQD95k8O9Zlnt/LPbjM/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA8GquPJ0/OFyG8++k7j/5s4s2/Xl92V3uNI6uPRey1QgjN9uvS6Hr/13HFq1deOtPZXottEY6HIhTt5eGxy+1M0yGE5XAkfBZa4aPFpS8/fO+Rox+/PnXLWxefeWUXfwRd+wcAAADD6H8BAAD//8WNHkw=")
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000000300)={0x2020}, 0x2020)

4m12.667229119s ago: executing program 1 (id=164):
setregid(0x0, 0xee00)
r0 = getegid()
r1 = getegid()
setregid(r0, r1)

4m11.69684858s ago: executing program 1 (id=174):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b, '\x00', 0x0, @cgroup_sock_addr=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="e8", 0xfffffffffffffd79, 0x2000c850, 0x0, 0x4d)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000080)=0x40)

4m11.542161388s ago: executing program 32 (id=174):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6b, '\x00', 0x0, @cgroup_sock_addr=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4)
connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="e8", 0xfffffffffffffd79, 0x2000c850, 0x0, 0x4d)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000080)=0x40)

3m51.874367077s ago: executing program 3 (id=366):
syz_emit_ethernet(0x6a, &(0x7f0000000040)=ANY=[@ANYBLOB="01f40000000000000000100088fb4524005c006600"], 0x0)

3m51.814517704s ago: executing program 3 (id=367):
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0xffffffff, 0xfffffffd})
r0 = syz_io_uring_setup(0x63ab, &(0x7f00000006c0)={0x0, 0x1d11, 0x10000, 0x0, 0xfffffffe}, &(0x7f0000010080), &(0x7f0000000400))
setrlimit(0x40000000000008, &(0x7f0000000000)={0x0, 0x5})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000080)=[{&(0x7f0000001100)=""/4096, 0x1000}], 0x1)

3m51.685564184s ago: executing program 3 (id=368):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x2c, &(0x7f0000000f00), 0x4)

3m51.58987065s ago: executing program 3 (id=369):
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x195011, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
umount2(&(0x7f0000000040)='./file0/file0\x00', 0x8)

3m51.406454247s ago: executing program 3 (id=370):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f0000000180)={{@my=0x1}, 0x1, 0x1})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r0, 0x7a5, &(0x7f00000000c0)={{@my=0x0}, 0x1})

3m50.925793175s ago: executing program 3 (id=373):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000002300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x6f)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r3=>0x0})
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}}, 0x0)
sendto$packet(r0, &(0x7f00000001c0)="a6bea8a120e5f8310c3008791426", 0xe, 0x20000000, &(0x7f0000000140)={0x11, 0xed, r3, 0x1, 0x3d}, 0x14)

3m50.280724181s ago: executing program 33 (id=373):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000002300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x6f)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r2, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r3=>0x0})
socket$packet(0x11, 0x3, 0x300)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="6800000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000480012800e0001006970366772657461700000003400028008000100", @ANYRES32, @ANYBLOB="14000600fe800000000000000000000000000015140007"], 0x68}}, 0x0)
sendto$packet(r0, &(0x7f00000001c0)="a6bea8a120e5f8310c3008791426", 0xe, 0x20000000, &(0x7f0000000140)={0x11, 0xed, r3, 0x1, 0x3d}, 0x14)

3m32.931088137s ago: executing program 2 (id=579):
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x6, 0x4, 0x9, 0x5}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000007c0), &(0x7f0000000380), 0xfff, r2, 0x0, 0xa0028000}, 0x38)

3m32.00430746s ago: executing program 2 (id=595):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r2 = add_key(&(0x7f0000001340)='keyring\x00', &(0x7f0000001380)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)=@chain={'key_or_keyring:', r2})
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f00000000c0)='asymmetric\x00', &(0x7f0000000280)=@chain={'key_or_keyring:', r1})

3m31.9434443s ago: executing program 2 (id=596):
r0 = io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0xd3d5, 0x80, 0x5, 0x2b2})
ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000100)=""/207, 0xcf}], 0x1, 0x0, 0xc)

3m31.095128029s ago: executing program 2 (id=606):
syz_mount_image$jfs(&(0x7f0000000400), &(0x7f0000000040)='./file1\x00', 0xc00, &(0x7f00000007c0)=ANY=[@ANYRES32=0x0, @ANYRES32, @ANYRESOCT=0x0, @ANYRESDEC, @ANYRESOCT, @ANYRES8, @ANYRES32=0x0, @ANYRESOCT, @ANYRES8, @ANYRES16=0x0, @ANYRESOCT=0x0], 0x1, 0x6207, &(0x7f0000012500)="$eJzs3ctvHVcdB/DfffoRmkZdVCVCyG3Do5TmWUKgQNsFLNiwQNmiRK5bRaSAkoDSKiKuvGHBHwFCYokQS1b8AV2wZccfQKQECdRVpxr7HGc88c21k/rOtc/nIzlzf3NmfM/ke+c+PDP3BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQP/7RT8/1IuLKb9KMExFfiEFEP2KprlciYmnlRHOdF2KzOZ6PiNFCRL3+5j/PRrweER8fj7j/4M5qPfv8Hvvxw7/+608/O/aTf/5ldOb/f7s1eGPScrdv//5/f7/75NsLAAAAJaqqquqlj/knI2KYPtsDAEdffv2vkjxfPXf1+pz1R61Wq9WHsG6qdne3WUTEenOd+j2Dw/EAcMisxyddd4EOyb9ow4g41nUngLnW67oDHIj7D+6s9lK+vebrwcpWez4XZEf+673t6zsmTadpn2Myq8fXRgziuQn9WZpRH+ZJzr/fzv/KVvs4LXfQ+c/KpPzHW5c+FSfnP2jn33J08u/vmn+pcv7DfeU/kD8AAAAAAMyx/Pf/Ex0f/114+k3Zk8cd/12ZUR8AAAAAAAAA4PO23/H/hq3x/7YZ/w8AAADmVv1ZvfaH4w/nTfoutnr+5V7EM63lgcKki2WWu+4HAAAAAAAAAAAAAJRkuHUO7+VexCginllerqqq/mlq1/v1tOsfdqVvP5Ss6yd5AADY8vHx1rX8vYjFiLicvutvtLy8XFWLS8vVcrW0kN/PjhcWq6XG59o8rectjPfwhng4rupftthYr2na5+Vp7e3fV9/XuBrsoWOz0WHgABARW69G970iHTFV9Wx0/S6Hw8H+f/TY/9mLrh+nAAAAwMGrqqrqpa/zPpmO+fe77hQAMBP59b99XECtVqvVavXRq5uq3d1tFhGx3lynfs9gOH4AOGTW45Ouu0CH5F+0YUS80HUngLnW67oDHIj7D+6s9lK+vebrQRrfPZ8LsiP/9d7menn93abTtM8xmdXjayMG8dyE/jw/oz7Mk5x/v53/la32cVruoPOflUn519t5ooP+dC3nP2jn33J08u/vmn+pcv7DfeU/kD8AAAAAAMyx/Pf/E3N1/Hf8pJsz1eOO/64c2L0CAAAAAAAAwMG6/+DOar7uNR///9Iuy7n+82jK+ffkX6Scf7+V/9dbyw0at++9/TD//z64s/rnW//5Yp7uMf+Hv66XHlm99IjopabeME2fZusetTEajOt7GvX6g2E656cavRvX4nqsxdkdy/bT/8fD9nOPbMRos70abLWf39E+3G7P61/Y0T5KZzpVS7n9dKzGL+N6vLPZXrctTNn+xSnt1ZT2nP/A/l+knP+w8VPnv5zae61p7d5H/Uf2++Z0t/t569qXf3f24Ddnqo0YbG9bU719L3XQn83/k2Pj+PXNtRunb1+9devGuUiTHXPPR5p8znL+o/Sz/fz/8lZ7fqJu7q/3PhrvO/95sRHDifm/3Lhdb+8rM+5bF3L+4/ST838nte++/x/m/Cfv/6920B8AAAAAAAAAAAAAAAB4nKqqNi8RfSsiLqbrf7q6NhMAmK38+l8lef6s6sGM70+tPuR1b876M9P602q++qNWH8a6qdrdm80iIv7RXKd+z/Db3X4ZADDPPo2If3fdCToj/4Ll7/urp6e67gwwUzc/+PDnV69fX7txs+ueAAAAAAAAAABPKo//udIY//lUVVV3W8vtGP/17Vh52vE/h/nG9gCjEwaqHux/mx5noz8e9BvDjb8Yk8b/Hm3fetz438Mp9zea0j6e0r7w6KylZrE4Zf1dL/RoyPm/2Bjv/FREnGwNv17C+K/tMe9LkPN/qfF4rvP/Wmu5Zv7VHw9z/v0d+Z+59f6vztz84MPXrr1/9b2199Z+ceHcubMXLl68dOnSmXevXV87u/Vvhz0+WDn/PPa180DLkvPPmcu/LDn/r6Ra/mXJ+X811fIvS84/v9+Tf1ly/vmzj/zLkvN/JdXyL0vO/xupln9Zcv6vplr+Zcn5fzPV8i9Lzv+1VMu/LDn/06mWf1ly/mdSvcf8lw66X8xGzj8f4bL/lyXnn89skH9Zcv7nUy3/suT8L6Ra/mXJ+b+eavmXJef/rVTLvyw5/4upln9Zcv7fTrX8y5Lzv5Rq+Zcl5/+dVMu/LDn/76Za/mXJ+b+RavmXJef/vVTLvyw5/++nWv5lyfn/INXyL0vO/81Uy78sD7//3w03Znxj5OE3vze6fmYCAAAAAAAAAAAAANpmcTpx19sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfMYOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrB3dzFynfX9wM+ud9drBxIDIX8nfwMbx4SQONn1S/xCm2LCa8N7IBT6gu1612bBb3jtEmgkGwVKJIyKKtqGi7aAUMlNhVWhilaAcoFaVa0E7QW9QVS0XERVQAG1UltBtppznufZmdnZmVnvZH3mnM9Hin/emTNzzpw5c3a/63xnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABodutr5z41kmVZ47/8jy1Z9rzG3zdNbckve9W13kIAAABgrX6R//nMDemCQ33cqGmZv3vpd762uLi4mL13wx+Of25xMV0xlWXjG7Msvy668sP3jTQvEzyaTY6MNn092mP1G3pcP9bj+vEe10/0uH5jj+sne1y/bAcss6n4fUx+Zzvyv24pdml2YzaeX7ejw60eHdk4Ohp/l5MbyW+zOH48m89OZnPZTMvyxbIj+fLfuLWxrjdlcV2jTeva1jhCfvrIsbgNI2Ef72hZ19J9Rj9+TTb1s58+cuzPzz99c6fZcze03F+xnXdsb2znJ8IlxbaOZBvTPonbOdq0nds6PCcbWrZzJL9d4+/t2/lMn9u5YWkz11X7cz6ZjeZ//26+n8aaf62X9tO2cNl/35Zl2aWlzW5fZtm6stFsc8slo0vPz2RxRDbuo3EovTAbW9Vxemsfx2ljzu5oPU7bXxPx+b813G5shW1ofpp+/PGJpuf954tXc5xGjUe90mul/Rgc9GulLMdgPC6+mz/oxzoegzvC43/k9pWPwY7HTodjMD3upmNwe69jcHRiQ77No1/ZHNe+veUY3NWy/IZ8TSP5fOr27sfg9PlTZ6cXPvqxu+dPHT0xd2Lu9J5du2b27Nt34MCB6ePzJ+dmij+ven+X3eZsNL0Gtod9F18Dr2hbtvlQXfzixLLz79W+Die7vA63tC076NfhWPuDG1mfF+TSMR0vKV4b727s9MnLo9kKr7H8+blz7a/D9LibXodjTa/Djt9Tlm3zSH6bXq/DxjJn7+zvZ5axpv86bcPK3wvWdgxuaToG238eaT8GB/3zSFmOwclwXHz/zpW/F2wL2/vYztX+PLJh2TGYHm449zQuST/vTx7IR6fj8pbGFddNZBcW5s7d8/DR8+fP7crCWBcvajpW2o/XzU2PKVt2vI6u+ng9NP/Sx27pcPmWsK8m7278Mbnic9VYZu893Z+r/Ltb5/3ZcunuLIwBW+/92em7eWN/TmTZ57/98Qe/+cjnX7vi/mzkzU9Mr/1n8ZRLm86/4yucf2Puf7ZYX7qrRzeMjxWv3w1p74y3nI9bn6qx/Nw1kq/7men+zsfj4b/1Ph/f2OV8vLVt2UGfj8fbH1w8H4/0+m3H2rQ/n5PhODk50/183Fhm6+7VHpNjXc/Ht4U5Evb/K0NSSLmo6dhZ6bhN6xobGw+PayyuofU43dOy/HjIZo11PbH76o7TO24r7mtDenRL1us4nWpbdtDHafrd10rH6Uiv375dnfbnczIcFzfu6X6cNpZ5cu/az52b4l+bzp0TvY7B8Q0TjW0eTwdhfr7PFjfFY/Ce7Fh2JjuZzebXTuTH00i+rp339ncMToT/1vtcubXLMXhH27KDPgbT97GVjr2RseUPfgDan8/JcFw8fm/3Y7CxzOv2D/Zn1zvCJWmZpp9d23+/ttLvvG5p203P1bEyFrbz2/u7/262sczJA6vNmd33013hkus67Kf21+9Kr6nZbH3209awnU8fWHk/NbanscznDvZ5PB3Ksuzih+/Pf98b/n3lLy9872st/+7S6d90Ln74/p88//jfrmb7ARh+zxZjc/G9rulfpvr5938AAABgKMTcPxpmIv8DAABAZcTcH/+v8ET+BwAAgMqIuX8szKQm+X/r656ef/Zilpr5i0G8Pu2GB4rlYsd1Jnw9tbikcfn9X577r7+52N+6R7Ms+/kDv9tx+a0PxO0qTIXtvPL61suX+drdfa37yEMX03qb++tfCPcfH0+/h0GnCu5MlmXfuOEz+Xqm3nc5n08+cCSfD1567NHGMs8cLL6Ot3/qRcXyfxLKv4eOH225/VNhP/wozJk3d94f8XZfvfzKbfvfs7S+eLuR7dfnD/vx9xf3G98n57OPFsvH/bzS9n/z0098tbH8wy/vvP0XRztv/xPhfr8c5v+8pFi++TlofB1v98mw/XF98Xb3fOlbHbf/yqeK5c++oVjuSJhx/XeEr3e84en55v318MjRlseVvbFYLq5/5nu/n18f7y/ef/v2Tx6+3LI/2o+PJ/+5uJ/ptuXj5XE90V+3rb9xP83HZ1z/E793pGU/91r/lQefeknjftvXf1fbcmc/fGe+/qX7a33Hpj/95Gc6ri9uz6G/ONvyeA69M7yOw/off384HsP1/3uluL/2d1c48s7W809c/gtbLrY8nuhNPyvWf+XVJ/K5cXLT5uue9/zrL72sse+y7Lsbi/vrtf4Tf3amZfu/eFOxP+L1saPfvv6VxPWf+8jO02cWLszPpr36yA35e+e8pdieuL03hHNr+9eHz5z/wNy5qZmpmSybqu5b6F21L4X5k2Jc6r704rIz6J0Phefzlj/+xubb/+nT8fJ/eXdx+eU3F9+3XhGW+2y4fEt4/la3/uUev/Wm/PU98mTYwsXl7xe8Ftt2/MeBvhYMj7/954J4vJ998Qfy/dC4Lv++EV/Xa9z+H8wW9/P1sF8Xwzszb79paX3Ny8f3Rrj8ruL1vub9F05z8Xn9Sni+3/qj4v7jdsXH+4Pwc8y3trae7+Lx8fWLo+33n7+Lx6VwPskuFdfHpeL+vvzMTR03L74PSXbp5vzrP0j3c/OqHuZKFj66MH1y/vSFh6fPzy2cn1746McOnzpz4fT5w/l7eR7+YK/bL52fNufnp9m5fXuz/Gx1phjPsWu9/WcfOja7f+b22bnjRy8cP//Q2blzJ44tLBybm124/ejx43Mf6XX7+dn7du0+uGf/7p0n5mfvO3Dw4J6DO+dPn2lsRrFRPeyb+dDO0+cO5zdZuG/vwV333rt3ZuepM7Nz9+2fmdl5odft8+9NOxu3/p2d5+ZOHj0/f2pu58L8x+bu23Vw377dPd8N8NTZ4wtT0+cunJ6+sDB3brp4LFPn84sb3/t63Z5qWvjX4ufZdiPFG/Flb79rX3p/1oYvf3zFuyoWaXsD0afDe9H8/QvOHujn65j7x8NMapL/AQAAoA5i7p8IM5H/AQAAoDJi7t8YZiL/AwAAQGXE3D8ZZlKT/F+5/v/Wi32tX/9f/795f+n/16z//66y9f8b54u51OvU/1+btfbv9f8D/X/9f/1//X/9fwagbP3/mPs3ZVkt8z8AAADUQcz9m8NM5H8AAACojJj7rwszkf8BAACgMmLuf16YSU3yv/6//r/+v/6//n/n9a9v/9/n/w+K/n93+v896P9PZ/Xq/18a5Pbr//fZ/5/qdU9USdn6/zH3Pz/MpCb5HwAAAOog5v7rw0zkfwAAAKiMmPtvCDOR/wEAAKAyYu7fEmZSk/yv/6//r/+v/6//33n9+v/DSf+/O/3/HvT/ff6//r/P/2egytb/j7n/BWEmNcn/AAAAUD3Lf5kQc/8Lw0zkfwAAACifsau7Wcz9LwozWZb/r3IFAAAAwDUXc/+NWVsRvCb//q//r/+v/6//r//fef399/83ZPr/5aH/353+fw/6/2vrzzdOjPr/+v/6/zQpW/8/z/3ZZPbiMJOa5H8AAACog5j7bwozkf8BAACgMmLu/39hJvI/AAAAVEbM/VvDTGqS//X/9f/r1v//t736//r/Pv+/yvT/u9P/70H/3+f/6//r/zNQZev/x9x/c5hJTfI/AAAA1EHM/beEmcj/AAAAUBkx9///MBP5HwAAACoj5v5tYSY1yf/6/yXv/8fmqP6/z//X/9f/1//vi/5/d/r/Pej/6//r/+v/M1Bl6//H3P+SMJOa5H8AAACog5j7XxpmIv8DAABAZcTc/7IwE/kfAAAAKiPm/qkwk5rkf/3/kvf/ix78hM//1//X/9f/1//vj/5/d/r/Pej/6//r/+v/M1Bl6//H3H9rmElN8j8AAADUQcz928NM5H8AAACojJj7bwszkf8BAACgMmLu3xFmUpP8r/8/FP3/TP9f/1//X/9f/78/+v/d6f/3oP+v/6//r//PQJWt/x9z/8vDTGqS/wEAAKAOYu6/PcxE/gcAAIDKiLn/FWEm8j8AAABURsz9d4SZ1CT/6//r/+v/6//r/3dev/7/cNL/707/vwf9f/1//X/9fwaqbP3/mPtfGWZSk/wPAAAAdRBz/51hJvI/AAAAVEbM/XeFmcj/AAAAUBkx9+8MM6lJ/tf/1//X/9f/1//vvH79/+Gk/9+d/n8P+v/6//r/+v8MVNn6/zH33x1mUpP8DwAAAHUQc/89YSbyPwAAAFRGzP3TYSbyPwAAAFRGzP0zYSY1yf/6//r/+v+l7P/nNyll//9lS/er/1/Q/y8X/f/u9P970P/X/7/m/f9x/X8qpWz9/5j7d4WZ1CT/AwAAQB3E3L87zET+BwAAgMqIuX9PmIn8DwAAAJURc//eMJOa5H/9f/1//f9S9v9zpez/N9H/L+j/l4v+f3eD7//Hh6j/r/+v/+/z//X/Wa5s/f+Y++8NM6lJ/gcAAIA6iLl/X5iJ/A8AAACVEXP//jAT+R8AAAAqI+b+A2EmNcn/+v/6//r/+v/6/53Xr/8/nMrZ/x/te/3D1//3+f/6/0v0//X/9f9pV7b+f8z9B8NMapL/AQAAoA5i7n9VmIn8DwAAAJURc/8vhZnI/wAAAFAZMff/cphJTfK//n/Z+/+jmf6//r/+v/6//n//ytn/75/+v/6//v/wbr/+v/4/y5Wt/x9z/31hJjXJ/wAAAFAHMff/SpiJ/A8AAACVEXP/q8NM5H8AAACojJj7D4WZ1CT/V6z/P9nfmoep/+/z//X/9f/1//X/V0P/vzv9/x70//X/9f/1/xmosvX/Y+5/TZhJTfI/AAAA1EHM/feHmcj/AAAAUBkx9782zET+BwAAgMqIuf91YSY1yf8V6/9X8PP/9f/1//X/9f/1/1dD/787/f8e9P/1//X/9f8ZqLL1/2Puf32YSU3yPwAAANRBzP1vCDMav2ZbBAAAAAxazP1vDDPx7/8AAABQGTH3vynMpCb5X/9f/1//X/9f/7/z+vX/h5P+f3f6/z3o/+v/6//r/zNQZev/x9z/q2EmNcn/AAAAUAcx9z8QZiL/AwAAQGXE3P/mMBP5HwAAACoj5v63hJnUJP/r/+v/6//r/+v/d16//v9w0v/vbsj6/7+4Plyu/1/Q/y/39q+2/z/W9vVz0v//4Ur9/8WN7bfX/+e5ULb+f8z9bw0zqUn+BwAAgDqIuf9tYSbyPwAAAFRGzP1vDzOR/wEAAKAyYu5/R5hJTfK//n9jO5bay/r/+v/5BevS/3/Hf+r/6/9n+v8Dp//f3ZD1/33+fxv9/3Jvv8//1/9nubL1/2Puf2eYSU3yPwAAANRBzP0PhpnI/wAAAFAZMfe/K8xE/gcAAIDKiLn/3WEmNcn/+v8+/1//3+f/6/93Xr/+/3DS/+9O/78H/X/9/7L1//9d/5/hVrb+f8z9D4WZ1CT/AwAAQB3E3P+eMBP5HwAAACoj5v5fCzOR/wEAAKAyYu5/b5hJTfL/te7/b9L/77P/P6X/r/+v/9/2ePT/9f870f/vTv+/B/1//f+y9f99/j9Drmz9/5j73xdm0n/+n+x7SQAAAOCaiLn/18NMavLv/wAAAFAHMff/RpiJ/A8AAACVEXP/b4aZ1CT/X+v+v8//9/n/+v816v+P6v/r/z/31q//H888+v/6//r/kf6//r/+P+3K1v+Puf+3wkxqkv8BAACgDmLuf3+YifwPAAAAQ6HT/5PdLub+w2Em8j8AAABURsz9R8JMapL/9f9r1P//q38ortT/H47+/x9t/8fvf+dtR3ZVqf/v8//1/9fBun7+f+PF7/P/9f/1/xP9f/1//X/ala3/H3P/0TCTmuR/AAAAqIOY+387zET+BwAAgMqIuf9YmIn8DwAAAJURc/9smElN8r/+f436/z7/f7j6/0P8+f9xf+j/txpY/z+edPX/O1rX/v97lnri+v+r7f9PdLxU/1//f5i3X/9f/5/lytb/j7l/LsykJvkfAAAA6iDk/tHjxVy6Qv4HAACAyoi5/0SYifwPAAAAlRFz/wfCTGqS//X/9f/1//X/ff5/5/WXtv/v8/+70v/vrjz9/870//X/h3n79f/1/1mubP3/mPvnw0xqkv8BAACgDmLu/2CYifwPAAAAlRFz/4fCTOR/AAAAqIyY+0+GmdQk/+v/6//r/+v/6/93Xr/+/3DS/+9O/78H/X/9/6vZ/nDc6P/r/7Nc2fr/MfefCjOpSf4HAACAOoi5/3SYifwPAAD8H3v38WRpWfZx/DQM0l1UiTsXblzrn8BC1/oHuHDjxip1YcKcGMwRE+aAOWMARUyomMGEYhYRc0BFFANijeXMdV3TPefp53TPnNP9nPv+fBZevvM6ngPvlL4/hm/dQDNy9z8qbrH/AQAAoBm5+x8dt3Sy//X/+v9m+//76f93+3z9v/6/Zfr/cfr/BfT/+n/v/+v/Waqp9f+5+x8Tt3Sy/wEAAKAHufsfG7fY/wAAANCM3P0Xxi32PwAAADQjd//j4pZO9v8p/f/GrM/+PzNe/X9L/b/3/3f9fP2//r9lB9v/X/z//+TT/+v/9f9B/6//1/9zqqn1/7n7Hx+3dLL/AQAAoAe5+58Qt9j/AAAA0Izc/U+MW+x/AAAAaEbu/ifFLZ3sf+//e/9f/6//1/8Pf77+fz15/39cT/3/hTee98jbr7rX1fv5/NX3/7ft7P+D/n85Dvv76//1/8ybWv+fu//JcUsn+x8AAAB6kLv/KXGL/Q8AAADNyN3/1LjF/gcAAIBm5O5/WtzSyf7X/+v/9f/6/1b6/0vjx/X/fdP/j+up/z+dz/f+v/5f/6//Z7mm1v/n7n963NLJ/gcAAIAe5O5/Rtxi/wMAAEAzcvdfFLfY/wAAANCM3P1H45ZO9r/+f/X9/3/1//r/uPp/7//r/1dP/z9O/7+A/l//r//X/7NUU+v/c/dfHLd0sv8BAACgB7n7nxm32P8AAADQjNz9z4pb7H8AAABoRu7+Z8ctnex//b/3//X/+n/9//Dn6//Xk/5/nP5/Af3/mfbz5+j/9f/6f7bbZ/9/58h/bC+l/8/d/5y4pZP9DwAAAD3I3f/cuMX+BwAAgGbk7n9e3GL/AwAAQDNy9z8/bulk/+v/9f/6f/3/aff/87/0jtP/D1te/79V/576/3n6/3GT6f83jgz+sP5/7ft/7//r//X/7DC19/9z978gbulk/wMAAEAPcve/MG4Z2f/7/ov5AAAAwKHK3f+iuMXv/wMAAMDay+osd/+L45ZO9r/+X/+v/9f/e/9/+PPH+v+rt30/7/9Pi/5/3GT6/13o//X/6/z99f/6f+ZNrf/P3f+SuKWT/Q8AAAA9yN1/Sdxi/wMAAEAzcve/NG6x/wEAAKAZuftfFrd0sv+H+/+T/3v9/97o/3d+f/3/8K+PZfX/+e+o/x/t/+/f7vv/+v8x+v9x+v8F9P/77+e3/SHq/5vu/7cW/Xz9P0Om1v/n7n953NLJ/gcAAIAe5O5/Rdxi/wMAAEAzcve/Mm6x/wEAAKAZufsvjVs62f/e/9f/Zz+/uQb9/9n6f+//T+T9/9mB9/9H9P97pP8fp/9fQP/v/f82+v/8Ie//c+im1v/n7n9V3NLJ/gcAAIAe5O5/ddxi/wMAAMB62P73Dpz6N5SG3P2viVvsfwAAAGhG7v7Xxi2d7H/9v/7f+//6f/3/8OdPq//3/v9e6f/H6f8X0P+vop8/0lj/f9luP38K/f9Fq3v/X//PadnR/19z8scPq//P3f+6uKWT/Q8AAAA9yN3/+rjF/gcAAIBm5O5/Q9xi/wMAAEAzcve/MW7pZP+vvP/f2v2z9f/6f/2//l//f+JXj/5/efT/4/T/C+j/vf/fxvv/+n8mY0f/v81h9f+5+98Ut3Sy/wEAAKAHufvfHLfY/wAAANCM3P2XxS32PwAAADQjd/9b4pZO9r/3//X/+n/9v/5/+PO9/7+e9P/j9P8L6P+39/MPn+n/9f/6f87Q1Pr/3P1vjVs62f8AAADQg9z9b4tb7H8AAABoRu7+t8ct9j8AAAA0I3f/O+KWTva//n+1/X/+uP5f/z/T/+v/9f8Hotv+f2Pov4nm7dL/X/+wow/c+SP6f/2/9//1//p/lmAS/f+xk//fZe7+d8Ytnex/AAAA6EHu/nfFLfY/AAAANCN3/7vjFvsfAAAAmpG7/z1xyz73/z2W+q0Ojv7f+//6f/2//n/48/X/66nb/n+PvP+/gP5f/6//1/+zVJPo/7f9z7n73xu3+P1/AAAAaEbu/vfFLfY/AAAANCN3//vjFvsfAAAAmpG7/wNxSyf7X/+v/9f/6//1/8Ofr/9fT/r/cRPt/7fyn+j/T6v/v/U++v9JfH/9v/6feVPr/3P3Xx63dLL/AQAAoAe5+z8Yt9j/AAAA0Izc/R+KW+x/AAAAaEbu/g/HLZ3sf/2//l//r//X/w9/vv5/Pen/x020/y8H0v9fMfIFhvr/Y+dOvf/3/v9Evr/+X//PvKn1/7n7PxK3dLL/AQAAoAe5+6+IW+x/AAAAaEbu/ivjFvsfAAAAmpG7/6NxSyf7X/+v/9f/6//1/8OfP9D/H9n+vfT/06T/H6f/X2A93//X/0/k++v/9f/Mm1r/n7v/Y3FLJ/sfAAAAepC7/6q4xf4HAACAZuTu/3jcYv8DAABAM3L3Xx23dLL/9f/6f/2//l//P/z53v9fT6vr/2f6f/2//n+BffXz5y7lKx/e9x+g/9f/M29q/X/u/k/ELZ3sfwAAAOhB7v5Pxi172f9b56/qawEAAABLlLv/U3GL3/8HAACAZuTu/3Tc0sn+1//PZmdti5f1//r/4z+g/9f/L7v/P1//f1C8/z9O/7+A/t/7//p//T9LNbX+P3f/Z+KWTvY/AAAA9CB3/zVxi/0PAAAAzbjj+D9uzj4bt9j/AAAA0Izc/Z+LWzrZ//p/7//v7P9nM/2//l//f8IBvP+/OdP/L53+f5z+fwH9f5v9/1mzhvr/rV1/vv6fKZpa/5+7//NxSyf7HwAAAHqQu//auMX+BwAAgGbk7v9C3GL/AwAAQDNy938xbulk/+v/9f/e/9f/6/+HP/8A+v/6s6r/Xx79/zj9/wL6/zb7f+//6/85NFPr/3P3fylu6WT/AwAAQA9y9385brH/AQAAoBm5+78St9j/AAAA0Izc/V+NWzrZ//p//b/+X/+v/x/+fP3/etL/j9P/L6D/1//r//X/LNXU+v/c/V+LWzrZ/wAAANCD3P3XxS32PwAAADQjd//1cYv9DwAAAM3I3f/1uKWT/a//1//r/9ez/9/U/+v/9f+DptL/X3DBA27Q/+v/9f/6f/2//r93U+v/c/d/I27pZP8DAABAD3L3fzNusf8BAACgGbn7vxW32P8AAADQjNz9345bOtn/8/3/ObMTheoJQ/1/NGr6/230/zu/v/5/+NeH9//1//r/1Tu1/z93nz/f+/9B/6//1/+vtv+/9/zP1//Toqn1/7n7b4hbOtn/AAAA0IPc/d+JW+x/AAAAaEbu/u/GLfY/AAAANCN3/41xSyf73/v/+n/9/0H2/xv6f/2//n/FpvL+v/7/9L6//l//v87fv5n3/8/W/7M8q+//t+Kf7a3/z93/vbilk/0PAAAAPcjd//24xf4HAACAZuTu/0HcYv8DAABAM3L3/zBu6WT/6//1//p/7//r/4c/X/+/nvT/4/T/C/TT/28O/eBh9/Nn6rC/fzP9v/f/WaKpvf+fu/9HcUsn+x8AAAB6kLv/x3GL/Q8AAADNyN3/k7jF/gcAAIBm5O7/adzSyf7X/+v/2+//H6L/P+XzD6n/P6r/1/8fBP1//jf6MP3/ApPp/4f/r+j9/2l/f/2//p95U+v/c/ffFLd0sv8BAACgB7n7fxa32P8AAADQjNz9N8ct9j8AAAA0I3f/z+OWTva//r+v/n9j1mP/7/3/ifT/3v/X/x8I/f84/f8Ck+n/V/7+/6DD7ucP4fvftczvr//X/zNvav1/7v5bNo50uf8BAABgXT3ovo+4aa//2luO/+Pm7Bdxi/0PAAAAzcjd/8u4xf4HAACAZuTu/1Xc0sn+1//31f/3+f6//l//r//vif5/nP5/Af1/b/3/Ur+//l//z7yp9f+5+38dt2wbfkf2/UcJAAAATEnu/t/ELZ38/j8AAAD0IHf/b+OWuf1/bI9/VzsAAAAwNbn7fxe3dPL7/2vc/w9nGa31/7MV9f/xr+u1/7/2gp1/vvT/+v+hz9f/ryf9/7gz7P+Pbej/9f8jhvv5m++u/9f/6//7NbX+P3f/7+OWTvY/AAAANGrHX1HI3f+HuMX+BwAAgGbk7v9j3GL/AwAAQDNy998at3Sy/9e4/9/lD6ix/v+03v/fqn/m/f/O3/+/ZHPw85fe/5+z849X/z9M/38w9P/jvP+/gP7f+//6f/0/SzW1/j93/5/ilk72PwAAAPQgd/+f4xb7HwAAAJqRu/8vcYv9DwAAAM3I3X9b3NLJ/tf/t9j/7+H9f/1/H/3/Lp/fzvv/9zzv6HUPfuiVl+v/Oekg+//8taD/1//r/0/Q/+v/9f+camr9f+7+v8Ytnex/AAAA6EHu/tvjFvsfAAAAmpG7/29xi/0PAAAAzcjd//e4pZP9r//X/0+l/88/14fQ/x9dv/4/m+Le+3/v/+v/53n/f5z+fwH9v/5f/6//Z6mm1v/n7r8jbulk/wMAAEAPcvf/I27J/b+x7790DwAAAExM7v5/Hr/b/h4tv/8PAAAAzTix+zdn/4pbOtn/+n/9/1T6/+T9/5M/z/v/J+j/9f/7sfb9/+ws/b/+X/+/pt9f/6//Z97U+v/c/f+OWzrZ/wAAANCD3P13xi079//dDvZbAQAAAMuUu/8/cYvf/wcAAIBm5O6/K27pZP/r//X/+n/9v/5/+PP1/+tp7ft/7//r//X/a/v99f/6f+ZNrf/P3f+/AAAA//+4rmTi")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
listxattr(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)

