last executing test programs:

5m16.624385372s ago: executing program 2 (id=3):
openat$adsp1(0xffffffffffffff9c, 0x0, 0x1, 0x0)
syz_open_dev$vim2m(&(0x7f0000000c80), 0x6, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={0x0}, 0x18)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, 0x0, 0x0}, 0x94)
r1 = syz_open_dev$usbfs(&(0x7f0000000440), 0x1ff, 0x2)
dup(r1)
getsockopt$inet_mptcp_buf(r0, 0x6, 0x1, 0xfffffffffffffffd, &(0x7f0000000000)=0x2000000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000480), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_mptcp(0x2, 0x1, 0x106)
pselect6(0x40, &(0x7f0000000240)={0x0, 0x0, 0x3, 0x8, 0x2, 0xb}, 0x0, &(0x7f0000000280)={0x3ff, 0x0, 0x0, 0x400d, 0x0, 0x9, 0x466}, 0x0, 0x0)
r3 = creat(0x0, 0x67)
close(r3)
listen(0xffffffffffffffff, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r4, 0xffffffffffffffff, 0x0)

5m15.823790107s ago: executing program 2 (id=10):
r0 = socket$inet6(0xa, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r2, 0x8983, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r4, &(0x7f0000004200)={0x0, 0x0, &(0x7f00000041c0)={0x0, 0x4c}, 0x1, 0x0, 0x0, 0x84}, 0x80)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x14)

5m14.848340857s ago: executing program 2 (id=17):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r0, 0xc)
connect$x25(r0, 0x0, 0x0)

5m14.766473303s ago: executing program 2 (id=20):
syz_mount_image$exfat(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000480)={[{@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {@umask={'umask', 0x3d, 0x3}}, {@keep_last_dots}, {}, {@umask={'umask', 0x3d, 0x7f}}, {@discard}, {@fmask={'fmask', 0x3d, 0x8}}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@allow_utime={'allow_utime', 0x3d, 0xce38}}]}, 0x1, 0x1528, &(0x7f00000037c0)="$eJzs3AuYT9X6OPD3XWvtMSS+TXIZ1lrv5ptclkmSXJLkkiRJkuSWkDTJkYTEEJI0JCG5DEkMIblMTBr3+/2SkCRNkoTklqz/M+FxOnX+p/M7/XKe37yf59mP9X73ftd+9/f9XvbeZubbrkNrNaldvRERwX8EL/yTBACxADAQAPICQAAA5ePKx2Wtzykx6T/bCftzPZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/D9/+yMv///D8ksM/bLNWWu6wYQ80dTuP/ZG/f//6zgj2zE/c/euP/ZVeyVLoD9F+D3f3aQ45+u4f5nb9x/xrKzK33/+UovEPkvew6O5LzQmL/q+BljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMsb/AaX+ZAoBL4ytdF2OMMcYYY4wxxv48PseVroAxxhhjjDHGGGP/+xAESFAQQAzkgFjICblAAMDVkAfyQgSugTi4FvLBdZAfCkBBKATxUBiKgAYDFghCKArFIArXQ3G4AUpASSgFpcFBGUiAG6Es3ATl4GYoD7dABbgVKkIlqAxV4DaoCrdDNbgDqsOdUANqQi2oDXdBHbgb6sI9UA/uhfpwHzSA+6EhPACN4EFoDA9BE3gYmsIj0AyaQwtoCa3+R/nPQ094AXpBb0iCPtAXXoR+0B8GwEswEF6GQfAKDIZXIRmGwFB4DYbB6zAc3oARMBJGwZswGt6CMTAWxsF4SIEJMBHehknwDkyGd2EKTIVUmAbT4T2YATNhFrwPs+EDmANzYR7MhzT4EBbAQkiHj2ARfAwZsBiWwFJYBsthBayEVbAa1sBaWAfrYQNshE2wGbbAVtgG22EHfAI74VPYBbthD3wGe+HzfzP/1D/kd0NAQIECFSqMwRiMxVjMhbkwN+bGPJgHIxjBOIzDfJgP82N+LIgFMR7jsQgWQYMGCQmLYlGMYhSLY3EsgSWwFJZChw4TMAHL4k1YDstheSyPFbACVsRKWAmrYBWsilWxGlbD6lgda2ANrIW18C68C/tgXayL9bAe1sf6l25PYSNshI2xMTbBJtgUm2IzbIYtsAW2wlbYGltjG2yD7bAdtsf22AE7YCImYkfsiJ2wE3bGztgFu2BX7IrdsDt2z3w+B+AL+AL2xhqiD/bFvtgPk3MMwJfwJXwZB+Er+Aq+isk4BIfia/gavo7D8SSOwJE4CkdhVfEWjsGxSGI8pmAKTsSJOAknYVah7+JUTMVpOB2n4wyciTPxfZyNH+AHOBfn4nxMwzRcgAsxHdNxEZ7CDFyMS3ApLsPluAxX4ipciWtwLa7B9bgeN+JG3IybcStuxe24HT9BBYCf4m7cjcm4F/fiPtyH+3E/HsADmImZeBAP4iE8hIfxMB7BI3gUj+FxPIYn8ASexFN4Gk/jWTyL5/DZ+K8bf1JydTKILEooESNiRKyIFblELpFb5BZ5RB4RERERJ+JEPpFP5Bf5RUFRUMSLeFFEFBFGGEEijAEAERVRUVwUFyVECVFKlBJOOJEgEkRZUVaUE+VEeXGLqCBuFRVFJdHWVRFVRFXRzlUTd4jqorqoIWqKWqK2qC3qiDqirqgr6ol6or6oLxqI+0VD0QcH4IMiqzNNxBBsKoZiM9FcyIufYK3FcGwj2op24nExEkdgB9HaJYqnREcxBjuJv4mx+IzoIsZjV/Gc6Ca6ix7iedFTtHG9RG8xGfuIvmIq9hP9xQDxkpiBNcX7ODtnLfGqSBZDxFDxmpiPr4vh4g0xQowUo8SbYrR4S4wRY8U4MV6kiAlionhbTBLviMniXTFFTBWpYpqYLt4TM8RMMUu8L2aLD8QcMVfME/NFmvhQLBALRbr4SCwSH4sMsVgsEUvFMrFcrBArxSqxWqwRa8U6sV5sEBvFJrFZbBFbxTaxXewQn4id4lOxS+wWe8RnYq/4XOwTX4j94ktxQHwlMsXX4qD4RhwS34rD4jtxRHwvjopj4rj4QZwQP4qT4pQ4Lc6Is+IncU78LM4LL0CiFFJKJQMZI3PIWJlT5pJXydwyuPjsXiPj5LUyn7xO5pcFZEFZSMbLwrKI1NJIK0mGsqgsJqPyellc3iBLyJKylCwtnSwjE+SNsqy8SZaTN8vy8hZZQd4qK8pKsrKsIm+TVeXtEiIX9lFD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6iy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeW/zH/7d/IH/7L3jXKT3Cy3yK1ym9wud8hP5E65U+6Su+QeuUfulXvlPrlP7pf75QF5QGbKTHlQHpSH5CF5WB6WR+QReVQek2fkD/KE/FGelKfkKXlGnpVn5bmLzwEoVEJJpVSgYlQOFatyqlzqKpVbXa3yqLwqoq5RcepalU9dp/KrAqqgKqTiVWFVRGlllFWkQlVUFVNRdT1efMGoUqq0cqqMSlA3/jv5qri6QZVQJX+Vf6m+pH9SXyvVSrVWrVUb1Ua1U+1Ue9VedVAdVKJKVB1VR9VJdVKdVWfVRXVRXVVX1U11Uz1UD9VT9VS9VC+VpJJUX/Wi6qf6qwHqJTVQvawGqUFqsBqsklWyGqqGqmFqmBquhqsRaoQapUap0Wq0GqPGqHFqnEpRKWqimqgmqUlqspqspqgpKlWlqulqupqhZqhZapaarWarOWqOmqfmqTSVphaoBSpdpatFapHKUIvVYrVULVXL1XK1Uq1Uq9VqtVatVevVepWhNqlNaovaorapbWqH2qF2qp1ql9ql9qg9aq/aq/apfWq/2q8OqAMqU2Wqg+qgOqQOqcPqsDqijqij6qg6ro6rE+qEOqlOqtPqtDqrzqpz6pw6r85nnfYFIhCBClQQE8QEsUFskCvIFeQOcgd5gjxBJIgEcUFckC+4LsgfFAgKBoWC+KBwUCTQgQlsIC42PRpcHxQPbghKBCWDUkHpwAVlgoTgxqBscFNQLrg5KB/cElQIbg0qBpWCykGV4LaganB7UC24I6ge3BnUCGoGtYLawV1BneDuoG5wT1AvuDeoH9wXNAjuDxoGDwSNggeDxsFDQZPg4aBp8EjQLGgetAhaBq3+1Pm9P1ngMddL99ZJuo/uq1/U/XR/PUC/pAfql/Ug/YoerF/VyXqIHqpf08P063q4fkOP0CP1KP2mHq3f0mP0WD1Oj9cpeoKeqN/Wk/Q7erJ+V0/RU3Wqnqan6/f0DD1Tz9Lv69n6Az1Hz9Xz9Hydpj/UC/RCna4/0ov0xzpDL9ZL9FK9TC/XK/RKvUqv1mv0Wr1Or9cb9Ea9SW/WW/RWvU1v1zv0J3qn/lTv0rv1Hv2Z3qs/1/v0F3q//lIf0F/pTP21Pqi/0Yf0t/qw/k4f0d/ro/qYPq5/0Cf0j/qkPqVP6zP6rP5Jn9M/6/PaZ53cZ329G2WUiTExJtbEmlwml8ltcps8Jo+JmIiJM3Emn8ln8pv8pqApaOJNvCliipgsZMgUNUVN1ERNcVPclDAlTClTyjjjTIJJMGVNWVPOlDPlTXlTwVQwFU1FU9lUNreZ28zt5nZzh7nD3GnuNDVNTVPb1DZ1TB1T19Q19Uw9U9/UNw1MA9PQNDSNTCPT2DQ2TUwT09Q0Nc1MM9PCtDCtTCvT2rQ2bUwb0860M+1Ne9PBdDCJJtF0NB1NJ9PJdDadTRfTxXQ1XU030830MD1MT9PT9DK9TJJJMn1NX9PP9DMDzAAz0Aw0g8wgM9gMNskm2Qw1Q80wM8wMN8PNCDPSjMo6UTVvmTFmrBlnxpsUk2ImmolmkplkJpvJZoqZYlJNqpluppsZZoaZZWaZ2Wa2mWPmmHlmnkkzaWaBWWDSTbpZZBaZDJNhlpglZplZZlaYFWaVWWXWmDVmHawzG8wGs8lsMlvMFrPNbDM7zA6z0+w0u8wus8fsMXvNXrPP7DP7zX5zwBwwmSbTHDQHzSFzyBw2h80Rc8QcNUfNcXPcnDAnzElz0pw2p81ZU+Di96U3sTanzWWvsrnt1TaPzWv/MS5oC9l4W9gWsdrmtwV+FRtrbQlb0paypa2zZWyCvfE3cUVbyVa2Vexttqq93Vb7TVzH3m3r2ntsPXuvrW3v+lVc395nG9iHbUNEANvcNrYtbRP7sG1qH7HNbHPbwra07e0TtoN90ibap2xH+/Rv4gV2oV1lV9s1dq3dZXfb0/aMPWS/tWftT7aX7W0H2pftIPuKHWxftcl2yG/iUfZNO9q+ZcfYsXacHf+beIqdalPtNDvdvmdn2Jm/idPsh3a2Tbdz7Fw7z87/Jc6qKd1+ZBfZj22GDWCJXWqX2eV2hV15qVaf1663G+xGu9N+arfYrXab3W53XDoRtrvtHvuZ3Ws/twftN3a//dIesIdtpv36lzjr+A7b7+wR+709ao/Z4/YHe8L+qC5lZx37D/Zne956C4QEJElRQDGUg2IpJ+Wiqyg3XU15KC9F6BqKo2spH11H+akAFaRCFE+FqQhpMmSJKKSiVIyidD1dKq8UlSZHZSiBbqSydBOVo5upPN1CFehWqkiVqDJVoduoKt1O1egOqk53Ug2qSbWoNt1Fdehuqkv3UD26l+rTfdSA7qeG9AA1ogepMT1ETehhakqPUDNqTi2oJbWiR6k1PUZtqC21o8epPT1BHehJSqSnqCM9TZ3ob9SZnqEu9Cx1peeoG3WnHvQ89aQXqBf1piTqQ33pRepH/WkAvUQD6WUaRK/QYHqVkmkIDaXXaBi9TsPpDRpBI2kUvUmj6S0aQ2NpHI2nFJpAE+ltmkTv0GR6l6bQVEqlaTSd3qMZNJNm0fs0mz6gOTSX5tF8SqMPaQEtpHT6iBbRx5RBi2kJLaVltJxW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nXbQJ7STPqVdtJv20Ge0lz6nffQF7acv6QB9RZn0NR2kb+gQfUuH6Tvfm76no3SMjtMPdIJ+pJN0ik7TGTpLP9E5+pnOkycIMRShDFUYhDFhjjA2zBnmCq8Kc4dXh3nCvGEkvCaMC68N84XXhfnDAmHBsFAYHxYOi4Q6NKENKQzDomGxMBpeHxYPbwhLhCXDUmHp0IVlwoTwxrBseFNYLrw5LB/eElYIbw0rhpXCh++tEt4WVg1vD6uFd4TVwzvDGmHNsFZYO7wrrBPeHdYN7wnrhfeG5cL7wgbh/WHD8IGwUfhg2Dh8KGwSPhw2DR8Jm4XNwxZhy7BV+GjYOnwsbBO2DduFj4ftwyfCDuGTYWL4VNgxfPqX9fct/Ofrk8I+Yd/wxfDF0Pt75Lzo/Gha9MPogujCaHr0o+ii6MfRjOji6JLo0uiy6PLoiujK6Kro6uia6Nrouuj66Iboxqj3tXOAQyecdMoFLsblcLEup8vlrnK53dUuj8vrIu4aF+eudfncdS6/K+AKukIu3hV2RZx2xllHLnRFXTEXdde74u4GV8KVdKVcaedcGZfgWrpWrpVr7R5zbVxb18497h53T7gn3JPuSfeU6+iedp3c31xn94zr4p51z7rnXDfX3fVwz7uebkKeC+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ15YS9z3Bw3z81zaS7NLXBZ54zpbpFb5DJchlvilrhlbplb4Va4VW6VW+PWuHVundvgNrhNbpPb4ra4bW6b2+F2uJ1up9vl816Y1O11+9w+t9/tdwfcVy7Tfe0Oum/cIfetO+y+c0fc9+6oO+aOux/cCfejO+lOudPujDvrfnLn3M/uvPMuJTIhMjHydmRS5J3I5Mi7kSmRqZHUyLTI9Mh7kRmRmZFZkfcjsyMfROZE5kbmReZH0iIfRhZEFkbSIx9FFkU+jmREFkeWRJZGlkWWR7wvvCX0RX0xH/XX++L+Bl/Cl/SlfGnvfBmf4G/0Zf1Nvpy/2Zf3t/gK/lZf0Vfylf0jvplv7lv4lr6Vf9S39o/5Nr6tb+cf9+39E76Df9In+qd8R/+07+T/5jv7Z3wX/6zv6p/z3Xx338M/73v6F3wv39sn+T6+r3/R9/P9/QD/kh/oX/aD/Ct+sH/VJ/shfqh/zQ/zr/vh/g0/wo/0o2Le9KMvXSLDeJ/iJ/iJ/m0/yb/jJ/t3/RQ/1af6aX66f8/P8DP9LP++n+0/8HP8XD/Pz/dp/kO/wC/06f4jv8h/7DP84ks3lf0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dv+J3+k/9bv8br/Hf+b3+s/9Pv+F3++/9Af8Vz7Tf+0P+m/8If+tP+y/80f89/6oP+aP+x/8Cf+jP+lP+dP+jD/rf/Ln/M/+PP/OGmOMMcbYHzLh8lD8es2F2/l9fidH/N3GfQHg6q2FMv9+fdYZ5br8F8b9RXz7CAA81bvrg5eWGjWSkpIubpshISg2F+DS/wRliYHL8WJoB09AIrSFsr9bf3/R/Sz9i/mjtwDk+rucWLgcX57/CwBM+p35H3181IIK4em4/8/8cwFKFLuckxMux4uh3S/3V9pCuX9Sf4HW/6L+nF+mALT5u5zccDm+XH8CPAZPQ+KvtmSMMcYYY4wxxi7oLyp3vnT9eeknPn/v+jxeXc7JAZfjf3V9zhhjjDHGGGOMsSvvme49nnw0MbFt539/UO1/lPWHB03hf2tmHvzuwHuAS48oAPgPJwTIGsi/8ig2/yX7Sr741vnHVcvO+AD+O1r5Zwyu8AcTY4wxxhhj7E93+aT/14+rK1UQY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDGWDf0Vf07sSh8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9vwAAAP//kfb+pw==")
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a95005, 0x0)
pivot_root(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f00000001c0)='./file0\x00')

5m14.589568645s ago: executing program 2 (id=21):
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

5m13.520468059s ago: executing program 2 (id=27):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$SIOCNRDECOBS(r0, 0x89e2)

5m13.413572266s ago: executing program 32 (id=27):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$SIOCNRDECOBS(r0, 0x89e2)

2m24.389004007s ago: executing program 1 (id=1856):
r0 = syz_open_dev$sndpcmp(&(0x7f0000001540), 0x1, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_PARAMS_OLD(r0, 0xc1004111, 0x0)

2m24.301870672s ago: executing program 1 (id=1859):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000007c0)=ANY=[@ANYBLOB="b00000000314230c2abd7000ffdbdf250900020073797a310000000008004100727865001400330073797a5f74756e000000000000000000090042"], 0xb0}, 0x1, 0x0, 0x0, 0x48845}, 0x4000)

2m24.301457047s ago: executing program 1 (id=1861):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet(0x2, 0x3, 0x2)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/raw\x00')
preadv(r0, &(0x7f00000011c0)=[{&(0x7f00000012c0)=""/214, 0xd6}, {&(0x7f0000000080)=""/196, 0xc4}], 0x2, 0x3c, 0xfffefff6)

2m24.244087602s ago: executing program 1 (id=1863):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x2000, 0x20)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0)
chdir(&(0x7f0000000300)='./file0\x00')
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

2m24.184066609s ago: executing program 1 (id=1865):
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x1, 0x0, 0x0, 0x0, 0x0, @multicast}, 0x10)

2m23.981894594s ago: executing program 1 (id=1869):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000100)={'nicvf0\x00', {0x2, 0x0, @private}})

2m23.887454361s ago: executing program 33 (id=1869):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f0000000100)={'nicvf0\x00', {0x2, 0x0, @private}})

58.18460241s ago: executing program 4 (id=2800):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, 0x0, 0x0}, 0x94)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000404000000002e"], 0x0, 0x37}, 0x20)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x4, 0x4, 0xa, 0x4, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x2, 0x1}, 0x50)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000200)={r1, 0x5d, &(0x7f0000000600)}, 0x10)

58.184413426s ago: executing program 4 (id=2801):
r0 = msgget$private(0x0, 0x101)
msgsnd(r0, &(0x7f0000000000)={0x2}, 0x4, 0x0)
msgrcv(r0, 0x0, 0x0, 0x1, 0x5800)

58.105762216s ago: executing program 4 (id=2802):
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x1a3089, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000740)='autofs\x00', 0xc000, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x42)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0049364, 0x0)

58.100522569s ago: executing program 4 (id=2803):
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='ns\x00')
r1 = open_tree(r0, &(0x7f0000000640)='\x00', 0x89901)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
move_mount(r1, &(0x7f0000000040)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000002c0)='./file0\x00', 0x4)

57.98892292s ago: executing program 4 (id=2805):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8001, 0x5, @loopback, 0x2}, 0x1c)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000004, 0x10, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_DEL_SEC_DEV(r3, 0x0, 0x8000)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$kcm(0x29, 0x2, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000600)=0x1, 0x4)
setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f0000000100)=@gcm_256={{0x303}, "0f78fbc54b6c106c", "75fd7583f127c5c356354c80ea765edaa15f377fb214e20fda1b0241bed67dc4", "b1726789", "fb442565fb00"}, 0x38)
sendto$inet6(r4, &(0x7f00000001c0), 0xffffffffffffff13, 0x0, 0x0, 0x3000137)

57.76534656s ago: executing program 4 (id=2812):
socket(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101)
epoll_create(0xff9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
userfaultfd(0x801)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

57.66966837s ago: executing program 34 (id=2812):
socket(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
openat$mice(0xffffffffffffff9c, &(0x7f0000001400), 0x101)
epoll_create(0xff9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
userfaultfd(0x801)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

2.428205238s ago: executing program 5 (id=3388):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000a400)={0x2020, 0x0, <r1=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000008400)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9474a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37227aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac9bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca00", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x4, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x6000, 0x0, 0x0, 0x0, 0x800}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f00000002c0)={0x50, 0x0, r1, {0x7, 0x2b, 0x0, 0xffffffff80080004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}}, 0x50)
r2 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x4842, 0x0)
writev(r2, &(0x7f0000000a40)=[{0x0}, {&(0x7f0000000e00)='t', 0x2fd200}, {0x0, 0x600}, {&(0x7f0000001000)="d6", 0x20c00}], 0x21)

2.248108449s ago: executing program 5 (id=3390):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2)
readv(r2, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0x940}], 0x1)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x0)

2.109952s ago: executing program 5 (id=3392):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x2, 0x0)
ioctl$COMEDI_BUFCONFIG(r0, 0x8020640d, &(0x7f0000000080)={0x0, 0x9, 0x1, 0x2})

2.040316243s ago: executing program 5 (id=3394):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x1e)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f00000001c0)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
move_mount(0xffffffffffffff9c, &(0x7f0000008080)='./file0\x00', r0, 0x0, 0x160)

1.929231672s ago: executing program 5 (id=3395):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a000f00000002", 0x29}], 0x1}, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), r0)
sendmsg$NFC_CMD_VENDOR(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01052cbd7000fedbdf251d00000008001d000400000008001e00300b0000080001"], 0x2c}, 0x1, 0x0, 0x0, 0x4004005}, 0x8000)

1.658915568s ago: executing program 5 (id=3398):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2cf}, &(0x7f0000000300)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x80, &(0x7f00000000c0)=@hci={0x1f, 0xffffffffffffffff, 0x3}, 0x0, 0x0, 0x1})
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000080)={{0xd4, 0x8}, 'port1\x00', 0x81, 0x60000, 0x400, 0x7, 0x1, 0x0, 0x5, 0x0, 0x4, 0x3})
io_uring_enter(r1, 0x47bc, 0xf5, 0x0, 0x0, 0x0)

1.568046411s ago: executing program 35 (id=3398):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff})
connect$unix(r0, 0x0, 0x0)
r1 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2cf}, &(0x7f0000000300)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x80, &(0x7f00000000c0)=@hci={0x1f, 0xffffffffffffffff, 0x3}, 0x0, 0x0, 0x1})
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0x40a85323, &(0x7f0000000080)={{0xd4, 0x8}, 'port1\x00', 0x81, 0x60000, 0x400, 0x7, 0x1, 0x0, 0x5, 0x0, 0x4, 0x3})
io_uring_enter(r1, 0x47bc, 0xf5, 0x0, 0x0, 0x0)

1.14879514s ago: executing program 3 (id=3407):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000380)='./bus\x00', 0x200880, &(0x7f0000000100)={[{@time_offset={'time_offset', 0x3d, 0x6}}, {@allow_utime={'allow_utime', 0x3d, 0x7fff}}, {@utf8}, {@utf8}, {@errors_continue}]}, 0x3, 0x1509, &(0x7f0000000f80)="$eJzs3AuYTlXbOPD7XmvtMSQ9SQ7DWuvePMlhmSTJIUkOSZIkSU4JoUleSUgMOSUNSUgOQ3IYQnKYmDTO5/MxSZImSXLKKVn/a4rX21v936/v7Xt91zf377r2Zd3P2vfaa8+9H8/am2e+7TK0RqOaVRsQEfxb8Jc/EgEgFgAGAsB1ABAAQNncZXNn9meXmPjvHYT9tR5JudozYFcT1z9r4/pnbVz/rI3rn7Vx/bM2rn/WxvXP2rj+jGVlm6cXuJ63rLvx8/+sjD///w/JKDX2y7Wlbuz6J1K4/lkb1///rOC/shPXP2vj+mdtXP+sjeufFWT7wx6uf9bG9WcsK7vaz595u7rb1b7+GGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xlDWf9FQoALrev9rwYY4wxxhhjjDH21/HZrvYMGGOMMcYYY4wx9j8PQYAEBQHEQDaIheyQAwQAXAu54DqIwPWQG26APHAj5IV8kB8KQBwUhEKgwYAFghAKQxGIwk1QFG6GYlAcSkBJcFAK4uEWKA23Qhm4DcrC7VAO7oDyUAEqQiW4EyrDXVAF7oaqcA9Ug+pQA2rCvVAL7oPacD/UgQegLjwI9eAhqA8PQwN4BBrCo9AIHoPG8Dg0gabQDJpDi/9W/ovQA16CntALEqE39IGXoS/0g/4wAAbCKzAIXoXB8BokwRAYCq/DMHgDhsObMAJGwih4C0bD2zAGxsI4GA/JMAEmwjswCd6FyTAFpsI0SIHpMAPeg5kwC2bD+zAHPoC5MA/mwwJIhQ9hISyCNPgIFsPHkA5LYCksg+WwAlbCKlgNa2AtrIP1sAE2wibYDFtgK2yD7bADdsIu2A2fwB74FPbCZ7APPv+T+Wf+Kb8rAgIKFKhQYQzGYCzGYg7MgTkxJ+bCXLGXL5I8mAfzYl7Mj/kxDuOwEBZCgwYJCQtjYYxiFItiUSyGxbAElkCHDuMxHkvjrVgGy2BZLIvlsByWxwpYASthJayMlbEKVsGqWBWrYTWsgTXwXrwXe2NtrI11sA7WxbqXH09hA2yADbEhNsJG2BgbYxNsgs2wGbbAFtgSW2IrbIVtsA22xbbYHttjAiZgB+yAHbEjdsJO2Bk7Yxfsgl2xG3bDF7MBvoQvYS+sJnpjH+yDfTEpW38cgAPwFRyEr+Kr+Bom4RAciq/j6/gGDsfTOAJH4igchZXF2zgGxyKJ8ZiMyTgRJ+IknISTcQpOwWmYgtNxBs7AmTgLZ+H7OAc/wA9wHs7DBZiKqbgQF2EapuFiPIPpuASX4jJcjitwOa7C1bgK1+I6XIsbcANuwk24BbfgNtyGO3AH7kIFgJ/gp/gpJuE+3If7cT8ewAN4EA9iBmbgITyEh/EwHsEjeBSP4jE8jifwOJ7CU3gaz+BZPIvn8TxewOfjvm64q/iaJBCZlFAiRsSIWBErcogcIqfIKXKJXCIiIiK3yC3yiDwir8gr8ov8Ik7EiUKikDDCCBJhDACIqIiKoqKoKCaKiRKihHDCiXgRL0qL0qKMKCPKittFOXGHKC8qiNaukqgkKos2roq4W1QVVUU1UV3UEDVFTVFL1BK1RW1RR9QRdUVdUU88JOqL3tgfHxGZlWkkhmBjMRSbiKZCXro4W4rh2Eq0Fm3EU2IkjsD2oqVLEM+IDmIMdhR/E2PxOdFZjMcu4gXRVXQT3cWLoodo5XqKXmIy9hZ9xDTsK/qJ/mKAmInVxfs4J3sN8ZpIEkPEUPG6WIBviOHiTTFCjBSjxFtitHhbjBFjxTgxXiSLCWKieEdMEu+KyWKKmCqmiRQxXcwQ74mZYpaYLd4Xc8QHYq6YJ+aLBSJVfCgWikUiTXwkFouPRbpYIpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdopdYrf4ROwRn4q94jOxT3wu9osvxAHxpTgovhIZ4mtxSHwjDotvxRHxnTgqvhfHxHFxQpwUp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIbDJWZpc55DUypwwu/XSvl7nlDTKPvFHmlflkfllAxsmCspDU0kgrSYaysCwio/ImWVTeLIvJ4rKELCmdLCXj5S2ytLxVlpG3ybLydllO3iHLywqyoqwk75SV5V0SIr8co5qsLmvImvJeWUveJ2vL+2Ud+YCsKx+U9eRDsr58WDaQj8iG8lHZSD4mG8vHZRPZVDaTzWUL+YRsKZ+UrWRr2UY+JdvKdrK9fFomyGdkB+kvXSLPyc7yedlFviC7ym6yu/xJXpRe9pS9JEBv2Ue+LPvKfrK/HCAHylfkIPmqHCxfk0lyiBwqX5fD5BtyuHxTjpAj5Sj5lhwt35Zj5Fg5To6XyXKCnCjfkZPku3KynCKnymkyRU6X/S+NNFvKf5n/zu/kD/756JvkZrlFbpXb5Ha5Q+6Uu+RuuVvukXvkXrlX7pP75H65Xx6QB+RBeVBmyAx5SB6Sh+VheUQekUflUXlMHpfn5El5Sv4gT8sz8ow8J8/L8/LCpZ8BKFRCSaVUoGJUNhWrsqsc6hqVU12rcqnrVERdr3KrG1QedaPKq/Kp/KqAilMFVSGllVFWkQpVYVVERdVNeOmCUSVUSeVUKRWvbvkz+aqoulkVU8V/lX95fol/ML8WqoVqqVqqVqqVaqPaqLaqrWqv2qsElaA6qA6qo+qoOqlOqrPqrLqoLqqr6qq6q+6qh+qheqqeKlElqj7qZdVX9VP91QA1UL2iBqlBarAarJJUkhqqhqphapgaroarEWqEGqVGqdFqtBqjxqhxapxKVslqopqoJqlJarKarKaqqSpFpagZaoaaqWaq2Wq2mqPmqLlqrpqv5qtUlaoWqoUqTaWpxWqxSldL1BK1TC1TK9QKtUqtUmvUGrVOrVMb1AaVrjarzWqr2qq2q+1qp9qpdqvdao/ao/aqvWqf2qf2q/3qgDqgDqqDKkNlqEPqkDqsDqsj6og6qo6qY+qYOqFOqFPqlDqtTquz6qw6r86rC+qCuqguZi77AhGIQAUqiAligtggNsgR5AhyBjmDXEGuIBJEgtxB7iBPcGOQN8gX5A8KBHFBwaBQoAMT2EBcKno0uCkoGtwcFAuKByWCkoELSgXxwS1B6eDWoExwW1A2uD0oF9wRlA8qBBWDSsGdQeXgrqBKcHdQNbgnqBZUD2oENYN7g1rBfUHt4P6gTvBAUDd4MKgXPBTUDx4OGgSPBA2DR4NGwWNB4+DxoEnQNGgWNA9a/KXje38635Oup+6lE3Vv3Ue/rPvqfrq/HqAH6lf0IP2qHqxf00l6iB6qX9fD9Bt6uH5Tj9Aj9Sj9lh6t39Zj9Fg9To/XyXqCnqjf0ZP0u3qynqKn6mk6RU/XM/R7eqaepWfr9/Uc/YGeq+fp+XqBTtUf6oV6kU7TH+nF+mOdrpfopXqZXq5X6JV6lV6t1+i1ep1erzfojXqT3qy36K16m96ud+idepferT/Re/Sneq/+TO/Tn+v9+gt9QH+pD+qvdIb+Wh/S3+jD+lt9RH+nj+rv9TF9XJ/QJ/Up/YM+rc/os/qcPq9/1Bf0T/qi9pmL+8yPd6OMMjEmxsSaWJPD5DA5TU6Ty+QyERMxuU3udpfKb/Kb/CbOxJlCppDJRIZMYVPYRE3UFDVFTTFTzJQwJYwzzsSbeFPalDZlTBlT1pQ15Uw5U96UNxVNRXOnudPcZe4yd5u7zT3mHlPdVDc1TU1Ty9QytU1tU8fUMXVNXVPP1DP1TX3TwDQwDU1D08g0Mo1NY9PENDHNTDPTwrQwLU1L08q0Mm1MG9PWtDXtTXuTYBJMB9PBdDQdTSfTyXQ2nU0X08V0NV1Nd9Pd9DA9TE/T0ySaRNPH9DF9TV/T3/Q3A81AM8gMMoPNYJNkksxQM9QMM8PMcDPcjDAjzajMhap524wxY804M94km2Qz0Uw0k8wkM9lMNlPNVJNiUswMM8PMNDPNbDPbzDFzzFwz18w3802qSTULzUKTZtLMYrPYpJt0s9QsNcvNcrPSrDSrzWqz1qw162G92Wg2ms1ms9lqtprtZrvZaXaa3Wa32WP2mL1mr9ln9pn9Zr85YA6Yg+agyTAZ5pA5ZA6bw+aIOWKOmqPmmDlmTpgT5pQ5ZU6b0+asOWvOm3yXPi+9ibXZbQ57jc1pr7W57HX2n+P8toCNswVtIattXpvvV7Gx1hazxW0JW9I6W8rG21t+E5e3FWxFW8neaSvbu2yV38S17H22tr3f1rEP2Jr23l/Fde2Dtp59zNZHBLBNbUPb3Dayj9nG9nHbxDa1zWxz29a2s+3t0zbBPmM72Gd/Ey+0i+xqu8autevsHvupPWvP2cP2W3ve/mh72l52oH3FDrKv2sH2NZtkh/wmHmXfsqPt23aMHWvH2fG/iafaaTbFTrcz7Ht2pp31mzjVfmjn2DQ7186z8+2Cn+PMOaXZj+xi+7FNt0vsUrvMLrcr7Eq76u9zXWY32I12k91tP7Fb7Ta73e6wO+2un+PM89hrP7P77Of2kP3GHrBf2oP2iM2wX/8cZ57fEfudPWq/t8fscXvCnrSn7A/2tD3z8/lnnvtJ+5O9aL0FQgKSpCigGMpGsZSdctA1lJOupVx0HUXoespNN1AeupHyUj7KTwUojgpSIdJkyBJRSIWpCEXpJrq8Ti9BJclRKYqnW6g03Upl6DYqS7dTObqDylMFqkiV6E6qTHdRFbqbqtI9VI2qUw2qSfdSLbqPatP9VIceoLr0INWjh6g+PUwN6BFqSI9SI3qMGtPj1ISaUjNqTi3oCWpJT1Irak1t6ClqS+2oPT1NCfQMdaBnqSP9jTrRc9SZnqcu9AJ1pW7UnV6kHvQS9aRelEi9qQ+9TH2pH/WnATSQXqFB9CoNptcoiYbQUHqdhtEbNJzepBE0kkbRWzSa3qYxNJbG0XhKpgk0kd6hSfQuTaYpNJWmUQpNpxn0Hs2kWTSb3qc59AHNpXk0nxZQKn1IC2kRpdFHtJg+pnRaQktpGS2nFbSSVtFqWkNraR2tpw20kTbRZtpCW2kbbacdtJN20W76hPbQp7SXPqN99Dntpy/oAH1JB+kryqCv6RB9Q4fpWzpC3/le9D0do+N0gk7SKfqBTtMZOkvn6Dz9SBfoJ7pIniDEUIQyVGEQxoTZwtgwe5gjvCbMGV4b5gqvCyPh9WHu8IYwT3hjmDfMF+YPC4RxYcGwUKhDE9qQwjAsHBYJo+FNYdHw5rBYWDwsEZYMXVgqjA9vCUuHt4ZlwtvCsuHtYbnwjrB8WCF87IFK4Z1h5fCusEp4d1g1vCesFlYPa4Q1w3vDWuF9Ye3w/rBO+EBYJnwwrBc+FNYPHw4bhI+EDcNHw0bhY2Hj8PGwSdg0bBY2D1uET4QtwyfDVmHrsE34VNg2bBe2D58OE8Jnwg7hsz/3P7joj/sTw95hn/Dl8OXQ+/vl/OiCaGr0w+jC6KJoWvSj6OLox9H06JLo0uiy6PLoiujK6Kro6uia6Nrouuj66IboxuimqPc1s4FDJ5x0ygUuxmVzsS67y+GucTndtS6Xu85F3PUut7vB5XE3urwun8vvCrg4V9AVctoZZx250BV2RVzU3eSKuptdMVfclXAlnXOlXLxr7lq4Fq6le9K1cq1dG/eUe8q1c+3c0+5p94zr4J51Hd3fXCf3nOvsnnfPuxdcV9fNdXcvuh5uQq5f3pOJro/r4/q6vq6/6+8GuoFukBvkBrvBLskluaFuqBvmhrnhbrgb4Ua4UW6UG+1GuzFujBvnxrlkl+wmuolukpvkJrvJbqqb6lJcipvhZriZbqarPOuXo8x1c918N9+lulS30GWuGdPcYrfYpbt0t9QtdcvdcrfSrXSr3Wq31q116916t9FtdJvdZrfVbXXb3Xa30+10u91ut8df98ugbp/b7/a7A+6AO+i+chnua3fIfeMOu2/dEfedO+q+d8fccXfCnXSn3A/utDvjzrpz7rz70V1wP7mLzrvkyITIxMg7kUmRdyOTI1MiUyPTIimR6ZEZkfciMyOzIrMj70fmRD6IzI3Mi8yPLIikRj6MLIwsiqRFPoosjnwcSY8siSyNLIssj6yIeF9wa+gL+yI+6m/yRf3Nvpgv7kv4kt75Uj7e3+JL+1t9GX+bL+tv9+X8Hb68r+Ar+sd9E9/UN/PNfQv/hG/pn/StfGvfxj/l2/p2vr1/2if4Z3wH/6zv6P/mO/nnfGf/vO/iX/BdfTff3b/oe/iXfE/fyyf63r6Pf9n39f18fz/AD/Sv+EH+VT/Yv+aT/BA/1L/uh/k3/HD/ph/hR/pRMW/50ZdvkWG8T/YT/ET/jp/k3/WT/RQ/1U/zKX66n+Hf8zP9LD/bv+/n+A/8XD/Pz/cLfKr/0C/0i3ya/8gv9h/7dL/k8kNlv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9Dr/T7/K7/Sd+j//U7/Wf+X3+c7/ff+EP+C/9Qf+Vz/Bf+0P+G3/Yf+uP+O/8Uf+9P+aP+xP+pD/lf/Cn/Rl/1p/z5/2P/oL/yV/k76wxxhhjjP2XTLjSFL/X3/t3XhP/sHMfALh2W4GMf+zPXFGuz/tLu5+IaxsBgGd6dXnk8latWmJi4qV90yUEReYBXP6XoEwxcCVeAm2gHSRAayj9u/PvJ7qdp38xfvR2gBz/kBMLV+Ir43/xB+M/8dSoheXCs7n/P+PPAyhW5EpOdvh7/PdvV7SGMn8wfr6W/2L+2b9MBmj1Dzk54Up8Zf7x8CQ8Cwm/2pMxxhhjjDHGGPtFP1Gx0+X7z8v/4/P37s/j1JWczJvay/G/uj9njDHGGGOMMcbY1fdct+5PP5GQ0LrTn29U+W9lceN/a8N7gMuvKAD4NwcE+I+fxZb/yLGSLr11/rlr+TkfwP+OUv4Vjav8FxNjjDHGGGPsL3dl0f/r19XVmhBjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZYF/Sd+ndjVPkfGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGPsavt/AQAA//+neQxq")
rename(&(0x7f0000000240)='./file0/file0\x00', &(0x7f0000000300)='./file1\x00')

1.148558579s ago: executing program 3 (id=3408):
openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x1c0002, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
close_range(r0, 0xffffffffffffffff, 0x0)

1.0881892s ago: executing program 3 (id=3410):
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000800)='.\x00', 0xffffffffffffff9c, 0x0, 0x153)

929.223138ms ago: executing program 3 (id=3413):
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000300)={0x52, 0x0, 0x8, {0x0, 0x1}, {0x74, 0x2}, @const={0x0, {0x0, 0x3400}}})
r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x0, 0x822b01)
ioctl$EVIOCGRAB(r0, 0x40044590, &(0x7f0000000100)=0x9)
ioctl$EVIOCSMASK(r0, 0x40104593, &(0x7f0000000000)={0x1, 0x0, 0x0})
write$char_usb(r0, &(0x7f0000000040)="e2", 0xff0f)

870.522115ms ago: executing program 3 (id=3415):
socket$packet(0x11, 0x3, 0x300)
ioctl$IMADDTIMER(0xffffffffffffffff, 0x80044940, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000280)='nilfs2_transaction_transition\x00', 0xffffffffffffffff, 0x0, 0x100}, 0x18)
close(0xffffffffffffffff)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = socket$inet6(0xa, 0x2, 0x3a)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e24, 0x8, @local, 0x6}, 0x32)
sendto$inet6(r1, &(0x7f0000000080)="800037bbfa9ba1ce", 0xffd8, 0x0, 0x0, 0x0)