3m30.401360714s ago: executing program 2 (id=617):
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000004980)=""/177, 0xb1)

3m29.820921886s ago: executing program 2 (id=618):
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='attr\x00')
getdents(r0, &(0x7f00000000c0)=""/35, 0x23)

3m29.646443124s ago: executing program 34 (id=618):
r0 = syz_open_procfs(0x0, &(0x7f0000000440)='attr\x00')
getdents(r0, &(0x7f00000000c0)=""/35, 0x23)

2m17.381876182s ago: executing program 5 (id=1473):
r0 = socket$inet6(0xa, 0x802, 0x0)
setsockopt$inet6_buf(r0, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0xffff, 0xffffffff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000001840), 0x3b, 0x0)

2m17.288427434s ago: executing program 5 (id=1474):
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r0, 0x0, 0x16, 0x0, 0x0)

2m17.288261922s ago: executing program 5 (id=1475):
r0 = socket(0x1, 0x2, 0x0)
bind$unix(r0, 0x0, 0x0)

2m17.199404957s ago: executing program 5 (id=1476):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0), 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=")
setxattr$trusted_overlay_upper(0x0, &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x31)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = open(&(0x7f00000003c0)='.\x00', 0x100, 0x97)
getdents(r1, &(0x7f0000001fc0)=""/184, 0xb8)

2m17.05459719s ago: executing program 5 (id=1477):
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000040)={{&(0x7f000040a000/0x800000)=nil, 0x800000}})

2m16.738415595s ago: executing program 5 (id=1481):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000002080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, 0x0, 0x0)

2m16.605196522s ago: executing program 35 (id=1481):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000002080)={0x1f, 0x0, @any, 0x0, 0x1}, 0xe)
setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0xf, 0x0, 0x0)

2m14.369496169s ago: executing program 4 (id=1505):
pipe(&(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
r2 = openat$cuse(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
splice(r0, 0x0, r2, 0x0, 0x7fff, 0x6)

2m13.459098574s ago: executing program 4 (id=1519):
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0)

2m13.338533327s ago: executing program 4 (id=1520):
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x200000, 0x200000})
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0x2)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000400)=0x11)

2m13.189595297s ago: executing program 4 (id=1521):
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0008b0cf8098a954f0c13d46c5f2da99dd78517bdc8c78047b090ec8e43f7def3d6e7ff57769de041cb1ee36eb9ef08355f53fb91f02fc63278f3613aa6fba7e9b000800008a4f6d9dbe20a5c5b893c3751e0d41a772d4e6963860d07e3f3f06b10f3eeb3aa2324f6e3d348cf3fa4536d200214110447005e899317ac49bdb087c7ee9c6a7f01bf8f94692bfa45daf2423901aa20a1e0b8736e57abc12ff197cc72bc4b25cfc4ae212b63861ba8545d2"], 0x1, 0x14d1, &(0x7f00000015c0)="$eJzs3AlwlcW2KOBe3f1DiBG3EZl79fphiwGaiIjIICIyiIiICIjMIiBiRERERISATCICIgIyRkSGEAGRIUDEMM/zPBg5iIiIyCSTQL/C47ncczy3uO+8cy+vKuur6kqv/Hut3Z1VyT9UZf/UdViNxjWrNiAi8a9Qf5vAX78kCyFihBADhRC3CSECIUTZ+LLx147nUpD8L70J+x/SMPVmr4DdTNz/7I37n71x/7M37n/2xv3P3rj/2Rv3P3vj/jOWraUVuJ1H9h38/D874/N/9sb9z964/9kb9z974/5nb9z/7I37n71x/7M37j9j2dr/B8+gedzEwRhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM/S+44K/TQoi/zW/2uhhjjDHGGGOMMfbv43Pe7BUwxhhjjDHGGGPsfx4IKZTQIhA5RE4RI3KJWHGLiBO3itziNhERt4t4cYfII+4UeUU+kV8UEAVFIVFYGIHCChKhKCKKiqi4SxQTd4sEUVyUECWFE6VEorhHlBb3ijLiPlFW3C/KiQdEeVFBVBSVxIOisnhIVBEPi6riEVFNVBc1RE3xqKglHhO1xeOijnhC1BVPinriKVFfPC0aiIaikXhGNBbPiiaiqWgmmosWoqVo9S/lvyV6iLdFT9FLJIveoo94R/QV/UR/MUAMFO+KQeI9MVi8L4aIoWKY+EAMFx+KEeIjMVKMEqPFx2KMGCvGifFigpgoUsQnYpL4VEwWn4kpYqqYJqaLVDFDpInPxUwxS8wWX4g54ksxV8wT88UCkS4WikViscgQX4kl4muRKZaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdopdYrfYI/aKfWK/OCC+EVni2//L/PP/kN8NBAiQIEGDhhyQA2IgBmIhFuIgDnJDbohABOIhHvJAHsgLeSE/5IeCUBAKQ2FAQCAgKAJFIApRKAbFIAESoASUAAcOEiERSsO9UAbKQFkoC+WgHJSHClABKkElqAyVoQpUgapQFapBNagBNeBReBQeg9pQG+pAHagLdaEe1IP6UB8aQANoBI2gMTSGJtAEmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIAk6QkfoBJ2gM3SGLtAFukJX6AZvwpvwFrwFb8Pb0Auqyd7QB/pAX+gL/WEADIB3YRC8B+/B+zAEhsIw+AA+gA9hBJyDkTAKRsNoqCzHwjgYDyQnQgqkwCSYBJNhMkyBqTAVpkMqzIA0SIOZMAtmwRcwB76EL2EezIMFkA7psAgWQwZkwBI4D5mwFJbBclgBK2EFrIY1sBrWwXpYBxthI2yGzbAVtsJ22A47YSfsht2wF/bCftgPQyALsuAgHIRDcAgOw2E4AkfgKByFY3AMjsNxOAEn4CScgtNwCs7CWTgH5+ECXIBLcAkuw2W4Clev/fLLa7TUMofMIWNkjIyVsTJOxsncMreMyIiMl/Eyj8wj88q8Mr/MLwvKgrKwLCxRoiQZyiKyiIzKqCwmi8kEmSBLyBLSSScTZaIsLUvLMrKMLCvvl+XkA7K8rCDbukqykqws27kq8mFZVVaV1WR1WUPWlDVlLVlL1pa1ZR1ZR9aVdWU9+ZSsL3tDf2gor3WmsRwKTeQwaCabyxaypfwQnpOt5QhoI9vKdvIFOQpGQgfZ2iXJl2VHOQ46yVfleHhNdpEToat8Q3aTb8ru8i3ZQ7ZxPWUvOQV6yz5yOvSV/WR/OUDOhOryWsdqyPflEDlUDpMfyAXwoRwhP5Ij5Sg5Wn4sx8ixcpwcLyfIiTJFfiInyU/lZPmZnCKnymlyukyVM2Sa/FzOlLPkbPmFnCO/lHPlPDlfLpDpcqFcJBfLDPmVXCK/lplyqVwml8sVcqVcJVfLNXKtXCfXyw1yo9wkN8stcqvcJrfLHXKn3CV3yz1yr9wn98sD8huZJb+VB+Vf5CH5nTwsv5dH5A/yqPxRHpM/yePyZ3lC/iJPylPytDwjz8pf5Tl5Xl6QF+Ul+Zu8LK/Iq9JLoUBJpZRWgcqhcqoYlUvFqltUnLpV5Va3qYi6XcWrO1QedafKq/Kp/KqAKqgKqcLKKFRWkQpVEVVURdVdqpi6WyWo4qqEKqmcKqUS1T2qtLpXlVH3qbLqflVOPaDKqwqqoqqkHlSV1UOqinpYVVWPqGqquqqhaqpHVS31mKqtHld11BOqrnpS1VNPqfrqadVANVSN1DOqsXpWNVFNVTPVXLVQLVUr9ZxqrZ5XbVRb1U69oNqrF1UH9ZJKUi+rjuoV1Um9qjqr11QX9brqqt5Q3dSbqru6oq4qr3qqXipZ9VZ91Duqr+qn+qsBaqB6Vw1S76nB6n01RA1Vw9QHarj6UI1QH6mRapQarT5WY9RYNU6NVxPURJWiPlGT1KdqsvpMTVFT1TQ1XaWqGar/H5Vm/zfyP/0n+YN/f/fNaovaqrap7WqH2ql2qd1qj9qj9ql96oA6oLJUljqoDqpD6pA6rA6rI+qIOqqOqmPqmDqujqsT6oQ6qU6pi+qMOqt+VefUeXVeXVSX1CV1+Y+fgdCgpVZa60Dn0Dl1jM6lY/UtOk7fqnPr23RE367j9R06j75T59X5dH5dQBfUhXRhbTRqq0mHuoguqqP6Ll1M360TdHFdQpfUTpfSifqe/+f8G62vlW6lW+vWuo1uo9vpdrq9bq876A46SSfpjrqj7qQ76c66s+6iu+iuuqvuprvp7rq77qF76J66p07WybqPfkf31f10fz1AD9Tv6kF6kB6sB+sheogepofp4Xq4HqFH6JF6pB6tR+sxeowep8fpCXqCTtEpepKepCfryXqKnqKn6Wk6VafqNJ2mZ+qZeraerefoOXqunqvn6/k6XafrRXqRztAZeoleojP1Ur1UL9fL9Uq9Uq/Wq/VavVav1+v1Rr1RZ+oteoveprfpHXqH3qV36T16j96n9+kD+oDO0ln6oD6oD+lD+rA+rI/oI/qoPqqP6WP6uD6uT+gT+qQ+qU/r0/qsPqvP6XP6gr6gL+lL+rK+rK/qq9cu+wIZyEAHOsgR5AhigpggNogN4oK4IHeQO4gEkSA+iA/yBHcGeYN8Qf6gQFAwKBQUDkyAgQ0oCIMiQdEgGtwVFAvuDhKC4kGJoGTgglJBYnBPUDq4NygT3BeUDe4PygUPBOWDCkHFoFLwYFA5eCioEjwcVA0eCaoF1YMaQc3g0aBW8FhQO3g8qBM8EdQNngzqBU8F9YOngwZBw6BR8EzQOHg2aBI0DZoFzYMWQcug1b+1vvfn8j3veppeJtn0Nn3MO6av6Wf6mwFmoHnXDDLvmcHmfTPEDDXDzAdmuPnQjDAfmZFmlBltPjZjzFgzzow3E8xEk2I+MZPMp2ay+cxMMVPNNDPdpJoZJs18bmaaWWa2+cLMMV+auWaemW8WmHSz0Cwyi02G+cosMV+bTLPULDPLzQqz0qwyq80as9asM+vNBrPRbDKbzRaz1Wwz280Os9PsMrvNHrPX7DP7zQHzjcky35qD5i/mkPnOHDbfmyPmB3PU/GiOmZ/McfOzOWF+MSfNKXPanDFnza/mnDlvLpiL5pL5zVw2V8xV469d3F87vaNGjTkwB8ZgDMZiLMZhHObG3BjBCMZjPObBPJgX82J+zI8FsSAWxsJ4DSFhESyCUYxiMSyGCZiAJbAEOnSYiIlYGktjGSyDZbEslsNyWB7LY0WsiA/ig/gQPoQP48P4CD6C1bE61sSaWAtrYW2sjXWwDtbFulgP62F9rI8NsAE2wkbYGBtjE2yCzbAZtsAW2ApbYWtsjW2wDbbDdtge22MH7IBJmIQdsSN2wk7YGTtjF+yCXbErdsNu2B27Yw/sgT2xJyZjMvbBPtgX+2J/7I8DcSAOwkE4GAfjEByCw3AYDsfhOAJH4EgchaPxYxyDY3EcjscJOBFTMAUn4SScjJNxCk7BaTgNUzEV0zANZ+JMnI2zcQ7Owbk4F+fjfEzHdFyEizADM3AJLsFMzMRluAxX4ApchatwDa7BdbgON+AG3ISbcAtuwW24DXfgDtyFu3AP7sF9uA8P4AHMwiw8iAfxEB7Cw3gYj+ARPIpH8Rgew+N4HE/gCTyJJ/E0nsazeBbP4Tm8gBfwEv6Gl/EKXkWPMTaXjbW32Dh7q81tb7P/GOe3BWxBW8gWtsbmtfn+LkZrbYItbkvYktbZUjbR3vOnuLytYCvaSvZBW9k+ZKv8Ka5lH7O17eO2jn3C1rSP/l1c1z5p69lnbX3b1DawzW0j29I2ts/aJrapbWab2xa2pW1vX7Qd7Es2yb5sO9pX/hQvsovtGrvWrrPr7T67316wF+0x+5O9ZH+zPW0vO9C+awfZ9+xg+74dYof+KR5tP7Zj7Fg7zo63E+zEP8XT7HSbamfYNPu5nWln/SlOtwvtHJth59p5dr5d8Ht8bU0Z9iu7xH5tM+1Su8wutyvsSrvKrv6PtS63G+0mu9nusXvtNrvd7rA77S67+/f42j4O2G9slv3WHrU/2kP2O3vYHrdH7A+/x9f2d9z+bE/YX+xJe8qetmfsWfurPWfP/77/a3s/Y6/Yq9ZbQUCSFGkKKAflpBjKRbF0C8XRrZSbbqMI3U7xdAfloTspL+Wj/FSAClIhKkyGkCwRhVSEilKU7qJidDclUHEqQSXJUSlKpHuoNN1LZeg+Kkv3Uzl6gMpTBapIlehBqkwPURV6mKrSI1SNqlMNqkmPUi16jGrT41SHnqC69CTVo6eoPj1NDaghNaJnqDE9S02oKTWj5tSCWlIreo5a0/PUhtpSO3qB2tOL1IFeoiR6mTrSK9SJXqXO9Bp1odepK71B3ehN6k5vUQ96m3pSL0qm3tSH3qG+1I/60wAaSO/SIHqPBtP7NISG0jD6gIbThzSCPqKRNIpG08c0hsbSOBpPE2gipdAnNIk+pcn0GU2hqTSNplMqzaA0+pxm0iyaTV/QHPqS5tI8mk8LKJ0W0iJaTBn0FS2hrymTltIyWk4raCWtotW0htbSOlpPG2gjbaLNtIW20jbaTjtoJ+2i3bSH9tI+2k8H6BvKom/pIP2FDtF3dJi+pyP0Ax2lH+kY/UTH6Wc6Qb/QSTpFp+kMnaVf6Rydpwt0kS7Rb3SZrtBV8iRCCGWoQh0GYY4wZxgT5gpjw1vCuPDWMHd4WxgJbw/jwzvCPOGdYd4wX5g/LBAWDAuFhUMTYmhDCsOwSFg0jIZ3hcXCu8OEsHhYIiwZurBUmBjeE5YO7w3LhPeFZcP7w3LhA2H5sEJYMawUPhhWDh8Kq4QPh1XDR8JqYfWwRlgzfDSsFT4W1g4fD+uET4RlwifDeuFTYf3w6bBB2DBsFD4TNg6fDZuETcNmYfOwRdgybBU+F7YOnw/bhG3DduELYfvwxbBD+FKYFL4cdgxfueHx5LB32Cd8J3wn9P5xNT+6IJoeXRhdFF0czYh+FV0S/TqaGV0aXRZdHl0RXRldFV0dXRNdG10XXR/dEN0Y3RTdHPW+Zk7hwEmnnHaBy+FyuhiXy8W6W1ycu9Xldre5iLvdxbs7XB53p8vr8rn8roAr6Aq5ws44dNaRC10RV9RF3V2umLvbJbjiroQr6Zwr5RJdS9fKtXKt3fOujWvr2rkX3AvuRfeie8m95F52Hd0rrpN71XV2r7ku7nX3unvDdXNvuu7uLdfDve16ul4u2SW7Pq6P6+v6uv6uvxvoBrpBbpAb7Aa7IW6IG+aGueFuuBvhRriRbqQb7Ua7MW6MG+fGuQlugktxKW6Sm+Qmu8luipviprlpLtWlujSX5ma6mW62m+3muDlurpvr5rv5Lt2lu0VukctwGW6JW+IyXaZb5pa5FW6FW+VWuTVujVvn1rkNboPb5Da5LW6L2+a2uR1uh9vldrk9bo/b5/a5A+6Ay3JZ7qA76A65Q+6w+94dcT+4o+5Hd8z95I67n90J94s76U650+6MO+t+defceXfBXXSX3G/usrvirjrvUiKfRCZFPo1MjnwWmRKZGpkWmR5JjcyIpEU+j8yMzIrMjnwRmRP5MjI3Mi8yP7Igkh5ZGFkUWRzJiHwVWRL5OpIZWRpZFlkeWRFZGfG+0LbQF/FFfdTf5Yv5u32CL+5L+JLe+VI+0d/jS/t7fRl/ny/r7/fl/AO+vK/gK/qmvplv7lv4lr6Vf8639s/7Nr6tb+df8O39i76Df8kn+Zd9R/+K7+Rf9Z39a76Lf9139W/4bv5N392/5Xv4t31P38sn+96+j3/H9/X9fH8/wA/07/pB/j0/2L/vh/ihfpj/wA/3H/oR/iM/0o/yo/3Hfowf68f58X6Cn+hT/Cd+kv/UT/af+Sl+qp/mp/tUP8On+c/9TD/Lz/Zf+Dn+Sz/Xz/Pz/QKf7hf6RX6xz/Bf+SX+a5/pl/plfrlf4Vf6VX61X+PX+nV+vd/gN/pNfrPf4rf6bX673+F3+l1+t9/j9/p9fr8/4L/xWf5bf9D/xR/y3/nD/nt/xP/gj/of/TH/kz/uf/Yn/C/+pD/lT/sz/qz/1Z/z5/0Ff9Ff8r/5y/6Kv8r/s8YYY4wx9t+ibnC89z/5nvxjXNNHCHHr9gJH/rHmhrx/nfeT+zpGhBAv9+ra8G+jYcPk5OQ/XpupRFB0nhAicj0/h7geLxXtxIsiSbQVpf/p+vrJikA3qB+9X4jY/5QTI67H1+vf+1/Ub7rwhvXnCZFQ9HpOLnE9vl6/zH9Rf3f7G9TP9V2KEG3+U06cuB5fr58onheviKS/eyVjjDHGGGOMMfZX/eSlbje6v712f15QX8/JKa7HN7o/Z4wxxhhjjDHG2M332pvdX3ouKaltZ57whCc8+Y/Jzf7LxBhjjDHGGPt3u37Rf7NXwhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMZV//Gx8ndrP3yBhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjN1s/ycAAP//fMhn/w==")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)

2m12.829532856s ago: executing program 4 (id=1527):
r0 = socket$kcm(0x2, 0x1000000000000002, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ced4fbd44e24eb0d34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3a06d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796efea77aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece72f2090000f44a3210223fdae7ed04935c3c90941576aebc8619d73415cda2130f5011e4845505000001000000004f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c040035cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bf463261135e24d154114df1381b02a0dcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f884cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e1700000000000000000000000000000000000000000000000000000520500002952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9a33c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a62415f78000000005f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c81c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b40824095135861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac00000b0000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e5dd921a5eadd4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293d5c833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e602c28ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f257aac5af18d8c6b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e29b10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe8e4cd14dc5c1eb98b63198f6f830745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b51c34a5384f2cf51180c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af243b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380ecf1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f558982d57c556ca1427b5960b79990565ca2a20996fcba472213744d3a156979651596afde2b0089f023fcfccd072bd6ea8445fc787390d71ec61d5b7b0f05f6931914bf49aa0d66eff294271a93e32f54f281068514a4cd2d0700a43df59e9924e4affdbd22405e675e9d7cdc10546571131831d4dc8c8363077a908d9ae4f27ff095f5b07667f93a3573d3fabfca58ee0a6b6a691102bb3c7be4dc5b816853275e7ae8c13ec341bad15353fad794b46c4fd73e1b4cc78de2156cb158870d5b8446dae9ba5f7f244e6cf8f6791671057347208a313ebbcb72b04706005670f2b0055e440d72c7c3316982c6ebe8675458cf6bb393b007f5cedb7bc411834600000000000000000000000000a20071b07d568a8150ed646b4978d0226d9651647a5999ae7c7c85322a215fcdb1adbad63499518fe0d10145d430422c78367dfa941f74b63f3884565ac89c673da2c2b1172be5f2cd1f3f453ebddd432bd24c73fa773b739e20fcec16a821230654a383ac1868495f67d942c772ca75e09073dbe9307ff5cac7c2c411149a4d989a8a019e068da218d4bc34e4102fd2f97397331e4cd70b4915582b635f07ca87f00dc929f902540f565c20add8675b79e005cf0277d954697317b907b77fa5d6b7feaebaf676a2a37de8aa70748fee4bc198ffd3e2de11eb0eff896fd94de0805ba6b1054a7b3e300d4581e9af62a1ecaee96d2819b3d192e5b9561eb622da25450f586be14017a1cf74f89a1dd18af004decfe266134c3d036ae7996931fe6008a73ed34c35f0da4ffee1fe63bc1af6ef1b4731d50b8ceb582a1e9c6e8d97f8290cc105754f592d16ccdb1df8636d7ca5e372cea97dd0f005cc7092b126dd46758917fb0d94b8483d403bd451429cc1660f0b5a529d8134dc2702f6d8e2f943d98fbe50a3ba653f13f98a00fcbf311f9758ade8e4eb87b4b9fb2d387f5d8c4bdcab2fff9ed8c9de961fd831a070381c8020352fea7c334b2959ddd956701a7ea415e224a81c9fa1ebbabe74f7743e09b6c8b72650b51d5c2000ef3679c039b3604374fc1af7ab354204afbd24f0e701bc08a98452ce2668617e85e0d876f5a8b6d9b777f1c384d8a9883e4262defb6b9aab8d5b76bc91ca50f87966797da2499ca0ac76707c0408a7b6d8708fe7714988babdc11f"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
setsockopt$sock_attach_bpf(r0, 0x88, 0x67, &(0x7f00000002c0)=r1, 0x4)
sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000080)={0x2, 0x4e1f, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast2}}}], 0x20}, 0x0)

2m12.642013714s ago: executing program 4 (id=1534):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff)
sendto$inet6(r0, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000300)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@jqfmt_vfsold}, {@minixdf}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
syz_emit_vhci(0x0, 0x7)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='scalable\x00', 0x9)
shutdown(r0, 0x1)

2m12.513312387s ago: executing program 36 (id=1534):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), 0xffffffffffffffff)
sendto$inet6(r0, &(0x7f0000000280)='2', 0x1, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000300)={[{@init_itable_val}, {@jqfmt_vfsold}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@jqfmt_vfsold}, {@minixdf}, {@quota}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
syz_emit_vhci(0x0, 0x7)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000040)='scalable\x00', 0x9)
shutdown(r0, 0x1)

734.442676ms ago: executing program 6 (id=2983):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f00000000c0)='./file0\x00', 0x100, &(0x7f0000000080), 0xfd, 0x5532, &(0x7f0000005900)="$eJzs3L1vG2UcB/DHeWnSF0qEGNhyUoWUSLUV56WCLUArXkSqqMDABI7tWG5tXxQ7TsjUgRF14D9BVGJi5A9gYmBmQwwgNiSQ77lAE1p1iFPn5fORLt+75x7/7jkrivQ7Rw7AhTWT/Pl7IVwPl0MI4yGEayFk+4V8y6zGeC2EMBtCGHtiK+Tj/w5cCiFcCSFcHxSPNQv5qa9v9m+s/PbBH9//NDVx9Zvvfh7dXQOj9noIob0V93fbMdNGzPv5eKXfzLK93M8znmhNx/PtNI7v1jeyCruVg3mVLJcacX66tdMd5GarUh1ko7mZjW914gW7/cZBnewF9yvb2XGtvpFls5tm2diP193bj3/b9ru9WKeW1/siKx96vYOM4/W9eryfrQdZVju9fDzWTWv1vUH288wvF6ppq5atY+MYb/Qp92Gzs7OX9Ovb3WbaSVZK5TdK5VvF8nZaq/fqy8VKu3ZrOZlrtAbTir16pb3aSNNGq16qpu35ZK5RrRbL5WTudn2jWekk5XJpqbRQXJnP924m7979JGnVkrlBvt3s7PSarW6ymW4n8RXzyWJp6c355EY5+WhtPVm/d+fO2vrHn93+9O5ba++/k0/637KSucWFxcVieaG4WJ6/QPf/Zb7oId4/HEvhuTN+fCHrADhD9P/AKByn/28/yI+f2v9v3wvh5Pv/oP8fijPV/170/v8E7h+O5fn9PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA59Qvk9++l+3MxOOr+fhL+dAr+XEhhDAWQvj7KcbDpUM1x/M6k8+YP3lkDT8UQlZhcI2pfLsSQljNt79ePul3AQAAAM6vxw9nH43H3SxmRrweXqj40Gbs2udDqlcIIUzO/DqkamODH68OqVj2+z0R9oZULXuANT2kYvGR28SwqkVHH7EdMX4opp+IQoyx4S4HAAA4DQ53AkPuQgAAADhFvhr1AhiNQvjvg8L8H/inYuQfCF4+dAQAAACcQYVRLwAAAAA4cVn/7/v/AAAA4Hx7/HD20ajXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7BzP7eJA1EcgJ8NXth/WrTay562lb1BGVvCHnOMKCBNUEAO1JAGqIHcUkIEER5DIOIQyYOtoO+TnMlY5scbBIeZkQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACu3WO1rOL2z13bnM22nTyjAQAAAM5ZV8tZ/c8k9b829783t342/SIiyog4N3cfxKeTzEGTU70+f3/8fPWmhoeIOmH3HqPm+hIRf5vr+celPwUAAAC4Xqv5Yppm6+nPpO+C6FJatCm//cuUV0RENXnKlFbu8n5lCqu/38O4yZRWL2CNM4WlJbdhrrR3qX/uh1W78VFTpKY8+7JDkdnGDgAAdGiwb35H57MQAAAAuvS/7wLoRxH7rczDVuAoNc323ueTHgAAAPABFX0XAAAAAFxcPf/v6Py/rfP/AAAAoB/p/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuaV0tZ6v5Yto2Z7NtJ89oAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4YX/eUSAEwiAM9q7vTOb+h5UGTU1NqkD4+BuDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICL/XlJgRAIgiiYM/530vc/rCToGUSIgIZHFbVoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLnft5jaOKAwD+ZmZna6tijJJDRBQ86MWm29ram3hQggf/BCGk2xq79Uebgy1FzMWb5NyL6FFEVOKt/0PPLfRSbz3kUEE8rrz5sRlr0ETozDT5fODN+87sMO/7ZiHkO28SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKhtv70TZ3EzV8Zpdez2g+ursb/zUB/d3Ly7GFuMkzaTfjy82NxJFrpLBAAAgMMjq+v7EMK9fGs59ulcUf/n9Tmx5v/26TKu6/mH6/66r2v/2H795f7zs4HmynHiRc+vTcYn/pnK4NHNst+e+c8zBsWdL569ZMUXkr638dx2XtzP5Otbt94ZFuGRNrIFAP6P43VfBfXvQ7EfdZkYAIfGoFF41/V/NtdtTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABt2N4IT4bw02x/cVD2SbV/58H11d36m5t3F+t25saNzfDlzjXjJfIQwvm1yfhEm5PpuStXr11cmUzGl9sPXgohdDX6W9X0L36wh5ND6OT+7D/4sx9p9C1Iqy+7L/k8HkGHP5QAADiQ8qrFuv5evrUcjyXzIUy/C8P6nPjZq4047LH+v//hmdvNsZr1/6i1Gfbf0vqlT5euXL32+tqllQvjC+OP3zg5enN06uzp02eXimclS56YAAAAsG/T6XQ62xlWrVn/p/P1+n8pfnasEYc91v+ffTP6ojlwpv7f1c6iX9eZAAAAHG7PvvzH78kux5PhMHy+sr5+eVRuZ/sny20Hqe7bkao16/9svuusAAAAgDZsbyR/W/8/14jDHtf/n/r+hR+b18xCCEer9f/jq59MzrU3nV5r48+Ju54jAAAA3Tpateb6f168/5/OXnlIQwivvVLG1b8B/Nf6P6/q/+zdr35ojtV8//9Ue1PspXShvB9FvxDCYKHrjAAAADjInqhaLPZ/y7eWP/r52PtD7/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtO2vAAAA///kckIc")

580.687969ms ago: executing program 0 (id=2988):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000340)=0x15)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x7e)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0x15)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000000c0)=0x4)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7d)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000003c0))

517.266054ms ago: executing program 0 (id=2989):
r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r0, 0xc0184800, &(0x7f0000000100)={0x4})

516.844003ms ago: executing program 0 (id=2991):
r0 = syz_open_dev$swradio(&(0x7f00000012c0), 0x1, 0x2)
ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000080)={0xb, @vbi={0x8, 0x5, 0xffffffff, 0x30314742, [0x0, 0x4d9d], [0x3, 0x10001], 0x13a}})

410.102378ms ago: executing program 0 (id=2992):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x8801, 0x0)
writev(r0, &(0x7f0000000340)=[{&(0x7f0000000100)="1876d433b8c266f9be2253e7c12fc9ea10343a19c358547a9357a174911e926c57b51eab3d0a4a2297653ac0c62201010000881a8789adddd1ca89ebd8632972a4f65ad1505ed06b6785508eb1dee994d18b084ef189ce72b079ed03ef849c46e3dedf604c01fae7c32f782dd9a45993a0798444d6ba181f2546b88893bf12575b27c1af55a55c55ca8855d5dc89db3e110430d10f429cc423ff64acc9fdb59a76caf809ce3c954f8a9618ebe5c3253e888feae6cc381ecb4a64085e24c48cf5ae9c5125d58d78ab2b70ec9216b42cf69b0cd34aa9a9b8e32e1841f19a7d38ce8de4d6d24b1a239ccfbb0935e4db5f50c9b8ebdf158eb582b914857522de035110521a268d3fa0888ebd65ab713338b2fa1029851d62af03f2bcf6034cf0287f10c84c967bae32a79fbf90122d41a622c0fa8a0fae4ffa55df5ec7ebb0708dbb6148f2cde6d128018a0efa8598fa29ac80c6642d52c6f6b979e8fe5e1fbe7615ca1bc31f2bc541b3f67f129a490900000004ab65b661139a2d66fbe14888b28fb681b11cd33e07a04cee7fa46193218553971e41d0eaed454f6b4520963c5d21b889764986530174051ddeca7547b3aeb0ed720e20099fbeec90859a9f22b9229f72fb45e62fb2c7048099eb484edac92717591a6467c38af94b14d4bf366d5fb232c24bc8a9d5361dd979a98ff5ea6a331cf27110b4457301454119173622e1ddef43e79842b3dcbce701ec9195770fd820823cd45fe00baa87d3000000000000570d", 0x223}], 0x1)

409.464391ms ago: executing program 7 (id=2993):
socket$inet6_udplite(0xa, 0x2, 0x88)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="440000000906010200120000000c0000000000000900020073797a310000000005000100070000001c0007800c00018008000140fffffffe0c00028008000140"], 0x44}, 0x1, 0x0, 0x0, 0x10008086}, 0x4000050)

368.174786ms ago: executing program 0 (id=2994):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r2, 0x8933, &(0x7f0000000340)={'wpan0\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="4d7e00000000000000002a00000008002f000000000005003600000000000c0005000000000000000000050037005000000008000200", @ANYRES32=r3, @ANYBLOB="0600060000e2ff00060004"], 0x50}, 0x4, 0x700000000000000}, 0x0)

367.575713ms ago: executing program 6 (id=2995):
r0 = socket$netlink(0x10, 0x3, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000600)={{0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}, [], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x28}, 0x1, 0x0, 0x0, 0x20000010}, 0x4000)

367.026831ms ago: executing program 7 (id=2996):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b28, &(0x7f0000000000)={'wlan1\x00', @random="8100"})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001700000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000a40)={r0, 0x27, 0xe80, 0x0, &(0x7f0000000000)="f8ad1dcc02cb29dcc80032008100", 0x0, 0x4000, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50)

278.039353ms ago: executing program 7 (id=2997):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xd, &(0x7f00000004c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}, @call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000940)={{r0}, &(0x7f0000000600), &(0x7f0000000900)='%pB    \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

277.619808ms ago: executing program 0 (id=2998):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$inet6(0xa, 0x1, 0x8010000000000084)
r3 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
ioctl$USBDEVFS_CONTROL(r3, 0xc0105500, &(0x7f0000000040)={0x0, 0xe, 0x1, 0x7, 0x0, 0x7, 0x0})
bind$inet6(r2, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x140}}, 0x0)
r4 = openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0)
mmap(&(0x7f0000fed000/0x12000)=nil, 0x12000, 0x2, 0x11, 0xffffffffffffffff, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x0, 0x317, 0x1, 0x34, 0x9}, 0x9c)

277.374935ms ago: executing program 7 (id=2999):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd0, &(0x7f0000000080)=0xa, 0x4)

189.87343ms ago: executing program 7 (id=3000):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="1400000016000b63d25a80648c2594f917240685", 0x14}], 0x1}, 0x0)

189.580554ms ago: executing program 7 (id=3001):
syz_usb_connect$cdc_ecm(0x0, 0x54, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x42, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xf, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x4000}, {0xd}, [@dmm={0x7, 0x24, 0x14, 0x6, 0x8}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}]}}]}}, 0x0)

50.333206ms ago: executing program 6 (id=3002):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x2, 0x90)
write$cgroup_int(r0, &(0x7f0000000000)=0x500, 0x12)
write$cgroup_int(r0, &(0x7f0000000080)=0x4078c1d5, 0x12)

50.143224ms ago: executing program 6 (id=3003):
r0 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000400)={0xf0f015, 0x105})

429.695µs ago: executing program 6 (id=3004):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000240)={'vcan0\x00', <r1=>0x0})
sendmsg$can_raw(r0, &(0x7f0000000080)={&(0x7f0000000380)={0x1d, r1}, 0x10, &(0x7f0000000140)={&(0x7f0000000200)=@can={{}, 0x0, 0x0, 0x4, 0x0, "1b2f8a9b12002890"}, 0x10}, 0x2, 0x0, 0x0, 0x80}, 0x4000855)