870.102919ms ago: executing program 0 (id=3416):
syz_mount_image$jfs(&(0x7f0000000100), &(0x7f0000000040)='./file1\x00', 0x1010006, &(0x7f00000003c0)={[{@quota}, {@iocharset={'iocharset', 0x3d, 'none'}}, {@discard_size={'discard', 0x3d, 0xaff9}}, {@iocharset={'iocharset', 0x3d, 'none'}}, {@discard}, {}, {@quota}, {@iocharset={'iocharset', 0x3d, 'default'}}, {@uid={'uid', 0x3d, 0xee01}}]}, 0x24, 0x61b6, &(0x7f00000075c0)="$eJzs3cuOHFcZB/Cv+jYXE8fKIgoWQpPEXEKIr8EYAiRZwIINC+QtsjWZRBYOINsgJ7LwRLNhwUOAkFgixJIVD5AFW3Y8AJZsJFAWKIVq5pxxTaV7esb2dHW7fj9pXPX1qZo+5X9XX6aq+gQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAED/8wY/PFRFx5VfphhMRn4t+RC9iparXImJl7UR9nRdiuzmej4jhUkS1/vY/z0a8HhEfH4+4/+DOenXz+QP24/t//scffnLsR3//0/DMf/9yq//GpOVu3/7tf/5699G3FwAAALqoLMuySB/zT0bEIH22BwCefvn1v0zy7eq5qzfnrD9qtVqtXsC6rhzvbr2IiM36OtV7BofjAWDBbMYnbXeBFsm/0wYRcaztTgBzrWi7AxyJ+w/urBcp36L+erC2057PBdmT/2axe33HpOk0zXNMZvX42op+PDehPysz6sM8yfn3mvlf2WkfpeWOOv9ZmZT/aOfSp87J+feb+Tc8Pfn3xubfVTn/waHy78sfAAAAAADmWP77/4mWj/8uPf6mHMh+x3/XZtQHAAAAAAAAAHjSDjv+36Ax/t8u4/8BAADA3Ko+q1d+d/zhbZO+i626/XIR8UxjeaBj0sUyq233AwAAAAAAAAAAAAC6ZLBzDu/lImIYEc+srpZlWf3UNevDetz1F13Xtx+6rO0neQAA2PHx8ca1/EXEckRcTt/1N1xdXS3L5ZXVcrVcWcrvZ0dLy+VK7XNtnla3LY0O8IZ4MCqrX7ZcW69u2uflae3N31fd16jsH6Bjs9Fi4AAQETuvRvcnvSL9z+vVYirLZ6PlNzksiH32fxaU/Z+DaPtxCgAAABy9sizLIn2d98l0zL/XdqcAgJnIr//N4wJqtVqtVqufvrquHO9uvYiIzfo61XsGw/EDwILZjE/a7gItkn+nDSLihbY7Acy1ou0OcCTuP7izXqR8i/rrQRrfPZ8Lsif/zWJ7vbz+uOk0zXNMZvX42op+PDehP8/PqA/zJOffa+Z/Zad9lJZ7/PzLPX8mbOsco0n5V9t5ooX+tC3n32/m33DU+/+sbEVvbP5dlfMfHCr/vvwBAAAAAGCO5b//n5ir47+jR92cqfY7/rs2do2j6wsAAAAAAAAAPCn3H9xZz9e95uP/XxiznOs/n045/0L+nZTz7zXy/2pjuX5t/t7bD/P/94M763+89a/P5+lB81/KM0V6ZBXpEVGkeyoGafo4W/dZW8P+qLqnYdHrD9I5P+Xw3bgW12Mjzu5Ztpf+Px62n9vTXvV0uN1e9nfaz+9pH+y25/Uv7GkfprOLypXcfjrW4+dxPd7Zbq/alqZs//KU9nJKe86/b//vpJz/oPZT5b+a2ovGtHLvo95n9vv6dNz9vHXti785e/SbM9VW9He3ra7avpda6M/2/8mxUfzy5saN07ev3rp141ykyZ5bz0eaPGE5/2H62X3+f3mnPT/v1/fXex+NDp3/vNiKwcT8X67NV9v7yoz71oac/yj95PzfSe3j9/9Fzn/y/v9qC/0BAAAAAAAAAAAAAACA/ZRluX2J6FsRcTFd/9PWtZkAwGzl1/8yybfPqu7P+P7U6gWviznrz0zrT8v56o9avYh1XTnem/UiIv5WX6d6z/Drcb8MAJhnn0bEP9vuBK2Rf4fl7/urpqfa7gwwUzc/+PCnV69f37hxs+2eAAAAAAAAAACPKo//uVYb//lUWZZ3G8vtGf/17Vh73PE/B3lmd4DRCQNV9w+/TfvZ6o36vdpw4y/GpPG/h7tz+43/PZhyf8Mp7aMp7UtT2pentI+90KMm5/9ibbzzUxFxsjH8ehfGf22Oed8FOf+Xao/nKv+vNJar51/+fpHz7+3J/8yt939x5uYHH7527f2r7228t/GzC+fOnb1w8eKlS5fOvHvt+sbZnX9b7PHRyvnnsa+dB9otOf+cufy7Jef/pVTLv1ty/l9Otfy7Jeef3+/Jv1ty/vmzj/y7Jef/Sqrl3y05/6+lWv7dkvN/NdXy75ac/9dTLf9uyfm/lmr5d0vO/3Sq5d8tOf8zqT5g/itH3S9mI+efj3DZ/7sl55/PbJB/t+T8z6da/t2S87+Qavl3S87/9VTLv1ty/t9Itfy7Jed/MdXy75ac/zdTLf9uyflfSrX8uyXn/61Uy79bcv7fTrX8uyXn/0aq5d8tOf/vpFr+3ZLz/26q5d8tOf/vpVr+3ZLzfzPV8u+Wh9//b8aMGTN5pu1nJgAAAAAAAAAAAACgaRanE7e9jQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9mBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuLkaus74f+Jl989qBxEDI38nfwMYxISSb7NpO/EKbYsJrw1sJhEJfsF3v2iz4Da9dAo1k00CJhFFRRdtw0RYQanNTkQsuaAUoF6gVUiVoL+gNokLlIqoCCkiVaAXZas55nmdnZmdndu3x+sw5n4+U/LIzZ+acOXPm7H53850BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoNWtr5//dCPLsuY/+b+2ZtkLmv+9eWprftlrrvUWAgAAAFfqV/m/n7shXXBwDTdqWeafX/7dry0tLS1l7xv98/HPLy2lK6aybHxTluXXRU/96P2N1mWCx7LJxkjL1yN9Vj/a5/qxPteP97l+os/1m/pcP9nn+hU7YIXNxe9j8jvbmf/n1mKXZjdm4/l1O7vc6rHGppGR+LucXCO/zdL4sWwhO5HNZ7NtyxfLNvLlv3Frc11vyeK6RlrWtb15hPzs0aNxGxphH+9sW9fyfUY/eV029fOfPXr0b889e3O32Xc3tN1fsZ137Ghu5yfDJcW2NrJNaZ/E7Rxp2c7tXZ6T0bbtbOS3a/5353Y+t8btHF3ezA3V+ZxPZiP5f38v309jrb/WS/tpe7jsF7dlWXZxebM7l1mxrmwk29J2ycjy8zNZHJHN+2geSi/OxtZ1nN66huO0Oed2th+nna+J+PzfGm43tso2tD5NP/nERMvz/sulyzlOo+ajXu210nkMDvq1UpZjMB4X38sf9ONdj8Gd4fE/evvqx2DXY6fLMZged8sxuKPfMTgyMZpvc3oSGvltlo/BXW3Lj+ZrauTzmdt7H4Mz506emVn82MfvXjh55Pj88flTe3btmt2zd+/+/ftnji2cmJ8t/n2Ze7v8tmQj6TWwI+y7+Bp4VceyrYfq0pcmVpx/L/d1ONnjdbi1Y9lBvw7HOh9cY2NekCuP6eK18Z7mTp+8NJKt8hrLn587r/x1mB53y+twrOV12PV7SpfX4dgaXofNZc7cubafWcZa/um2Dat/L7iyY3BryzHY+fNI5zE46J9HynIMTobj4gd3rv69YHvY3sen1/vzyOiKYzA93HDuaV6Sft6f3J+PbsflLc0rrpvIzi/On73nkSPnzp3dlYWxIV7Scqx0Hq9bWh5TtuJ4HVn38Xpw4eWP39Ll8q1hX03e3fzX5KrPVXOZe+/p/Vzl392678+2S3dnYQzYRu/Pbt/Nm/tzIsu+8O1PPPTNR7/w+lX3ZzNvfnLmyn8WT7m05fw7vsr5N+b+54v1pbt6bHR8rHj9jqa9M952Pm5/qsbyc1cjX/dzM2s7H4+Hfzb6fHxjj/Pxto5lB30+Hu98cPF83Oj3244r0/l8Tobj5MRs7/Nxc5ltu9d7TI71PB/fFmYj7P9Xh6SQclHLsbPacZvWNTY2Hh7XWFxD+3G6p2358ZDNmut6cnf4oTBt5dqO0ztuK5YfbbldtFHH6VTHsoM+TtPvvlY7Thv9fvt2eTqfz8lwXNy4p/dx2lzm6Xuv/Ny5Of5ny7lzot8xOD460dzm8XQQ5uf7bGlzPAbvyY5mp7MT2Vx+7UR+PDXydU3ft7Zz5UT4Z6PPldt6HIN3dCw76GMwfR9b7dhrjK188APQ+XxOhuPiift6H4PNZd6wb7A/u94RLknLtPzs2vn7tdV+53VLx266WsfKWNjOb+/r/bvZ5jIn9q83Z/beT3eFS67rsp86X7+rvabmso3ZT9vCdj67f/X91Nye5jKfP7DG4+lglmUXPvJA/vve8PeVC+e//7W2v7t0+5vOhY888NMXHvun9Ww/AMPv+WJsKb7Xtfxlai1//wcAAACGQsz9I2Em8j8AAABURsz98f8KT+R/AAAAqIyY+8fCTKqQ//+4/yLb3vDswvMXstTMXwri9Wk3PFgsFzuus+HrqaVlzcsf+Mr8f//jhbVt3kiWZb988I+6Lr/twbhdhamwnU+9sf3yFb5295rWffjhC2m9rf31L4b7j49nrYdBtwrubJZl37jhs/l6pt5/KZ9PP3g4nw9dfPyx5jLPHSi+jrd/5iXF8n8Vyr8Hjx1pu/0zYT/8OMzZt3bfH/F2X7306u373ru8vni7xo7r84f9xAeK+43vk/O5x4rl435ebfu/+Zknv9pc/pFXdt/+CyPdt//JcL9fCfN/XlYs3/ocNL+Ot/tU2P64vni7e778ra7b/9Sni+XPvKlY7nCYcf13hK93vunZhdb99UjjSNvjyt5cLBfXP/v9P82vj/cX779z+ycPXWrbH53Hx9P/VtzPTMfy8fK4nugfOtbfvJ/W4zOu/8k/Ody2n/ut/6mHnnlZ8347139Xx3JnPnJnvv7l+2t/x6a//tRnu64vbs/Bvz/T9ngOviu8jsP6n/hAOB7D9f/7VHF/ne+ucPhd7eefuPwXt15oezzRW35erP+p1x7P56bJzVuue8ELr7/4iua+y7LvbSrur9/6j//N6bbt/9JNxf6I18eOfuf6VxPXf/aj06dOL55fmEt79dEb8vfOeVuxPXF7bwjn1s6vD50+98H5s1OzU7NZNlXdt9C7bF8O86fFuNh76aUVZ9A7Hw7P5y1/+Y0tt//rZ+Ll//6e4vJLby2+b70qLPe5cPnW8Pytb/0rPXHrTfnru/F02MKlle8XfCW27/yv/WtaMDz+zp8L4vF+5qUfzPdD87r8+0Z8XV/h9v9wrrifr4f9uhTemXnHTcvra10+vjfCpXcXr/cr3n/hNBef178Lz/fbf1zcf9yu+Hh/GH6O+da29vNdPD6+fmGk8/7zd/G4GM4n2cXi+rhU3N+Xnrup6+bF9yHJLt6cf/1n6X5uXtfDXM3ixxZnTiycOv/IzLn5xXMzix/7+KGTp8+fOncofy/PQx/qd/vl89OW/Pw0N7/33iw/W50uxlV2rbf/zMNH5/bN3j43f+zI+WPnHj4zf/b40cXFo/Nzi7cfOXZs/qP9br8wd/+u3Qf27Ns9fXxh7v79Bw7sOTC9cOp0czOKjepj7+yHp0+dPZTfZPH+ew/suu++e2enT56em79/3+zs9Pl+t8+/N003b/2H02fnTxw5t3Byfnpx4ePz9+86sHfv7r7vBnjyzLHFqZmz50/NnF+cPztTPJapc/nFze99/W5PNS3+R/HzbKdG8UZ82Tvv2pven7XpK59Y9a6KRTreQPTZ8F4033nRmf1r+Trm/vEwkyrkfwAAACAXc/9EmIn8DwAAAJURc/+mMBP5HwAAACoj5v7JMNP/ElCT/F+5/v+2C2tav/6//n/r/tL/r1n//91l6/8X5wv9/8G40v69/n+g/6//r/+v/6//zwCUrf8fc//mLPP3fwAAAKiomPu3hJnI/wAAAFAZMfdfF2Yi/wMAAEBlxNz/gjCTmuR//X/9f/1//X/9/+7r1/8fTvr/ven/96H/P5PVq/9/cZDbfw36/5tbv9D/p4zK1v+Puf+FYSY1yf8AAABQBzH3Xx9mIv8DAABAZcTcf0OYifwPAAAAlRFz/9Ywk5rkf/3/K+r/p86V/n/79uv/t9P/D8eD/r/+/wbQ/+9N/78P/X+f/z9c/f82+v+UUdn6/zH3vyjMpCb5HwAAAOog5v4Xh5nI/wAAAFA+Y5d3s5j7XxJmsiL/X+YKAAAAgGsu5v4bs44ieE3+/q//7/P/9f/1//X/u69/7f3/0Uz/vzz0/3vT/+9D/1//X/9f/5+BKlv/P8/92WT20jCTmuR/AAAAqIOY+28KM5H/AQAAoDJi7v9/YSbyPwAAAFRGzP3bwkxqkv/1/yvT//9F61On/6//32v9+v8+/7/K9P970//vQ/9f/1//X/+fgSpb/z/m/pvDTGqS/wEAAKAOYu6/JcxE/gcAAIDKiLn//4eZyP8AAABQGTH3bw8zqUn+1/8vef8/Nkd9/r/+v/5/Kfv/k/r/paP/35v+fx/6//r/+v/6/wxU2fr/Mfe/LMykJvkfAAAA6iDm/peHmcj/AAAAUBkx978izET+BwAAgMqIuX8qzKQm+X89/f/GRf3/1Vzlz/+fWMPn/7fR/9f/77V+/X+f/19l+v+96f/3of+v/6//r//PQJWt/x9z/61hJjXJ/wAAAFAHMffvCDOR/wEAAKAyYu6/LcxE/gcAAIDKiLl/Z5hJTfK/z/8fiv5/pv+v/6//r/+v/782+v+96f/3of+v/6//r//PQJWt/x9z/yvDTGqS/wEAAKAOYu6/PcxE/gcAAIDKiLn/VWEm8j8AAABURsz9d4SZ1CT/6//r/+v/6//r/3dfv/7/cNL/703/vw/9f/1//X/9fwaqbP3/mPtfHWZSk/wPAAAAdRBz/51hJvI/AAAAVEbM/XeFmcj/AAAAUBkx90+HmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j77w4zqUn+BwAAgDqIuf+eMBP5HwAAACoj5v6ZMBP5HwAAACoj5v7ZMJOa5H/9f/1//X/9/3X1/1+xfL/6/wX9/3LR/+9N/78P/X/9/2ve/x/X/6dSytb/j7l/V5hJTfI/AAAA1EHM/bvDTOR/AAAAqIyY+/eEmcj/AAAAUBkx998bZlKT/K//r/+v/6//7/P/u69f/3846f/3Nvj+f3yI+v/6//r/Pv9f/5+Vytb/j7n/vjCTmuR/AAAAqIOY+/eGmcj/AAAAUBkx9+8LM5H/AQAAoDJi7t8fZlKT/K//r/+v/6//r//fff36/8NJ/783n//fh/6//v8Q9/+bx5b+P2VTtv5/zP0Hwkxqkv8BAACgDmLuf02YifwPAAAAlRFz/6+Fmcj/AAAAUBkx9/96mElN8r/+v/6//r/+f9n7/xP6//r/66D/35v+fx/6//r/Q9z/9/n/lFHZ+v8x998fZlKT/A8AAAB1EHP/b4SZyP8AAABQGTH3vzbMRP4HAACAyoi5/2CYSU3yv/7/BvX/44X6//r/+v8+/1///6rS/+9N/78P/X/9f/1//X8Gqmz9/5j7XxdmUpP8DwAAAHUQc/8DYSbyPwAAAFRGzP2vDzOR/wEAAKAyYu5/Q5hJTfK//r/P/7/2/f/xtm3X/1++nf5/Qf9f/3899P970//vQ/9f/1//X/+fgSpb/z/m/jeGmdQk/wMAAEAdxNz/pjAT+R8AAAAqI+b+N4eZyP8AAABQGTH3vyXMpCb5X/9f///a9/99/r/+f0H/X/9/EPT/e9P/70P/X/9f/1//n4EqW/8/5v7fDDOpSf4HAACAOoi5/8EwE/kfAAAAKiPm/reGmcj/AAAAUBkx978tzKQm+V//X/9f/1//X/+/+/r1/4eT/n9vQ9b//9X14XL9/4L+f7m3f739/7GOr69K//9Hq/X/lzZ13l7/n6uhbP3/mPvfHmZSk/wPAAAAdRBz/zvCTOR/AAAAqIyY+98ZZiL/AwAAQGXE3P9bYSY1yf/6/83tWG4v6//r/+cX6P/r/+v/Dy39/96GrP/v8/876P+Xe/t9/r/+PyuVrf8fc/+7wkxqkv8BAACgDmLufyjMRP4HAACAyoi5/91hJvI/AAAAVEbM/e8JM6lJ/tf/9/n/+v/6//r/3dev/z+c9P970//vQ/9f/79s/f//1P9nuJWt/x9z/8NhJjXJ/wAAAFAHMfe/N8xE/gcAAIDKiLn/t8NM5H8AAACojJj73xdmUpP8r/8/LP3/Kf3/dfb/J8Jl+v/6//r/9aL/35v+fx/6//r/Zev/+/x/hlzZ+v8x978/zGTt+X9yzUsCAAAA10TM/b8TZlKTv/8DAABAHcTc/7thJvI/AAAAVEbM/b8XZlKT/K//Pyz9f5//n/n8f/3/jsej/6//383G9f/jmUf/X/9f/z/S/9f/1/+nU9n6/zH3/36YSU3yPwAAANRBzP0fCDOR/wEAAGAodPt/sjvF3H8ozET+BwAAgMqIuf9wmElN8r/+v/6//n9J+/9/seNffvDddxzepf+v/6//vy4b+vn/zRe/z//X/9f/T/T/9f/1/+lUtv5/zP1HwkyWg9/bfMA/AAAADLeY+/8gzKQmf/8HAACAOoi5/2iYifwPAAAAlRFz/1yYSU3yv/6//r/+f0n7/0P8+f9xfwxT/3960xD1/+NJV/+/qw3t/793uSeu/7/e/v9E10s7+/8N/f82+v/r3v7vZFmm/6//zzVUtv5/zP3zYSY1yf8AAABQByH3jxwr5vIV8j8AAABURsz9x8NM5H8AAACojJj7PxhmUpP8r/+v/6//r//v8/+7r7+0/X+f/9+T/n9v5en/d+fz//X/h3n79f/1/1mpbP3/mPsXwkxqkv8BAACgDmLu/1CYifwPAAAAlRFz/4fDTOR/AAAAqIyY+0+EmdQk/+v/6//r/+v/6/93X7/+/3DS/+9N/78P/X/9f/1//X8Gqmz9/5j7T4aZ1CT/AwAAQB3E3H8qzOT/2LuPJsvq847jt3FTzBQb77zwwt77JbAwa/sFeMHGC7vK5YWxjXNicI4454BtJRRQAAmhhHICJSSUhSSUc0AZSTUqmOd5Znr69LndM7e7z/0/n89CDzSMzkU1BfrRfDn2PwAAAAwjd//NcYv9DwAAAMPI3f/LcUuT/a//1/8P2///pP7/oOfr//X/I9P/z9P/r6H/1//r//X/bNTS+v/c/b8StzTZ/wAAANBB7v5fjVvsfwAAABhG7v5b4hb7HwAAAIaRu//X4pYm+/+y/n9n1bP/z4xX/z9S/+/9/wc+X/+v/x/Zyfb/tz3xZz79v/5f/x/0//p//T+XW1r/n7v/1+OWJvsfAAAAOsjd/xtxi/0PAAAAw8jd/5txi/0PAAAAw8jd/1txS5P97/3/3v+v/9f/6/+nn6//307e/z+vU/9/y8PX/9Jj9/7ofUd5vv5f/6//1/+zWUvr/3P3/3bc0mT/AwAAQAe5+38nbrH/AQAAYBi5+383brH/AQAAYAudnfxq7v7fi1ua7H/9v/5f/x/9/xn9v/5f/z8C/f+8Tv3/lTxf/6//1//r/9mspfX/uft/P25psv8BAACgg9z9fxC32P8AAACwXFP/IPaM3P23xi32PwAAAAwjd/+5uKXJ/tf/H3///339/3b0/97/r//X/w9B/z9P/7+G/l//r//X/7NRS+v/c/ffFrc02f8AAADQQe7+P4xb7H8AAAAYRu7+P4pb7H8AAAAYRu7+P45bmux//b/3/+v/9f/6/+nn6/+3k/5/nv5/Df3/1fbz1+r/9f/6fy51xP7/8Zk/bW+k/8/d/ydxS5P9DwAAAB3k7v/TuMX+BwAAgGHk7v+zuMX+BwAAgGHk7v/zuKXJ/tf/6//1//r/K+7/9//Ue5L+f5r+/2To/+ctpv/f2Z38sv5/6/t/7//X/+v/2WNp7//P3f8XcUuT/Q8AAAAd5O7/y7hlZv8f+W/mAwAAAKcqd/9fxS2+/w8AAABbL6uz3P1/Hbc02f/6f/2//l//7/3/08+f6//vu+Tz6f+XRf8/bzH9/wH0//r/bf78+n/9P/strf/P3f83cUuT/Q8AAAAd5O6/PW6x/wEAAGAYufv/Nm6x/wEAAGAYufv/Lm5psv+n+/+Lv13/fzj6/72fX/8//fNjU/1//jfq/2f7/xu9/78n/f88/f8a+n/9v/7/oP7/7Lofr/9nytL6/9z9fx+3NNn/AAAA0EHu/n+IW+x/AAAAGEbu/n+MW+x/AAAAGEbu/n+KW5rsf+//1//r/7ev//f+/wtO8/3/qxPv/3f1/4ek/5+n/19D/6//1//Pv/9/5t8CoP9nytL6/9z9/xy3NNn/AAAA0EHu/n+JW+x/AAAA2A6X/rMDl/8DpSF3/7/GLfY/AAAADCN3/7/FLePs/9l3der/9f/6f/2//n/6+cvq/73//7D0//P0/2vo/4+jn98drP+/46Afv4T+/9bj7v9n6P+Zsqf/v//i10+r/8/d/+9xyzj7HwAAANrL3f8fcYv9DwAAAMPI3f+fcYv9DwAAAMPI3f9fcUuT/X/s/f/Mv31A/6//1//r//X/+v9N0//P0/+vof/3/n/v/9f/s1F7+v9LnFb/n7v/v+OWJvsfAAAAOsjd/z9xi/0PAAAAw8jdf0fcYv8DAADAMHL3/2/c0mT/e/+//l//r//X/08/X/+/na6qv79G/1/0//p//b/+X//PBiyt/8/d/39xS5P9DwAAAB3k7v//uMX+BwAAgGHk7n9K3GL/AwAAwDBy9z81bmmy//X/x9v/59f1//r/lf5f/6//PxFt3/+/M/VXov0O6P8f/IVzP733K/p//b/+X/+v/+eQfnjmty2i/z9/8f9d5u5/WtzSZP8DAABAB7n7nx632P8AAAAwjNz9z4hb7H8AAAAYRu7+O+OWI+7/ueZhyfT/3v+v/9f/6/+nn6//305t+/9D8v7/NfT/+n/9v/6fjVpE/3/Jr+fuf2bc4vv/AAAAMIzc/c+KW+x/AAAAGEbu/mfHLfY/AAAADCN3/3Pilib7X/+v/9f/6//1/9PP1/9vJ/3/PP3/GtvU/995Ff3/7vSXT7ufv1qn/fn1//p/9lta/5+7/664pcn+BwAAgA5y9z83brH/AQAAYBi5+58Xt9j/AAAAMIzc/c+PW5rsf/2//l//r//X/08/X/+/nfT/8/T/q9Xq7pkPMNX/n79umf2/9/8v7vPr//X/7Le0/j93/wvilib7HwAAADrI3X933GL/AwAAwDBy998Tt9j/AAAAMIzc/S+MW5rsf/2//l//r//X/08/X/+/nfT/8/T/a2zT+//1/4v7/Pp//T/7La3/z93/orilyf4HAACADnL33xu32P8AAAAwjNz9L45b7H8AAAAYRu7+++KWJvtf/6//1//r//X/08/X/2+n4+v/V/p//b/+fw39v/5f/8/lltb/5+5/SdzSZP8DAABAB7n7Xxq32P8AAAAwjNz9L4tb7H8AAAAYRu7+l8ctTfa//l//r//X/+v/p5+v/99O3v8/T/+/hv5f/6//1/+zUdP9/62n1v/n7n9F3NJk/wMAAEAHufvvj1vsfwAAABhG7v5Xxi32PwAAAAwjd/+r4pYm+1//r//f2/+vVvp//b/+/4IT6P/PrPT/G6f/n6f/X0P/P2b/f81qoP7/7IE/Xv/PEi3t/f+5+18dtzTZ/wAAANBB7v7XxC32PwAAAAwjd/9r4xb7HwAAAIaRu/91cUuT/a//1/97/7/+X/8//Xzv/99O+v95+v819P9j9v/e/6//59Qsrf/P3f/6uKXJ/gcAAIAOcve/IW6x/wEAAGAYufvfGLfY/wAAADCM3P1vilua7H/9v/5f/6//1/9PP1//v530//P0/2vo//X/+n/9Pxu1tP4/d/+b45Ym+x8AAAA6yN3/QNxi/wMAAMAwcvc/GLfY/wAAADCM3P1viVua7H/9v/5f/7+d/f8Z/b/+X/8/aSn9/w03/NRD+n/9v/5f/6//1/93t7T+P3f/W+OWJvsfAAAAOsjd/7a4xf4HAACAYeTuf3vcYv8DAADAMHL3vyNuabL/9/f/164uFKoXTPX/0ajp/y+h/9/7+fX/0z8/vP9f/6//P35L6f+9///KPr/+X/+/zZ//SP3/j+//8fp/RrS0/j93/0NxS5P9DwAAAB3k7n9n3GL/AwAAwDBy978rbrH/AQAAYBi5+x+OW5rsf+//1//r//X/+v/p5+v/t5P+f57+fw39v/7f+/9v/rkf0v+zOUvr/3P3vztuabL/AQAAoIPc/e+JW+x/AAAAGEbu/vfGLfY/AAAADCN3//vilib7X/+v/9f/6//1/9PP1/9vJ/3/PP1/ufwP7YI+/f+ZqS+edj9/tU778w/T/3v/Pxu0tP4/d//745Ym+x8AAAA6yN3/gbjF/gcAAIBh5O7/YNxi/wMAAMAwcvd/KG5psv/1//r/8fv/n9X/X/Z8/b/+f2T6//wr+jT9/xp9+v9Jp93Pb/vn1//r/9lvaf1/7v5H4pYm+x8AAAA6yN3/4bjF/gcAAIBh5O7/SNxi/wMAAMAwcvd/NG5psv/1/736/51Vx/7f+//1//r/TvT/8/T/a+j/9f/6f/0/G7W0/j93/6M7uy33PwAAAGyrn/mJX3zksL/vo0/+55nVx+KWG1fnD/ltbAAAAGDhntj9O7ur1cef/DXf/wcAAIAR5e7/RNzSZP/r/3v1/z3f/6//1//r/zvR/8/T/6+h/9f/6//1/2zU0vr/3P2fjFsuGX67R/6jBAAAAJYkd/+n4pYm3/8HAACADnL3fzpu2bf//esAAQAAYFvl7v9M3NLk+//6/4X3/6tj6v/j99P/X6D/1/9PPV//v530//Ousv8/v6P/1//P0P/r//X/XG5p/X/u/s/GLU32PwAAAAxqz99RyN3/ubjF/gcAAIBh5O7/fNxi/wMAAMAwcvd/IW5psv/1/yfe/2eqfozv/z9bv+T9/837/9vPTD5f/6//H5n+f573/6+h/x+l/79O/6//ZxmW1v/n7v9i3NJk/wMAAEAHufu/FLfY/wAAADCM3P1fjlvsfwAAABhG7v6vxC1N9r/+f+Hv/7+i/v8Q7//X//fo/w94/jj9/49cf+6Bm37+nrv0/1x0kv1//lzQ/+v/9f8XLKj/9/5//T8Lsfn+f3fPF4/a/+fu/2rc0mT/AwAAQAe5+x+LW+x/AAAAGEbu/q/FLfY/AAAADCN3/9fjlib7X/+v/19K/5//W59C/3/uivv/s6vV6lT6/2yKu/f/3v+v/9/P+//n6f/X0P/r//X/+n82avP9/94vHrX/z93/jbilyf4HAACADnL3fzNuyf2/c+S/dQ8AAAAsTO7+b8Utvv8PAAAAw8jd/+24pcn+1//r/5fS/yfv/7/448Z6//9NFaf27P9/rH5J/3+89P/z9P9r6P/1//p//T8btbT+P3f/d+KWJvsfAAAAOsjd/3jcYv8DAADAMHL3fzdusf8BAABgGLn7vxe3NNn/+v9R+/8s4vX/+v+l9P/e/+/9/ydD/z9P/7+G/l//r//X/7NRS+v/c/f/IAAA//9GqnSo")