0s ago: executing program 6 (id=3005):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0x8c0, &(0x7f0000000580)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c0088ce5fbb23a78290fd1a7a5c7acc40174210098c30c6ef8ec8a9c59ea3f3f3cf285fa69e2ec4fbf8770e08c6cca9b8895dfe87e20e80310098a305a6aca69a6a5bf060418adcb86db81ff5867538f004b320fd79d2d2757a87c6655d453b45b3a3c9245d386b575594e9d4e55b8b9a0fe9f2f59b2fd6f16b911c6147dfd8bb64e43e5d68045db013b60d457071934dba721dfc890ef59a330a782b"], 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
lsetxattr$system_posix_acl(&(0x7f0000000040)='./file1\x00', &(0x7f0000000100)='system.posix_acl_access\x00', &(0x7f0000000540)={{}, {0x1, 0x6}, [], {0x4, 0x1}, [], {0x10, 0x2}, {0x20, 0x1}}, 0x24, 0x3)
lsetxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000140)=ANY=[], 0x9c, 0x0)

kernel console output (not intermixed with test programs):

tes leftover after parsing attributes in process `syz.6.1549'.
[  207.186003][   T13] dummy0 (unregistering): left promiscuous mode
[  207.188441][   T13] dummy0 (unregistering): left allmulticast mode
[  207.193090][   T13] team0 (unregistering): Port device dummy0 removed
[  207.458357][T10083] chnl_net:caif_netlink_parms(): no params data found
[  207.777374][T10083] bridge0: port 1(bridge_slave_0) entered blocking state
[  207.780640][T10083] bridge0: port 1(bridge_slave_0) entered disabled state
[  207.796407][T10083] bridge_slave_0: entered allmulticast mode
[  207.799238][T10083] bridge_slave_0: entered promiscuous mode
[  207.833419][T10083] bridge0: port 2(bridge_slave_1) entered blocking state
[  207.852983][T10083] bridge0: port 2(bridge_slave_1) entered disabled state
[  207.856062][T10083] bridge_slave_1: entered allmulticast mode
[  207.880913][T10083] bridge_slave_1: entered promiscuous mode
[  207.924017][T10083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  207.946711][T10083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  208.034759][T10083] team0: Port device team_slave_0 added
[  208.039729][T10083] team0: Port device team_slave_1 added
[  208.140425][T10083] batman_adv: batadv0: Adding interface: batadv_slave_0
[  208.152477][T10083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.169029][T10083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  208.174926][T10083] batman_adv: batadv0: Adding interface: batadv_slave_1
[  208.184151][T10083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  208.198475][T10083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  208.387943][T10083] hsr_slave_0: entered promiscuous mode
[  208.394599][T10083] hsr_slave_1: entered promiscuous mode
[  208.397314][T10083] debugfs: 'hsr0' already exists in 'hsr'
[  208.399480][T10083] Cannot create hsr debugfs directory
[  208.851562][   T54] Bluetooth: hci0: command tx timeout
[  208.921679][   T54] Bluetooth: hci2: command tx timeout
[  209.498031][T10083] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  209.509972][T10083] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  209.522294][T10083] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  209.537711][T10083] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  209.653738][T10179] loop6: detected capacity change from 0 to 32768
[  209.656725][T10179] XFS: noikeep mount option is deprecated.
[  209.690686][T10083] 8021q: adding VLAN 0 to HW filter on device bond0
[  209.702299][T10083] 8021q: adding VLAN 0 to HW filter on device team0
[  209.719180][T10179] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  209.729038][ T6964] bridge0: port 1(bridge_slave_0) entered blocking state
[  209.732119][ T6964] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.738798][ T6964] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.741746][ T6964] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.770083][T10179] XFS (loop6): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  209.770761][T10083] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  209.787499][T10179] XFS (loop6): Starting recovery (logdev: internal)
[  209.819213][T10179] XFS (loop6): Ending recovery (logdev: internal)
[  209.857493][T10179] XFS (loop6): Metadata corruption detected at xfs_inobt_verify+0x9e/0x1f0, xfs_finobt block 0x8 
[  209.864793][T10179] XFS (loop6): Unmount and run xfs_repair
[  209.866596][T10179] XFS (loop6): First 128 bytes of corrupted metadata buffer:
[  209.868996][T10179] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff  AB3B............
[  209.873015][T10179] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10  ................
[  209.875904][T10179] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  209.878778][T10179] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02  ......1....N....
[  209.882145][T10179] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  209.886672][T10179] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  209.890743][T10179] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  209.899024][T10179] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  209.902151][T10179] XFS (loop6): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x8 len 8 error 117
[  209.936200][ T9938] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  209.953185][ T9938] XFS (loop6): Uncorrected metadata errors detected; please run xfs_repair.
[  209.969255][T10083] 8021q: adding VLAN 0 to HW filter on device batadv0
[  210.596176][T10083] veth0_vlan: entered promiscuous mode
[  210.630831][T10083] veth1_vlan: entered promiscuous mode
[  210.725942][T10083] veth0_macvtap: entered promiscuous mode
[  210.752075][T10083] veth1_macvtap: entered promiscuous mode
[  210.801428][T10083] batman_adv: batadv0: Interface activated: batadv_slave_0
[  210.936935][T10083] batman_adv: batadv0: Interface activated: batadv_slave_1
[  210.962567][   T13] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  210.968950][   T13] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  210.984909][   T13] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  210.990603][   T13] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  211.011553][   T54] Bluetooth: hci2: command tx timeout
[  211.303970][T10224] loop6: detected capacity change from 0 to 262144
[  211.307984][T10224] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1573 (10224)
[  211.329311][T10224] BTRFS info (device loop6): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  211.333221][T10224] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm
[  211.336077][T10224] BTRFS info (device loop6): using free-space-tree
[  211.501575][   T33] audit: type=1804 audit(1755394105.601:65): pid=10224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.1573" name="/newroot/33/bus/bus" dev="loop6" ino=263 res=1 errno=0
[  211.552934][T10224] BTRFS info (device loop6): balance: start -d -m -s
[  211.558380][T10224] BTRFS info (device loop6): relocating block group 63963136 flags data
[  211.601901][ T6964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.620353][ T6964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.692402][T10224] BTRFS info (device loop6): found 2 extents, stage: move data extents
[  211.716018][T10224] BTRFS info (device loop6): found 2 extents, stage: update data pointers
[  211.740342][T10224] BTRFS info (device loop6): relocating block group 13631488 flags data
[  211.752171][T10224] BTRFS info (device loop6): 2 enospc errors during balance
[  211.754796][T10224] BTRFS info (device loop6): balance: canceled
[  211.766096][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  211.770715][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  211.782067][ T9938] BTRFS info (device loop6): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  212.102692][T10274] trusted_key: syz.0.1579 sent an empty control message without MSG_MORE.
[  212.640715][T10284] loop7: detected capacity change from 0 to 2048
[  212.691226][T10284] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  212.895216][T10292] loop7: detected capacity change from 0 to 2048
[  212.948402][T10292] NILFS (loop7): Invalid checkpoint (checkpoint number=2)
[  212.950968][T10292] NILFS (loop7): error -22 while loading last checkpoint (checkpoint number=2)
[  213.091713][   T54] Bluetooth: hci2: command tx timeout
[  213.535819][T10309] loop6: detected capacity change from 0 to 32768
[  213.557082][T10309] ocfs2: Mounting device (7,6) on (node local, slot 0) with writeback data mode.
[  213.612101][  T794] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  213.653073][ T9938] ocfs2: Unmounting device (7,6) on (node local)
[  213.771722][  T794] usb 8-1: Using ep0 maxpacket: 32
[  213.775494][  T794] usb 8-1: config index 0 descriptor too short (expected 156, got 27)
[  213.778677][  T794] usb 8-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  213.785814][  T794] usb 8-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  213.795193][  T794] usb 8-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  213.807026][  T794] usb 8-1: config 0 interface 0 has no altsetting 0
[  213.819526][  T794] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  213.827275][  T794] usb 8-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  213.833893][  T794] usb 8-1: Product: syz
[  213.837506][  T794] usb 8-1: Manufacturer: syz
[  213.847143][  T794] usb 8-1: SerialNumber: syz
[  213.853153][  T794] usb 8-1: config 0 descriptor??
[  213.864147][  T794] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  213.878609][T10323] loop6: detected capacity change from 0 to 16
[  213.880020][  T794] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  213.924657][T10325] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1595'.
[  213.994468][T10329] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1597'.
[  214.030103][T10331] nftables ruleset with unbound chain
[  214.069550][T10333] loop6: detected capacity change from 0 to 1024
[  214.075960][T10333] EXT4-fs: Ignoring removed nobh option
[  214.078857][T10333] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  214.096266][T10333] EXT4-fs error (device loop6): ext4_ext_check_inode:523: inode #11: comm syz.6.1599: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  214.103018][T10333] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.1599: couldn't read orphan inode 11 (err -117)
[  214.104865][ T5912] usb 8-1: USB disconnect, device number 2
[  214.106789][    C0] ldusb 8-1:0.0: usb_submit_urb failed (-19)
[  214.107735][T10333] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  214.113858][ T5912] ldusb 8-1:0.0: LD USB Device #0 now disconnected
[  214.143116][T10333] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.1599: Invalid block bitmap block 0 in block_group 0
[  214.155594][T10333] Quota error (device loop6): write_blk: dquota write failed
[  214.158445][T10333] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  214.163194][T10333] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.1599: Failed to acquire dquot type 0
[  214.196930][ T9938] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  214.200836][ T3011] Quota error (device loop6): do_check_range: Getting block 0 out of range 1-8
[  214.206844][ T3011] EXT4-fs error (device loop6): ext4_release_dquot:6969: comm kworker/u9:4: Failed to release dquot type 0
[  215.037849][T10359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1608'.
[  215.215956][  T793] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  215.371460][  T793] usb 8-1: Using ep0 maxpacket: 16
[  215.377576][  T793] usb 8-1: New USB device found, idVendor=09c0, idProduct=0201, bcdDevice= a.a4
[  215.380993][  T793] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  215.384435][  T793] usb 8-1: Product: syz
[  215.386194][  T793] usb 8-1: Manufacturer: syz
[  215.388087][  T793] usb 8-1: SerialNumber: syz
[  215.398731][  T793] usb 8-1: config 0 descriptor??
[  215.405548][  T793] dvb-usb: found a 'Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver' in warm state.
[  215.806309][  T793] gp8psk: usb in 128 operation failed.
[  215.832062][  T793] gp8psk: usb in 137 operation failed.
[  215.834279][  T793] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  215.838990][  T793] dvbdev: DVB: registering new adapter (Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver)
[  215.843215][  T793] usb 8-1: media controller created
[  215.866426][  T793] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  215.880562][  T793] gp8psk_fe: Frontend revision 1 attached
[  215.884239][  T793] usb 8-1: DVB: registering adapter 1 frontend 0 (Genpix DVB-S)...
[  215.890479][  T793] dvbdev: dvb_create_media_entity: media entity 'Genpix DVB-S' registered.
[  216.087750][T10371] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  216.091108][T10371] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  216.094793][T10371] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  216.097532][T10371] comedi comedi3: 8255: I/O port conflict (0x5c952399,4)
[  216.100332][T10371] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  216.105681][T10371] comedi comedi3: 8255: I/O port conflict (0x3ff,4)
[  216.108423][T10371] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffe,4)
[  216.113116][T10371] comedi comedi3: 8255: I/O port conflict (0x1,4)
[  216.115908][T10371] comedi comedi3: 8255: I/O port conflict (0x9,4)
[  216.118487][T10371] comedi comedi3: 8255: I/O port conflict (0x6,4)
[  216.121029][T10371] comedi comedi3: 8255: I/O port conflict (0x4,4)
[  216.126271][T10371] comedi comedi3: 8255: I/O port conflict (0x3,4)
[  216.128926][T10371] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4)
[  216.132695][T10371] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4)
[  216.173712][  T793] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receiver successfully initialized and connected.
[  216.177918][  T793] gp8psk: found Genpix USB device pID = 201 (hex)
[  216.398044][T10385] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.1620'.
[  216.400520][ T5898] usb 8-1: USB disconnect, device number 3
[  216.528382][ T5898] dvb-usb: Genpix 8PSK-to-USB2 Rev.1 DVB-S receive successfully deinitialized and disconnected.
[  216.560087][T10393] netlink: 'syz.6.1624': attribute type 1 has an invalid length.
[  216.564617][T10393] netlink: 244 bytes leftover after parsing attributes in process `syz.6.1624'.
[  216.843408][T10397] loop6: detected capacity change from 0 to 32768
[  216.914510][T10397] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=gzip,norecovery,nojournal_transaction_names,no_data_io
[  216.914533][T10397]   allowing incompatible features above 0.0: (unknown version)
[  216.914543][T10397]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  216.931087][T10397] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  216.941568][T10397] bcachefs (loop6): recovering from clean shutdown, journal seq 10
[  216.945895][T10397] bcachefs (loop6): Version upgrade from 1.19: autofix_errors to 1.7: mi_btree_bitmap incomplete
[  216.945895][T10397] Doing compatible version upgrade from 1.19: autofix_errors to 1.28: inode_has_case_insensitive
[  216.945895][T10397]   running recovery passes: check_extents_to_backpointers,check_inodes
[  217.001840][T10397] bcachefs (loop6): btree node read error: no device to read from
[  217.001904][T10397]  at freespace level 0/0
[  217.001913][T10397]   u64s 11 type 255 SPOS_MAX len 0 ver 65535: 
[  217.001922][T10397]   flagging btree freespace lost data
[  217.001930][T10397]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  217.001940][T10397]   running recovery pass check_allocations (8), currently at recovery_pass_empty (0)
[  217.001985][T10397]   running recovery pass check_lrus (14), currently at recovery_pass_empty (0)
[  217.001995][T10397]   running recovery pass check_backpointers_to_extents (16), currently at recovery_pass_empty (0)
[  217.002004][T10397]   running recovery pass check_alloc_info (13), currently at recovery_pass_empty (0)
[  217.082581][T10397] bcachefs (loop6): error reading btree root btree=freespace level=0: btree_node_read_error, fixing
[  217.105630][T10397] bcachefs (loop6): check_topology... done
[  217.109360][T10397] bcachefs (loop6): accounting_read... done
[  217.126321][T10397] bcachefs (loop6): alloc_read... done
[  217.128826][T10397] bcachefs (loop6): snapshots_read... done
[  217.144622][T10397] bcachefs (loop6): Fixed errors, running fsck a second time to verify fs is clean
[  217.154790][T10397] bcachefs (loop6): done starting filesystem
[  217.172195][T10397] bcachefs (loop6): inode 536870912:4294967295 has wrong backpointer:
[  217.172241][T10397]   got       4330382808765833931:0
[  217.172249][T10397]   should be 4096:4330382808765833931, fixing
[  217.240880][ T9938] bcachefs (loop6): shutting down
[  217.284991][ T9938] bcachefs (loop6): shutdown complete
[  217.593770][T10419] loop7: detected capacity change from 0 to 32768
[  217.643484][T10419] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  217.689257][T10419] XFS (loop7): Ending clean mount
[  217.699809][T10419] XFS (loop7): Quotacheck needed: Please wait.
[  217.717223][T10432] netlink: 128124 bytes leftover after parsing attributes in process `syz.0.1636'.
[  217.854184][T10419] XFS (loop7): Quotacheck: Done.
[  217.954033][T10083] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  220.090892][T10471] loop7: detected capacity change from 0 to 4096
[  220.105147][T10471] ntfs3(loop7): Different NTFS sector size (1024) and media sector size (512).
[  220.119058][T10471] ntfs3(loop7): ino=3, mi_enum_attr
[  220.133442][T10471] ntfs3(loop7): MFT: r=1, expect seq=1 instead of 0!
[  220.141855][T10471] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  220.148676][T10471] ntfs3(loop7): Failed to load $MFTMirr (-22).
[  220.809239][T10496] loop6: detected capacity change from 0 to 32768
[  220.821599][T10496] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1658 (10496)
[  220.846802][T10496] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  220.857856][T10496] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  220.862059][T10496] BTRFS info (device loop6): disk space caching is enabled
[  220.864954][T10496] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  220.875897][T10515] netlink: 168 bytes leftover after parsing attributes in process `syz.0.1667'.
[  220.947250][T10496] BTRFS info (device loop6): rebuilding free space tree
[  220.965468][T10496] BTRFS info (device loop6): disabling free space tree
[  220.968317][T10496] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  220.981855][T10496] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  221.074999][ T9938] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  221.187292][T10538] loop7: detected capacity change from 0 to 512
[  221.226558][T10538] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  221.243752][T10538] EXT4-fs error (device loop7): ext4_iget_extra_inode:5104: inode #15: comm syz.7.1670: corrupted in-inode xattr: overlapping e_value 
[  221.264877][T10538] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.1670: couldn't read orphan inode 15 (err -117)
[  221.283101][T10538] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.321721][T10538] EXT4-fs error (device loop7): ext4_empty_dir:3081: inode #2: comm syz.7.1670: invalid size
[  221.377309][T10083] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.640062][T10553] loop6: detected capacity change from 0 to 2048
[  221.664958][T10555] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  221.681103][T10553] NILFS error (device loop6): nilfs_check_folio: bad entry in directory #2: disallowed inode number - offset=56, inode=6, rec_len=24, name_len=5
[  221.696450][T10553] Remounting filesystem read-only
[  221.732374][  T794] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  221.887310][  T794] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  221.897889][  T794] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3
[  221.907167][  T794] usb 8-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  221.910584][  T794] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  221.919762][  T794] usb 8-1: SerialNumber: syz
[  222.137226][  T794] usb 8-1: 0:2 : does not exist
[  222.149922][  T794] usb 8-1: USB disconnect, device number 4
[  222.174414][ T9003] udevd[9003]: error opening ATTR{/sys/devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  222.181842][ T5898] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  222.345033][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  222.349191][ T5898] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0
[  222.353473][ T5898] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  222.357516][ T5898] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0
[  222.367734][ T5898] usb 7-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  222.371818][ T5898] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.374026][T10568] _Z`Ԁ@: entered promiscuous mode
[  222.376412][ T5898] usb 7-1: Product: syz
[  222.379198][ T5898] usb 7-1: Manufacturer: syz
[  222.381152][ T5898] usb 7-1: SerialNumber: syz
[  222.386802][ T5898] usb 7-1: config 0 descriptor??
[  222.393601][ T5898] ums-isd200 7-1:0.0: USB Mass Storage device detected
[  222.700397][T10587] loop7: detected capacity change from 0 to 64
[  222.803484][ T5898] scsi host6: usb-storage 7-1:0.0
[  222.828800][ T5898] usb 7-1: USB disconnect, device number 4
[  222.991069][T10594] netlink: 'syz.7.1687': attribute type 2 has an invalid length.
[  223.034098][T10596] loop7: detected capacity change from 0 to 128
[  224.203071][T10639] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1701'.
[  224.374775][T10642] loop7: detected capacity change from 0 to 8
[  224.410576][T10642] unable to read id index table
[  224.437078][T10642] netlink: 40 bytes leftover after parsing attributes in process `syz.7.1702'.
[  224.616573][T10657] netlink: 32 bytes leftover after parsing attributes in process `syz.7.1705'.
[  225.735032][T10731] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1730'.
[  225.781578][T10735] netlink: 4388 bytes leftover after parsing attributes in process `syz.6.1732'.
[  226.245585][T10769] EXT4-fs (loop1): VFS: Can't find ext4 filesystem
[  226.429253][T10778] 9pnet_fd: Insufficient options for proto=fd
[  226.563515][T10770] loop6: detected capacity change from 0 to 32768
[  226.584663][T10770] XFS (loop6): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  226.662939][T10770] XFS (loop6): Ending clean mount
[  226.801747][ T9938] XFS (loop6): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  227.411718][T10812] loop6: detected capacity change from 0 to 128
[  227.496023][T10812] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2
[  228.071047][T10842] netlink: 2384 bytes leftover after parsing attributes in process `syz.7.1777'.
[  228.122666][T10830] loop6: detected capacity change from 0 to 32768
[  228.149803][T10830] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1770 (10830)
[  228.173281][T10830] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  228.177076][T10830] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  228.189588][T10830] BTRFS info (device loop6): using free-space-tree
[  228.273939][   T33] audit: type=1800 audit(1755394122.391:66): pid=10830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1770" name="file1" dev="loop6" ino=260 res=0 errno=0
[  228.336548][   T33] audit: type=1800 audit(1755394122.451:67): pid=10866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1770" name="file1" dev="loop6" ino=260 res=0 errno=0
[  228.346969][T10865] loop7: detected capacity change from 0 to 4096
[  228.402276][T10867] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  228.451071][T10865] NILFS error (device loop7): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[  228.465196][T10865] Remounting filesystem read-only
[  228.763836][ T9938] BTRFS info (device loop6): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  228.900928][T10886] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1790'.
[  229.969523][T10905] loop7: detected capacity change from 0 to 1024
[  230.967099][T10923] loop6: detected capacity change from 0 to 32768
[  230.980733][T10923] JBD2: Ignoring recovery information on journal
[  231.060417][T10923] ocfs2: Mounting device (7,6) on (node local, slot 0) with writeback data mode.
[  231.216333][ T9938] ocfs2: Unmounting device (7,6) on (node local)
[  231.477321][   T33] audit: type=1326 audit(1755394125.591:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10945 comm="syz.7.1814" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  231.494376][   T33] audit: type=1326 audit(1755394125.591:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10945 comm="syz.7.1814" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  231.506751][T10950] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1815'.
[  231.570930][   T33] audit: type=1326 audit(1755394125.591:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10945 comm="syz.7.1814" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  231.580258][   T33] audit: type=1326 audit(1755394125.591:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10945 comm="syz.7.1814" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  231.588353][   T33] audit: type=1326 audit(1755394125.591:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10945 comm="syz.7.1814" exe="/syz-executor" sig=0 arch=c000003e syscall=50 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  231.596268][   T33] audit: type=1326 audit(1755394125.591:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10945 comm="syz.7.1814" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  231.617651][   T33] audit: type=1326 audit(1755394125.591:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10945 comm="syz.7.1814" exe="/syz-executor" sig=0 arch=c000003e syscall=48 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  231.633199][   T33] audit: type=1326 audit(1755394125.591:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10945 comm="syz.7.1814" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  233.155864][T10976] netlink: 'syz.6.1825': attribute type 10 has an invalid length.
[  233.709606][T10980] cgroup: fork rejected by pids controller in /syz0
[  234.109890][T11035] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1839'.
[  234.650054][T11064] netlink: 'syz.6.1853': attribute type 7 has an invalid length.
[  234.653343][T11064] netlink: 'syz.6.1853': attribute type 8 has an invalid length.
[  234.704019][ T5911] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  234.720438][T11068] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1855'.
[  234.862107][ T5911] usb 8-1: Using ep0 maxpacket: 16
[  234.870690][ T5911] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 92, changing to 10
[  234.877797][ T5911] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 17487, setting to 1024
[  234.887848][ T5911] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  234.898041][ T5911] usb 8-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  234.905078][ T5911] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.916463][ T5911] usb 8-1: config 0 descriptor??
[  234.919586][T11051] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  234.939053][ T5911] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.0/input/input8
[  235.106378][T11082] loop6: detected capacity change from 0 to 1024
[  235.111803][T11082] EXT4-fs: Ignoring removed orlov option
[  235.113847][T11082] EXT4-fs: Ignoring removed nomblk_io_submit option
[  235.127146][T11082] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  235.135447][ T5911] usb 8-1: USB disconnect, device number 5
[  235.204996][ T9938] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  235.275167][T11087] loop6: detected capacity change from 0 to 4096
[  235.299932][T11088] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  235.318311][T11087] NILFS error (device loop6): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[  235.341989][T11087] Remounting filesystem read-only
[  235.438563][T11097] loop6: detected capacity change from 0 to 256
[  235.441200][T11097] exfat: Deprecated parameter 'utf8'
[  235.443742][T11097] exfat: Deprecated parameter 'namecase'
[  235.445780][T11097] exfat: Deprecated parameter 'utf8'
[  235.452841][T11097] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  235.497355][T11099] netlink: 324 bytes leftover after parsing attributes in process `syz.0.1865'.
[  235.856992][T11105] loop6: detected capacity change from 0 to 40427
[  235.891133][T11105] F2FS-fs (loop6): build fault injection rate: 771
[  235.895308][T11105] F2FS-fs (loop6): invalid crc value
[  235.950383][T11105] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  235.963075][T11105] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  236.640022][T11140] loop6: detected capacity change from 0 to 2048
[  236.644709][T11140] nilfs2: Bad value for 'cp'
[  236.983378][T11153] syzkaller0: entered promiscuous mode
[  236.985684][T11153] syzkaller0: entered allmulticast mode
[  237.190256][T11167] loop7: detected capacity change from 0 to 4096
[  237.528927][T11178] netlink: 'syz.7.1901': attribute type 1 has an invalid length.
[  237.927650][T11186] hub 6-0:1.0: USB hub found
[  237.931257][T11186] hub 6-0:1.0: 1 port detected
[  239.251244][T11191] binder: 11189:11191 ioctl c0306201 0 returned -14
[  239.874695][T11199] loop7: detected capacity change from 0 to 128
[  239.894683][T11199] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535)
[  239.907582][T11199] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none.
[  239.930621][T11199] EXT4-fs warning (device loop7): ext4_dirblock_csum_verify:375: inode #11: comm syz.7.1907: No space for directory leaf checksum. Please run e2fsck -D.
[  239.938075][T11199] EXT4-fs error (device loop7): __ext4_find_entry:1626: inode #11: comm syz.7.1907: checksumming directory block 0
[  239.992136][T10083] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  240.902103][T11212] loop6: detected capacity change from 0 to 32768
[  240.932103][T11212] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  240.970002][T11218] loop7: detected capacity change from 0 to 32768
[  240.989766][T11212] XFS (loop6): Ending clean mount
[  241.010472][T11212] XFS (loop6): Quotacheck needed: Please wait.
[  241.082484][T11218] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  241.082500][T11218]   allowing incompatible features above 0.0: (unknown version)
[  241.082506][T11218]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  241.108090][T11212] XFS (loop6): Quotacheck: Done.
[  241.133375][T11218] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0
[  241.140613][T11218] bcachefs (loop7): initializing new filesystem
[  241.144429][ T9938] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  241.156314][T11218] bcachefs (loop7): going read-write
[  241.194669][T11218] bcachefs (loop7): marking superblocks
[  241.250135][T11218] bcachefs (loop7): initializing freespace
[  241.257966][T11218] bcachefs (loop7): done initializing freespace
[  241.267505][T11218] bcachefs (loop7): reading snapshots table
[  241.269730][T11218] bcachefs (loop7): reading snapshots done
[  241.339856][T11218] bcachefs (loop7): done starting filesystem
[  241.439402][T11259] netlink: 'syz.0.1928': attribute type 1 has an invalid length.
[  241.547383][T10083] bcachefs (loop7): shutting down
[  241.549170][T10083] bcachefs (loop7): going read-only
[  241.550982][T10083] bcachefs (loop7): finished waiting for writes to stop
[  241.556164][T10083] bcachefs (loop7): flushing journal and stopping allocators, journal seq 12
[  241.579183][T10083] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 13
[  241.582837][T10083] bcachefs (loop7): clean shutdown complete, journal seq 14
[  241.586540][T10083] bcachefs (loop7): marking filesystem clean
[  241.614395][T10083] bcachefs (loop7): shutdown complete
[  244.433995][T11288] trusted_key: encrypted_key: master key parameter is missing
[  244.514702][T11293] loop7: detected capacity change from 0 to 2048
[  244.534610][T11293] UDF-fs: error (device loop7): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  244.544403][T11293] UDF-fs: warning (device loop7): udf_load_vrs: No anchor found
[  244.560884][T11293] UDF-fs: Scanning with blocksize 512 failed
[  244.569716][T11293] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  244.641531][ T5884] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  244.774380][T11303] loop7: detected capacity change from 0 to 1024
[  244.779224][T11303] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  244.802640][ T5884] usb 7-1: Using ep0 maxpacket: 16
[  244.811162][ T5884] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  244.818423][ T5884] usb 7-1: config 0 has no interface number 0
[  244.823863][ T5884] usb 7-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d
[  244.827799][ T5884] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  244.830803][ T5884] usb 7-1: Product: syz
[  244.841697][ T5884] usb 7-1: Manufacturer: syz
[  244.843287][ T5884] usb 7-1: SerialNumber: syz
[  244.847784][ T5884] usb 7-1: config 0 descriptor??
[  244.857424][ T5884] gspca_main: spca1528-2.14.0 probing 04fc:1528
[  244.875477][T11307] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1948'.
[  244.961997][T11309] loop7: detected capacity change from 0 to 128
[  245.198606][T11319] bond_slave_0: entered promiscuous mode
[  245.200952][T11319] bond_slave_1: entered promiscuous mode
[  245.205752][T11319] macvtap1: entered allmulticast mode
[  245.207688][T11319] bond0: entered allmulticast mode
[  245.209454][T11319] bond_slave_0: entered allmulticast mode
[  245.211742][T11319] bond_slave_1: entered allmulticast mode
[  245.214581][T11319] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  245.220511][T11319] bond0: left allmulticast mode
[  245.229188][T11319] bond_slave_0: left allmulticast mode
[  245.231172][T11319] bond_slave_1: left allmulticast mode
[  245.235407][T11319] bond_slave_0: left promiscuous mode
[  245.237163][T11319] bond_slave_1: left promiscuous mode
[  245.276244][T11321] netlink: 'syz.0.1955': attribute type 1 has an invalid length.
[  245.319927][T11323] netlink: 'syz.0.1956': attribute type 10 has an invalid length.
[  245.999789][ T5884] gspca_spca1528: reg_w err -71
[  246.004748][ T5884] spca1528 7-1:0.1: probe with driver spca1528 failed with error -71
[  246.010667][ T5884] usb 7-1: USB disconnect, device number 5
[  246.281621][ T5911] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  246.454312][ T5911] usb 8-1: Using ep0 maxpacket: 8
[  246.458748][ T5911] usb 8-1: config 0 has an invalid interface number: 175 but max is 0
[  246.462549][ T5911] usb 8-1: config 0 has no interface number 0
[  246.467539][ T5911] usb 8-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=bc.ed
[  246.471193][ T5911] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.474585][ T5911] usb 8-1: Product: syz
[  246.476378][ T5911] usb 8-1: Manufacturer: syz
[  246.478297][ T5911] usb 8-1: SerialNumber: syz
[  246.482683][ T5911] usb 8-1: config 0 descriptor??
[  246.540272][T11350] loop6: detected capacity change from 0 to 64
[  246.626194][T11351] syz.6.1968: attempt to access beyond end of device
[  246.626194][T11351] loop6: rw=0, sector=16777216, nr_sectors = 2 limit=64
[  246.632441][T11351] buffer_io_error: 23 callbacks suppressed
[  246.632504][T11351] Buffer I/O error on dev loop6, logical block 8388608, async page read
[  246.638995][T11351] syz.6.1968: attempt to access beyond end of device
[  246.638995][T11351] loop6: rw=0, sector=16777216, nr_sectors = 2 limit=64
[  246.648205][T11351] Buffer I/O error on dev loop6, logical block 8388608, async page read
[  246.703950][ T5911] usbserial_generic 8-1:0.175: The "generic" usb-serial driver is only for testing and one-off prototypes.
[  246.707721][ T5911] usbserial_generic 8-1:0.175: Tell linux-usb@vger.kernel.org to add your device to a proper driver.
[  246.713382][ T5911] usbserial_generic 8-1:0.175: device has no bulk endpoints
[  246.720669][ T5911] usb 8-1: USB disconnect, device number 6
[  246.733969][ T9003] udevd[9003]: setting owner of /dev/bus/usb/008/006 to uid=0, gid=0 failed: No such file or directory
[  247.634523][   T33] kauditd_printk_skb: 1 callbacks suppressed
[  247.634534][   T33] audit: type=1326 audit(1755394141.751:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11366 comm="syz.0.1977" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f22d0f8ebe9 code=0x0
[  247.805012][T11379] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  248.486122][   T33] audit: type=1326 audit(1755394142.601:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.6.1993" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e1972add9 code=0x7ffc0000
[  248.509394][   T33] audit: type=1326 audit(1755394142.621:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.6.1993" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e1972add9 code=0x7ffc0000
[  248.526566][   T33] audit: type=1326 audit(1755394142.621:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.6.1993" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e1972add9 code=0x7ffc0000
[  248.536840][   T33] audit: type=1326 audit(1755394142.621:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.6.1993" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e1972add9 code=0x7ffc0000
[  248.546858][   T33] audit: type=1326 audit(1755394142.621:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.6.1993" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e1972add9 code=0x7ffc0000
[  248.559465][   T33] audit: type=1326 audit(1755394142.621:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.6.1993" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e1972add9 code=0x7ffc0000
[  248.570350][   T33] audit: type=1326 audit(1755394142.621:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.6.1993" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e1972add9 code=0x7ffc0000
[  248.580323][   T33] audit: type=1326 audit(1755394142.621:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.6.1993" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e1972add9 code=0x7ffc0000
[  248.590384][   T33] audit: type=1326 audit(1755394142.621:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11402 comm="syz.6.1993" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e1972add9 code=0x7ffc0000
[  248.657815][T11411] netlink: 3176 bytes leftover after parsing attributes in process `syz.6.1997'.
[  248.707141][T11414] netlink: 'syz.7.1996': attribute type 1 has an invalid length.
[  248.712338][T11414] netlink: 1 bytes leftover after parsing attributes in process `syz.7.1996'.
[  248.712912][T11415] loop6: detected capacity change from 0 to 1024
[  248.719190][T11415] EXT4-fs: Ignoring removed bh option
[  248.827992][T11415] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.875144][ T9938] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.896124][T11428] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[  248.995537][T11435] loop7: detected capacity change from 0 to 256
[  249.066468][T11435] exFAT-fs (loop7): failed to load upcase table (idx : 0x00011d5f, chksum : 0x09863542, utbl_chksum : 0x000cd30d)
[  249.160554][T11439] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  249.180074][T11439] cramfs: wrong magic
[  249.329253][T11443] loop7: detected capacity change from 0 to 256
[  249.347396][T11443] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  249.489632][T11452] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2013'.
[  249.497843][T11452] bridge0: port 2(bridge_slave_1) entered disabled state
[  249.503634][T11452] bridge0: port 1(bridge_slave_0) entered disabled state
[  249.636578][T11460] netlink: del zone limit has 4 unknown bytes
[  249.719818][T11463] loop6: detected capacity change from 0 to 1024
[  249.748456][T11463] hfsplus: bad catalog entry type
[  249.783161][ T6971] hfsplus: b-tree write err: -5, ino 4
[  249.849973][T11470] xt_socket: unknown flags 0x50
[  250.130003][T11476] loop6: detected capacity change from 0 to 32768
[  250.139281][T11476] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2024 (11476)
[  250.156312][T11476] BTRFS info (device loop6): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  250.172767][T11476] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  250.175950][T11476] BTRFS info (device loop6): using free-space-tree
[  250.431482][ T9938] BTRFS info (device loop6): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  252.641839][ T5884] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  252.822006][ T5884] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  252.825123][ T5884] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.827884][ T5884] usb 8-1: Product: syz
[  252.829468][ T5884] usb 8-1: Manufacturer: syz
[  252.831129][ T5884] usb 8-1: SerialNumber: syz
[  252.848726][ T5884] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  252.912227][ T5898] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  253.378966][  T793] usb 8-1: USB disconnect, device number 7
[  253.961740][ T5898] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  253.981988][ T5898] ath9k_htc: Failed to initialize the device
[  254.013801][  T793] usb 8-1: ath9k_htc: USB layer deinitialized
[  254.312756][T11602] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2072'.
[  254.316263][T11602] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2072'.
[  254.393117][  T793] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  254.552297][  T793] usb 8-1: config 2 has an invalid interface number: 77 but max is 0
[  254.555403][  T793] usb 8-1: config 2 has no interface number 0
[  254.557760][  T793] usb 8-1: config 2 interface 77 has no altsetting 0
[  254.575283][  T793] usb 8-1: New USB device found, idVendor=0b95, idProduct=2791, bcdDevice=3d.a0
[  254.578709][  T793] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.587713][  T793] usb 8-1: Product: syz
[  254.589335][  T793] usb 8-1: Manufacturer: syz
[  254.591120][  T793] usb 8-1: SerialNumber: syz
[  254.833063][  T793] usb 8-1: USB disconnect, device number 8
[  255.419497][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  255.425665][ T1365] ieee802154 phy1 wpan1: encryption failed: -22
[  256.389552][T11631] loop7: detected capacity change from 0 to 256
[  256.405427][T11631] exFAT-fs (loop7): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  256.410397][T11631] exFAT-fs (loop7): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  256.458032][T11631] lo speed is unknown, defaulting to 1000
[  257.504173][ T5912] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  257.674446][ T5912] usb 7-1: config 3 has an invalid interface number: 56 but max is 0
[  257.679339][ T5912] usb 7-1: config 3 has no interface number 0
[  257.681855][ T5912] usb 7-1: config 3 interface 56 has no altsetting 0
[  257.687257][ T5912] usb 7-1: New USB device found, idVendor=03f0, idProduct=2101, bcdDevice=80.cc
[  257.690883][ T5912] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.695422][ T5912] usb 7-1: Product: syz
[  257.699033][ T5912] usb 7-1: Manufacturer: syz
[  257.700921][ T5912] usb 7-1: SerialNumber: syz
[  257.828983][T11675] loop7: detected capacity change from 0 to 4096
[  257.943417][ T5912] safe_serial 7-1:3.56: safe_serial converter detected
[  257.972180][ T5912] usb 7-1: safe_serial converter now attached to ttyUSB0
[  257.983310][ T5912] usb 7-1: USB disconnect, device number 6
[  257.993186][ T5912] safe_serial ttyUSB0: safe_serial converter now disconnected from ttyUSB0
[  258.002466][ T5912] safe_serial 7-1:3.56: device disconnected
[  259.295143][T11706] loop7: detected capacity change from 0 to 32768
[  259.351931][T11706] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,nochanges,nojournal_transaction_names,read_only,version_upgrade=none
[  259.351951][T11706]   allowing incompatible features above 0.0: (unknown version)
[  259.351960][T11706]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  259.367193][T11706] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0
[  259.370289][T11706] bcachefs (loop7): recovering from clean shutdown, journal seq 13
[  259.390482][T11706] bcachefs (loop7): accounting_read... done
[  259.393324][T11706] bcachefs (loop7): alloc_read... done
[  259.396902][T11706] bcachefs (loop7): snapshots_read... done
[  259.403862][T11706] bcachefs (loop7): journal_replay... done
[  259.406556][T11706] bcachefs (loop7): resume_logged_ops... done
[  259.409013][T11706] bcachefs (loop7): delete_dead_inodes... done
[  259.412683][T11706] bcachefs (loop7): done starting filesystem
[  259.448847][T10083] bcachefs (loop7): shutting down
[  259.490570][T10083] bcachefs (loop7): shutdown complete
[  259.811583][ T5912] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  259.874505][T11717] netlink: 'syz.0.2123': attribute type 3 has an invalid length.
[  260.075090][ T5912] usb 7-1: not running at top speed; connect to a high speed hub
[  260.078967][ T5912] usb 7-1: config 10 has an invalid interface number: 102 but max is 0
[  260.082519][ T5912] usb 7-1: config 10 has no interface number 0
[  260.084843][ T5912] usb 7-1: config 10 interface 102 has no altsetting 0
[  260.089421][ T5912] usb 7-1: New USB device found, idVendor=9022, idProduct=d421, bcdDevice=c1.e2
[  260.092849][ T5912] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.095731][ T5912] usb 7-1: Product: syz
[  260.097275][ T5912] usb 7-1: Manufacturer: syz
[  260.099099][ T5912] usb 7-1: SerialNumber: syz
[  260.587501][ T5912] dvb-usb: found a 'TeVii S421 PCI' in warm state.
[  260.590035][ T5912] dw2102: su3000_power_ctrl: 1, initialized 0
[  260.592745][ T5912] dvb-usb: bulk message failed: -22 (2/0)
[  260.600767][ T5912] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  260.609970][ T5912] dvb-usb: TeVii S421 PCI error while loading driver (-19)
[  260.614770][ T5912] usb 7-1: USB disconnect, device number 7
[  261.559142][T11745] vxcan1: entered allmulticast mode
[  262.345901][T11759] netlink: 'syz.0.2139': attribute type 10 has an invalid length.
[  262.349005][T11759] netlink: 1948 bytes leftover after parsing attributes in process `syz.0.2139'.
[  262.361648][T11759] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2139'.
[  263.122734][T11772] Unsupported ieee802154 address type: 0
[  263.249962][T11772] loop7: detected capacity change from 0 to 32768
[  263.408471][T11772] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  263.408486][T11772]   allowing incompatible features above 0.0: (unknown version)
[  263.408491][T11772]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  263.419831][T11772] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0
[  263.422331][T11772] bcachefs (loop7): initializing new filesystem
[  263.429087][T11772] bcachefs (loop7): going read-write
[  263.440486][T11772] bcachefs (loop7): marking superblocks
[  263.447938][T11772] bcachefs (loop7): initializing freespace
[  263.452271][T11772] bcachefs (loop7): done initializing freespace
[  263.456514][T11772] bcachefs (loop7): reading snapshots table
[  263.458911][T11772] bcachefs (loop7): reading snapshots done
[  263.569626][T11772] bcachefs (loop7): done starting filesystem
[  264.172528][T11772] syz.7.2145 (11772) used greatest stack depth: 16552 bytes left
[  264.200271][  T793] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  264.330500][T10083] bcachefs (loop7): shutting down
[  264.334716][T10083] bcachefs (loop7): going read-only
[  264.341543][T10083] bcachefs (loop7): finished waiting for writes to stop
[  264.344697][T10083] bcachefs (loop7): flushing journal and stopping allocators, journal seq 4
[  264.354362][  T793] usb 7-1: Using ep0 maxpacket: 32
[  264.364443][  T793] usb 7-1: config 0 has an invalid interface number: 89 but max is 0
[  264.373809][  T793] usb 7-1: config 0 has no interface number 0
[  264.387468][  T793] usb 7-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68
[  264.400930][T10083] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 5
[  264.405494][  T793] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.410714][T10083] bcachefs (loop7): clean shutdown complete, journal seq 6
[  264.413331][  T793] usb 7-1: Product: syz
[  264.415125][  T793] usb 7-1: Manufacturer: syz
[  264.417260][T10083] bcachefs (loop7): marking filesystem clean
[  264.419288][  T793] usb 7-1: SerialNumber: syz
[  264.435213][  T793] usb 7-1: config 0 descriptor??
[  264.441208][  T793] hub 7-1:0.89: bad descriptor, ignoring hub
[  264.447421][  T793] hub 7-1:0.89: probe with driver hub failed with error -5
[  264.452384][  T793] option 7-1:0.89: GSM modem (1-port) converter detected
[  264.457327][T10083] bcachefs (loop7): shutdown complete
[  264.462095][  T793] usb 7-1: GSM modem (1-port) converter now attached to ttyUSB0
[  264.754825][  T793] usb 7-1: USB disconnect, device number 8
[  264.762331][  T793] option1 ttyUSB0: GSM modem (1-port) converter now disconnected from ttyUSB0
[  264.770532][  T793] option 7-1:0.89: device disconnected
[  265.877681][T11827] loop6: detected capacity change from 0 to 128
[  265.892339][T11827] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  265.912197][T11827] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  265.992541][T11830] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2150'.
[  267.447349][T11848] loop7: detected capacity change from 0 to 32768
[  267.457874][T11848] XFS: ikeep mount option is deprecated.
[  267.471857][T11848] XFS (loop7): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  267.503623][T11858] loop6: detected capacity change from 0 to 256
[  267.507164][T11848] XFS (loop7): Ending clean mount
[  267.509950][T11858] exfat: Deprecated parameter 'namecase'
[  267.510026][T11848] XFS (loop7): Quotacheck needed: Please wait.
[  267.528374][T11858] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  267.538004][T11848] XFS (loop7): Quotacheck: Done.
[  267.586344][T11848] XFS (loop7): syz.7.2173 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported
[  267.607039][T10083] XFS (loop7): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  267.613647][T11860] loop6: detected capacity change from 0 to 512
[  267.632732][T11860] EXT4-fs error (device loop6): ext4_orphan_get:1418: comm syz.6.2175: bad orphan inode 15
[  267.652018][T11860] ext4_test_bit(bit=14, block=18) = 1
[  267.653925][T11860] is_bad_inode(inode)=0
[  267.655499][T11860] NEXT_ORPHAN(inode)=1023
[  267.659142][T11860] max_ino=32
[  267.660306][T11860] i_nlink=0
[  267.667212][T11860] EXT4-fs error (device loop6): ext4_xattr_delete_inode:2962: inode #15: comm syz.6.2175: corrupted xattr block 19: invalid header
[  267.684094][T11860] EXT4-fs warning (device loop6): ext4_evict_inode:274: xattr delete (err -117)
[  267.688201][T11860] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0009-000000000000 r/w without journal. Quota mode: none.
[  267.709025][T11860] ext4 filesystem being mounted at /200/qY3aK supports timestamps until 2038-01-19 (0x7fffffff)
[  267.772292][ T9938] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0009-000000000000.
[  267.819054][T11869] loop7: detected capacity change from 0 to 256
[  268.390122][T11878] bridge0: port 2(bridge_slave_1) entered disabled state
[  268.424969][T11881] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.2183'.