804.090774ms ago: executing program 3 (id=3417):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, 0x0, 0x0, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prctl$PR_GET_IO_FLUSHER(0x4)
syz_clone(0x25000, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0)

420.075051ms ago: executing program 0 (id=3418):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
getsockopt$bt_BT_POWER(r0, 0x112, 0x9, 0x0, &(0x7f0000000040))

369.763678ms ago: executing program 0 (id=3419):
syz_mount_image$ocfs2(&(0x7f0000000000), &(0x7f0000004480)='./file0\x00', 0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c6e6f61636c2c636f686572656e63793d66756c6c2c6865617274626561743d6e6f6e652c6a6f75726e616c5f6173796e635f636f6d6d69742c6e6f757365725f78617474722c008e1d54758732e066b2e39f7bd9e6e2dab460"], 0x1, 0x4460, &(0x7f0000009680)="$eJzs2M1vG2kdB/DfTJLGSZPiQg9BcIgEEhVCIckJARIgXqpKiFSBIkSQIuelbcCJQ+KgHHoAqUcORXDizBHOnJAq7iDtP7D7B+zuoXvo7mm98nicemJ74+7GTpr9fA4Zz/Myz5N8Pc88kzRXf7RzOL9zOF/Zm69tPjhcnv9DrXq0ux3piFz0+AxmGDnJ/uKs/PAnP//lcsT+k+W1RqPRiIgoR29LHZ9fPH+82XlsS0/1aV63z+XOya8j4lbXvJrGIuJX/45IIiLJf6k0P07lvZp1v/n9V/8cpVcZc6pvzR/X/z/zz+O73/zXg/996cXbK0/7Nkwi/l794jce7r7zlbHvvPX1rKwx+Az++yrTBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBG5s7py/97iUjxLytn5/pPltc76yXL+odS7f6Mx9CkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJfcndWV+/cWl+JZEqX3JiP2nyyvddaPl/MP5d79G98bwSQZmrs/W/nRjxeXstwbjaSr/lt50bs/GIubEfHi+ePNKBzfnO1sn5z6npz+PuWtzm3+7fm1xy1Hki4UztN0YSEiOW6dzyXTabV2WJ6IONrbOrdpvLaK+adZWSGdVtHH5N86njQfKP/z9IWub1N2PjfcUa+Kl/nPrDUaY33b/eNPSeER0C//sQvI/5OaPNd5vJ6K9/94Vla8n1qBNvP/y/jZ9//4Gfmf18p/o/mjlF2v1LkCNPcwzfJ++xWKivlPZGX98u+1/n9wKv+J3vnf++vQfoM+6//+0Aa8Uor5X8vKin/P1gYgyz89+/6/dlme//PDHfWqKOY/+d20u0n25xx0/Z8cUf7l9sp0I+n6BmTlpYjZYQx8xRTzL3XVv3z/Swfa/5cu6P2vdOr9r/0ecjtpvf/RWzH/qb7tBr3/p0a8/rf2fwOYGOYsXl/F/Kezsk+z/58eUf7Zc6rH/v/D9v7/eBijXj3F/K9nZcVV4Gn2M9v/Jd25v38q/+uXYP+Xzf/2cEe9Kor5z/Rt18z/jQGe/zMjzz9i+pV7nOxz+v/D6zOimH++Y/5Pd7vs/i+dnf/siPP/2pkt/CMIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DJKy61jOZJ0oXCepgsLEWP5+VxMJxuVrfWNam3zd4cR43n5fHw+eVitbVSq6zt7ta3t9Uq1WtuMmMjrb0UpOazW6uu7lf1rJ9eaSh5tVw7qG9uVekRM5uVfjtn2tTZ26ruV/YgondR9Lq0d7D+q7K1v7Rx8e3FxcTGmTuZwM9k+rm/v1Vujt2ojpk/6lpOOyWXV10/mMpP8tnZ0sFepZuUzHX2qtc1KtaPPbF73t7iZ1A+O9jYr9e31au1he7zeps4nqDN8Pz+md1d/sfrTpe4Gc3l9eSTTAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4CN255gGYSgMAvA9YMQBIpgJBmBCAhsakMGICBDAhoHWSPfOTdM+AZ26fF/yJ//ddAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACzyP5/eSXZT2iS51KfMV41dfvd2/3lej99Hc+i72yvZlnWWAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYVdeldNIIjCADwzKXKp9jFSLbup0gYSQpqsCFaWvoClhaWva2FnJaLMgqy7aKOFfF+zlzOHc2B+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH8DtuJqOqDiGGl91zCPPVx/S0/lbkl0V//9MdduR2/v6b75+qzvcez+qf+df6Kx2r281yFnqerdjJSTdP+dTlxQbyNrRfO7cIMZWH75zb95hSWfZ1vl43AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPbswIEAAAAAgCB/6xUGKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGApAAD//y5GmuM=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000200)=""/179, 0xb3)

79.087571ms ago: executing program 0 (id=3420):
syz_mount_image$msdos(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x100c404, &(0x7f0000000440)={[{@dots}, {@nodots}, {@nodots}, {@fat=@uid={'uid', 0x3d, 0xee00}}, {@nodots}, {@dots}, {@dots}, {@fat=@errors_continue}, {@nodots}, {@fat=@check_strict}, {@dots}, {@dots}, {@nodots}, {}, {@dots}, {@fat=@check_strict}, {@fat=@dos1xfloppy}, {@fat=@showexec}, {@dots}, {@dots}, {@nodots}, {@dots}]}, 0xfd, 0x1ed, &(0x7f0000000240)="$eJzs3cFqE1EUANCbNk0y4sKdIAgjLnRV1D8QqSAGhEoWuhN0ZVbtJnXTfoa/4H/5AdJVN/IknUknhmkMA5nRes4md3Lfy3t3hkyyyU2Kwve7X2M06kXv8mg3InZi4SwAgJvkIqX4kQpd7wUAaMcGn/8/W94SALBlb9+9f/18PD44zPNRxPnZbDKbFI9F/uWr8cGT/NKdatb5bDbZvco/zVe/O8zze3GrzD8r5udX6UFETAbx+GGRn+devBnnv88fxsct1w4AAAAAAAAAAAAAAAAAAAAAAF25H/lCbX+f/f3VfFbmi6Ol/kAr/Xv6ca9fHlbtgdJpG0UBAAAAAAAAAAAAAAAAAADAP+b45MvnD9Ppp6MqGEbE8jP9mjHXB73yhTca3H2wE82mZ2WZDRbtladouwVm9Rd3kyD6f8vVaRrkLayVrT29Kc2D+nfBoi3GtdMHEbF+9UeHTTd/kVKafntwdHwSae3g6h4xbPWOBAAAAAAAAAAAAAAAAAAA/6+lX30vybrbEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0oPr//wbBaUTcjj8OXqy1F6NuiwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODG+hUAAP//oIYiYQ==")

78.958566ms ago: executing program 0 (id=3421):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBSENT(r0, 0x5602, &(0x7f00000005c0)={0xff, "96d3e9659db3f50cb3c4e683f4fae026a3b284dd56630882be4bc0f34042227a71f06b95d73e34c8ecf3325e43f75f16f13d8905d3bdce627dc6ae0b14840f4c8bebc40872293c61ddd293631a22c6d5c8c9b16b987f4326874ddc5e2610c5505cea115e51bf6feb3e93cf89b8f44394fa2ac7f6cf757a9416c7545c5e5caa34450f0397d179f2225b57f644ce8ad31b15547b9364daef8e784f2036a75c3c5cfd124cdd424a558ea90d054d36c0d1d0db92e5e7f668dadcbfaed92c7cf3204be0c4904d308feba3447d7f41a58bc2fd4682e306a592696e4de9427d87c008d3e172cf162cc35f00915fe9fc9ea84e28838940e4bb2fda4c55a34abdf6db63d547c91a17211a1ce43a2933f8227e8b6767ab70bc9223e62a2d3ad9b13f74e2000961e62eaea005088d6d74a19eb0c56ce314323143fcfe27e410e10bd21a2140783385bdb1a7d33038427e336829ccfb63c04e537ca51ddae5fdf29505fca04fc4b2a13d6dad7db2eace60e9589712719a49a2d2d44587465037851b1fe93a0ed46822294671098fd53e79fe428bf6ae3846299ab1d238ad07be6cc01b5fcaacfce829c209e67d5548a38b637f3b44905b8be24dfba30e1b6d074b43e53fcded14a4190a585949baa43fef6c70ce7b1612299d734c07feed23252886a1317358cf5ecaf0186d2dbdb3eab8a9c3c21d4828ef8a9dd89207f2884a57679fcd495a"})

0s ago: executing program 0 (id=3422):
timer_create(0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000040)={0x0, 0xea60}, 0x10)
setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000140)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000240)={0xa, 0x4e23, 0xa4e4, @remote, 0x3}, 0x1c)
sendmmsg(r0, &(0x7f0000002940)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000002c0)="9572c2", 0x3}], 0x1, &(0x7f00000029c0)=ANY=[], 0x1a8}}, {{0x0, 0x0, &(0x7f0000001780), 0x0, &(0x7f0000002d40)=ANY=[], 0x1140}}], 0x2, 0x10)

kernel console output (not intermixed with test programs):

ltsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  245.245659][   T10] usb 5-1: New USB device found, idVendor=258a, idProduct=6a88, bcdDevice= 0.00
[  245.249408][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.272176][   T10] usb 5-1: config 0 descriptor??
[  245.593948][  T793] gspca_spca505: reg write: error -71
[  245.597776][  T793] spca505 4-1:0.0: probe with driver spca505 failed with error -5
[  245.617075][  T793] usb 4-1: USB disconnect, device number 35
[  245.705164][   T10] hid (null): usage index exceeded
[  245.708028][   T10] hid (null): usage index exceeded
[  245.719118][   T10] itetech 0003:258A:6A88.000B: ignoring exceeding usage max
[  245.722909][   T10] itetech 0003:258A:6A88.000B: usage index exceeded
[  245.728755][   T10] itetech 0003:258A:6A88.000B: item 0 4 2 0 parsing failed
[  245.732170][   T10] itetech 0003:258A:6A88.000B: probe with driver itetech failed with error -22
[  245.886689][ T5847] Bluetooth: hci2: command tx timeout
[  245.888660][   T33] audit: type=1326 audit(1755070355.613:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10916 comm="syz.0.1942" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa9d7d8ebe9 code=0x0
[  245.917672][  T793] usb 5-1: USB disconnect, device number 3
[  247.169765][T10940] netlink: 'syz.3.1951': attribute type 39 has an invalid length.
[  247.796324][ T5912] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  248.046529][ T5847] Bluetooth: hci2: command tx timeout
[  248.305506][ T5912] usb 5-1: Using ep0 maxpacket: 16
[  248.310478][ T5912] usb 5-1: config 0 has no interfaces?
[  248.314928][ T5912] usb 5-1: New USB device found, idVendor=0d49, idProduct=7010, bcdDevice= c.90
[  248.320155][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.323424][ T5912] usb 5-1: Product: syz
[  248.325193][ T5912] usb 5-1: Manufacturer: syz
[  248.328285][ T5912] usb 5-1: SerialNumber: syz
[  248.342175][ T5912] usb 5-1: config 0 descriptor??
[  248.558070][ T5912] usb 5-1: USB disconnect, device number 4
[  248.831324][   T33] audit: type=1326 audit(1755070358.553:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10987 comm="syz.0.1973" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa9d7d8ebe9 code=0x0
[  249.225486][T10991] loop4: detected capacity change from 0 to 32768
[  249.228227][T10991] btrfs: Deprecated parameter 'usebackuproot'
[  249.230462][T10991] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  249.243493][T10991] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1974 (10991)
[  249.257765][T10991] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  249.262026][T10991] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  249.266121][T10991] BTRFS info (device loop4): using free-space-tree
[  249.297625][ T7125] BTRFS warning (device loop4): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0x26333c6f level 0
[  249.302235][T10991] BTRFS warning (device loop4): couldn't read tree root
[  249.304476][T10991] BTRFS warning (device loop4): try to load backup roots slot 1
[  249.309782][ T7090] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x78ca8373 level 0
[  249.319428][T10991] BTRFS warning (device loop4): couldn't read tree root
[  249.322294][T10991] BTRFS warning (device loop4): try to load backup roots slot 2
[  249.325470][ T7090] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  249.329034][T10991] BTRFS warning (device loop4): couldn't read tree root
[  249.331582][T10991] BTRFS warning (device loop4): try to load backup roots slot 3
[  249.340312][T10991] BTRFS info (device loop4): rebuilding free space tree
[  249.353852][T10991] BTRFS info (device loop4): checking UUID tree
[  250.141403][T10668] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  252.660293][T11062] Process accounting resumed
[  254.740399][T11169] libceph: resolve '0' (ret=-3): failed
[  254.965981][T11176] syz_tun: entered allmulticast mode
[  254.974929][T11175] syz_tun: left allmulticast mode
[  255.066640][T11180] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2042'.
[  255.213610][T11188] pimreg: entered allmulticast mode
[  255.335998][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  255.567170][T11200] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2052'.
[  256.787902][ T5912] usb 4-1: new high-speed USB device number 36 using dummy_hcd
[  256.862426][T11237] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  256.867417][T11237] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.944276][T11237] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  256.947748][T11237] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  256.965486][ T5912] usb 4-1: Using ep0 maxpacket: 16
[  256.970678][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  256.975175][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  256.980382][ T5912] usb 4-1: New USB device found, idVendor=060b, idProduct=0001, bcdDevice= 0.00
[  256.984092][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.992583][ T5912] usb 4-1: config 0 descriptor??
[  257.037814][T11237] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  257.041991][T11237] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.135526][T11237] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  257.140578][T11237] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  257.254748][ T5876] netdevsim netdevsim0 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  257.258428][ T5876] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  257.269433][ T5876] netdevsim netdevsim0 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  257.272915][ T5876] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  257.288932][   T13] netdevsim netdevsim0 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  257.292581][   T13] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  257.306345][ T5876] netdevsim netdevsim0 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  257.312962][ T5876] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  257.429797][ T5912] macally 0003:060B:0001.000C: unknown main item tag 0x4
[  257.432919][ T5912] macally 0003:060B:0001.000C: unknown main item tag 0x0
[  257.439764][ T5912] macally 0003:060B:0001.000C: unknown main item tag 0x0
[  257.443178][ T5912] macally 0003:060B:0001.000C: unknown main item tag 0x0
[  257.447115][ T5912] macally 0003:060B:0001.000C: unknown main item tag 0x0
[  257.450265][ T5912] macally 0003:060B:0001.000C: unknown main item tag 0x0
[  257.453256][ T5912] macally 0003:060B:0001.000C: unknown main item tag 0x0
[  257.457596][ T5912] macally 0003:060B:0001.000C: unknown main item tag 0x0
[  257.460612][ T5912] macally 0003:060B:0001.000C: unknown main item tag 0x0
[  257.463485][ T5912] macally 0003:060B:0001.000C: unknown main item tag 0x0
[  257.467139][ T5912] macally 0003:060B:0001.000C: unexpected long global item
[  257.471192][ T5912] macally 0003:060B:0001.000C: probe with driver macally failed with error -22
[  257.513626][T11246] 9pnet_fd: Insufficient options for proto=fd
[  257.590164][   T33] audit: type=1326 audit(1755070367.313:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11249 comm="syz.0.2075" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9d7d8ebe9 code=0x7ffc0000
[  257.599959][   T33] audit: type=1326 audit(1755070367.313:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11249 comm="syz.0.2075" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9d7d8ebe9 code=0x7ffc0000
[  257.618018][   T33] audit: type=1326 audit(1755070367.313:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11249 comm="syz.0.2075" exe="/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7fa9d7d8ebe9 code=0x7ffc0000
[  257.631777][  T976] usb 4-1: USB disconnect, device number 36
[  257.643834][   T33] audit: type=1326 audit(1755070367.313:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11249 comm="syz.0.2075" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9d7d8ebe9 code=0x7ffc0000
[  257.658645][   T33] audit: type=1326 audit(1755070367.313:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11249 comm="syz.0.2075" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa9d7d8ebe9 code=0x7ffc0000
[  258.194300][ T5847] Bluetooth: hci1: Malformed LE Event: 0x0b
[  258.332916][T11272] tipc: Started in network mode
[  258.334997][T11272] tipc: Node identity c6b7bd1d833a, cluster identity 4711
[  258.339036][T11272] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  258.342740][T11272] syzkaller0: entered promiscuous mode
[  258.344919][T11272] syzkaller0: entered allmulticast mode
[  258.354780][T11266] tipc: Resetting bearer <eth:syzkaller0>
[  258.374645][T11266] tipc: Disabling bearer <eth:syzkaller0>
[  259.022515][T11283] loop4: detected capacity change from 0 to 1024
[  259.026296][T11283] hfsplus: Unknown parameter '5_%{쑤>VW϶$Ec_7ɱK<X'
[  261.392393][T11332] syz.3.2108(11332): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored.
[  261.777059][T11339] loop4: detected capacity change from 0 to 32768
[  261.804952][T11339] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  261.877401][T11339] XFS (loop4): Ending clean mount
[  261.923440][T11339] XFS (loop4): User initiated shutdown received.
[  261.933482][T11339] XFS (loop4): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:476).  Shutting down filesystem.
[  261.943011][T11339] XFS (loop4): Please unmount the filesystem and rectify the problem(s)
[  261.974634][   T27] Bluetooth: hci3: Frame reassembly failed (-84)
[  262.019860][T10668] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  263.794207][T11403] loop4: detected capacity change from 0 to 16
[  263.799240][T11403] erofs (device loop4): negative i_size @ nid 36
[  263.870913][   T33] audit: type=1326 audit(1755070373.593:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11404 comm="syz.0.2137" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa9d7d8ebe9 code=0x0
[  263.900762][   T13] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  263.903969][   T13] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  263.907492][   T13] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  263.910644][   T13] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  264.035549][   T55] Bluetooth: hci3: command 0x1003 tx timeout
[  264.037948][ T5847] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  264.100626][T11419] netlink: 5636 bytes leftover after parsing attributes in process `syz.3.2143'.
[  264.210936][T11425] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2146'.
[  264.213620][T11425] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2146'.
[  264.217544][T11425] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2146'.
[  264.305406][   T10] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  264.456378][   T10] usb 5-1: Using ep0 maxpacket: 16
[  264.463863][   T10] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  264.478431][   T10] usb 5-1: config 0 has no interface number 0
[  264.483469][   T10] usb 5-1: New USB device found, idVendor=1a86, idProduct=752d, bcdDevice=2d.4d
[  264.491675][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.494768][   T10] usb 5-1: Product: syz
[  264.502313][   T10] usb 5-1: Manufacturer: syz
[  264.504198][   T10] usb 5-1: SerialNumber: syz
[  264.529712][   T10] usb 5-1: config 0 descriptor??
[  264.538818][   T10] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  264.614168][T11437] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2153'.
[  264.758194][   T10] usb 5-1: USB disconnect, device number 5
[  265.605439][   T10] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  265.755468][   T10] usb 5-1: Using ep0 maxpacket: 8
[  265.759638][   T10] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 17
[  265.766035][   T10] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=c8.07
[  265.769582][   T10] usb 5-1: New USB device strings: Mfr=209, Product=185, SerialNumber=60
[  265.772892][   T10] usb 5-1: Product: syz
[  265.774589][   T10] usb 5-1: Manufacturer: syz
[  265.778465][   T10] usb 5-1: SerialNumber: syz
[  265.781825][   T10] usb 5-1: config 0 descriptor??
[  265.835559][ T5898] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  265.985447][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  265.994938][ T5898] usb 4-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  266.001488][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.005074][ T5898] usb 4-1: Product: syz
[  266.007249][ T5898] usb 4-1: Manufacturer: syz
[  266.009129][ T5898] usb 4-1: SerialNumber: syz
[  266.013861][ T5898] usb 4-1: config 0 descriptor??
[  266.022822][ T5898] gspca_main: se401-2.14.0 probing 047d:5003
[  266.075175][   T10] gspca_main: sunplus-2.14.0 probing 04a5:3003
[  266.555805][   T10] gspca_sunplus: reg_w_riv err -71
[  266.579847][   T10] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  266.684906][   T10] usb 5-1: USB disconnect, device number 6
[  266.851566][ T5898] gspca_se401: ExtraFeatures: 117
[  266.855904][ T5898] gspca_se401: Too many frame sizes
[  266.981978][   T10] usb 4-1: USB disconnect, device number 37
[  267.579698][T11501] loop4: detected capacity change from 0 to 32768
[  268.192669][T11525] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2188'.
[  268.572957][T11543] autofs4:pid:11543:validate_dev_ioctl: invalid path supplied for cmd(0xc018937a)
[  268.957286][T11560] loop4: detected capacity change from 0 to 128
[  269.012648][T11560] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  269.033020][T11560] ext4 filesystem being mounted at /79/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  269.114688][T11568] veth1_vlan: entered allmulticast mode
[  269.125014][T10668] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  269.134635][T11568] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check.
[  269.425666][   T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  269.575456][   T10] usb 5-1: Using ep0 maxpacket: 16
[  269.584046][   T10] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5
[  269.591680][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.595013][   T10] usb 5-1: Product: syz
[  269.598847][   T10] usb 5-1: Manufacturer: syz
[  269.601159][   T10] usb 5-1: SerialNumber: syz
[  269.614070][   T10] usb 5-1: config 0 descriptor??
[  269.619696][   T10] visor 5-1:0.0: Sony Clie 3.5 converter detected
[  270.259749][   T10] usb 5-1: clie_3_5_startup: get config number bad return length: 0
[  270.263346][   T10] visor 5-1:0.0: probe with driver visor failed with error -5
[  270.280157][   T10] usb 5-1: USB disconnect, device number 7
[  271.146135][T11661] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2246'.
[  271.475425][ T5898] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  271.513571][T11666] IPv6: addrconf: prefix option has invalid lifetime
[  271.569334][T11668] 9pnet_fd: Insufficient options for proto=fd
[  271.625375][ T5898] usb 4-1: Using ep0 maxpacket: 8
[  271.631915][ T5898] usb 4-1: config 16 has an invalid descriptor of length 50, skipping remainder of the config
[  271.639600][ T5898] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  271.644656][ T5898] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  271.648607][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.658630][ T5898] usbtmc 4-1:16.0: bulk endpoints not found
[  271.815542][ T5912] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  271.973305][ T5912] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  271.977183][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.980341][ T5912] usb 5-1: Product: syz
[  271.982149][ T5912] usb 5-1: Manufacturer: syz
[  271.984102][ T5912] usb 5-1: SerialNumber: syz
[  271.989371][ T5912] usb 5-1: config 0 descriptor??
[  272.200926][ T5898] usb 5-1: USB disconnect, device number 8
[  273.315440][ T5912] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  273.478409][ T5912] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  273.485726][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  273.489880][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  273.493114][ T5912] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  273.500711][ T5912] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  273.504311][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.512545][ T5912] usb 5-1: config 0 descriptor??
[  273.931401][ T5912] plantronics 0003:047F:FFFF.000D: ignoring exceeding usage max
[  273.954761][ T5912] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  273.981851][  T792] usb 4-1: USB disconnect, device number 38
[  274.298881][T11708] wg1 speed is unknown, defaulting to 1000
[  274.885835][ T5912] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  275.065554][ T5912] usb 4-1: Using ep0 maxpacket: 32
[  275.069581][ T5912] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 16
[  275.073540][ T5912] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  275.078699][ T5912] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 26
[  275.088777][ T5912] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  275.092427][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  275.108082][ T5912] usb 4-1: SerialNumber: syz
[  275.114690][T11717] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  275.121867][T11717] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  275.154783][ T5912] usb 5-1: USB disconnect, device number 9
[  275.335117][   T10] usb 4-1: USB disconnect, device number 39
[  276.944796][T11772] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2299'.
[  276.991501][T11770] loop4: detected capacity change from 0 to 40427
[  276.995377][T11770] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  276.998340][T11770] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  277.004347][T11770] F2FS-fs (loop4): invalid crc value
[  277.056466][T11770] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  277.068669][T11770] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  277.070878][T11770] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  277.522667][   T33] audit: type=1800 audit(1755070387.043:60): pid=11789 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2298" name="file1" dev="loop4" ino=10 res=0 errno=0
[  278.715479][ T5912] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  278.865395][ T5912] usb 4-1: Using ep0 maxpacket: 8
[  278.869768][ T5912] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  278.873818][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  278.891614][ T5912] pvrusb2: Hardware description: Terratec Grabster AV400
[  278.895163][ T5912] pvrusb2: **********
[  278.898401][ T5912] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  278.902697][ T5912] pvrusb2: Important functionality might not be entirely working.
[  278.908150][ T5912] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  278.912834][ T5912] pvrusb2: **********
[  279.074796][T11820] syz.0.2319: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  279.080836][T11820] CPU: 1 UID: 0 PID: 11820 Comm: syz.0.2319 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  279.080852][T11820] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  279.080860][T11820] Call Trace:
[  279.080866][T11820]  <TASK>
[  279.080877][T11820]  dump_stack_lvl+0x189/0x250
[  279.080897][T11820]  ? __pfx_dump_stack_lvl+0x10/0x10
[  279.080909][T11820]  ? __pfx__printk+0x10/0x10
[  279.080922][T11820]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  279.080935][T11820]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  279.080945][T11820]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  279.080955][T11820]  warn_alloc+0x214/0x310
[  279.080970][T11820]  ? stack_depot_save_flags+0x40/0x860
[  279.080982][T11820]  ? __pfx_warn_alloc+0x10/0x10
[  279.080995][T11820]  ? kasan_save_track+0x4f/0x80
[  279.081007][T11820]  ? xskq_create+0x56/0x170
[  279.081016][T11820]  ? xsk_init_queue+0xb0/0x110
[  279.081023][T11820]  ? xsk_setsockopt+0x4dc/0x8d0
[  279.081030][T11820]  ? do_sock_setsockopt+0x17c/0x1b0
[  279.081041][T11820]  ? __x64_sys_setsockopt+0x13f/0x1b0
[  279.081051][T11820]  ? do_syscall_64+0xfa/0x3b0
[  279.081062][T11820]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.081095][T11820]  __vmalloc_node_range_noprof+0x125/0x12f0
[  279.081123][T11820]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  279.081140][T11820]  ? __kasan_kmalloc+0x93/0xb0
[  279.081152][T11820]  vmalloc_user_noprof+0xad/0xf0
[  279.081164][T11820]  ? xskq_create+0xbf/0x170
[  279.081174][T11820]  xskq_create+0xbf/0x170
[  279.081185][T11820]  xsk_init_queue+0xb0/0x110
[  279.081195][T11820]  xsk_setsockopt+0x4dc/0x8d0
[  279.081205][T11820]  ? __pfx_xsk_setsockopt+0x10/0x10
[  279.081213][T11820]  ? __pfx_aa_sk_perm+0x10/0x10
[  279.081225][T11820]  ? aa_sock_opt_perm+0xff/0x1b0
[  279.081238][T11820]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  279.081247][T11820]  ? __pfx_xsk_setsockopt+0x10/0x10
[  279.081257][T11820]  do_sock_setsockopt+0x17c/0x1b0
[  279.081270][T11820]  __x64_sys_setsockopt+0x13f/0x1b0
[  279.081284][T11820]  do_syscall_64+0xfa/0x3b0
[  279.081294][T11820]  ? lockdep_hardirqs_on+0x9c/0x150
[  279.081304][T11820]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.081313][T11820]  ? exc_page_fault+0x9f/0xf0
[  279.081323][T11820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.081332][T11820] RIP: 0033:0x7fa9d7d8ebe9
[  279.081342][T11820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  279.081350][T11820] RSP: 002b:00007fa9d8bf2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  279.081359][T11820] RAX: ffffffffffffffda RBX: 00007fa9d7fb5fa0 RCX: 00007fa9d7d8ebe9
[  279.081365][T11820] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000004
[  279.081370][T11820] RBP: 00007fa9d7e11e19 R08: 0000000000000004 R09: 0000000000000000
[  279.081375][T11820] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  279.081381][T11820] R13: 00007fa9d7fb6038 R14: 00007fa9d7fb5fa0 R15: 00007ffc2048b038
[  279.081395][T11820]  </TASK>
[  279.081399][T11820] Mem-Info:
[  279.157754][ T2394] pvrusb2: Invalid write control endpoint
[  279.159510][T11820] active_anon:22618 inactive_anon:0 isolated_anon:0
[  279.159510][T11820]  active_file:2420 inactive_file:52806 isolated_file:0
[  279.159510][T11820]  unevictable:1768 dirty:4309 writeback:0
[  279.159510][T11820]  slab_reclaimable:5642 slab_unreclaimable:55678
[  279.159510][T11820]  mapped:21984 shmem:18579 pagetables:1178
[  279.159510][T11820]  sec_pagetables:0 bounce:0
[  279.159510][T11820]  kernel_misc_reclaimable:0
[  279.159510][T11820]  free:263178 free_pcp:20257 free_cma:0
[  279.159585][T11820] Node 0 active_anon:45908kB inactive_anon:0kB active_file:8704kB inactive_file:176668kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:36712kB dirty:752kB writeback:0kB shmem:36356kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7748kB pagetables:2276kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  279.210470][ T2394] pvrusb2: Invalid write control endpoint
[  279.214743][T11820] Node 1 active_anon:44564kB inactive_anon:0kB active_file:976kB inactive_file:34556kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:51224kB dirty:16484kB writeback:0kB shmem:37960kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7568kB pagetables:2436kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  279.214801][T11820] Node 0 DMA free:15072kB boost:0kB min:640kB low:800kB high:960kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:288kB local_pcp:0kB free_cma:0kB
[  279.214845][T11820] lowmem_reserve[]: 0 811 811 811 811
[  279.214878][T11820] Node 0 DMA32 free:199012kB boost:6144kB min:39804kB low:48216kB high:56628kB reserved_highatomic:0KB free_highatomic:0KB active_anon:45976kB inactive_anon:0kB active_file:8704kB inactive_file:176668kB unevictable:3536kB writepending:752kB present:1556484kB managed:831004kB mlocked:0kB bounce:0kB free_pcp:45892kB local_pcp:13752kB free_cma:0kB
[  279.214922][T11820] lowmem_reserve[]: 0 0 0 0 0
[  279.214951][T11820] Node 1 DMA32 free:458616kB boost:0kB min:19192kB low:23988kB high:28784kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:524152kB managed:458616kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  279.214990][T11820] lowmem_reserve[]: 0 0 854 854 854
[  279.215021][T11820] Node 1 Normal free:380012kB boost:0kB min:36612kB low:45764kB high:54916kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44564kB inactive_anon:0kB active_file:976kB inactive_file:34556kB unevictable:3536kB writepending:16484kB present:1048576kB managed:874952kB mlocked:0kB bounce:0kB free_pcp:34792kB local_pcp:15952kB free_cma:0kB
[  279.215098][T11820] lowmem_reserve[]: 0 0 0 0 0
[  279.215130][T11820] Node 0 DMA: 2*4kB (UM) 1*8kB (M) 1*16kB (U) 0*32kB 1*64kB (M) 1*128kB (M) 2*256kB (UM) 2*512kB (UM) 1*1024kB (M) 0*2048kB 
[  279.233828][ T2394] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  279.241287][T11820] 3*4096kB 
[  279.254548][ T2394] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  279.266611][T11820] (U) = 15072kB
[  279.266642][T11820] Node 0 DMA32: 557*4kB (ME) 432*8kB (UME) 329*16kB (UME) 439*32kB (UME) 165*64kB (UME) 45*128kB (UME) 30*256kB (UME) 19*512kB (UM) 15*1024kB (UM) 13*2048kB (U) 24*4096kB (UM) = 199012kB
[  279.266769][T11820] Node 1 DMA32: 2*4kB (M) 2*8kB (M) 2*16kB (M) 2*32kB (M) 2*64kB (M) 1*128kB (M) 2*256kB (M) 2*512kB (M) 2*1024kB (M) 2*2048kB (M) 110*4096kB (M) = 458616kB
[  279.266869][T11820] Node 1 Normal: 1*4kB (U) 1*8kB (M) 24*16kB (ME) 17*32kB (E) 9*64kB (UE) 3*128kB (ME) 5*256kB (UM) 2*512kB (ME) 3*1024kB (UE) 
[  279.293588][ T2394] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  279.294997][T11820] 4*2048kB (UE) 89*4096kB (UM) = 380012kB
[  279.295026][T11820] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  279.295034][T11820] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  279.295041][T11820] 73783 total pagecache pages
[  279.295046][T11820] 0 pages in swap cache
[  279.295074][T11820] Free swap  = 124996kB
[  279.305529][ T2394] pvrusb2: Device being rendered inoperable
[  279.306634][T11820] Total swap = 124996kB
[  279.306647][T11820] 786301 pages RAM
[  279.306651][T11820] 0 pages HighMem/MovableOnly
[  279.306655][T11820] 241318 pages reserved
[  279.306658][T11820] 0 pages cma reserved
[  279.358570][ T2394] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  279.362032][ T2394] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  279.367735][ T2394] pvrusb2: Attached sub-driver cx25840
[  279.369684][ T2394] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  279.373120][ T2394] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  279.381238][ T5912] usb 4-1: USB disconnect, device number 40
[  279.921488][T10668] syz-executor: attempt to access beyond end of device
[  279.921488][T10668] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  279.933859][T10668] CPU: 0 UID: 0 PID: 10668 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  279.933883][T10668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  279.933892][T10668] Call Trace:
[  279.933900][T10668]  <TASK>
[  279.933907][T10668]  dump_stack_lvl+0x189/0x250
[  279.933935][T10668]  ? __pfx_dump_stack_lvl+0x10/0x10
[  279.933953][T10668]  ? __pfx_queue_work_on+0x10/0x10
[  279.933967][T10668]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  279.933984][T10668]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  279.934040][T10668]  f2fs_handle_critical_error+0x37c/0x540
[  279.934066][T10668]  f2fs_write_end_io+0x886/0xb60
[  279.934104][T10668]  __submit_merged_bio+0x27a/0x6a0
[  279.934119][T10668]  ? up_write+0x1c4/0x420
[  279.934141][T10668]  __submit_merged_write_cond+0x44c/0x530
[  279.934166][T10668]  f2fs_sync_node_pages+0x1479/0x15e0
[  279.934202][T10668]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  279.934247][T10668]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  279.934273][T10668]  ? up_write+0x1c4/0x420
[  279.934286][T10668]  ? do_raw_spin_unlock+0x4d/0x240
[  279.934322][T10668]  f2fs_write_checkpoint+0xe6f/0x1df0
[  279.934363][T10668]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  279.934432][T10668]  ? kill_f2fs_super+0x298/0x6c0
[  279.934457][T10668]  kill_f2fs_super+0x2c3/0x6c0
[  279.934484][T10668]  ? __pfx_kill_f2fs_super+0x10/0x10
[  279.934502][T10668]  ? radix_tree_delete_item+0x2b6/0x400
[  279.934527][T10668]  ? shrinker_free+0x2ce/0x3e0
[  279.934546][T10668]  deactivate_locked_super+0xbc/0x130
[  279.934566][T10668]  cleanup_mnt+0x425/0x4c0
[  279.934583][T10668]  ? lockdep_hardirqs_on+0x9c/0x150
[  279.934612][T10668]  task_work_run+0x1d4/0x260
[  279.934635][T10668]  ? __pfx_task_work_run+0x10/0x10
[  279.934652][T10668]  ? __x64_sys_umount+0x122/0x160
[  279.934675][T10668]  ? exit_to_user_mode_loop+0x40/0x110
[  279.934699][T10668]  exit_to_user_mode_loop+0xec/0x110
[  279.934719][T10668]  do_syscall_64+0x2bd/0x3b0
[  279.934736][T10668]  ? lockdep_hardirqs_on+0x9c/0x150
[  279.934752][T10668]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.934779][T10668]  ? exc_page_fault+0x9f/0xf0
[  279.934798][T10668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  279.934812][T10668] RIP: 0033:0x7f71e798ff17
[  279.934826][T10668] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  279.934839][T10668] RSP: 002b:00007ffc62bd5ff8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  279.934854][T10668] RAX: 0000000000000000 RBX: 00007f71e7a11c05 RCX: 00007f71e798ff17
[  279.934864][T10668] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc62bd60b0
[  279.934873][T10668] RBP: 00007ffc62bd60b0 R08: 0000000000000000 R09: 0000000000000000
[  279.934881][T10668] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc62bd7140
[  279.934891][T10668] R13: 00007f71e7a11c05 R14: 0000000000043d87 R15: 00007ffc62bd7180
[  279.934918][T10668]  </TASK>
[  279.934925][T10668] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  280.359852][T11844] comedi comedi4: bad chanlist[0]=0x032c0000 chan=0 range length=2
[  280.767283][T11849] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.2332'.
[  281.215404][ T5912] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  281.367524][ T5912] usb 5-1: Using ep0 maxpacket: 32
[  281.405896][ T5912] usb 5-1: unable to get BOS descriptor or descriptor too short
[  281.423981][ T5912] usb 5-1: config 160 has an invalid interface number: 100 but max is 0