[  268.573206][T11889] loop7: detected capacity change from 0 to 4096
[  268.580529][T11889] ntfs3(loop7): Different NTFS sector size (1024) and media sector size (512).
[  268.600506][T11889] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  268.604929][T11889] ntfs3(loop7): Failed to load $UpCase (-22).
[  268.929237][T11899] loop6: detected capacity change from 0 to 4096
[  268.934450][T11899] ntfs3(loop6): ino=3, Correct links count -> 2.
[  269.079400][T11911] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2198'.
[  270.938559][T11956] loop6: detected capacity change from 0 to 8
[  270.948017][T11956] SQUASHFS error: lzo decompression failed, data probably corrupt
[  270.951279][T11956] SQUASHFS error: Failed to read block 0x91: -5
[  270.953939][T11956] SQUASHFS error: Unable to read metadata cache entry [8f]
[  270.956531][T11956] SQUASHFS error: Unable to read inode 0x11f
[  271.670254][ T5898] IPVS: starting estimator thread 0...
[  271.761398][T11987] IPVS: using max 64 ests per chain, 153600 per kthread
[  272.181676][T12004] netlink: 'syz.7.2235': attribute type 13 has an invalid length.
[  272.194172][T12004] netlink: 24859 bytes leftover after parsing attributes in process `syz.7.2235'.
[  273.041571][ T5898] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  273.050618][T12024] vxlan0: entered promiscuous mode
[  273.053194][T12024] vxlan0: entered allmulticast mode
[  273.055690][   T13] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  273.059895][   T13] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  273.065935][   T13] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  273.069808][   T13] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  273.201681][ T5898] usb 8-1: Using ep0 maxpacket: 8
[  273.205349][ T5898] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  273.207991][ T5898] usb 8-1: config 179 has no interface number 0
[  273.209992][ T5898] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  273.214398][ T5898] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  273.217894][ T5898] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  273.221492][ T5898] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  273.225147][ T5898] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  273.229265][ T5898] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  273.232380][ T5898] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.237297][T12014] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  273.447216][   T54] Bluetooth: hci2: connection err: -111
[  273.447828][ T5912] usb 8-1: USB disconnect, device number 9
[  273.449516][    C1] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  273.449543][    C1] xpad 8-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  273.461780][T12032] loop6: detected capacity change from 0 to 256
[  273.481759][T12032] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x9aa2f194, utbl_chksum : 0xe619d30d)
[  275.420186][T12063] loop7: detected capacity change from 0 to 65536
[  275.667135][T12063] XFS (loop7): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  275.750809][T12063] XFS (loop7): Ending clean mount
[  275.773016][T12063] XFS (loop7): Quotacheck needed: Please wait.
[  275.787052][  T185] XFS (loop7): Metadata CRC error detected at xfs_agi_read_verify+0x12f/0x1f0, xfs_agi block 0x8002 
[  275.787777][ T3011] XFS (loop7): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_cntbt block 0x6 
[  275.794826][  T185] XFS (loop7): Unmount and run xfs_repair
[  275.801226][  T185] XFS (loop7): First 128 bytes of corrupted metadata buffer:
[  275.801442][ T3011] XFS (loop7): Unmount and run xfs_repair
[  275.805915][ T3011] XFS (loop7): First 128 bytes of corrupted metadata buffer:
[  275.808881][ T3011] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  275.810200][  T185] 00000000: 58 41 47 49 00 00 00 01 00 00 00 01 00 00 40 00  XAGI..........@.
[  275.816482][ T3011] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10  ................
[  275.820285][ T3011] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  275.824287][ T3011] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03  .....J..........
[  275.825617][  T185] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00  ................
[  275.828194][ T3011] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00  ...9..?.........
[  275.836331][T12128] loop6: detected capacity change from 0 to 2048
[  275.838626][ T3011] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00  ...........?....
[  275.839069][  T185] 00000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  275.842597][ T3011] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  275.842612][ T3011] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  275.842627][ T3011] XFS (loop7): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x6 len 2 error 74
[  275.868191][  T185] 00000030: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  275.874705][  T185] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  275.878185][  T185] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  275.886339][  T185] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  275.889877][T12129] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  275.894218][  T185] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  275.902118][  T185] XFS (loop7): metadata I/O error in "xfs_read_agi+0x272/0x5b0" at daddr 0x8002 len 1 error 74
[  275.912400][T12128] NILFS (loop6): failed to count free inodes: err=-34
[  275.913324][T12063] XFS (loop7): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  275.939364][T12063] XFS (loop7): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_cntbt block 0x6 
[  275.945538][T12063] XFS (loop7): Unmount and run xfs_repair
[  275.948295][T12063] XFS (loop7): First 128 bytes of corrupted metadata buffer:
[  275.952689][T12063] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  275.956027][T12063] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10  ................
[  275.959387][T12063] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  275.973352][T12063] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03  .....J..........
[  275.976995][T12063] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00  ...9..?.........
[  275.980484][T12063] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00  ...........?....
[  276.017992][T12063] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  276.027667][T12063] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  276.031295][T12063] XFS (loop7): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x6 len 2 error 74
[  276.053989][T12063] XFS (loop7): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  276.059776][T12063] XFS (loop7): Please unmount the filesystem and rectify the problem(s)
[  276.100569][T10083] XFS (loop7): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  278.450644][T12241] loop6: detected capacity change from 0 to 32768
[  278.468484][T12241] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2301 (12241)
[  278.484653][T12241] BTRFS info (device loop6): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  278.493219][T12241] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  278.496158][T12241] BTRFS info (device loop6): using free-space-tree
[  278.871177][ T9938] BTRFS info (device loop6): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  278.993944][T12283] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on
[  279.038252][T12286] loop6: detected capacity change from 0 to 256
[  279.558974][T12309] loop6: detected capacity change from 0 to 4096
[  279.568717][T12309] ntfs3(loop6): Different NTFS sector size (4096) and media sector size (512).
[  279.576917][T12309] ntfs3(loop6): Failed to load $UpCase (-22).
[  279.831571][T12327] 9pnet_fd: Insufficient options for proto=fd
[  280.481614][ T5912] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  280.911962][ T5912] usb 7-1: Using ep0 maxpacket: 16
[  280.972713][ T5912] usb 7-1: New USB device found, idVendor=0644, idProduct=8021, bcdDevice=38.b7
[  280.978772][ T5912] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  280.981971][ T5912] usb 7-1: Product: syz
[  280.983566][ T5912] usb 7-1: Manufacturer: syz
[  280.985434][ T5912] usb 7-1: SerialNumber: syz
[  280.990072][ T5912] usb 7-1: config 0 descriptor??
[  281.000953][ T5912] hub 7-1:0.0: bad descriptor, ignoring hub
[  281.003885][ T5912] hub 7-1:0.0: probe with driver hub failed with error -5
[  281.501731][ T5912] usb 7-1: USB disconnect, device number 9
[  282.035369][T12364] loop6: detected capacity change from 0 to 8
[  282.173207][T12364] unable to read xattr id index table
[  282.944994][T12389] netlink: 6 bytes leftover after parsing attributes in process `syz.7.2355'.
[  282.956102][T12389] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  283.556210][T12399] loop7: detected capacity change from 0 to 512
[  283.559948][T12399] UDF-fs: warning (device loop7): udf_load_vrs: No VRS found
[  283.566212][T12399] UDF-fs: Scanning with blocksize 512 failed
[  283.577670][T12399] UDF-fs: warning (device loop7): udf_load_vrs: No VRS found
[  283.580949][T12399] UDF-fs: Scanning with blocksize 1024 failed
[  283.590689][T12400] fuse: root generation should be zero
[  283.594231][T12399] UDF-fs: warning (device loop7): udf_load_vrs: No VRS found
[  283.600876][T12399] UDF-fs: Scanning with blocksize 2048 failed
[  283.606821][T12399] UDF-fs: error (device loop7): udf_read_tagged: read failed, block=256, location=256
[  283.616111][T12399] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  283.647792][T12399] [syz.7.2359/12399] FS: loop7 File: /blkio.bfq.io_service_bytes would truncate fibmap result
[  283.688609][T12402] loop6: detected capacity change from 0 to 2048
[  283.733188][T12402] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  283.760236][T12402] EXT4-fs error (device loop6): ext4_find_inline_data_nolock:169: inode #12: comm syz.6.2360: inline data xattr refers to an external xattr inode
[  283.795632][T12402] EXT4-fs (loop6): Remounting filesystem read-only
[  283.810202][ T9938] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  284.669861][T12438] IPv6: addrconf: prefix option has invalid lifetime
[  285.519623][T12452] block device autoloading is deprecated and will be removed.
[  285.652568][T12451] loop7: detected capacity change from 0 to 32768
[  285.661295][T12451] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.2381 (12451)
[  285.673148][T12451] BTRFS info (device loop7): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  285.676875][T12451] BTRFS info (device loop7): using sha256 (sha256-lib) checksum algorithm
[  285.680005][T12451] BTRFS info (device loop7): using free-space-tree
[  285.740159][T12451] BTRFS info (device loop7): rebuilding free space tree
[  285.785321][   T33] kauditd_printk_skb: 139 callbacks suppressed
[  285.785335][   T33] audit: type=1800 audit(1755394179.901:226): pid=12451 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2381" name="file1" dev="loop7" ino=260 res=0 errno=0
[  285.922626][T10083] BTRFS info (device loop7): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  286.241587][ T5897] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  286.393632][ T5897] usb 8-1: Using ep0 maxpacket: 32
[  286.396632][ T5897] usb 8-1: config 0 has an invalid interface number: 230 but max is 0
[  286.399188][ T5897] usb 8-1: config 0 has no interface number 0
[  286.402213][ T5912] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  286.405804][ T5897] usb 8-1: config 0 interface 230 has no altsetting 0
[  286.417218][ T5897] usb 8-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05
[  286.420207][ T5897] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.422715][ T5897] usb 8-1: Product: syz
[  286.424008][ T5897] usb 8-1: Manufacturer: syz
[  286.425393][ T5897] usb 8-1: SerialNumber: syz
[  286.428180][ T5897] usb 8-1: config 0 descriptor??
[  286.431642][ T5897] ums-usbat 8-1:0.230: USB Mass Storage device detected
[  286.441972][ T5897] ums-usbat 8-1:0.230: Quirks match for vid 0781 pid 0005: 1
[  286.555785][ T5912] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  286.559299][ T5912] usb 7-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  286.563345][ T5912] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.570721][ T5912] gspca_main: stv0680-2.14.0 probing 041e:4007
[  287.653926][ T5912] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32
[  287.657715][ T5912] stv0680 7-1:4.0: STV(e): camera ping failed!!
[  287.660815][ T5912] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  287.664474][ T5912] stv0680 7-1:4.0: last error: 0,  command = 0x0
[  287.676970][ T5912] usb 7-1: USB disconnect, device number 10
[  288.241793][T12541] loop6: detected capacity change from 0 to 1024
[  288.315375][T12541] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  288.328358][T12541] EXT4-fs error (device loop6): ext4_generic_delete_entry:2668: inode #12: block 7: comm syz.6.2411: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0
[  288.349345][T12541] EXT4-fs error (device loop6) in ext4_delete_inline_entry:1687: Corrupt filesystem
[  288.394885][ T9938] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.724898][ T5897] ums-usbat 8-1:0.230: probe with driver ums-usbat failed with error -5
[  288.800518][T12551] loop6: detected capacity change from 0 to 256
[  288.820045][T12551] FAT-fs (loop6): Directory bread(block 64) failed
[  288.822862][T12551] FAT-fs (loop6): Directory bread(block 65) failed
[  288.825453][T12551] FAT-fs (loop6): Directory bread(block 66) failed
[  288.827970][T12551] FAT-fs (loop6): Directory bread(block 67) failed
[  288.830719][T12551] FAT-fs (loop6): Directory bread(block 68) failed
[  288.835519][T12551] FAT-fs (loop6): Directory bread(block 69) failed
[  288.838522][T12551] FAT-fs (loop6): Directory bread(block 70) failed
[  288.842312][T12551] FAT-fs (loop6): Directory bread(block 71) failed
[  288.845196][T12551] FAT-fs (loop6): Directory bread(block 72) failed
[  288.847942][T12551] FAT-fs (loop6): Directory bread(block 73) failed
[  289.179131][   T33] audit: type=1326 audit(1755394183.291:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12562 comm="syz.0.2420" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d0f8ebe9 code=0x7fc00000
[  289.187664][   T33] audit: type=1326 audit(1755394183.291:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12562 comm="syz.0.2420" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d0f8ebe9 code=0x7fc00000
[  289.197782][   T33] audit: type=1326 audit(1755394183.291:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12562 comm="syz.0.2420" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d0f8ebe9 code=0x7fc00000
[  289.206521][   T33] audit: type=1326 audit(1755394183.291:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12562 comm="syz.0.2420" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d0f8ebe9 code=0x7fc00000
[  289.216596][   T33] audit: type=1326 audit(1755394183.291:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12562 comm="syz.0.2420" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d0f8ebe9 code=0x7fc00000
[  289.225812][   T33] audit: type=1326 audit(1755394183.301:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12562 comm="syz.0.2420" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d0f8ebe9 code=0x7fc00000
[  289.234852][   T33] audit: type=1326 audit(1755394183.301:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12562 comm="syz.0.2420" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d0f8ebe9 code=0x7fc00000
[  289.244700][   T33] audit: type=1326 audit(1755394183.301:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12562 comm="syz.0.2420" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d0f8ebe9 code=0x7fc00000
[  289.253494][   T33] audit: type=1326 audit(1755394183.301:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12562 comm="syz.0.2420" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22d0f8ebe9 code=0x7fc00000
[  289.918729][    T9] usb 8-1: USB disconnect, device number 10
[  290.429278][T12588] deleting an unspecified loop device is not supported.
[  290.693507][T12603] netlink: 76 bytes leftover after parsing attributes in process `syz.0.2436'.
[  290.728401][T12605] loop6: detected capacity change from 0 to 1024
[  290.735067][T12605] EXT4-fs: Ignoring removed orlov option
[  290.751578][T12605] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  290.819546][ T9938] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.933646][T12613] tipc: Invalid UDP bearer configuration
[  290.933690][T12613] tipc: Enabling of bearer <udp:3> rejected, failed to enable media
[  291.237786][T12627] ptrace attach of "/syz-executor exec"[9938] was attempted by "/syz-executor exec"[12627]
[  291.555363][T12635] netlink: 'syz.7.2448': attribute type 11 has an invalid length.
[  291.811589][ T5897] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  291.973215][ T5897] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  291.981425][ T5897] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.992569][ T5897] usb 8-1: config 0 descriptor??
[  292.356873][T12658] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2459'.
[  292.411291][ T5897] ath6kl: Failed to read usb control message: -71
[  292.417517][ T5897] ath6kl: Unable to read the bmi data from the device: -71
[  292.427724][ T5897] ath6kl: Unable to recv target info: -71
[  292.457280][ T5897] ath6kl: Failed to init ath6kl core: -71
[  292.459940][ T5897] ath6kl_usb 8-1:0.0: probe with driver ath6kl_usb failed with error -71
[  292.478495][ T5897] usb 8-1: USB disconnect, device number 11
[  292.529535][T12668] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  292.627492][T12677] vxcan1 speed is unknown, defaulting to 1000
[  292.634633][T12677] vxcan1 speed is unknown, defaulting to 1000
[  292.638189][T12677] vxcan1 speed is unknown, defaulting to 1000
[  292.849876][T12677] infiniband syz2: set active
[  292.854429][ T5898] vxcan1 speed is unknown, defaulting to 1000
[  292.857354][T12677] infiniband syz2: added vxcan1
[  292.904915][T12677] RDS/IB: syz2: added
[  292.907191][T12677] smc: adding ib device syz2 with port count 1
[  292.909191][T12677] smc:    ib device syz2 port 1 has pnetid 
[  292.916310][ T5898] vxcan1 speed is unknown, defaulting to 1000
[  292.920331][T12677] vxcan1 speed is unknown, defaulting to 1000
[  293.091197][T12687] loop7: detected capacity change from 0 to 4096
[  293.157464][T12677] vxcan1 speed is unknown, defaulting to 1000
[  293.338070][T12693] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2475'.
[  293.345265][T12693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2475'.
[  293.348316][T12693] netlink: 'syz.0.2475': attribute type 18 has an invalid length.
[  293.351009][T12693] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2475'.
[  293.418833][T12677] vxcan1 speed is unknown, defaulting to 1000
[  293.699754][T12677] vxcan1 speed is unknown, defaulting to 1000
[  293.844983][T12726] overlayfs: failed to clone upperpath
[  293.928759][T12677] vxcan1 speed is unknown, defaulting to 1000
[  294.221569][ T5884] usb 8-1: new low-speed USB device number 12 using dummy_hcd
[  294.391518][ T5897] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  294.399052][ T5884] usb 8-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  294.402978][ T5884] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.409831][ T5884] usb 8-1: config 0 descriptor??
[  294.542543][ T5897] usb 7-1: Using ep0 maxpacket: 8
[  294.557155][ T5897] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  294.560349][ T5897] usb 7-1: config 0 has no interface number 0
[  294.565953][ T5897] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  294.570438][ T5897] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  294.580438][ T5897] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  294.585226][ T5897] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  294.590189][ T5897] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  294.597963][ T5897] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.604326][ T5897] usb 7-1: config 0 descriptor??
[  294.619083][ T5897] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  295.203294][T12754] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2505'.
[  295.207106][T12754] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2505'.
[  295.209966][T12754] netlink: 'syz.0.2505': attribute type 6 has an invalid length.
[  295.607342][T12773] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2509'.
[  296.851042][ T5897] usb 7-1: USB disconnect, device number 11
[  296.872464][ T5897] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  297.064261][ T5884] asix 8-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  297.067575][ T5884] asix 8-1:0.0: probe with driver asix failed with error -71
[  297.087209][ T5884] usb 8-1: USB disconnect, device number 12
[  297.145388][T12790] loop7: detected capacity change from 0 to 256
[  297.158931][T12790] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xc5dfab67, utbl_chksum : 0xe619d30d)
[  297.205710][T12792] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2516'.
[  297.328989][T12798] loop7: detected capacity change from 0 to 1024
[  297.487469][T12807] loop7: detected capacity change from 0 to 16
[  297.492098][T12807] erofs (device loop7): dirblkbits 6 isn't supported
[  297.657750][T12814] loop7: detected capacity change from 0 to 4096
[  297.671616][T12814] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  297.674518][T12814] EXT4-fs (loop7): Test dummy encryption mode enabled
[  297.692490][T12816] loop6: detected capacity change from 0 to 4096
[  297.702918][T12814] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  297.789927][T10083] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.832972][T12856] netlink: 4768 bytes leftover after parsing attributes in process `syz.7.2546'.
[  298.976760][T12862] loop7: detected capacity change from 0 to 1024
[  299.007689][T12862] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  299.012583][T12862] ext4 filesystem being mounted at /276/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  299.031764][T12862] EXT4-fs (loop7): stripe (248) is not aligned with cluster size (16), stripe is disabled
[  299.038657][T12862] EXT4-fs (loop7): can't enable nombcache during remount
[  299.137867][T12867] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  299.748673][T12876] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2552'.
[  299.767522][T12876] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2552'.
[  299.770622][T12876] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2552'.
[  299.774406][T12876] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2552'.
[  300.187752][T12882] loop6: detected capacity change from 0 to 4096
[  300.252465][T10083] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.130498][T12910] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2573'.
[  301.148557][T12910] vlan2: entered allmulticast mode
[  301.153536][T12910] bridge0: port 3(vlan2) entered blocking state
[  301.156371][T12910] bridge0: port 3(vlan2) entered disabled state
[  301.160675][T12910] vlan2: entered promiscuous mode
[  301.226904][T12914] loop7: detected capacity change from 0 to 1024
[  301.254593][T12914] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  301.280855][T10083] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.666022][T12928] loop7: detected capacity change from 0 to 16
[  301.675509][T12928] erofs (device loop7): invalid checksum 0x115dac64, 0x7bbbea8c expected
[  301.704057][T12930] TCP: TCP_TX_DELAY enabled
[  301.809669][T12937] vxlan0: entered promiscuous mode
[  301.813987][T12937] vxlan0: entered allmulticast mode
[  301.816955][ T5876] netdevsim netdevsim7 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  301.820279][ T5876] netdevsim netdevsim7 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  301.842681][ T5876] netdevsim netdevsim7 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  301.845336][ T5876] netdevsim netdevsim7 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  301.964864][T12943] loop7: detected capacity change from 0 to 256
[  301.995284][T12943] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x9aa2f194, utbl_chksum : 0xe619d30d)
[  302.141774][T12954] loop6: detected capacity change from 0 to 1024
[  302.172495][   T36] hfsplus: b-tree write err: -5, ino 4
[  303.152121][   T33] kauditd_printk_skb: 148 callbacks suppressed
[  303.152136][   T33] audit: type=1326 audit(1755394197.271:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12987 comm="syz.6.2602" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ff00000
[  303.223754][   T33] audit: type=1326 audit(1755394197.281:385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12987 comm="syz.6.2602" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ff00000
[  303.232788][   T33] audit: type=1326 audit(1755394197.281:386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12987 comm="syz.6.2602" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ff00000
[  303.240723][   T33] audit: type=1326 audit(1755394197.281:387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12987 comm="syz.6.2602" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ff00000
[  303.249353][   T33] audit: type=1326 audit(1755394197.281:388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12987 comm="syz.6.2602" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ff00000
[  303.259332][   T33] audit: type=1326 audit(1755394197.281:389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12987 comm="syz.6.2602" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ff00000