[  281.432955][ T5912] usb 5-1: config 160 has no interface number 0
[  281.444028][ T5912] usb 5-1: config 160 interface 100 has no altsetting 0
[  281.454393][ T5912] usb 5-1: New USB device found, idVendor=0079, idProduct=a8ea, bcdDevice=7d.3e
[  281.459083][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  281.462302][ T5912] usb 5-1: Product: syz
[  281.464030][ T5912] usb 5-1: Manufacturer: syz
[  281.476003][ T5912] usb 5-1: SerialNumber: syz
[  281.726041][ T5912] usb 5-1: USB disconnect, device number 10
[  282.083497][T11889] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  282.301012][T11901] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0
[  282.445637][  T976] usb 4-1: new full-speed USB device number 41 using dummy_hcd
[  282.557213][T11903] loop4: detected capacity change from 0 to 32768
[  282.581706][T11903] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  282.594160][T11903] XFS (loop4): Ending clean mount
[  282.626925][T10668] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  282.628499][  T976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  282.633966][  T976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  282.638203][  T976] usb 4-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00
[  282.641861][  T976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.660776][  T976] usb 4-1: config 0 descriptor??
[  282.952130][T11921] loop4: detected capacity change from 0 to 1024
[  282.968306][T11921] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  282.977498][T11921] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  282.980256][T11921] EXT4-fs (loop4): orphan cleanup on readonly fs
[  283.008351][T11921] EXT4-fs error (device loop4): __ext4_get_inode_loc:4861: comm syz.4.2363: Invalid inode table block 0 in block_group 0
[  283.019352][T11921] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  283.022588][T11921] EXT4-fs error (device loop4): ext4_quota_write:7322: inode #3: comm syz.4.2363: mark_inode_dirty error
[  283.028832][T11921] Quota error (device loop4): write_blk: dquota write failed
[  283.031465][T11921] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  283.034809][T11921] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.2363: Failed to acquire dquot type 0
[  283.040876][T11921] EXT4-fs error (device loop4): __ext4_get_inode_loc:4861: comm syz.4.2363: Invalid inode table block 0 in block_group 0
[  283.047994][T11921] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  283.051515][T11921] EXT4-fs error (device loop4): ext4_ext_truncate:4475: inode #15: comm syz.4.2363: mark_inode_dirty error
[  283.056502][T11921] EXT4-fs error (device loop4): __ext4_get_inode_loc:4861: comm syz.4.2363: Invalid inode table block 0 in block_group 0
[  283.071805][T11921] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  283.075219][  T976] bigben 0003:146B:0902.000E: unexpected rdesc, please submit for review
[  283.078251][T11921] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem
[  283.082167][T11921] EXT4-fs error (device loop4): __ext4_get_inode_loc:4861: comm syz.4.2363: Invalid inode table block 0 in block_group 0
[  283.089546][T11921] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  283.089860][  T976] bigben 0003:146B:0902.000E: hidraw0: USB HID v0.01 Device [HID 146b:0902] on usb-dummy_hcd.3-1/input0
[  283.092780][T11921] EXT4-fs error (device loop4): ext4_truncate:4666: inode #15: comm syz.4.2363: mark_inode_dirty error
[  283.109197][T11921] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem
[  283.111074][  T976] bigben 0003:146B:0902.000E: not enough fields in HID_OUTPUT_REPORT 0
[  283.112652][T11921] EXT4-fs (loop4): 1 truncate cleaned up
[  283.118030][  T976] bigben 0003:146B:0902.000E: no output report found
[  283.129954][T11921] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  283.176798][T10668] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.252806][T11930] loop4: detected capacity change from 0 to 1024
[  283.261975][T11930] EXT4-fs: Ignoring removed mblk_io_submit option
[  283.285957][  T976] usb 4-1: USB disconnect, device number 41
[  283.323469][T11930] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  283.380876][T10668] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.619254][T11934] loop4: detected capacity change from 0 to 32768
[  283.624003][T11934] 
[  283.624003][T11934]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  283.624003][T11934] 
[  283.637358][T11934] ERROR: (device loop4): diWrite: ixpxd invalid
[  283.637358][T11934] 
[  283.643906][T11934] ERROR: (device loop4): txCommit: 
[  283.643906][T11934] 
[  283.649752][T11934] 
[  283.649752][T11934]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  283.649752][T11934] 
[  283.653866][T11934] 
[  283.653866][T11934]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  283.653866][T11934] 
[  283.673359][T10668] 
[  283.673359][T10668]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  283.673359][T10668] 
[  283.678689][T10668] 
[  283.678689][T10668]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  283.678689][T10668] 
[  284.196775][T11969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2382'.
[  284.200469][    C0] vcan0: j1939_session_tx_dat: 0xffff88803a719400: queue data error: -100
[  284.215885][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  284.218875][    C0] vcan0: j1939_xtp_rx_dat: no rx connection found
[  284.221529][    C0] vcan0: j1939_xtp_rx_dat: no tx connection found
[  284.223963][    C0] vcan0: j1939_xtp_rx_dat: no rx connection found
[  284.226700][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.229679][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.232772][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.235822][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.238837][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.241766][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.244880][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.248324][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.251448][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.254400][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.257550][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.260490][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.263539][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.266600][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.269630][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.272503][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.275653][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.278570][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.281596][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.284514][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.287667][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  284.290545][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  284.409499][T11971] netlink: 'syz.3.2386': attribute type 13 has an invalid length.
[  284.479828][T11971] bridge0: port 2(bridge_slave_1) entered disabled state
[  284.485731][T11971] bridge0: port 1(bridge_slave_0) entered disabled state
[  284.569322][T11971] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  284.581151][T11971] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  284.732206][ T5898] wg1 speed is unknown, defaulting to 1000
[  284.732275][   T13] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  284.734577][ T5898] syz0: Port: 1 Link DOWN
[  284.738689][   T13] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  284.742754][   T13] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  284.752985][   T13] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  285.953752][T12015] hub 8-0:1.0: USB hub found
[  285.961385][T12015] hub 8-0:1.0: 1 port detected
[  288.687504][T12053] IPVS: fo: SCTP 172.20.20.187:0 - no destination available
[  289.719170][T12074] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2427'.
[  290.093071][  T976] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  290.265551][  T976] usb 4-1: Using ep0 maxpacket: 8
[  290.283291][  T976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  290.302392][  T976] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  290.312081][  T976] usb 4-1: New USB device found, idVendor=046d, idProduct=c298, bcdDevice= 0.00
[  290.317206][  T976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.323536][  T976] usb 4-1: config 0 descriptor??
[  290.376302][T12110] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2445'.
[  290.735002][  T976] logitech 0003:046D:C298.000F: item fetching failed at offset 4/5
[  290.740254][  T976] logitech 0003:046D:C298.000F: parse failed
[  290.742494][  T976] logitech 0003:046D:C298.000F: probe with driver logitech failed with error -22
[  291.009066][  T793] usb 4-1: USB disconnect, device number 42
[  291.891180][   T33] audit: type=1800 audit(1755070401.573:61): pid=12154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2464" name="bus" dev="overlay" ino=3500 res=0 errno=0
[  292.257200][T12153] loop4: detected capacity change from 0 to 32768
[  292.268579][T12153] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  292.278223][T12153] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  292.362188][T12162] futex_wake_op: syz.0.2467 tries to shift op by -1; fix this program
[  292.390158][T12160] overlayfs: upper fs does not support tmpfile.
[  292.411362][T12160] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  292.418038][T12160] overlayfs: failed to set xattr on upper
[  292.422714][T12160] overlayfs: ...falling back to redirect_dir=nofollow.
[  292.429560][T12160] overlayfs: ...falling back to index=off.
[  292.433862][T12160] overlayfs: ...falling back to uuid=null.
[  292.438098][T12160] overlayfs: upper fs missing required features.
[  292.499558][T10668] ocfs2: Unmounting device (7,4) on (node local)
[  293.505450][ T5898] usb 4-1: new full-speed USB device number 43 using dummy_hcd
[  293.668350][ T5898] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  293.679310][ T5898] usb 4-1: New USB device found, idVendor=3344, idProduct=22f0, bcdDevice=ef.4d
[  293.687571][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.691008][ T5898] usb 4-1: Product: syz
[  293.692885][ T5898] usb 4-1: Manufacturer: syz
[  293.694942][ T5898] usb 4-1: SerialNumber: syz
[  293.912717][ T5898] usb 4-1: selecting invalid altsetting 1
[  294.113361][ T5898] LME2510(C): Firmware Status: 1a 03 34 00 32 00
[  294.113513][ T5898] dvb_usb_lmedm04 4-1:2.0: probe with driver dvb_usb_lmedm04 failed with error -22
[  294.268160][T12202] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2485'.
[  294.317222][ T5898] usb 4-1: USB disconnect, device number 43
[  296.405733][  T793] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  296.555927][ T5912] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  296.636069][  T793] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  296.653636][  T793] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  296.669759][  T793] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.685496][  T793] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00
[  296.695769][  T793] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.788043][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  296.796298][  T793] usb 5-1: config 0 descriptor??
[  296.798326][ T5912] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  296.802217][ T5912] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  296.810902][ T5912] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  296.814415][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  296.821481][ T5912] usb 4-1: config 0 descriptor??
[  296.828662][ T5912] hub 4-1:0.0: USB hub found
[  297.033693][ T5912] hub 4-1:0.0: 14 ports detected
[  297.038641][ T5912] hub 4-1:0.0: insufficient power available to use all downstream ports
[  297.250223][ T5912] hub 4-1:0.0: hub_hub_status failed (err = -71)
[  297.253249][ T5912] hub 4-1:0.0: config failed, can't get hub status (err -71)
[  297.259463][  T793] sony 0003:054C:024B.0010: unexpected long global item
[  297.262677][  T793] sony 0003:054C:024B.0010: parse failed
[  297.264910][  T793] sony 0003:054C:024B.0010: probe with driver sony failed with error -22
[  297.297028][ T5912] usb 4-1: USB disconnect, device number 44
[  297.432979][  T976] usb 5-1: USB disconnect, device number 11
[  298.205001][T12267] netlink: 180 bytes leftover after parsing attributes in process `syz.0.2514'.
[  298.961145][  T976] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  299.105470][  T976] usb 5-1: Using ep0 maxpacket: 32
[  299.109216][  T976] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  299.112414][  T976] usb 5-1: config 0 has no interface number 0
[  299.114359][  T976] usb 5-1: config 0 interface 12 has no altsetting 0
[  299.120746][  T976] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  299.123574][  T976] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.126592][  T976] usb 5-1: Product: syz
[  299.127923][  T976] usb 5-1: Manufacturer: syz
[  299.129379][  T976] usb 5-1: SerialNumber: syz
[  299.132503][  T976] usb 5-1: config 0 descriptor??
[  299.747867][  T976] f81534 5-1:0.12: f81534_set_register: reg: 1003 data: e0 failed: -71
[  299.750718][  T976] f81534 5-1:0.12: f81534_find_config_idx: read failed: -71
[  299.752979][  T976] f81534 5-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  299.756760][  T976] f81534 5-1:0.12: probe with driver f81534 failed with error -71
[  299.761663][  T976] usb 5-1: USB disconnect, device number 12
[  299.885607][  T792] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  300.037675][  T792] usb 4-1: config 0 has an invalid interface number: 170 but max is 0
[  300.040311][  T792] usb 4-1: config 0 has no interface number 0
[  300.042330][  T792] usb 4-1: config 0 interface 170 altsetting 0 endpoint 0x3 has an invalid bInterval 31, changing to 7
[  300.046456][  T792] usb 4-1: New USB device found, idVendor=07b0, idProduct=0007, bcdDevice=17.c6
[  300.049723][  T792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.054088][  T792] usb 4-1: config 0 descriptor??
[  300.059728][  T792] HFC-S_USB 4-1:0.170: probe with driver HFC-S_USB failed with error -5
[  300.267758][  T793] usb 4-1: USB disconnect, device number 45
[  300.526315][  T792] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  300.685478][  T792] usb 5-1: Using ep0 maxpacket: 32
[  300.689528][  T792] usb 5-1: unable to get BOS descriptor or descriptor too short
[  300.693308][  T792] usb 5-1: config 7 has an invalid interface number: 112 but max is 1
[  300.696308][  T792] usb 5-1: config 7 has no interface number 1
[  300.698532][  T792] usb 5-1: config 7 interface 112 has no altsetting 0
[  300.700697][  T792] usb 5-1: config 7 interface 0 has no altsetting 0
[  300.705628][  T792] usb 5-1: New USB device found, idVendor=04e2, idProduct=1420, bcdDevice=b5.bb
[  300.708794][  T792] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.711329][  T792] usb 5-1: Product: syz
[  300.712649][  T792] usb 5-1: Manufacturer: syz
[  300.714108][  T792] usb 5-1: SerialNumber: syz
[  300.932167][  T792] xr_serial 5-1:7.112: xr_serial converter detected
[  300.935934][  T792] xr_serial ttyUSB0: Failed to set reg 0x60: -71
[  300.937942][  T792] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  300.948184][  T792] usb 5-1: USB disconnect, device number 13
[  300.952753][  T792] xr_serial 5-1:7.112: device disconnected
[  304.330605][T12378] loop4: detected capacity change from 0 to 4096
[  304.353826][T12378] NILFS (loop4): invalid segment: Checksum error in segment payload
[  304.358356][T12378] NILFS (loop4): trying rollback from an earlier position
[  304.373856][T12378] NILFS (loop4): recovery complete
[  304.393021][T12381] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  304.827357][T12405] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2578'.
[  305.058138][   T33] audit: type=1326 audit(1755070414.783:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12411 comm="syz.4.2580" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71e798ebe9 code=0x7ffc0000
[  305.090547][   T33] audit: type=1326 audit(1755070414.783:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12411 comm="syz.4.2580" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f71e798ebe9 code=0x7ffc0000
[  305.130424][T12421] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2582'.
[  305.133315][T12421] netlink: 'syz.0.2582': attribute type 2 has an invalid length.
[  305.152267][T12421] netlink: 'syz.0.2582': attribute type 2 has an invalid length.
[  305.162420][T12421] netlink: 'syz.0.2582': attribute type 1 has an invalid length.
[  305.164825][T12421] netlink: 'syz.0.2582': attribute type 2 has an invalid length.
[  305.178182][T12421] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2582'.
[  305.418920][T12443] loop4: detected capacity change from 0 to 1024
[  305.485531][ T5912] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  305.704957][T12446] afs: Unknown parameter 'A~|vN'
[  305.987347][ T5912] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  305.994370][ T5912] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  305.998048][ T5912] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  306.001155][ T5912] usb 4-1: SerialNumber: syz
[  306.355493][ T5912] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  306.360259][   T53] hfsplus: b-tree write err: -5, ino 4
[  306.372877][ T5912] usb 4-1: USB disconnect, device number 46
[  307.551285][   T56] block nbd4: Receive control failed (result -32)
[  307.560191][T12470] block nbd4: shutting down sockets
[  307.998811][T12481] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  308.365466][  T792] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  308.515412][  T792] usb 5-1: Using ep0 maxpacket: 32
[  308.521009][  T792] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  308.524123][  T792] usb 5-1: config 0 has no interface number 0
[  308.531603][  T792] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  308.535114][  T792] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.538299][  T792] usb 5-1: Product: syz
[  308.540028][  T792] usb 5-1: Manufacturer: syz
[  308.541910][  T792] usb 5-1: SerialNumber: syz
[  308.548578][  T792] usb 5-1: config 0 descriptor??
[  308.553287][  T792] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  308.764422][  T792] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  308.772770][  T792] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  309.163921][    C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  309.169530][ T5898] usb 5-1: USB disconnect, device number 14
[  309.190474][ T5898] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  309.202538][ T5898] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  309.216375][ T5898] quatech2 5-1:0.51: device disconnected
[  310.345789][ T5898] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  310.495468][ T5898] usb 4-1: Using ep0 maxpacket: 32
[  310.499806][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 12288, setting to 1024
[  310.504340][ T5898] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  310.511936][ T5898] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  310.517125][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  310.520459][ T5898] usb 4-1: Product: syz
[  310.522208][ T5898] usb 4-1: Manufacturer: syz
[  310.524124][ T5898] usb 4-1: SerialNumber: syz
[  310.529040][ T5898] usb 4-1: config 0 descriptor??
[  310.850216][ T5898] usb 4-1: USB disconnect, device number 47
[  311.000165][T12556] overlayfs: failed to clone upperpath
[  311.003716][T12556] overlayfs: failed to clone upperpath
[  311.899731][   T33] audit: type=1800 audit(1755070421.623:64): pid=12575 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2651" name="file2" dev="tmpfs" ino=6285 res=0 errno=0
[  313.636750][T12603] loop4: detected capacity change from 0 to 256
[  313.666333][T12603] FAT-fs (loop4): Directory bread(block 64) failed
[  313.668362][T12603] FAT-fs (loop4): Directory bread(block 65) failed
[  313.670537][T12603] FAT-fs (loop4): Directory bread(block 66) failed
[  313.672611][T12603] FAT-fs (loop4): Directory bread(block 67) failed
[  313.674608][T12603] FAT-fs (loop4): Directory bread(block 68) failed
[  313.677168][T12603] FAT-fs (loop4): Directory bread(block 69) failed
[  313.679824][T12603] FAT-fs (loop4): Directory bread(block 70) failed
[  313.681849][T12603] FAT-fs (loop4): Directory bread(block 71) failed
[  313.683849][T12603] FAT-fs (loop4): Directory bread(block 72) failed
[  313.686807][T12603] FAT-fs (loop4): Directory bread(block 73) failed
[  313.700706][T12603] overlay: ./file0 is not a directory
[  313.782797][T12605] loop4: detected capacity change from 0 to 128
[  313.798864][   T33] audit: type=1800 audit(1755070423.523:65): pid=12605 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2662" name="file2" dev="loop4" ino=1048622 res=0 errno=0
[  313.811590][T12605] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  313.814554][T12605] FAT-fs (loop4): Filesystem has been set read-only
[  313.821732][T12605] syz.4.2662: attempt to access beyond end of device
[  313.821732][T12605] loop4: rw=524288, sector=2065, nr_sectors = 8 limit=128
[  313.828219][T12605] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  313.831428][T12605] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100)
[  313.842464][T12605] syz.4.2662: attempt to access beyond end of device
[  313.842464][T12605] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  313.849054][T12605] syz.4.2662: attempt to access beyond end of device
[  313.849054][T12605] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  313.853295][T12605] syz.4.2662: attempt to access beyond end of device
[  313.853295][T12605] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  313.865091][T12605] syz.4.2662: attempt to access beyond end of device
[  313.865091][T12605] loop4: rw=0, sector=2065, nr_sectors = 8 limit=128
[  313.882581][T12608] syz.4.2662: attempt to access beyond end of device
[  313.882581][T12608] loop4: rw=0, sector=2065, nr_sectors = 1 limit=128
[  313.896485][T12608] buffer_io_error: 138 callbacks suppressed
[  313.896501][T12608] Buffer I/O error on dev loop4, logical block 2065, async page read
[  313.903529][T12608] syz.4.2662: attempt to access beyond end of device
[  313.903529][T12608] loop4: rw=0, sector=2066, nr_sectors = 1 limit=128
[  313.910259][T12608] Buffer I/O error on dev loop4, logical block 2066, async page read
[  313.914519][T12608] syz.4.2662: attempt to access beyond end of device
[  313.914519][T12608] loop4: rw=0, sector=2067, nr_sectors = 1 limit=128
[  313.926415][T12608] Buffer I/O error on dev loop4, logical block 2067, async page read
[  313.929519][T12608] syz.4.2662: attempt to access beyond end of device
[  313.929519][T12608] loop4: rw=0, sector=2068, nr_sectors = 1 limit=128
[  313.934822][T12608] Buffer I/O error on dev loop4, logical block 2068, async page read
[  313.941349][T12608] syz.4.2662: attempt to access beyond end of device
[  313.941349][T12608] loop4: rw=0, sector=2069, nr_sectors = 1 limit=128
[  313.948023][T12608] Buffer I/O error on dev loop4, logical block 2069, async page read
[  313.951274][T12608] Buffer I/O error on dev loop4, logical block 2070, async page read
[  313.954629][T12608] Buffer I/O error on dev loop4, logical block 2071, async page read
[  313.960637][T12608] Buffer I/O error on dev loop4, logical block 2072, async page read
[  313.966970][T12605] Buffer I/O error on dev loop4, logical block 2065, async page read
[  313.969664][T12605] Buffer I/O error on dev loop4, logical block 2066, async page read
[  314.025457][  T792] usb 4-1: new full-speed USB device number 48 using dummy_hcd
[  314.180763][  T792] usb 4-1: not running at top speed; connect to a high speed hub
[  314.187790][  T792] usb 4-1: config 2 has an invalid interface number: 33 but max is 0
[  314.194196][  T792] usb 4-1: config 2 has no interface number 0
[  314.208677][  T792] usb 4-1: config 2 interface 33 has no altsetting 0
[  314.215929][  T792] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.02
[  314.222110][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  314.227546][  T792] usb 4-1: Product: syz
[  314.229289][  T792] usb 4-1: Manufacturer: syz
[  314.233966][  T792] usb 4-1: SerialNumber: syz
[  314.456622][  T792] go7007 4-1:2.33: probe with driver go7007 failed with error -12
[  314.462044][  T792] usb 4-1: USB disconnect, device number 48
[  314.915413][  T792] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  315.067180][  T792] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  315.071470][  T792] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  315.074907][  T792] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  315.080373][  T792] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.086272][  T792] usb 5-1: config 0 descriptor??
[  315.089428][T12633] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  315.096965][  T792] hub 5-1:0.0: USB hub found
[  315.317227][  T792] hub 5-1:0.0: 2 ports detected
[  315.587188][  T792] hub 5-1:0.0: hub_hub_status failed (err = -71)
[  315.589397][  T792] hub 5-1:0.0: config failed, can't get hub status (err -71)
[  315.595910][  T792] usbhid 5-1:0.0: can't add hid device: -71
[  315.597995][  T792] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  315.626069][  T792] usb 5-1: USB disconnect, device number 15
[  316.633050][T12668] loop4: detected capacity change from 0 to 32768
[  316.646183][T12674] netlink: 'syz.3.2693': attribute type 1 has an invalid length.
[  316.648753][T12674] nbd: error processing sock list
[  316.652793][T12674] block nbd1: shutting down sockets
[  316.654285][T12668] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  316.696451][T12668] XFS (loop4): Ending clean mount
[  316.702144][T12668] XFS (loop4): Quotacheck needed: Please wait.
[  316.748531][T12668] XFS (loop4): Quotacheck: Done.
[  316.770037][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  316.806892][T10668] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  317.215586][  T792] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  317.410757][  T792] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64
[  317.419332][  T792] usb 5-1: New USB device found, idVendor=05ac, idProduct=025b, bcdDevice= 0.00
[  317.422181][  T792] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.431978][  T792] usb 5-1: config 0 descriptor??
[  317.435093][T12698] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  317.797031][T12716] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[  317.947308][  T792] hid_parser_main: 3 callbacks suppressed
[  317.947321][  T792] apple 0003:05AC:025B.0011: unknown main item tag 0x0
[  317.951211][  T792] apple 0003:05AC:025B.0011: item fetching failed at offset 3/5
[  317.954109][  T792] apple 0003:05AC:025B.0011: parse failed
[  317.956646][  T792] apple 0003:05AC:025B.0011: probe with driver apple failed with error -22
[  318.159944][  T793] usb 5-1: USB disconnect, device number 16
[  318.883062][T12751] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  318.941592][T12756] overlayfs: failed to clone upperpath
[  318.965469][ T5911] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  319.155451][ T5911] usb 5-1: Using ep0 maxpacket: 8
[  319.238043][ T5911] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  319.246324][ T5911] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  319.253906][ T5911] usb 5-1: Product: syz
[  319.260993][ T5911] usb 5-1: Manufacturer: syz
[  319.266881][ T5911] usb 5-1: SerialNumber: syz
[  319.302876][ T5911] usb 5-1: config 0 descriptor??
[  319.337296][ T5911] gspca_main: se401-2.14.0 probing 047d:5003
[  319.733655][ T5911] gspca_se401: Too many frame sizes
[  319.918712][T12768] netlink: 'syz.0.2732': attribute type 2 has an invalid length.
[  319.939789][ T5911] usb 5-1: USB disconnect, device number 17
[  320.285429][ T5898] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  320.388852][T12790] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2742'.
[  320.436101][ T5898] usb 4-1: Using ep0 maxpacket: 16
[  320.443735][ T5898] usb 4-1: config 0 has an invalid interface number: 8 but max is 0
[  320.446456][ T5898] usb 4-1: config 0 has no interface number 0
[  320.449052][ T5898] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  320.465753][ T5898] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  320.468585][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  320.471377][ T5898] usb 4-1: Product: syz
[  320.494210][ T5898] usb 4-1: SerialNumber: syz
[  320.500201][T12796] loop4: detected capacity change from 0 to 1024
[  320.513323][ T5898] usb 4-1: config 0 descriptor??
[  320.533617][ T5898] usbhid 4-1:0.8: couldn't find an input interrupt endpoint
[  320.579045][   T53] hfsplus: b-tree write err: -5, ino 4
[  320.760260][    T9] usb 4-1: USB disconnect, device number 49
[  321.328625][T12800] loop4: detected capacity change from 0 to 32768
[  322.349650][T12827] loop4: detected capacity change from 0 to 1764
[  323.281670][T12856] loop4: detected capacity change from 0 to 40427
[  323.292219][T12856] F2FS-fs (loop4): Image doesn't support compression
[  323.294998][T12856] F2FS-fs (loop4): build fault injection rate: 690
[  323.308038][T12856] F2FS-fs (loop4): invalid crc value
[  323.348748][T12870] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) !
[  323.383532][T12856] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  323.389253][T12856] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  323.466544][T10668] bio_check_eod: 9219 callbacks suppressed
[  323.466563][T10668] syz-executor: attempt to access beyond end of device
[  323.466563][T10668] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  323.481423][T10668] CPU: 1 UID: 0 PID: 10668 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  323.481446][T10668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  323.481454][T10668] Call Trace:
[  323.481461][T10668]  <TASK>
[  323.481468][T10668]  dump_stack_lvl+0x189/0x250
[  323.481494][T10668]  ? __pfx_dump_stack_lvl+0x10/0x10
[  323.481511][T10668]  ? __pfx_queue_work_on+0x10/0x10
[  323.481524][T10668]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  323.481541][T10668]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  323.481567][T10668]  f2fs_handle_critical_error+0x37c/0x540
[  323.481592][T10668]  f2fs_write_end_io+0x886/0xb60
[  323.481629][T10668]  __submit_merged_bio+0x27a/0x6a0
[  323.481653][T10668]  __submit_merged_write_cond+0x255/0x530
[  323.481677][T10668]  f2fs_write_data_pages+0x261d/0x3000
[  323.481728][T10668]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  323.481787][T10668]  ? __mod_zone_page_state+0xd7/0x140
[  323.481851][T10668]  ? folios_put_refs+0x560/0x640
[  323.481881][T10668]  ? __lock_acquire+0xab9/0xd20
[  323.481910][T10668]  ? do_raw_spin_lock+0x121/0x290
[  323.481937][T10668]  ? do_raw_spin_unlock+0x4d/0x240
[  323.481954][T10668]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  323.481974][T10668]  do_writepages+0x32e/0x550
[  323.482004][T10668]  ? do_raw_spin_unlock+0x4d/0x240
[  323.482024][T10668]  filemap_fdatawrite+0x199/0x240
[  323.482044][T10668]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  323.482104][T10668]  ? do_raw_spin_unlock+0x4d/0x240
[  323.482125][T10668]  f2fs_sync_dirty_inodes+0x31f/0x830
[  323.482159][T10668]  f2fs_write_checkpoint+0x95a/0x1df0
[  323.482208][T10668]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  323.482273][T10668]  ? kill_f2fs_super+0x298/0x6c0
[  323.482299][T10668]  kill_f2fs_super+0x2c3/0x6c0
[  323.482324][T10668]  ? __pfx_kill_f2fs_super+0x10/0x10
[  323.482342][T10668]  ? radix_tree_delete_item+0x2b6/0x400
[  323.482366][T10668]  ? shrinker_free+0x2ce/0x3e0
[  323.482384][T10668]  deactivate_locked_super+0xbc/0x130
[  323.482404][T10668]  cleanup_mnt+0x425/0x4c0
[  323.482420][T10668]  ? lockdep_hardirqs_on+0x9c/0x150
[  323.482439][T10668]  task_work_run+0x1d4/0x260
[  323.482461][T10668]  ? __pfx_task_work_run+0x10/0x10
[  323.482477][T10668]  ? __x64_sys_umount+0x122/0x160
[  323.482501][T10668]  ? exit_to_user_mode_loop+0x40/0x110
[  323.482524][T10668]  exit_to_user_mode_loop+0xec/0x110
[  323.482544][T10668]  do_syscall_64+0x2bd/0x3b0
[  323.482561][T10668]  ? lockdep_hardirqs_on+0x9c/0x150
[  323.482577][T10668]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.482591][T10668]  ? exc_page_fault+0x9f/0xf0
[  323.482609][T10668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.482623][T10668] RIP: 0033:0x7f71e798ff17
[  323.482636][T10668] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  323.482649][T10668] RSP: 002b:00007ffc62bd5ff8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  323.482664][T10668] RAX: 0000000000000000 RBX: 00007f71e7a11c05 RCX: 00007f71e798ff17
[  323.482674][T10668] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc62bd60b0
[  323.482683][T10668] RBP: 00007ffc62bd60b0 R08: 0000000000000000 R09: 0000000000000000
[  323.482692][T10668] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc62bd7140
[  323.482701][T10668] R13: 00007f71e7a11c05 R14: 000000000004ef05 R15: 00007ffc62bd7180
[  323.482728][T10668]  </TASK>
[  323.482734][T10668] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  323.625956][T10668] CPU: 1 UID: 0 PID: 10668 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  323.625978][T10668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  323.625986][T10668] Call Trace:
[  323.625992][T10668]  <TASK>
[  323.625998][T10668]  dump_stack_lvl+0x189/0x250
[  323.626024][T10668]  ? __pfx_dump_stack_lvl+0x10/0x10
[  323.626040][T10668]  ? __pfx_queue_work_on+0x10/0x10
[  323.626054][T10668]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  323.626070][T10668]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  323.626097][T10668]  f2fs_handle_critical_error+0x37c/0x540
[  323.626122][T10668]  f2fs_write_end_io+0x886/0xb60
[  323.626157][T10668]  __submit_merged_bio+0x27a/0x6a0
[  323.626188][T10668]  __submit_merged_write_cond+0x255/0x530
[  323.626212][T10668]  f2fs_write_data_pages+0x261d/0x3000
[  323.626261][T10668]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  323.626339][T10668]  ? __mod_zone_page_state+0xd7/0x140
[  323.626368][T10668]  ? folios_put_refs+0x560/0x640
[  323.626396][T10668]  ? __lock_acquire+0xab9/0xd20
[  323.626425][T10668]  ? do_raw_spin_lock+0x121/0x290
[  323.626453][T10668]  ? do_raw_spin_unlock+0x4d/0x240
[  323.626470][T10668]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  323.626490][T10668]  do_writepages+0x32e/0x550
[  323.626519][T10668]  ? do_raw_spin_unlock+0x4d/0x240
[  323.626539][T10668]  filemap_fdatawrite+0x199/0x240
[  323.626559][T10668]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  323.626618][T10668]  ? do_raw_spin_unlock+0x4d/0x240
[  323.626641][T10668]  f2fs_sync_dirty_inodes+0x31f/0x830
[  323.626674][T10668]  f2fs_write_checkpoint+0x95a/0x1df0
[  323.626717][T10668]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  323.626777][T10668]  ? kill_f2fs_super+0x298/0x6c0
[  323.626828][T10668]  kill_f2fs_super+0x2c3/0x6c0
[  323.626855][T10668]  ? __pfx_kill_f2fs_super+0x10/0x10
[  323.626873][T10668]  ? radix_tree_delete_item+0x2b6/0x400
[  323.626895][T10668]  ? shrinker_free+0x2ce/0x3e0
[  323.626913][T10668]  deactivate_locked_super+0xbc/0x130
[  323.626933][T10668]  cleanup_mnt+0x425/0x4c0
[  323.626950][T10668]  ? lockdep_hardirqs_on+0x9c/0x150
[  323.626968][T10668]  task_work_run+0x1d4/0x260
[  323.626990][T10668]  ? __pfx_task_work_run+0x10/0x10
[  323.627007][T10668]  ? __x64_sys_umount+0x122/0x160
[  323.627030][T10668]  ? exit_to_user_mode_loop+0x40/0x110
[  323.627053][T10668]  exit_to_user_mode_loop+0xec/0x110
[  323.627073][T10668]  do_syscall_64+0x2bd/0x3b0
[  323.627090][T10668]  ? lockdep_hardirqs_on+0x9c/0x150
[  323.627105][T10668]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.627120][T10668]  ? exc_page_fault+0x9f/0xf0
[  323.627138][T10668]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.627151][T10668] RIP: 0033:0x7f71e798ff17
[  323.627171][T10668] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  323.627184][T10668] RSP: 002b:00007ffc62bd5ff8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  323.627199][T10668] RAX: 0000000000000000 RBX: 00007f71e7a11c05 RCX: 00007f71e798ff17
[  323.627209][T10668] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc62bd60b0
[  323.627216][T10668] RBP: 00007ffc62bd60b0 R08: 0000000000000000 R09: 0000000000000000
[  323.627224][T10668] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc62bd7140
[  323.627233][T10668] R13: 00007f71e7a11c05 R14: 000000000004ef05 R15: 00007ffc62bd7180
[  323.627258][T10668]  </TASK>
[  323.628612][T10668] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  325.632432][ T5876] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  325.647019][ T5876] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.822817][ T5876] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  325.835529][ T5876] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.951812][ T5876] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  325.954970][ T5876] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  325.968828][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  325.974353][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  325.978536][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  325.982267][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  325.986538][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  326.099729][ T5876] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  326.103481][ T5876] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  326.110344][T12950] wg1 speed is unknown, defaulting to 1000
[  326.470025][ T5876] bridge_slave_1: left allmulticast mode
[  326.476628][ T5876] bridge_slave_1: left promiscuous mode
[  326.487378][ T5876] bridge0: port 2(bridge_slave_1) entered disabled state
[  326.515908][ T5876] bridge_slave_0: left allmulticast mode
[  326.523044][ T5876] bridge_slave_0: left promiscuous mode
[  326.534961][ T5876] bridge0: port 1(bridge_slave_0) entered disabled state
[  326.908347][T12982] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2830'.
[  328.037727][ T5847] Bluetooth: hci2: command tx timeout
[  328.128793][T12990] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2833'.
[  328.310269][ T5876] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  328.322946][ T5876] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  328.331243][ T5876] bond0 (unregistering): Released all slaves
[  328.390001][T12950] chnl_net:caif_netlink_parms(): no params data found
[  328.858333][T12950] bridge0: port 1(bridge_slave_0) entered blocking state
[  328.861201][T12950] bridge0: port 1(bridge_slave_0) entered disabled state
[  328.864176][T12950] bridge_slave_0: entered allmulticast mode
[  328.878170][T12950] bridge_slave_0: entered promiscuous mode
[  328.898639][T12950] bridge0: port 2(bridge_slave_1) entered blocking state
[  328.902918][T12950] bridge0: port 2(bridge_slave_1) entered disabled state
[  328.906262][T12950] bridge_slave_1: entered allmulticast mode
[  328.910231][T12950] bridge_slave_1: entered promiscuous mode
[  328.934063][ T5876] hsr_slave_0: left promiscuous mode
[  328.944235][ T5876] hsr_slave_1: left promiscuous mode
[  328.961559][ T5876] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  328.964559][ T5876] batman_adv: batadv0: Removing interface: batadv_slave_0
[  328.971866][ T5876] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  328.974839][ T5876] batman_adv: batadv0: Removing interface: batadv_slave_1
[  329.035946][ T5876] veth1_macvtap: left promiscuous mode
[  329.038191][ T5876] veth1_vlan: left promiscuous mode
[  329.039887][ T5876] veth0_vlan: left promiscuous mode
[  329.144140][ T5876] pimreg (unregistering): left allmulticast mode
[  329.669080][ T5876] team0 (unregistering): Port device team_slave_1 removed
[  329.724426][ T5876] team0 (unregistering): Port device team_slave_0 removed
[  329.780102][T13009] 9pnet_fd: p9_fd_create_tcp (13009): problem connecting socket to 127.0.0.1
[  330.127340][ T5847] Bluetooth: hci2: command tx timeout
[  330.985854][T12950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  330.992186][T12950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  331.080462][T12950] team0: Port device team_slave_0 added
[  331.099465][T12950] team0: Port device team_slave_1 added
[  331.154729][T12950] batman_adv: batadv0: Adding interface: batadv_slave_0
[  331.158740][T12950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.169513][T12950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  331.177533][T12950] batman_adv: batadv0: Adding interface: batadv_slave_1
[  331.180163][T12950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  331.189914][T12950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  331.232046][  T792] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  331.288618][T12950] hsr_slave_0: entered promiscuous mode
[  331.296365][T12950] hsr_slave_1: entered promiscuous mode
[  331.299448][T12950] debugfs: 'hsr0' already exists in 'hsr'
[  331.301689][T12950] Cannot create hsr debugfs directory
[  331.399944][  T792] usb 4-1: config 0 has an invalid interface number: 216 but max is 0
[  331.403129][  T792] usb 4-1: config 0 has no interface number 0
[  331.407524][  T792] usb 4-1: config 0 interface 216 altsetting 4 bulk endpoint 0x8F has invalid maxpacket 64
[  331.411909][  T792] usb 4-1: config 0 interface 216 altsetting 4 endpoint 0x1 has invalid wMaxPacketSize 0
[  331.419809][  T792] usb 4-1: config 0 interface 216 has no altsetting 0
[  331.422735][  T792] usb 4-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c1.2e
[  331.426763][  T792] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.431614][  T792] usb 4-1: config 0 descriptor??
[  331.437083][T13030] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  331.442422][  T792] usb 4-1: NFC: intf ffff888126e47000 id ffffffff8eb50d60
[  331.514633][T12950] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  331.524669][T12950] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  331.530252][T12950] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  331.534973][T12950] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  331.601112][T12950] 8021q: adding VLAN 0 to HW filter on device bond0
[  331.617666][T12950] 8021q: adding VLAN 0 to HW filter on device team0
[  331.628324][ T7090] bridge0: port 1(bridge_slave_0) entered blocking state
[  331.630710][ T7090] bridge0: port 1(bridge_slave_0) entered forwarding state
[  331.639499][ T7099] bridge0: port 2(bridge_slave_1) entered blocking state
[  331.641989][ T7099] bridge0: port 2(bridge_slave_1) entered forwarding state
[  331.649557][   T10] usb 4-1: USB disconnect, device number 50
[  331.783865][T12950] 8021q: adding VLAN 0 to HW filter on device batadv0
[  331.960807][T12950] veth0_vlan: entered promiscuous mode
[  331.970832][T12950] veth1_vlan: entered promiscuous mode
[  331.998640][T12950] veth0_macvtap: entered promiscuous mode
[  332.007345][T12950] veth1_macvtap: entered promiscuous mode
[  332.028288][T12950] batman_adv: batadv0: Interface activated: batadv_slave_0
[  332.037450][T12950] batman_adv: batadv0: Interface activated: batadv_slave_1
[  332.044036][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  332.049067][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  332.053339][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  332.057129][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  332.215535][ T5847] Bluetooth: hci2: command tx timeout
[  332.367559][ T7090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.371053][ T7090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.393077][ T7090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.397580][ T7090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.473200][T13067] loop5: detected capacity change from 0 to 512
[  332.498356][T13067] fscrypt (loop5, inode 2): Error -61 getting encryption context
[  332.506137][T13067] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -61
[  332.509845][T13067] EXT4-fs error (device loop5): ext4_orphan_get:1392: inode #13: comm syz.5.2813: iget: bad i_size value: 12154757448730
[  332.516113][T13067] EXT4-fs error (device loop5): ext4_orphan_get:1397: comm syz.5.2813: couldn't read orphan inode 13 (err -117)
[  332.530566][T13067] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  332.569837][T12950] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.801386][T13084] netlink: 60 bytes leftover after parsing attributes in process `syz.5.2865'.
[  332.990379][T13095] netlink: 104 bytes leftover after parsing attributes in process `syz.5.2871'.
[  334.218854][T13118] o2cb: This node has not been configured.
[  334.221491][T13118] o2cb: Cluster check failed. Fix errors before retrying.
[  334.224484][T13118] (syz.0.2880,13118,1):user_dlm_register:674 ERROR: status = -22
[  334.227710][T13118] (syz.0.2880,13118,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1"
[  334.278275][ T5847] Bluetooth: hci2: command tx timeout
[  334.525478][ T5911] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  334.695406][ T5911] usb 6-1: Using ep0 maxpacket: 8
[  334.700886][ T5911] usb 6-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  334.704404][ T5911] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  334.708538][ T5911] usb 6-1: Product: syz
[  334.710825][ T5911] usb 6-1: Manufacturer: syz
[  334.712423][ T5911] usb 6-1: SerialNumber: syz
[  334.723218][ T5911] usb 6-1: config 0 descriptor??
[  334.736083][ T5911] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  335.279492][T13122] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  335.282291][T13122] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  335.284235][T13122] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  335.288145][T13122] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  336.055360][ T5911] gspca_sonixj: reg_w1 err -71
[  336.135595][ T5911] sonixj 6-1:0.0: probe with driver sonixj failed with error -71
[  336.144039][ T5911] usb 6-1: USB disconnect, device number 2
[  336.185877][ T5898] usb 4-1: new full-speed USB device number 51 using dummy_hcd
[  336.337463][ T5898] usb 4-1: config 1 interface 0 altsetting 93 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  336.342730][ T5898] usb 4-1: config 1 interface 0 has no altsetting 0
[  336.347946][ T5898] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  336.352024][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  336.355450][ T5898] usb 4-1: SerialNumber: syz
[  336.525694][ T5847] Bluetooth: hci1: command 0x0c1a tx timeout
[  336.564016][T13156] loop5: detected capacity change from 0 to 512
[  336.587606][ T5898] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  336.602065][ T5898] usb 4-1: USB disconnect, device number 51
[  336.667504][T13158] loop5: detected capacity change from 0 to 4096
[  336.694702][T13158] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  336.734393][T12950] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.331846][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout
[  337.380809][T13186] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2912'.
[  337.510753][T13192] loop5: detected capacity change from 0 to 2048
[  337.560656][T13192] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  337.564417][T13192] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  337.600124][T13192] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm syz.5.2915: bg 0: block 345: padding at end of block bitmap is not set
[  337.607920][T13192] fs-verity (loop5, inode 13): Error -117 writing Merkle tree block 0
[  337.610990][T13192] fs-verity (loop5, inode 13): Error -117 building Merkle tree
[  337.639379][T12950] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.408244][ T5898] libceph: connect (1)[c::]:6789 error -101
[  338.412225][ T5898] libceph: mon0 (1)[c::]:6789 connect error
[  338.423551][ T5898] libceph: connect (1)[c::]:6789 error -101
[  338.427697][ T5898] libceph: mon0 (1)[c::]:6789 connect error
[  338.537424][T13205] ceph: No mds server is up or the cluster is laggy
[  339.005642][ T5898] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  339.135202][T13230] Invalid ELF header magic: != ELF
[  339.193994][ T5898] usb 6-1: Using ep0 maxpacket: 32
[  339.200641][ T5898] usb 6-1: config 0 has an invalid interface number: 96 but max is 0
[  339.203921][ T5898] usb 6-1: config 0 has no interface number 0
[  339.212736][ T5898] usb 6-1: config 0 interface 96 has no altsetting 0
[  339.219885][ T5898] usb 6-1: New USB device found, idVendor=0694, idProduct=0001, bcdDevice=b2.44
[  339.223465][ T5898] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.235466][ T5898] usb 6-1: Product: syz
[  339.237269][ T5898] usb 6-1: Manufacturer: syz
[  339.245727][ T5898] usb 6-1: SerialNumber: syz
[  339.250664][ T5898] usb 6-1: config 0 descriptor??
[  339.263155][ T5898] legousbtower 6-1:0.96: interrupt endpoints not found
[  339.407755][   T55] Bluetooth: hci2: command 0x0c1a tx timeout
[  339.459483][ T5898] usb 6-1: USB disconnect, device number 3
[  339.485467][ T5884] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  339.636328][ T5884] usb 4-1: Using ep0 maxpacket: 16
[  339.639665][ T5884] usb 4-1: config 8 has an invalid interface number: 223 but max is 0
[  339.643220][ T5884] usb 4-1: config 8 contains an unexpected descriptor of type 0x1, skipping
[  339.646231][ T5884] usb 4-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config
[  339.649752][ T5884] usb 4-1: config 8 has no interface number 0
[  339.652357][ T5884] usb 4-1: config 8 interface 223 altsetting 2 bulk endpoint 0xC has invalid maxpacket 32
[  339.660777][ T5884] usb 4-1: config 8 interface 223 altsetting 2 endpoint 0x7 has invalid maxpacket 15872, setting to 64
[  339.665839][ T5884] usb 4-1: config 8 interface 223 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  339.671222][ T5884] usb 4-1: config 8 interface 223 has no altsetting 0
[  339.680014][ T5884] usb 4-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d
[  339.684595][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  339.688071][ T5884] usb 4-1: Product: syz
[  339.690462][ T5884] usb 4-1: Manufacturer: syz
[  339.692857][ T5884] usb 4-1: SerialNumber: syz
[  339.709325][T13240] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  339.928266][ T5884] usb 4-1: USB disconnect, device number 52
[  340.147996][T13292] netlink: 16222 bytes leftover after parsing attributes in process `syz.5.2937'.
[  340.854900][T13320] loop5: detected capacity change from 0 to 40427
[  340.864537][T13320] F2FS-fs (loop5): invalid crc value
[  341.135599][T13320] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  341.141493][T13320] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  341.169854][T12950] syz-executor: attempt to access beyond end of device
[  341.169854][T12950] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  341.176011][T12950] CPU: 0 UID: 0 PID: 12950 Comm: syz-executor Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  341.176034][T12950] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  341.176045][T12950] Call Trace:
[  341.176051][T12950]  <TASK>
[  341.176058][T12950]  dump_stack_lvl+0x189/0x250
[  341.176086][T12950]  ? __pfx_dump_stack_lvl+0x10/0x10
[  341.176104][T12950]  ? __pfx_queue_work_on+0x10/0x10
[  341.176145][T12950]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  341.176164][T12950]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  341.176189][T12950]  f2fs_handle_critical_error+0x37c/0x540
[  341.176214][T12950]  f2fs_write_end_io+0x886/0xb60
[  341.176247][T12950]  __submit_merged_bio+0x27a/0x6a0
[  341.176270][T12950]  __submit_merged_write_cond+0x255/0x530
[  341.176293][T12950]  f2fs_write_data_pages+0x261d/0x3000
[  341.176337][T12950]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  341.176398][T12950]  ? folios_put_refs+0x559/0x640
[  341.176426][T12950]  ? __lock_acquire+0xab9/0xd20
[  341.176455][T12950]  ? do_raw_spin_lock+0x121/0x290
[  341.176480][T12950]  ? do_raw_spin_unlock+0x4d/0x240
[  341.176497][T12950]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  341.176517][T12950]  do_writepages+0x32e/0x550
[  341.176544][T12950]  ? do_raw_spin_unlock+0x4d/0x240
[  341.176565][T12950]  filemap_fdatawrite+0x199/0x240
[  341.176584][T12950]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  341.176636][T12950]  ? do_raw_spin_unlock+0x4d/0x240
[  341.176658][T12950]  f2fs_sync_dirty_inodes+0x31f/0x830
[  341.176690][T12950]  f2fs_write_checkpoint+0x95a/0x1df0
[  341.176729][T12950]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  341.176780][T12950]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  341.176793][T12950]  ? kfree+0x18e/0x440
[  341.176811][T12950]  ? kill_f2fs_super+0x298/0x6c0
[  341.176841][T12950]  kill_f2fs_super+0x2c3/0x6c0
[  341.176866][T12950]  ? __pfx_kill_f2fs_super+0x10/0x10
[  341.176885][T12950]  ? radix_tree_delete_item+0x2b6/0x400
[  341.176908][T12950]  ? shrinker_free+0x2ce/0x3e0
[  341.176926][T12950]  deactivate_locked_super+0xbc/0x130
[  341.176963][T12950]  cleanup_mnt+0x425/0x4c0
[  341.176981][T12950]  ? lockdep_hardirqs_on+0x9c/0x150
[  341.177000][T12950]  task_work_run+0x1d4/0x260
[  341.177022][T12950]  ? __pfx_task_work_run+0x10/0x10
[  341.177039][T12950]  ? __x64_sys_umount+0x122/0x160
[  341.177062][T12950]  ? exit_to_user_mode_loop+0x40/0x110
[  341.177085][T12950]  exit_to_user_mode_loop+0xec/0x110
[  341.177105][T12950]  do_syscall_64+0x2bd/0x3b0
[  341.177145][T12950]  ? lockdep_hardirqs_on+0x9c/0x150
[  341.177162][T12950]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.177176][T12950]  ? exc_page_fault+0x9f/0xf0
[  341.177194][T12950]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.177208][T12950] RIP: 0033:0x7fec45f8ff17
[  341.177222][T12950] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  341.177236][T12950] RSP: 002b:00007ffe5962d3d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  341.177253][T12950] RAX: 0000000000000000 RBX: 00007fec46011c05 RCX: 00007fec45f8ff17
[  341.177262][T12950] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe5962d490
[  341.177271][T12950] RBP: 00007ffe5962d490 R08: 0000000000000000 R09: 0000000000000000
[  341.177280][T12950] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe5962e520
[  341.177289][T12950] R13: 00007fec46011c05 R14: 0000000000053443 R15: 00007ffe5962e560
[  341.177313][T12950]  </TASK>
[  341.178591][T12950] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  341.490267][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout
[  341.981403][T13338] 9pnet_fd: p9_fd_create_tcp (13338): problem connecting socket to 127.0.0.1
[  342.552292][T13365] netlink: 180 bytes leftover after parsing attributes in process `syz.5.2968'.
[  342.635089][T13367] wg1 speed is unknown, defaulting to 1000
[  342.907434][ T5884] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  343.067476][ T5884] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  343.071524][ T5884] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  343.078268][ T5884] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  343.082763][ T5884] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  343.086033][ T5884] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.090344][ T5884] usb 6-1: config 0 descriptor??
[  343.537817][ T5884] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  343.555506][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout
[  343.766270][ T5898] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  343.889959][ T5884] usb 6-1: USB disconnect, device number 4
[  343.893331][T13368] plantronics 0003:047F:FFFF.0012: usb_submit_urb(ctrl) failed: -19
[  343.918059][ T5898] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  343.921616][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.926273][ T5898] usb 4-1: config 0 descriptor??
[  343.934359][ T5898] gspca_main: cpia1-2.14.0 probing 0813:0001
[  344.342306][ T5898] cpia1 4-1:0.0: unexpected state after lo power cmd: 00
[  344.724763][T13407] loop5: detected capacity change from 0 to 32768
[  344.756118][ T5898] gspca_cpia1: usb_control_msg 02, error -32
[  344.762703][ T5898] gspca_cpia1: usb_control_msg 02, error -71
[  344.764610][ T5898] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0)
[  344.770082][ T5898] usb 4-1: USB disconnect, device number 53
[  344.781618][T13407] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  344.821686][T13407] XFS (loop5): Ending clean mount
[  344.870450][T12950] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  345.068435][T13419] netlink: 'syz.5.2988': attribute type 21 has an invalid length.
[  345.071218][T13419] netlink: 128 bytes leftover after parsing attributes in process `syz.5.2988'.
[  345.074270][T13419] netlink: 'syz.5.2988': attribute type 4 has an invalid length.
[  345.077282][T13419] netlink: 'syz.5.2988': attribute type 3 has an invalid length.
[  345.079615][T13419] netlink: 3 bytes leftover after parsing attributes in process `syz.5.2988'.
[  345.109624][T13421] ptrace attach of ""[13422] was attempted by "/syz-executor exec"[13421]
[  346.130267][ T5884] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  346.275381][ T5884] usb 6-1: Using ep0 maxpacket: 32
[  346.282163][ T5884] usb 6-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b
[  346.285521][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.288048][ T5884] usb 6-1: Product: syz
[  346.289410][ T5884] usb 6-1: Manufacturer: syz
[  346.291118][ T5884] usb 6-1: SerialNumber: syz
[  346.502216][ T5884] usb 6-1: palm_os_4_probe - error -71 getting connection info
[  346.512772][ T5884] visor 6-1:1.0: Handspring Visor / Palm OS converter detected
[  346.525688][ T5884] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  346.546161][ T5884] usb 6-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  346.551307][ T5884] usb 6-1: USB disconnect, device number 5
[  346.558838][ T5884] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  346.575912][ T5884] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  346.579333][ T5884] visor 6-1:1.0: device disconnected
[  346.857386][T13448] Invalid option length (65058) for dns_resolver key
[  348.163601][T13457] loop5: detected capacity change from 0 to 128
[  348.179284][T13457] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  348.183833][T13457] ext4 filesystem being mounted at /56/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  348.205092][T12950] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  348.237197][T13463] loop5: detected capacity change from 0 to 64
[  348.526793][ T5911] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  348.725381][ T5911] usb 6-1: Using ep0 maxpacket: 16
[  348.730071][ T5911] usb 6-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  348.733761][ T5911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.742602][ T5911] usb 6-1: config 0 descriptor??
[  348.751353][ T5911] gspca_main: sonixj-2.14.0 probing 0471:0327
[  350.783188][ T5911] gspca_sonixj: reg_r err -71
[  350.787427][ T5911] sonixj 6-1:0.0: probe with driver sonixj failed with error -71
[  350.797643][ T5911] usb 6-1: USB disconnect, device number 6
[  351.441593][T13532] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  351.686087][T13526] loop5: detected capacity change from 0 to 32768
[  351.690262][T13526] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3035 (13526)
[  351.725953][T13526] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  351.729956][T13526] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  351.733274][T13526] BTRFS info (device loop5): disk space caching is enabled
[  351.736500][T13526] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  351.867798][T13526] BTRFS info (device loop5): rebuilding free space tree
[  351.883239][T13526] BTRFS info (device loop5): disabling free space tree
[  351.886773][T13526] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  351.890903][T13526] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  352.234540][T12950] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  352.306240][ T5898] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[  352.488496][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  352.493249][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  352.511174][ T5898] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00