[  303.274360][   T33] audit: type=1326 audit(1755394197.281:390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12987 comm="syz.6.2602" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ff00000
[  303.291748][   T33] audit: type=1326 audit(1755394197.281:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12987 comm="syz.6.2602" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ff00000
[  303.299868][   T33] audit: type=1326 audit(1755394197.281:392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12987 comm="syz.6.2602" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ff00000
[  303.331485][   T33] audit: type=1326 audit(1755394197.281:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12987 comm="syz.6.2602" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ff00000
[  303.559742][T13003] loop6: detected capacity change from 0 to 1024
[  303.564185][T13003] EXT4-fs: Ignoring removed orlov option
[  303.566185][T13003] EXT4-fs: Ignoring removed mblk_io_submit option
[  303.568926][T13003] EXT4-fs (loop6): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  303.601045][T13003] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  303.659240][ T9938] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.751442][ T5884] usb 8-1: new high-speed USB device number 13 using dummy_hcd
[  303.906112][ T5884] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x64, changing to 0x4
[  303.910929][ T5884] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7
[  303.916380][ T5884] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  303.919941][ T5884] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.924856][ T5884] usb 8-1: config 0 descriptor??
[  304.138279][ T5884] ath6kl: Failed to submit usb control message: -71
[  304.141105][ T5884] ath6kl: unable to send the bmi data to the device: -71
[  304.144526][ T5884] ath6kl: Unable to send get target info: -71
[  304.148212][ T5884] ath6kl: Failed to init ath6kl core: -71
[  304.151576][ T5884] ath6kl_usb 8-1:0.0: probe with driver ath6kl_usb failed with error -71
[  304.158486][ T5884] usb 8-1: USB disconnect, device number 13
[  304.940377][T13041] loop7: detected capacity change from 0 to 512
[  304.949946][T13042] netlink: 'syz.6.2624': attribute type 1 has an invalid length.
[  304.993504][T13041] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  304.998258][T13041] ext4 filesystem being mounted at /302/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  305.008366][T13041] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 3: comm syz.7.2625: path /302/file1: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  305.025987][T13042] 8021q: adding VLAN 0 to HW filter on device bond1
[  305.027519][T13041] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 4: comm syz.7.2625: path /302/file1: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=11, rec_len=10454, size=2048 fake=1
[  305.038657][T13041] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 12: comm syz.7.2625: path /302/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  305.042795][T13043] netlink: 6 bytes leftover after parsing attributes in process `syz.0.2622'.
[  305.047043][T13041] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 13: comm syz.7.2625: path /302/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  305.059449][T13041] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 14: comm syz.7.2625: path /302/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  305.067209][T13043] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  305.068142][T13041] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 15: comm syz.7.2625: path /302/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  305.088826][T13041] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 16: comm syz.7.2625: path /302/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  305.098061][T13041] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 17: comm syz.7.2625: path /302/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  305.106542][T13041] EXT4-fs error (device loop7): ext4_map_blocks:778: inode #2: block 18: comm syz.7.2625: lblock 23 mapped to illegal pblock 18 (length 1)
[  305.112676][T13041] EXT4-fs error (device loop7): ext4_readdir:264: inode #2: block 19: comm syz.7.2625: path /302/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  305.132378][T13047] vlan3: entered allmulticast mode
[  305.134435][T13047] bond1: entered allmulticast mode
[  305.701484][ T5897] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  305.806962][T10083] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.851541][ T5897] usb 7-1: Using ep0 maxpacket: 32
[  305.856839][ T5897] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  305.866361][ T5897] usb 7-1: config 0 has no interface number 0
[  305.868621][ T5897] usb 7-1: config 0 interface 12 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  305.876012][ T5897] usb 7-1: config 0 interface 12 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  305.879297][ T5897] usb 7-1: config 0 interface 12 has no altsetting 0
[  305.891124][ T5897] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  305.900419][ T5897] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.904186][ T5897] usb 7-1: Product: syz
[  305.905512][ T5897] usb 7-1: Manufacturer: syz
[  305.907112][ T5897] usb 7-1: SerialNumber: syz
[  305.917299][ T5897] usb 7-1: config 0 descriptor??
[  305.920697][ T5897] f81534 7-1:0.12: unsupported endpoint max packet size
[  306.126646][ T5897] usb 7-1: USB disconnect, device number 12
[  306.165484][ T5314] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[  306.321617][ T5314] usb 8-1: Using ep0 maxpacket: 16
[  306.330199][ T5314] usb 8-1: config 0 has an invalid interface number: 8 but max is 0
[  306.343139][ T5314] usb 8-1: config 0 has no interface number 0
[  306.345026][ T5314] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  306.348458][ T5314] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 49152, setting to 1024
[  306.354519][ T5314] usb 8-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  306.357298][ T5314] usb 8-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  306.359760][ T5314] usb 8-1: Product: syz
[  306.361147][ T5314] usb 8-1: SerialNumber: syz
[  306.365582][ T5314] usb 8-1: config 0 descriptor??
[  306.372692][ T5314] cm109 8-1:0.8: invalid payload size 1024, expected 4
[  306.379079][ T5314] input: CM109 USB driver as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:0.8/input/input10
[  306.604312][    C1] cm109 8-1:0.8: cm109_urb_irq_callback: urb status -71
[  306.799888][    C1] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71
[  306.803138][    C1] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71
[  306.803527][ T5897] usb 8-1: USB disconnect, device number 14
[  306.805767][    C1] cm109 8-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  306.825545][ T5897] cm109 8-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  307.838058][T13099] loop6: detected capacity change from 0 to 1024
[  307.896145][ T3011] hfsplus: b-tree write err: -5, ino 4
[  308.383175][T13124] usb usb8: usbfs: interface 0 claimed by hub while 'syz.6.2659' sets config #0
[  308.564244][   T33] kauditd_printk_skb: 86 callbacks suppressed
[  308.564260][   T33] audit: type=1326 audit(1755394202.681:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13133 comm="syz.7.2664" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  308.585796][   T33] audit: type=1326 audit(1755394202.681:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13133 comm="syz.7.2664" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  308.595124][   T33] audit: type=1326 audit(1755394202.681:482): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13133 comm="syz.7.2664" exe="/syz-executor" sig=0 arch=c000003e syscall=161 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  308.612271][   T33] audit: type=1326 audit(1755394202.681:483): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13133 comm="syz.7.2664" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  308.620020][   T33] audit: type=1326 audit(1755394202.681:484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13133 comm="syz.7.2664" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3a558ebe9 code=0x7ffc0000
[  308.682255][T13136] loop7: detected capacity change from 0 to 4096
[  308.695239][    T9] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  308.721737][T13136] ntfs3(loop7): ino=3, ntfs_set_state failed, -22.
[  308.730160][T13136] ntfs3(loop7): Failed to initialize $Extend/$ObjId.
[  308.736174][T13136] ntfs3(loop7): mft corrupted
[  308.738197][T13136] ntfs3(loop7): Failed to load root (-22).
[  308.745723][T13136] ntfs3(loop7): ino=3, ntfs3_write_inode failed, -22.
[  308.853751][    T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  308.858003][    T9] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  308.862753][    T9] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  308.866147][    T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.879463][    T9] usb 7-1: config 0 descriptor??
[  309.041851][ T5898] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[  309.193439][ T5898] usb 8-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  309.197110][ T5898] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.203049][ T5898] usb 8-1: config 0 descriptor??
[  309.211799][ T5898] gspca_main: spca508-2.14.0 probing 8086:0110
[  309.291534][    T9] kovaplus 0003:1E7D:2D50.0007: item fetching failed at offset 2/5
[  309.298534][    T9] kovaplus 0003:1E7D:2D50.0007: parse failed
[  309.300398][    T9] kovaplus 0003:1E7D:2D50.0007: probe with driver kovaplus failed with error -22
[  309.415719][ T5898] gspca_spca508: reg_read err -32
[  309.417890][ T5898] gspca_spca508: reg_read err -32
[  309.420248][ T5898] gspca_spca508: reg_read err -32
[  309.491086][ T5897] usb 7-1: USB disconnect, device number 13
[  309.624354][ T5898] gspca_spca508: reg_read err -71
[  309.627319][ T5898] gspca_spca508: reg write: error -71
[  309.629587][ T5898] spca508 8-1:0.0: probe with driver spca508 failed with error -71
[  309.635272][ T5898] usb 8-1: USB disconnect, device number 15
[  310.498019][T13181] loop6: detected capacity change from 0 to 32768
[  310.502309][T13181] bcachefs (/dev/loop6): error reading default superblock: Not a bcachefs superblock (got magic c68573f6-4e1a-45ca-8231-f2ffffffffff)
[  310.509138][T13181] bcachefs (/dev/loop6): error validating superblock: Invalid superblock section members_v2: device 0: not enough buckets (got 0, max 64)
[  310.509138][T13181] members_v2 (size 96):
[  310.509138][T13181] member_bytes 0
[  310.517791][T13181] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[  312.621615][    T9] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  312.771752][    T9] usb 7-1: Using ep0 maxpacket: 16
[  312.776719][    T9] usb 7-1: config 0 has an invalid interface number: 9 but max is 1
[  312.779642][    T9] usb 7-1: config 0 has an invalid interface number: 9 but max is 1
[  312.788452][    T9] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  312.802793][    T9] usb 7-1: config 0 has no interface number 0
[  312.809237][    T9] usb 7-1: config 0 interface 9 has no altsetting 0
[  312.818634][    T9] usb 7-1: config 0 interface 9 has no altsetting 1
[  312.824278][    T9] usb 7-1: New USB device found, idVendor=1199, idProduct=6891, bcdDevice=89.a0
[  312.827384][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.831281][    T9] usb 7-1: Product: syz
[  312.836271][    T9] usb 7-1: Manufacturer: syz
[  312.840458][    T9] usb 7-1: SerialNumber: syz
[  312.863628][    T9] usb 7-1: config 0 descriptor??
[  313.086504][    T9] usb 7-1: selecting invalid altsetting 1
[  313.094086][    T9] sierra 7-1:0.9: Sierra USB modem converter detected
[  313.109125][    T9] usb 7-1: Sierra USB modem converter now attached to ttyUSB0
[  313.128357][    T9] usb 7-1: USB disconnect, device number 14
[  313.140906][    T9] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  313.156227][    T9] sierra 7-1:0.9: device disconnected
[  313.518236][T13234] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  314.159706][T13257] loop7: detected capacity change from 0 to 256
[  314.180660][T13257] FAT-fs (loop7): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  314.254839][T13257] FAT-fs (loop7): Directory bread(block 64) failed
[  314.257104][T13257] FAT-fs (loop7): Directory bread(block 65) failed
[  314.259684][T13257] FAT-fs (loop7): Directory bread(block 66) failed
[  314.262285][T13257] FAT-fs (loop7): Directory bread(block 67) failed
[  314.264876][T13257] FAT-fs (loop7): Directory bread(block 68) failed
[  314.267126][T13257] FAT-fs (loop7): Directory bread(block 69) failed
[  314.270035][T13257] FAT-fs (loop7): Directory bread(block 70) failed
[  314.272562][T13257] FAT-fs (loop7): Directory bread(block 71) failed
[  314.275097][T13257] FAT-fs (loop7): Directory bread(block 72) failed
[  314.277378][T13257] FAT-fs (loop7): Directory bread(block 73) failed
[  315.020607][T13280] netlink: 'syz.6.2726': attribute type 4 has an invalid length.
[  315.023294][T13280] netlink: 17 bytes leftover after parsing attributes in process `syz.6.2726'.
[  315.789662][ T5314] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[  316.147102][ T5314] usb 8-1: Using ep0 maxpacket: 32
[  316.154632][ T5314] usb 8-1: config 0 has an invalid interface number: 36 but max is 0
[  316.158145][ T5314] usb 8-1: config 0 has no interface number 0
[  316.167595][ T5314] usb 8-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=1b.c4
[  316.171769][ T5314] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  316.175403][ T5314] usb 8-1: Product: syz
[  316.177429][ T5314] usb 8-1: Manufacturer: syz
[  316.179575][ T5314] usb 8-1: SerialNumber: syz
[  316.190871][ T5314] usb 8-1: config 0 descriptor??
[  316.407865][ T5314] cx82310_eth 8-1:0.36: probe with driver cx82310_eth failed with error -71
[  316.414248][ T5314] cxacru 8-1:0.36: usbatm_usb_probe: bind failed: -19!
[  316.419285][ T5314] usb 8-1: USB disconnect, device number 16
[  316.643772][T13319] loop6: detected capacity change from 0 to 1024
[  316.669132][T13319] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  316.683712][T13319] EXT4-fs error (device loop6): ext4_xattr_inode_iget:437: inode #11: comm syz.6.2746: missing EA_INODE flag
[  316.693853][T13319] EXT4-fs (loop6): Remounting filesystem read-only
[  316.714520][ T9938] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.848380][ T1365] ieee802154 phy0 wpan0: encryption failed: -22
[  317.400943][T13339] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2754'.
[  318.997597][T13357] mac80211_hwsim hwsim17 wlan1: entered promiscuous mode
[  318.999830][T13357] mac80211_hwsim hwsim17 wlan1: entered allmulticast mode
[  319.534208][T13362] loop7: detected capacity change from 0 to 131072
[  319.537213][T13362] F2FS-fs (loop7): Wrong CP boundary, start(512) end(1536) blocks(0)
[  319.539784][T13362] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  319.543460][T13362] F2FS-fs (loop7): invalid crc value
[  319.585574][T13362] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  319.593162][T13362] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  319.595701][T13362] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  319.625152][T13362] F2FS-fs (loop7): Stopped filesystem due to reason: 0
[  319.951473][ T5912] usb 7-1: new full-speed USB device number 15 using dummy_hcd
[  320.133398][ T5912] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  320.135800][ T5912] usb 7-1: config 0 has no interface number 0
[  320.137793][ T5912] usb 7-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  320.140981][ T5912] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.150205][ T5912] usb 7-1: config 0 descriptor??
[  320.158858][ T5912] usb 7-1: selecting invalid altsetting 1
[  320.172363][ T5912] dvb_ttusb_budget: ttusb_init_controller: error
[  320.174734][ T5912] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  320.214360][ T5912] DVB: Unable to find symbol cx22700_attach()
[  320.230082][ T5912] DVB: Unable to find symbol tda10046_attach()
[  320.233027][ T5912] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  320.306871][T13386] rdma_rxe: rxe_newlink: failed to add vxcan1
[  320.375047][ T5912] usb 7-1: USB disconnect, device number 15
[  321.139674][T13396] loop7: detected capacity change from 0 to 40427
[  321.148224][T13396] F2FS-fs (loop7): invalid crc value
[  321.197748][T13396] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  321.202396][T13396] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  321.227264][   T33] audit: type=1800 audit(1755394215.341:485): pid=13396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2778" name="file1" dev="loop7" ino=10 res=0 errno=0
[  321.282581][T10083] syz-executor: attempt to access beyond end of device
[  321.282581][T10083] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  321.298650][T10083] CPU: 0 UID: 0 PID: 10083 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  321.298673][T10083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  321.298682][T10083] Call Trace:
[  321.298688][T10083]  <TASK>
[  321.298696][T10083]  dump_stack_lvl+0x189/0x250
[  321.298720][T10083]  ? __pfx_dump_stack_lvl+0x10/0x10
[  321.298735][T10083]  ? __pfx_queue_work_on+0x10/0x10
[  321.298785][T10083]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  321.298805][T10083]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  321.298830][T10083]  f2fs_handle_critical_error+0x37c/0x540
[  321.298855][T10083]  f2fs_write_end_io+0x886/0xb60
[  321.298882][T10083]  __submit_merged_bio+0x27a/0x6a0
[  321.298905][T10083]  __submit_merged_write_cond+0x255/0x530
[  321.298926][T10083]  f2fs_write_data_pages+0x261d/0x3000
[  321.298971][T10083]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.299034][T10083]  ? folios_put_refs+0x559/0x640
[  321.299058][T10083]  ? __pfx_folios_put_refs+0x10/0x10
[  321.299071][T10083]  ? rcu_is_watching+0x15/0xb0
[  321.299093][T10083]  ? __lock_acquire+0xab9/0xd20
[  321.299125][T10083]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  321.299143][T10083]  do_writepages+0x32e/0x550
[  321.299169][T10083]  ? do_raw_spin_unlock+0x4d/0x240
[  321.299189][T10083]  filemap_fdatawrite+0x199/0x240
[  321.299207][T10083]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  321.299261][T10083]  ? do_raw_spin_unlock+0x4d/0x240
[  321.299280][T10083]  f2fs_sync_dirty_inodes+0x31f/0x830
[  321.299306][T10083]  f2fs_write_checkpoint+0x95a/0x1df0
[  321.299340][T10083]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  321.299406][T10083]  ? kill_f2fs_super+0x298/0x6c0
[  321.299425][T10083]  kill_f2fs_super+0x2c3/0x6c0
[  321.299444][T10083]  ? __pfx_kill_f2fs_super+0x10/0x10
[  321.299456][T10083]  ? radix_tree_delete_item+0x2b6/0x400
[  321.299480][T10083]  ? shrinker_free+0x2ce/0x3e0
[  321.299497][T10083]  deactivate_locked_super+0xbc/0x130
[  321.299516][T10083]  cleanup_mnt+0x425/0x4c0
[  321.299533][T10083]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.299552][T10083]  task_work_run+0x1d4/0x260
[  321.299573][T10083]  ? __pfx_task_work_run+0x10/0x10
[  321.299588][T10083]  ? __x64_sys_umount+0x122/0x160
[  321.299605][T10083]  ? exit_to_user_mode_loop+0x40/0x110
[  321.299621][T10083]  exit_to_user_mode_loop+0xec/0x110
[  321.299639][T10083]  do_syscall_64+0x2bd/0x3b0
[  321.299657][T10083]  ? lockdep_hardirqs_on+0x9c/0x150
[  321.299674][T10083]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.299687][T10083]  ? exc_page_fault+0x9f/0xf0
[  321.299705][T10083]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  321.299719][T10083] RIP: 0033:0x7fc3a558ff17
[  321.299731][T10083] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  321.299742][T10083] RSP: 002b:00007ffefbb20208 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  321.299790][T10083] RAX: 0000000000000000 RBX: 00007fc3a5611c05 RCX: 00007fc3a558ff17
[  321.299800][T10083] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffefbb202c0
[  321.299807][T10083] RBP: 00007ffefbb202c0 R08: 0000000000000000 R09: 0000000000000000
[  321.299813][T10083] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffefbb21350
[  321.299822][T10083] R13: 00007fc3a5611c05 R14: 000000000004e666 R15: 00007ffefbb21390
[  321.299842][T10083]  </TASK>
[  321.299957][T10083] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  321.898005][T13414] loop7: detected capacity change from 0 to 32768
[  322.032458][T13414] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  322.032482][T13414]   allowing incompatible features above 0.0: (unknown version)
[  322.032506][T13414]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  322.049538][T13414] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0
[  322.052886][T13414] bcachefs (loop7): initializing new filesystem
[  322.062898][T13414] bcachefs (loop7): going read-write
[  322.073649][T13414] bcachefs (loop7): marking superblocks
[  322.083575][T13414] bcachefs (loop7): initializing freespace
[  322.088781][T13414] bcachefs (loop7): done initializing freespace
[  322.093404][T13414] bcachefs (loop7): reading snapshots table
[  322.095886][T13414] bcachefs (loop7): reading snapshots done
[  322.138175][T13414] bcachefs (loop7): done starting filesystem
[  322.210164][T13435] overlayfs: failed to resolve './cgroup': -2
[  322.260673][T13437] bridge0: port 1(bridge_slave_0) entered disabled state
[  322.267528][T13437] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  322.916812][T10083] bcachefs (loop7): shutting down
[  322.918870][T10083] bcachefs (loop7): going read-only
[  322.920560][T10083] bcachefs (loop7): finished waiting for writes to stop
[  322.943966][T10083] bcachefs (loop7): flushing journal and stopping allocators, journal seq 4
[  322.996800][T10083] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 4
[  323.002144][T10083] bcachefs (loop7): clean shutdown complete, journal seq 5
[  323.005781][T10083] bcachefs (loop7): marking filesystem clean
[  323.032008][T13460] input: syz1 as /devices/virtual/input/input11
[  323.071961][T10083] bcachefs (loop7): shutdown complete
[  323.161206][T13466] loop6: detected capacity change from 0 to 64
[  323.180380][T13466] BFS-fs: bfs_fill_super(): loop6 is unclean, continuing
[  323.265662][T13470] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2803'.
[  323.269348][T13470] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  323.279760][T13470] batman_adv: batadv0: Removing interface: batadv_slave_0
[  323.288954][T13470] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  323.300227][T13470] batman_adv: batadv0: Removing interface: batadv_slave_1
[  324.041908][ T5854] Bluetooth: hci0: command 0x0406 tx timeout
[  324.159726][T13488] loop6: detected capacity change from 0 to 32768
[  324.168779][T13488] bcachefs: bch2_fs_parse_param() Error parsing option compression: option_value
[  324.616907][T13494] loop7: detected capacity change from 0 to 4096
[  324.652302][T13494] ntfs3(loop7): Different NTFS sector size (4096) and media sector size (512).
[  324.720015][T13494] ntfs3(loop7): Failed to initialize $Extend/$Reparse.
[  324.740429][T13496] loop6: detected capacity change from 0 to 4096
[  325.398572][T13506] loop7: detected capacity change from 0 to 32768
[  325.483126][T13506] XFS (loop7): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  325.518903][T13506] XFS (loop7): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  325.555911][T13506] XFS (loop7): Starting recovery (logdev: internal)
[  325.615171][T13506] XFS (loop7): Ending recovery (logdev: internal)
[  325.696227][T10083] XFS (loop7): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  326.758857][  T793] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  326.921584][  T793] usb 7-1: Using ep0 maxpacket: 32
[  326.925849][  T793] usb 7-1: config 0 interface 0 has no altsetting 0
[  326.931050][  T793] usb 7-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  326.934826][  T793] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  326.938581][  T793] usb 7-1: Product: syz
[  326.940432][  T793] usb 7-1: Manufacturer: syz
[  326.942437][  T793] usb 7-1: SerialNumber: syz
[  326.947921][  T793] usb 7-1: config 0 descriptor??
[  327.349838][T13579] netlink: 'syz.0.2843': attribute type 24 has an invalid length.
[  327.405314][  T793] gs_usb 7-1:0.0: Configuring for 2 interfaces
[  327.523421][T13587] loop7: detected capacity change from 0 to 256
[  327.568727][T13587] FAT-fs (loop7): Directory bread(block 64) failed
[  327.575096][T13587] FAT-fs (loop7): Directory bread(block 65) failed
[  327.578132][T13587] FAT-fs (loop7): Directory bread(block 66) failed
[  327.580787][T13587] FAT-fs (loop7): Directory bread(block 67) failed
[  327.585668][T13587] FAT-fs (loop7): Directory bread(block 68) failed
[  327.588579][T13587] FAT-fs (loop7): Directory bread(block 69) failed
[  327.594885][T13587] FAT-fs (loop7): Directory bread(block 70) failed
[  327.597876][T13587] FAT-fs (loop7): Directory bread(block 71) failed
[  327.600761][T13587] FAT-fs (loop7): Directory bread(block 72) failed
[  327.603755][T13587] FAT-fs (loop7): Directory bread(block 73) failed
[  327.772518][T13591] sp0: Synchronizing with TNC
[  327.810519][  T793] gs_usb 7-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  327.845167][  T793] gs_usb 7-1:0.0: Couldn't get bit timing const for channel 1 (-EPROTO)
[  327.916185][  T793] gs_usb 7-1:0.0: probe with driver gs_usb failed with error -71
[  327.927155][  T793] usb 7-1: USB disconnect, device number 16
[  327.973900][T13594] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  327.973952][T13593] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  328.096051][T13602] netlink: 16 bytes leftover after parsing attributes in process `syz.7.2854'.
[  328.099928][T13602] netlink: 224 bytes leftover after parsing attributes in process `syz.7.2854'.
[  328.423436][   T33] audit: type=1326 audit(1755394222.541:486): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13614 comm="syz.6.2860" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ffc0000
[  328.442241][   T33] audit: type=1326 audit(1755394222.541:487): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13614 comm="syz.6.2860" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ffc0000
[  328.475412][   T33] audit: type=1326 audit(1755394222.561:488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13614 comm="syz.6.2860" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7e1978ebe9 code=0x7ffc0000
[  328.501519][   T33] audit: type=1326 audit(1755394222.561:489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13614 comm="syz.6.2860" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ffc0000
[  328.530663][   T33] audit: type=1326 audit(1755394222.561:490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13614 comm="syz.6.2860" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ffc0000
[  328.557967][   T33] audit: type=1326 audit(1755394222.571:491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13614 comm="syz.6.2860" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7e1978ebe9 code=0x7ffc0000
[  328.571515][   T33] audit: type=1326 audit(1755394222.571:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13614 comm="syz.6.2860" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ffc0000
[  328.599702][   T33] audit: type=1326 audit(1755394222.571:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13614 comm="syz.6.2860" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ffc0000
[  328.631460][   T33] audit: type=1326 audit(1755394222.571:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13614 comm="syz.6.2860" exe="/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f7e1978ebe9 code=0x7ffc0000
[  328.644559][   T33] audit: type=1326 audit(1755394222.571:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13614 comm="syz.6.2860" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e1978ebe9 code=0x7ffc0000
[  329.044503][T13628] syz.6.2866 (13628): drop_caches: 0
[  329.784487][T13646] pimreg: entered allmulticast mode
[  329.790241][T13646] pimreg: left allmulticast mode
[  330.031931][T13653] loop7: detected capacity change from 0 to 32768
[  330.035725][T13653] bcachefs (/dev/loop7): error validating superblock: Invalid superblock section replicas_v0: invalid device 1 in entry user: 1/255 [0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 3 3 4 5 5 5 5 5 5 6 6 6 6 8 8 10 11 32 33 83 108]
[  330.035725][T13653] replicas_v0 (size 24):
[  330.035725][T13653] btree: 1 [0] journal: 1 [0] user: 255 [0 0 0 0 0 0 0 0 108 1 0 0 6 0 0 0 0 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 1 0 1 0 5 0 0 0 8 0 0 0 0 0 0 0 1 0 2 0 5 0 0 0 2 0 0 0 0 0 0 0 1 0 0 0 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 3 5 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 6 0 0 0 0 11 0 0 0 0 0 0 3 1 1 0 0 0 0 0 2 
[  330.035822][T13653] bcachefs: bch2_fs_get_tree() error: invalid_replicas_entry
[  330.124751][T13666] openvswitch: netlink: Message has 4 unknown bytes.
[  330.128740][T13666] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  330.491222][T13684] loop7: detected capacity change from 0 to 1024
[  330.501240][T13684] hfsplus: bad catalog entry type
[  330.907859][T13700] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (8)
[  330.983910][T13706] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2900'.
[  331.171720][  T793] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  331.337517][  T793] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  331.342399][  T793] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  331.347834][  T793] usb 7-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  331.351275][  T793] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.357717][  T793] usb 7-1: config 0 descriptor??
[  331.573302][  T793] usb 7-1: USB disconnect, device number 17
[  331.958425][T13739] loop7: detected capacity change from 0 to 32768
[  331.964921][T13739] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.2915 (13739)
[  331.980608][T13739] BTRFS info (device loop7): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  331.984211][T13739] BTRFS info (device loop7): using sha256 (sha256-lib) checksum algorithm
[  331.986989][T13739] BTRFS info (device loop7): using free-space-tree
[  332.093446][T10083] BTRFS info (device loop7): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  332.188193][T13760] misc userio: No port type given on /dev/userio
[  332.420714][T13774] ieee802154 phy0 wpan0: encryption failed: -22
[  332.459469][T13776] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2925'.
[  332.531853][ T5898] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  332.684237][T13789] netlink: 76 bytes leftover after parsing attributes in process `syz.7.2931'.
[  332.688774][ T5898] usb 7-1: Using ep0 maxpacket: 8
[  332.696076][ T5898] usb 7-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[  332.699348][ T5898] usb 7-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[  332.704051][ T5898] usb 7-1: Product: syz
[  332.710459][ T5898] usb 7-1: Manufacturer: syz
[  332.712737][ T5898] usb 7-1: SerialNumber: syz
[  332.723151][ T5898] usb 7-1: config 0 descriptor??
[  332.729768][ T5898] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[  332.909155][T13801] netlink: 'syz.7.2937': attribute type 30 has an invalid length.
[  333.135036][ T5898] gspca_zc3xx: reg_r err -71
[  333.138403][ T5898] gspca_zc3xx 7-1:0.0: probe with driver gspca_zc3xx failed with error -71
[  333.149793][ T5898] usb 7-1: USB disconnect, device number 18
[  333.913765][T13824] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2946'.
[  333.916567][T13824] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2946'.
[  334.413122][T13842] loop6: detected capacity change from 0 to 40427
[  334.422317][T13842] F2FS-fs (loop6): build fault injection rate: 771
[  334.426422][T13842] F2FS-fs (loop6): invalid crc value
[  334.465802][T13842] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  334.469553][T13842] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  334.500495][ T9938] syz-executor: attempt to access beyond end of device
[  334.500495][ T9938] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  334.508248][ T9938] CPU: 0 UID: 0 PID: 9938 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  334.508263][ T9938] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  334.508269][ T9938] Call Trace:
[  334.508272][ T9938]  <TASK>
[  334.508277][ T9938]  dump_stack_lvl+0x189/0x250
[  334.508292][ T9938]  ? __pfx_dump_stack_lvl+0x10/0x10
[  334.508301][ T9938]  ? __pfx_queue_work_on+0x10/0x10
[  334.508310][ T9938]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  334.508321][ T9938]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  334.508337][ T9938]  f2fs_handle_critical_error+0x37c/0x540
[  334.508352][ T9938]  f2fs_write_end_io+0x886/0xb60
[  334.508369][ T9938]  __submit_merged_bio+0x27a/0x6a0
[  334.508383][ T9938]  __submit_merged_write_cond+0x255/0x530
[  334.508397][ T9938]  f2fs_write_data_pages+0x261d/0x3000
[  334.508427][ T9938]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  334.508461][ T9938]  ? __mod_zone_page_state+0xd7/0x140
[  334.508477][ T9938]  ? folios_put_refs+0x560/0x640
[  334.508493][ T9938]  ? __lock_acquire+0xab9/0xd20
[  334.508509][ T9938]  ? do_raw_spin_lock+0x121/0x290
[  334.508524][ T9938]  ? do_raw_spin_unlock+0x4d/0x240
[  334.508534][ T9938]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  334.508545][ T9938]  do_writepages+0x32e/0x550
[  334.508562][ T9938]  ? do_raw_spin_unlock+0x4d/0x240
[  334.508573][ T9938]  filemap_fdatawrite+0x199/0x240
[  334.508584][ T9938]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  334.508620][ T9938]  ? do_raw_spin_unlock+0x4d/0x240
[  334.508631][ T9938]  f2fs_sync_dirty_inodes+0x31f/0x830
[  334.508647][ T9938]  f2fs_write_checkpoint+0x95a/0x1df0
[  334.508668][ T9938]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  334.508698][ T9938]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  334.508706][ T9938]  ? kfree+0x18e/0x440
[  334.508716][ T9938]  ? kill_f2fs_super+0x298/0x6c0
[  334.508727][ T9938]  kill_f2fs_super+0x2c3/0x6c0
[  334.508738][ T9938]  ? __pfx_kill_f2fs_super+0x10/0x10
[  334.508745][ T9938]  ? radix_tree_delete_item+0x2b6/0x400
[  334.508759][ T9938]  ? shrinker_free+0x2ce/0x3e0
[  334.508769][ T9938]  deactivate_locked_super+0xbc/0x130
[  334.508780][ T9938]  cleanup_mnt+0x425/0x4c0
[  334.508788][ T9938]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.508800][ T9938]  task_work_run+0x1d4/0x260
[  334.508819][ T9938]  ? __pfx_task_work_run+0x10/0x10
[  334.508828][ T9938]  ? __x64_sys_umount+0x122/0x160
[  334.508862][ T9938]  ? exit_to_user_mode_loop+0x40/0x110
[  334.508877][ T9938]  exit_to_user_mode_loop+0xec/0x110
[  334.508888][ T9938]  do_syscall_64+0x2bd/0x3b0
[  334.508899][ T9938]  ? lockdep_hardirqs_on+0x9c/0x150
[  334.508908][ T9938]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.508916][ T9938]  ? exc_page_fault+0x9f/0xf0
[  334.508927][ T9938]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  334.508934][ T9938] RIP: 0033:0x7f7e1978ff17
[  334.508943][ T9938] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  334.508950][ T9938] RSP: 002b:00007ffea3a66308 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  334.508958][ T9938] RAX: 0000000000000000 RBX: 00007f7e19811c05 RCX: 00007f7e1978ff17
[  334.508964][ T9938] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffea3a663c0
[  334.508968][ T9938] RBP: 00007ffea3a663c0 R08: 0000000000000000 R09: 0000000000000000
[  334.508973][ T9938] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffea3a67450
[  334.508978][ T9938] R13: 00007f7e19811c05 R14: 0000000000051a2a R15: 00007ffea3a67490
[  334.508993][ T9938]  </TASK>
[  334.508996][ T9938] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  334.958471][T13867] loop6: detected capacity change from 0 to 32768
[  334.961858][T13867] bcachefs (/dev/loop6): error validating superblock: Invalid option errors: too big (max 4)
[  334.965169][T13867] bcachefs: bch2_fs_get_tree() error: ERANGE_option_too_big
[  335.146923][T13873] loop7: detected capacity change from 0 to 4096
[  335.207103][T13869] loop6: detected capacity change from 0 to 32768
[  335.220977][T13869] bcachefs (/dev/loop6): error validating superblock: Invalid superblock: optional field extends past end of superblock (type 1)
[  335.226770][T13869] bcachefs: bch2_fs_get_tree() error: invalid_sb_field_size
[  335.412028][T13880] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_to_bridge, syncid = 512, id = 0
[  335.800253][T13893] loop6: detected capacity change from 0 to 40427
[  335.807327][T13893] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  335.810297][T13893] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  335.881937][T13893] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  335.888229][T13893] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  335.890935][T13893] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  335.917975][   T33] kauditd_printk_skb: 5 callbacks suppressed
[  335.917987][   T33] audit: type=1804 audit(591.804:501): pid=13893 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.6.2974" name="/newroot/437/bus/file0" dev="loop6" ino=10 res=1 errno=0
[  336.287498][T13924] loop7: detected capacity change from 0 to 1024
[  336.307118][T13924] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  336.333348][T13924] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  336.336432][T13924] EXT4-fs (loop7): orphan cleanup on readonly fs
[  336.348582][T13924] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  336.356813][T13924] EXT4-fs (loop7): Remounting filesystem read-only
[  336.359131][T13924] Quota error (device loop7): write_blk: dquota write failed
[  336.363254][T13924] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  336.366390][T13924] EXT4-fs (loop7): 1 truncate cleaned up
[  336.375013][T13924] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  336.396313][T10083] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.430922][T13915] loop6: detected capacity change from 0 to 40427
[  336.468911][T13915] F2FS-fs (loop6): invalid crc value
[  336.525435][T13915] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  336.530584][T13915] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  336.981706][ T5898] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[  337.050643][T13967] loop6: detected capacity change from 0 to 32768
[  337.077183][T13967] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  337.093880][T13967] 
[  337.094721][T13967] ======================================================
[  337.096910][T13967] WARNING: possible circular locking dependency detected
[  337.099087][T13967] 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 Not tainted
[  337.101700][T13967] ------------------------------------------------------
[  337.104813][T13967] syz.6.3005/13967 is trying to acquire lock:
[  337.107484][T13967] ffff888031da1578 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_init_acl+0x2f9/0x720
[  337.111510][T13967] 
[  337.111510][T13967] but task is already holding lock:
[  337.114708][T13967] ffff888124f18950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0
[  337.118644][T13967] 
[  337.118644][T13967] which lock already depends on the new lock.
[  337.118644][T13967] 
[  337.123029][T13967] 
[  337.123029][T13967] the existing dependency chain (in reverse order) is:
[  337.127029][T13967] 
[  337.127029][T13967] -> #4 (jbd2_handle){++++}-{0:0}:
[  337.129976][T13967]        lock_acquire+0x120/0x360
[  337.131986][T13967]        start_this_handle+0x1fa7/0x21c0
[  337.134442][T13967]        jbd2__journal_start+0x2c1/0x5b0
[  337.136912][T13967]        jbd2_journal_start+0x2a/0x40
[  337.139296][T13967]        ocfs2_start_trans+0x376/0x6d0
[  337.141714][T13967]        ocfs2_setattr+0x103e/0x1b40
[  337.144099][T13967]        notify_change+0xb36/0xe40
[  337.146379][T13967]        chown_common+0x40c/0x5c0
[  337.148686][T13967]        ksys_fchown+0xea/0x160
[  337.150862][T13967]        __x64_sys_fchown+0x7a/0x90
[  337.153178][T13967]        do_syscall_64+0xfa/0x3b0
[  337.155390][T13967]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.158085][T13967] 
[  337.158085][T13967] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  337.161644][T13967]        lock_acquire+0x120/0x360
[  337.163758][T13967]        down_read+0x46/0x2e0
[  337.165635][T13967]        ocfs2_start_trans+0x36a/0x6d0
[  337.168006][T13967]        ocfs2_setattr+0x103e/0x1b40
[  337.170250][T13967]        notify_change+0xb36/0xe40
[  337.172428][T13967]        chown_common+0x40c/0x5c0
[  337.174571][T13967]        ksys_fchown+0xea/0x160
[  337.176729][T13967]        __x64_sys_fchown+0x7a/0x90
[  337.179006][T13967]        do_syscall_64+0xfa/0x3b0
[  337.181239][T13967]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.184065][T13967] 
[  337.184065][T13967] -> #2 (sb_internal#2){.+.+}-{0:0}:
[  337.187336][T13967]        lock_acquire+0x120/0x360
[  337.189589][T13967]        ocfs2_start_trans+0x26b/0x6d0
[  337.192018][T13967]        ocfs2_setattr+0x103e/0x1b40
[  337.194399][T13967]        notify_change+0xb36/0xe40
[  337.196683][T13967]        chown_common+0x40c/0x5c0
[  337.198925][T13967]        ksys_fchown+0xea/0x160
[  337.201097][T13967]        __x64_sys_fchown+0x7a/0x90
[  337.203383][T13967]        do_syscall_64+0xfa/0x3b0
[  337.205614][T13967]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.208435][T13967] 
[  337.208435][T13967] -> #1 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[  337.212289][T13967]        lock_acquire+0x120/0x360
[  337.214531][T13967]        down_write+0x96/0x1f0
[  337.216679][T13967]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[  337.219521][T13967]        ocfs2_truncate_file+0xda0/0x1420
[  337.222076][T13967]        ocfs2_setattr+0x1520/0x1b40
[  337.224440][T13967]        notify_change+0xb36/0xe40
[  337.226684][T13967]        do_truncate+0x1a4/0x220
[  337.228849][T13967]        path_openat+0x306c/0x3830
[  337.231080][T13967]        do_filp_open+0x1fa/0x410
[  337.233246][T13967]        do_sys_openat2+0x121/0x1c0
[  337.235053][T13967]        __x64_sys_open+0x11e/0x150
[  337.236675][T13967]        do_syscall_64+0xfa/0x3b0
[  337.238176][T13967]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.240166][T13967] 
[  337.240166][T13967] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}:
[  337.242640][T13967]        validate_chain+0xb9b/0x2140
[  337.244321][T13967]        __lock_acquire+0xab9/0xd20
[  337.245973][T13967]        lock_acquire+0x120/0x360
[  337.247531][T13967]        down_read+0x46/0x2e0
[  337.249053][T13967]        ocfs2_init_acl+0x2f9/0x720
[  337.250682][T13967]        ocfs2_mknod+0x1321/0x2050
[  337.252288][T13967]        ocfs2_create+0x1a5/0x440
[  337.253864][T13967]        path_openat+0x14f4/0x3830
[  337.255457][T13967]        do_filp_open+0x1fa/0x410
[  337.257019][T13967]        do_sys_openat2+0x121/0x1c0
[  337.258623][T13967]        __x64_sys_openat+0x138/0x170
[  337.260494][T13967]        do_syscall_64+0xfa/0x3b0
[  337.262321][T13967]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.264278][T13967] 
[  337.264278][T13967] other info that might help us debug this:
[  337.264278][T13967] 
[  337.267559][T13967] Chain exists of:
[  337.267559][T13967]   &oi->ip_xattr_sem --> &journal->j_trans_barrier --> jbd2_handle
[  337.267559][T13967] 
[  337.271668][T13967]  Possible unsafe locking scenario:
[  337.271668][T13967] 
[  337.273940][T13967]        CPU0                    CPU1
[  337.275598][T13967]        ----                    ----
[  337.277262][T13967]   rlock(jbd2_handle);
[  337.278519][T13967]                                lock(&journal->j_trans_barrier);
[  337.280929][T13967]                                lock(jbd2_handle);
[  337.282986][T13967]   rlock(&oi->ip_xattr_sem);
[  337.284458][T13967] 
[  337.284458][T13967]  *** DEADLOCK ***
[  337.284458][T13967] 
[  337.286968][T13967] 8 locks held by syz.6.3005/13967:
[  337.288634][T13967]  #0: ffff888125152428 (sb_writers#16){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  337.291359][T13967]  #1: ffff888031da1840 (&type->i_mutex_dir_key#11){++++}-{4:4}, at: path_openat+0x8da/0x3830
[  337.294865][T13967]  #2: ffff888111fc09c0 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  337.299019][T13967]  #3: ffff888031da6f40 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  337.303193][T13967]  #4: ffff888111fc26c0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  337.307466][T13967]  #5: ffff888125152618 (sb_internal#2){.+.+}-{0:0}, at: ocfs2_mknod+0xe93/0x2050
[  337.310306][T13967]  #6: ffff8881284e98e8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x36a/0x6d0
[  337.313760][T13967]  #7: ffff888124f18950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0
[  337.316903][T13967] 
[  337.316903][T13967] stack backtrace:
[  337.318772][T13967] CPU: 1 UID: 0 PID: 13967 Comm: syz.6.3005 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  337.318784][T13967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  337.318791][T13967] Call Trace:
[  337.318796][T13967]  <TASK>
[  337.318801][T13967]  dump_stack_lvl+0x189/0x250
[  337.318814][T13967]  ? __pfx_dump_stack_lvl+0x10/0x10
[  337.318823][T13967]  ? __pfx__printk+0x10/0x10
[  337.318833][T13967]  ? stack_trace_save+0x9c/0xe0
[  337.318846][T13967]  print_circular_bug+0x2ee/0x310
[  337.318855][T13967]  check_noncircular+0x134/0x160
[  337.318865][T13967]  validate_chain+0xb9b/0x2140
[  337.318877][T13967]  __lock_acquire+0xab9/0xd20
[  337.318889][T13967]  ? ocfs2_init_acl+0x2f9/0x720
[  337.318897][T13967]  lock_acquire+0x120/0x360
[  337.318909][T13967]  ? ocfs2_init_acl+0x2f9/0x720
[  337.318920][T13967]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  337.318931][T13967]  down_read+0x46/0x2e0
[  337.318943][T13967]  ? ocfs2_init_acl+0x2f9/0x720
[  337.318952][T13967]  ocfs2_init_acl+0x2f9/0x720
[  337.318959][T13967]  ? ocfs2_mknod_locked+0x148/0x250
[  337.318969][T13967]  ? __pfx_ocfs2_init_acl+0x10/0x10
[  337.318977][T13967]  ? dquot_alloc_inode+0x216/0xa50
[  337.318986][T13967]  ? ocfs2_block_signals+0x94/0xe0
[  337.318997][T13967]  ? __pfx_ocfs2_block_signals+0x10/0x10
[  337.319009][T13967]  ? ocfs2_init_security_get+0x139/0x1a0
[  337.319019][T13967]  ocfs2_mknod+0x1321/0x2050
[  337.319030][T13967]  ? __pfx_ocfs2_mknod+0x10/0x10
[  337.319038][T13967]  ? __pfx_ocfs2_find_entry+0x10/0x10
[  337.319048][T13967]  ? __lock_acquire+0xab9/0xd20
[  337.319062][T13967]  ? look_up_lock_class+0x74/0x170
[  337.319072][T13967]  ? register_lock_class+0x51/0x320
[  337.319083][T13967]  ? __lock_acquire+0xab9/0xd20
[  337.319095][T13967]  ? __lock_acquire+0xab9/0xd20
[  337.319106][T13967]  ? do_raw_spin_lock+0x121/0x290
[  337.319116][T13967]  ? do_raw_spin_unlock+0x4d/0x240
[  337.319126][T13967]  ? rcu_is_watching+0x15/0xb0
[  337.319134][T13967]  ? ocfs2_lookup+0x5b9/0x9b0
[  337.319141][T13967]  ocfs2_create+0x1a5/0x440
[  337.319148][T13967]  ? __pfx_ocfs2_lookup+0x10/0x10
[  337.319155][T13967]  ? from_kgid+0x1b0/0x650
[  337.319165][T13967]  ? __pfx_ocfs2_create+0x10/0x10
[  337.319171][T13967]  ? HAS_UNMAPPED_ID+0x11a/0x180
[  337.319179][T13967]  ? inode_permission+0x149/0x470
[  337.319185][T13967]  ? __pfx_ocfs2_permission+0x10/0x10
[  337.319196][T13967]  ? bpf_lsm_inode_create+0x9/0x20
[  337.319204][T13967]  ? __pfx_ocfs2_create+0x10/0x10
[  337.319210][T13967]  path_openat+0x14f4/0x3830
[  337.319219][T13967]  ? arch_stack_walk+0xfc/0x150
[  337.319234][T13967]  ? __pfx_path_openat+0x10/0x10
[  337.319242][T13967]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.319253][T13967]  do_filp_open+0x1fa/0x410
[  337.319261][T13967]  ? __lock_acquire+0xab9/0xd20
[  337.319272][T13967]  ? __pfx_do_filp_open+0x10/0x10
[  337.319284][T13967]  ? _raw_spin_unlock+0x28/0x50
[  337.319292][T13967]  ? alloc_fd+0x64c/0x6c0
[  337.319305][T13967]  do_sys_openat2+0x121/0x1c0
[  337.319313][T13967]  ? __se_sys_futex+0x36f/0x400
[  337.319322][T13967]  ? __pfx_do_sys_openat2+0x10/0x10
[  337.319331][T13967]  ? rcu_is_watching+0x15/0xb0
[  337.319339][T13967]  __x64_sys_openat+0x138/0x170
[  337.319347][T13967]  do_syscall_64+0xfa/0x3b0
[  337.319358][T13967]  ? lockdep_hardirqs_on+0x9c/0x150
[  337.319367][T13967]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.319374][T13967]  ? exc_page_fault+0x9f/0xf0
[  337.319384][T13967]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  337.319391][T13967] RIP: 0033:0x7f7e1978ebe9
[  337.319401][T13967] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  337.319408][T13967] RSP: 002b:00007f7e179f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  337.319417][T13967] RAX: ffffffffffffffda RBX: 00007f7e199b5fa0 RCX: 00007f7e1978ebe9
[  337.319424][T13967] RDX: 0000000000000042 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  337.319429][T13967] RBP: 00007f7e19811e19 R08: 0000000000000000 R09: 0000000000000000
[  337.319435][T13967] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  337.319440][T13967] R13: 00007f7e199b6038 R14: 00007f7e199b5fa0 R15: 00007ffea3a67078
[  337.319449][T13967]  </TASK>
[  337.453061][    C1] vkms_vblank_simulate: vblank timer overrun
[  337.483855][ T5898] usb 8-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 15
[  337.490091][ T5898] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  337.493372][ T5898] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  337.495853][ T5898] usb 8-1: SerialNumber: syz
[  337.502276][ T9938] ocfs2: Unmounting device (7,6) on (node local)
[  337.742437][ T5898] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -71
[  337.746723][ T5898] usb 8-1: USB disconnect, device number 17

VM DIAGNOSIS:
01:30:31  Registers:
info registers vcpu 0

CPU#0
RAX=2ada7ceaeca92e00 RBX=ffffffff81968308 RCX=2ada7ceaeca92e00 RDX=0000000000000001
RSI=ffffffff8be333e0 RDI=ffffffff81968308 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa37e30 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7943f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c2b58b9 CR3=000000004ad14000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f22d1187498 00007f22d1187470 XMM03=00007f22d11874a8 00007f22d11874a0
XMM04=00007f22d1ced100 00007f22d1187460 XMM05=00007f22d1187478 00007f22d11874c0
XMM06=00007f22d11874b8 00007f22d11874b0 XMM07=00007f22d11874a8 00007f22d11874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f22d1012fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000002d RBX=000000000000002d RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000271e RDI=000000000000271f RBP=00000000000003f8 RSP=ffffc90006a468f0
R8 =ffff88801f9e0237 R9 =1ffff11003f3c046 R10=dffffc0000000000 R11=ffffffff854efeb0
R12=dffffc0000000000 R13=ffffffff99af9905 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f7e179f66c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b31b23ffc CR3=0000000108b94000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000000ff XMM01=0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 ffff000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