[  352.514929][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  352.529902][ T5898] usb 4-1: config 0 descriptor??
[  352.961163][ T5898] cp2112 0003:10C4:EA90.0013: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0
[  352.996724][T13592] loop5: detected capacity change from 0 to 32768
[  353.048806][T13592] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  353.071561][T13592] XFS (loop5): Ending clean mount
[  353.078582][T13592] XFS (loop5): Quotacheck needed: Please wait.
[  353.120278][T13592] XFS (loop5): Quotacheck: Done.
[  353.164557][ T5898] cp2112 0003:10C4:EA90.0013: Part Number: 0x00 Device Version: 0x00
[  353.222403][T12950] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  353.376167][ T5898] cp2112 0003:10C4:EA90.0013: error requesting SMBus config
[  353.380852][ T5898] cp2112 0003:10C4:EA90.0013: probe with driver cp2112 failed with error -71
[  353.408166][ T5898] usb 4-1: USB disconnect, device number 54
[  353.614018][T13613] tmpfs: Bad value for 'mpol'
[  354.245506][ T5884] usb 4-1: new high-speed USB device number 55 using dummy_hcd
[  354.315500][ T5898] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  354.396258][ T5884] usb 4-1: Using ep0 maxpacket: 16
[  354.401017][ T5884] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  354.404217][ T5884] usb 4-1: config 0 has no interface number 0
[  354.409208][ T5884] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  354.413560][ T5884] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  354.419623][ T5884] usb 4-1: config 0 interface 255 has no altsetting 0
[  354.424223][ T5884] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  354.431017][ T5884] usb 4-1: config 0 has no interface number 0
[  354.433459][ T5884] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  354.438077][ T5884] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  354.443472][ T5884] usb 4-1: config 0 interface 255 has no altsetting 0
[  354.448039][ T5884] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[  354.451194][ T5884] usb 4-1: config 0 has no interface number 0
[  354.453741][ T5884] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  354.458204][ T5884] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  354.463275][ T5884] usb 4-1: config 0 interface 255 has no altsetting 0
[  354.468831][ T5884] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  354.472285][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.475448][ T5884] usb 4-1: Product: syz
[  354.477669][ T5884] usb 4-1: Manufacturer: syz
[  354.478177][ T5898] usb 6-1: Using ep0 maxpacket: 8
[  354.479448][ T5884] usb 4-1: SerialNumber: syz
[  354.486016][ T5898] usb 6-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config
[  354.487503][ T5884] r8152-cfgselector 4-1: Unknown version 0x0000
[  354.492172][ T5884] r8152-cfgselector 4-1: config 0 descriptor??
[  354.493149][ T5898] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  354.499332][ T5898] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.506553][ T5898] hub 6-1:32.0: bad descriptor, ignoring hub
[  354.508881][ T5898] hub 6-1:32.0: probe with driver hub failed with error -5
[  354.701691][ T5884] r8152 4-1:0.255: Expected endpoints are not found
[  354.706713][ T5884] r8152-cfgselector 4-1: USB disconnect, device number 55
[  355.009040][ T5898] usb 6-1: reset high-speed USB device number 7 using dummy_hcd
[  355.229951][T13638] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  356.005765][  T792] usb 6-1: USB disconnect, device number 7
[  356.071061][T13664] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  356.195520][T13671] netlink: 558 bytes leftover after parsing attributes in process `syz.0.3091'.
[  356.277709][T13677] loop5: detected capacity change from 0 to 65
[  356.293152][T13677] BFS-fs: bfs_fill_super(): NOTE: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway
[  356.495461][  T793] usb 4-1: new high-speed USB device number 56 using dummy_hcd
[  356.649248][  T793] usb 4-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd
[  356.652116][  T793] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.654718][  T793] usb 4-1: Product: syz
[  356.656304][  T793] usb 4-1: Manufacturer: syz
[  356.657961][  T793] usb 4-1: SerialNumber: syz
[  356.661183][  T793] usb 4-1: config 0 descriptor??
[  356.665416][  T792] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  356.677045][ T5847] Bluetooth: hci3: urb ffff88803c60e900 submission failed (2)
[  356.826452][  T792] usb 6-1: not running at top speed; connect to a high speed hub
[  356.830197][  T792] usb 6-1: config 95 has an invalid interface number: 1 but max is 0
[  356.833395][  T792] usb 6-1: config 95 has no interface number 0
[  356.841798][  T792] usb 6-1: config 95 interface 1 has no altsetting 0
[  356.846830][  T792] usb 6-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79
[  356.849530][  T792] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  356.851891][  T792] usb 6-1: Product: syz
[  356.853122][  T792] usb 6-1: Manufacturer: syz
[  356.854661][  T792] usb 6-1: SerialNumber: syz
[  356.873880][  T793] usb 4-1: USB disconnect, device number 56
[  357.101576][  T792] usb 6-1: USB disconnect, device number 8
[  357.142475][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  357.457921][T13696] can0: slcan on ttyS3.
[  357.527055][T13696] can0 (unregistered): slcan off ttyS3.
[  358.867235][T13744] binder: 13743:13744 ioctl c018620b 200000000000 returned -14
[  359.158679][ T5884] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  359.307572][ T5884] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  359.311662][ T5884] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  359.319270][ T5884] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  359.323466][ T5884] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  359.327842][ T5884] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  359.339635][ T5884] usb 6-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  359.343494][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  359.347434][ T5884] usb 6-1: Product: syz
[  359.349136][ T5884] usb 6-1: Manufacturer: syz
[  359.351329][ T5884] usb 6-1: SerialNumber: syz
[  359.358881][ T5884] usb 6-1: config 0 descriptor??
[  359.367637][ T5884] input: KB Gear Tablet as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input15
[  359.572012][ T5884] usb 6-1: USB disconnect, device number 9
[  360.169294][T13760] loop5: detected capacity change from 0 to 1024
[  360.191203][T13760] EXT4-fs: Ignoring removed nobh option
[  360.230852][T13760] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  361.108610][T12950] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  362.135466][ T5884] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  362.290555][ T5884] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4
[  362.302309][ T5884] usb 6-1: Dual-Role OTG device on HNP port
[  362.306017][ T5884] usb 6-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=7a.b1
[  362.311144][ T5884] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.315378][ T5884] usb 6-1: Product: syz
[  362.317051][ T5884] usb 6-1: Manufacturer: syz
[  362.318943][ T5884] usb 6-1: SerialNumber: syz
[  362.336683][ T5884] usb 6-1: config 0 descriptor??
[  362.351557][ T5884] usb_ehset_test 6-1:0.0: probe with driver usb_ehset_test failed with error -32
[  362.547199][ T5884] usb 6-1: USB disconnect, device number 10
[  364.655124][T13883] 9pnet_fd: Insufficient options for proto=fd
[  365.305588][T13924] 9pnet_fd: Insufficient options for proto=fd
[  365.330020][T13924] loop5: detected capacity change from 0 to 16
[  365.337186][T13924] erofs: Unknown parameter 'K،jxIE'
[  366.337193][T13949] loop5: detected capacity change from 0 to 32768
[  366.344250][T13949] (syz.5.3219,13949,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  366.362088][T13949] (syz.5.3219,13949,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  366.371634][T13949] (syz.5.3219,13949,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC.
[  366.377693][T13949] JBD2: Ignoring recovery information on journal
[  366.409443][T13949] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  366.443116][T13949] (syz.5.3219,13949,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x4e60244d, computed 0x8b393e9b. Applying ECC.
[  366.449523][T13949] (syz.5.3219,13949,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x4e60244d, computed 0x9b4be5b3
[  366.454596][T13949] (syz.5.3219,13949,0):ocfs2_trim_mainbm:7630 ERROR: status = -5
[  366.485159][T12950] ocfs2: Unmounting device (7,5) on (node local)
[  366.648596][T13957] loop5: detected capacity change from 0 to 4096
[  367.095895][T13970] loop5: detected capacity change from 0 to 32768
[  367.683165][T13999] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  367.686274][T13999] IPv6: NLM_F_CREATE should be set when creating new route
[  367.688618][T13999] IPv6: NLM_F_CREATE should be set when creating new route
[  367.691013][T13999] IPv6: NLM_F_CREATE should be set when creating new route
[  368.486070][T14025] loop5: detected capacity change from 0 to 32768
[  368.517053][T14025] ocfs2: Slot 0 on device (7,5) was already allocated to this node!
[  368.531675][T14025] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  368.665235][T14034] (syz.5.3253,14034,0):ocfs2_check_set_options:1244 ERROR: Invalid heartbeat mount options
[  368.721802][T12950] ocfs2: Unmounting device (7,5) on (node local)
[  369.105536][  T793] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  369.255487][  T793] usb 6-1: Using ep0 maxpacket: 16
[  369.259036][  T793] usb 6-1: config 1 has an invalid interface number: 105 but max is 0
[  369.261893][  T793] usb 6-1: config 1 has no interface number 0
[  369.263793][  T793] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  369.268729][  T793] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  369.271841][  T793] usb 6-1: config 1 interface 105 has no altsetting 0
[  369.279259][  T793] usb 6-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  369.282778][  T793] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  369.287709][  T793] usb 6-1: Product: syz
[  369.289237][  T793] usb 6-1: Manufacturer: syz
[  369.291046][  T793] usb 6-1: SerialNumber: syz
[  369.299658][T14041] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  369.301965][T14041] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  369.719608][T14041] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  369.725965][T14041] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  370.308401][  T793] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  370.312054][    C0] raw-gadget.0 gadget.5: ignoring, device is not running
[  370.314508][  T793] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  370.320425][    C0] raw-gadget.0 gadget.5: ignoring, device is not running
[  370.322729][  T793] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  370.359784][  T793] aqc111 6-1:1.105 eth9: register 'aqc111' at usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, b2:d2:99:3a:5f:b2
[  370.375219][  T793] usb 6-1: USB disconnect, device number 11
[  370.383954][  T793] aqc111 6-1:1.105 eth9: unregister 'aqc111' usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  370.687979][  T793] aqc111 6-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  370.690949][  T793] aqc111 6-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  370.693845][  T793] aqc111 6-1:1.105 eth9 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  371.450039][T14065] loop5: detected capacity change from 0 to 32768
[  371.465662][T14065] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  371.517906][T14065] XFS (loop5): Ending clean mount
[  371.701777][T12950] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  372.244798][T14095] loop5: detected capacity change from 0 to 4096
[  372.371819][   T33] audit: type=1800 audit(1755594776.081:66): pid=14095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.3279" name="bus" dev="loop5" ino=33 res=0 errno=0
[  372.417819][   T33] audit: type=1804 audit(1755594776.091:67): pid=14095 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.3279" name=2F6E6577726F6F742F3131332F131377C5FC35D41454D5D41D29AD1A6029598146E6BE166E41AD0DBD4054033C9F33BBDA8224A2F3D772E7636E48B33CBF708372E8F1B9933EC5127743BE2206209EF02DF9CBF2F6E880D3382F627573 dev="loop5" ino=33 res=1 errno=0
[  373.120764][T14116] loop5: detected capacity change from 0 to 1024
[  373.152484][   T27] hfsplus: b-tree write err: -5, ino 4
[  373.352141][T14126] loop5: detected capacity change from 0 to 8
[  373.358390][T14126] SQUASHFS error: lzo decompression failed, data probably corrupt
[  373.364461][T14126] SQUASHFS error: Failed to read block 0x144: -5
[  373.369849][T14126] SQUASHFS error: Unable to read metadata cache entry [142]
[  373.373830][T14126] SQUASHFS error: Unable to read inode 0x11f
[  373.783411][T14133] loop5: detected capacity change from 0 to 32768
[  373.787447][T14133] btrfs: Deprecated parameter 'usebackuproot'
[  373.789713][T14133] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  373.810742][T14133] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3297 (14133)
[  374.467619][T14133] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  374.471623][T14133] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  374.474879][T14133] BTRFS info (device loop5): using free-space-tree
[  374.548429][   T53] BTRFS warning (device loop5): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  374.556535][T14133] BTRFS error (device loop5): failed to load root extent
[  374.559000][T14133] BTRFS warning (device loop5): try to load backup roots slot 1
[  374.562587][   T53] BTRFS warning (device loop5): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  374.570689][T14133] BTRFS warning (device loop5): couldn't read tree root
[  374.573515][T14133] BTRFS warning (device loop5): try to load backup roots slot 2
[  374.585866][ T1091] BTRFS error (device loop5): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  374.595900][T14133] BTRFS warning (device loop5): couldn't read tree root
[  374.598578][T14133] BTRFS warning (device loop5): try to load backup roots slot 3
[  374.640308][T14133] BTRFS info (device loop5): rebuilding free space tree
[  374.706633][T14133] BTRFS info (device loop5): checking UUID tree
[  374.812762][T12950] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  376.711892][T14193] loop5: detected capacity change from 0 to 32768
[  376.714599][T14193] XFS: ikeep mount option is deprecated.
[  376.752305][T14193] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  376.766639][T14193] XFS (loop5): Ending clean mount
[  376.773826][T14193] XFS (loop5): Quotacheck needed: Please wait.
[  376.814952][T14193] XFS (loop5): Quotacheck: Done.
[  376.839380][T12950] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  377.221322][T14220] loop5: detected capacity change from 0 to 1024
[  377.224123][T14220] EXT4-fs: Ignoring removed nobh option
[  377.235511][T14220] EXT4-fs: Ignoring removed bh option
[  377.256945][T14220] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  377.317834][T12950] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  377.790330][T14248] loop5: detected capacity change from 0 to 32768
[  377.794872][T14248] bcachefs (/dev/loop5): error validating superblock: Invalid superblock section members_v2: device 0: invalid btree_bitmap_shift 248
[  377.794872][T14248] members_v2 (size 152):
[  377.794872][T14248] Device:                        0
[  377.794872][T14248]   Label:                       (none)
[  377.794872][T14248]   UUID:                        7af6772b-00de-4159-84cd-1faead05aceb
[  377.794872][T14248]   Size:                        16777216
[  377.794872][T14248]   read errors:                 0
[  377.794872][T14248]   write errors:                0
[  377.794872][T14248]   checksum errors:             0
[  377.794872][T14248]   seqread iops:                0
[  377.794872][T14248]   seqwrite iops:               0
[  377.794872][T14248]   randread iops:               0
[  377.794872][T14248]   randwrite iops:              0
[  377.794872][T14248]   Bucket size:                 131072
[  377.794872][T14248]   First bucket:                0
[  377.794872][T14248]   Buckets:                     128
[  377.794872][T14248]   Last mount:                  1714681267
[  377.794872][T14248]   Last superblock write:       42
[  377.794872][T14248]   State:                       rw
[  377.794872][T14248]   Data allowed:                journal,btree,user
[  377.794872][T14248]   Has data:                    (none)
[  377.794872][T14248]   Btree allocated bitmap blocksize:(invalid shift 248)
[  377.794872][T14248]   Btree allocated bitmap:      0000000000000000000001000010000010011000000000000000000000000000
[  377.794872][T14248]  
[  377.794974][T14248] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[  377.844145][    C0] vkms_vblank_simulate: vblank timer overrun
[  378.115646][T14270] loop5: detected capacity change from 0 to 2048
[  378.119321][T14270] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  378.122390][T14270] NILFS (loop5): mounting unchecked fs
[  378.128484][ T5845] udevd[5845]: incorrect nilfs2 checksum on /dev/loop5
[  378.139687][T14270] NILFS (loop5): recovery complete
[  378.143130][T14271] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  378.198500][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  378.303607][T14273] fuse: Unknown parameter 'grou00000000000000000000'
[  378.566664][T14275] loop5: detected capacity change from 0 to 32768
[  378.570081][T14275] btrfs: Deprecated parameter 'usebackuproot'
[  378.572468][T14275] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  378.577368][T14275] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.3348 (14275)
[  378.600621][T14275] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  378.610875][T14275] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  378.614253][T14275] BTRFS info (device loop5): disk space caching is enabled
[  378.620043][T14275] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  378.629406][T14281] 9pnet_fd: Insufficient options for proto=fd
[  378.711868][T14275] btrfs: Deprecated parameter 'usebackuproot'
[  378.714383][T14275] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  378.732035][T14275] BTRFS warning (device loop5 state M): remount supports changing free space tree only from RO to RW
[  378.738409][T14275] BTRFS info (device loop5 state M): enabling free space tree
[  378.741586][T14275] BTRFS info (device loop5 state M): force clearing of disk cache
[  378.745193][T14275] BTRFS info (device loop5 state M): trying to use backup root at mount time
[  378.749735][T14275] BTRFS info (device loop5 state M): disabling disk space caching
[  378.753770][T14275] btrfs: Deprecated parameter 'usebackuproot'
[  378.757177][T14275] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  378.761113][T14275] BTRFS info (device loop5 state M): rebuilding free space tree
[  378.826615][T14275] BTRFS info (device loop5 state M): disabling free space tree
[  378.829116][T14275] BTRFS info (device loop5 state M): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  378.832490][T14275] BTRFS info (device loop5 state M): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  378.866205][T14275] BTRFS info (device loop5 state M): enabling disk space caching
[  378.868614][T14275] BTRFS info (device loop5 state M): force clearing of disk cache
[  378.870949][T14275] BTRFS info (device loop5 state M): trying to use backup root at mount time
[  378.873641][T14275] BTRFS info (device loop5 state M): disabling free space tree
[  378.928118][T12950] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  379.469266][T14328] UBIFS error (pid: 14328): cannot open "c:::", error -22
[  379.765493][    T9] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  379.915508][    T9] usb 6-1: Using ep0 maxpacket: 8
[  379.919714][    T9] usb 6-1: config 0 has an invalid interface number: 151 but max is 1
[  379.922944][    T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  379.930440][    T9] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  379.933931][    T9] usb 6-1: config 0 has no interface number 0
[  379.936896][    T9] usb 6-1: config 0 interface 151 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  379.941269][    T9] usb 6-1: config 0 interface 151 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[  379.948531][    T9] usb 6-1: config 0 interface 151 altsetting 0 endpoint 0x83 has invalid maxpacket 64466, setting to 1024
[  379.953164][    T9] usb 6-1: config 0 interface 151 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  379.957924][    T9] usb 6-1: config 0 interface 151 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  379.969946][    T9] usb 6-1: New USB device found, idVendor=0499, idProduct=500a, bcdDevice=e7.b7
[  379.974312][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.978034][    T9] usb 6-1: Product: syz
[  379.979780][    T9] usb 6-1: Manufacturer: syz
[  379.981692][    T9] usb 6-1: SerialNumber: syz
[  379.988764][    T9] usb 6-1: config 0 descriptor??
[  379.992347][T14334] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  380.000080][    T9] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  380.209251][ T5898] usb 6-1: USB disconnect, device number 12
[  381.125425][T14379] serio: Serial port ptm0
[  381.761710][   T13] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  381.824522][T14396] netlink: 124 bytes leftover after parsing attributes in process `syz.3.3401'.
[  381.927027][   T13] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.032769][   T13] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.050890][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  382.057716][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  382.061906][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  382.065132][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  382.070059][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  382.112496][T14406] wg1 speed is unknown, defaulting to 1000
[  382.187087][   T13] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  382.351663][T14406] chnl_net:caif_netlink_parms(): no params data found
[  382.377885][   T13] bridge_slave_1: left allmulticast mode
[  382.379702][   T13] bridge_slave_1: left promiscuous mode
[  382.383041][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.389340][   T13] bridge_slave_0: left allmulticast mode
[  382.391682][   T13] bridge_slave_0: left promiscuous mode
[  382.396416][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.895370][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  382.903326][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  382.915962][   T13] bond0 (unregistering): Released all slaves
[  383.109339][T14406] bridge0: port 1(bridge_slave_0) entered blocking state
[  383.111728][T14406] bridge0: port 1(bridge_slave_0) entered disabled state
[  383.114211][T14406] bridge_slave_0: entered allmulticast mode
[  383.118358][T14406] bridge_slave_0: entered promiscuous mode
[  383.122192][T14406] bridge0: port 2(bridge_slave_1) entered blocking state
[  383.125074][T14406] bridge0: port 2(bridge_slave_1) entered disabled state
[  383.127861][T14406] bridge_slave_1: entered allmulticast mode
[  383.131205][T14406] bridge_slave_1: entered promiscuous mode
[  383.209477][T14406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  383.214768][T14406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  383.280683][T14406] team0: Port device team_slave_0 added
[  383.290385][T14406] team0: Port device team_slave_1 added
[  383.300341][   T13] hsr_slave_0: left promiscuous mode
[  383.305412][   T13] hsr_slave_1: left promiscuous mode
[  383.307438][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  383.309598][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  383.325532][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  383.327822][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  383.342508][   T13] veth1_macvtap: left promiscuous mode
[  383.344504][   T13] veth0_macvtap: left promiscuous mode
[  383.347965][   T13] veth1_vlan: left promiscuous mode
[  383.350331][   T13] veth0_vlan: left promiscuous mode
[  383.394838][   T13] ------------[ cut here ]------------
[  383.397464][   T13] WARNING: CPU: 1 PID: 13 at net/ipv6/route.c:4857 rt6_multipath_rebalance+0x455/0x8b0
[  383.401298][   T13] Modules linked in:
[  383.403414][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  383.409232][   T13] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  383.413187][   T13] Workqueue: netns cleanup_net
[  383.415149][   T13] RIP: 0010:rt6_multipath_rebalance+0x455/0x8b0
[  383.417742][   T13] Code: ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 85 fe ff ff 4c 89 e7 e8 2d 50 f3 f7 e9 78 fe ff ff e8 13 e6 8f f7 eb 05 e8 0c e6 8f f7 90 <0f> 0b 90 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc
[  383.425375][   T13] RSP: 0018:ffffc90000106ea0 EFLAGS: 00010293
[  383.427795][   T13] RAX: ffffffff8a2fc95d RBX: ffff88801ebf5c00 RCX: ffff88801c2f8000
[  383.430946][   T13] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  383.434106][   T13] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004
[  383.437382][   T13] R10: dffffc0000000000 R11: fffff52000020dcc R12: ffff888107f23cde
[  383.440536][   T13] R13: ffff88801ebf5c90 R14: 0000000000000000 R15: 1ffff11003d7eb92
[  383.443726][   T13] FS:  0000000000000000(0000) GS:ffff8881a3c21000(0000) knlGS:0000000000000000
[  383.447438][   T13] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  383.450033][   T13] CR2: 0000200000002940 CR3: 000000003d2e2000 CR4: 00000000000006f0
[  383.453189][   T13] Call Trace:
[  383.454561][   T13]  <TASK>
[  383.455863][   T13]  fib6_ifdown+0x401/0x4c0
[  383.457625][   T13]  ? __pfx_fib6_ifdown+0x10/0x10
[  383.459582][   T13]  fib6_clean_node+0x24d/0x590
[  383.461438][   T13]  ? __pfx_fib6_clean_node+0x10/0x10
[  383.463585][   T13]  ? __lock_acquire+0xab9/0xd20
[  383.465650][   T13]  ? __local_bh_enable_ip+0x12d/0x1c0
[  383.467748][   T13]  fib6_walk_continue+0x67b/0x910
[  383.469730][   T13]  fib6_walk+0x149/0x290
[  383.471423][   T13]  __fib6_clean_all+0x234/0x380
[  383.473332][   T13]  ? __fib6_clean_all+0x9b/0x380
[  383.475379][   T13]  ? __pfx_fib6_ifdown+0x10/0x10
[  383.477321][   T13]  ? __pfx___fib6_clean_all+0x10/0x10
[  383.480017][   T13]  ? __pfx_fib6_clean_node+0x10/0x10
[  383.482059][   T13]  ? __pfx_fib6_ifdown+0x10/0x10
[  383.484014][   T13]  ? __mutex_trylock_common+0x153/0x260
[  383.486326][   T13]  rt6_disable_ip+0x120/0x720
[  383.488024][   T13]  ? rcu_is_watching+0x15/0xb0
[  383.489675][   T13]  ? trace_contention_end+0x39/0x120
[  383.491475][   T13]  ? __pfx_rt6_disable_ip+0x10/0x10
[  383.493246][   T13]  addrconf_ifdown+0x15d/0x1880
[  383.494805][   T13]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  383.496638][   T13]  ? tls_dev_event+0x717/0xec0
[  383.498292][   T13]  ? __pfx_addrconf_ifdown+0x10/0x10
[  383.499902][   T13]  addrconf_notify+0x1bc/0x1010
[  383.501410][   T13]  notifier_call_chain+0x1b6/0x3e0
[  383.502952][   T13]  netif_close_many+0x29c/0x410
[  383.504471][   T13]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  383.506438][   T13]  ? __pfx_netif_close_many+0x10/0x10
[  383.508087][   T13]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  383.509774][   T13]  unregister_netdevice_many_notify+0x7b9/0x1ff0
[  383.511762][   T13]  ? __local_bh_enable_ip+0x12d/0x1c0
[  383.513522][   T13]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  383.515394][   T13]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  383.517661][   T13]  ? unregister_netdevice_queue+0x1b3/0x380
[  383.519511][   T13]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  383.521466][   T13]  ? batadv_meshif_destroy_netlink+0x1b0/0x250
[  383.523426][   T13]  default_device_exit_batch+0x819/0x890
[  383.525332][   T13]  ? __pfx___might_resched+0x10/0x10
[  383.526983][   T13]  ? __pfx_default_device_exit_batch+0x10/0x10
[  383.528936][   T13]  ? __pfx_rdma_dev_exit_net+0x10/0x10
[  383.530725][   T13]  ? net_generic+0x1e/0x240
[  383.532324][   T13]  ? __pfx_default_device_exit_batch+0x10/0x10
[  383.534398][   T13]  ops_undo_list+0x525/0x990
[  383.535983][   T13]  ? __pfx_ops_undo_list+0x10/0x10
[  383.537595][   T13]  ? do_raw_spin_unlock+0x4d/0x240
[  383.539165][   T13]  cleanup_net+0x4c5/0x800
[  383.540543][   T13]  ? __pfx_cleanup_net+0x10/0x10
[  383.542087][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  383.543653][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  383.545496][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  383.547269][   T13]  process_scheduled_works+0xae1/0x17b0
[  383.549002][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  383.550894][   T13]  worker_thread+0x8a0/0xda0
[  383.552369][   T13]  kthread+0x711/0x8a0
[  383.553668][   T13]  ? __pfx_worker_thread+0x10/0x10
[  383.555226][   T13]  ? __pfx_kthread+0x10/0x10
[  383.556790][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  383.558430][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  383.560030][   T13]  ? __pfx_kthread+0x10/0x10
[  383.561494][   T13]  ret_from_fork+0x3fc/0x770
[  383.562946][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  383.564502][   T13]  ? __switch_to_asm+0x39/0x70
[  383.566241][   T13]  ? __switch_to_asm+0x33/0x70
[  383.568004][   T13]  ? __pfx_kthread+0x10/0x10
[  383.569653][   T13]  ret_from_fork_asm+0x1a/0x30
[  383.571192][   T13]  </TASK>
[  383.572179][   T13] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  383.574425][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[  383.578565][   T13] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  383.581690][   T13] Workqueue: netns cleanup_net
[  383.583208][   T13] Call Trace:
[  383.584273][   T13]  <TASK>
[  383.585250][   T13]  dump_stack_lvl+0x99/0x250
[  383.586871][   T13]  ? __asan_memcpy+0x40/0x70
[  383.588329][   T13]  ? __pfx_dump_stack_lvl+0x10/0x10
[  383.589928][   T13]  ? __pfx__printk+0x10/0x10
[  383.591512][   T13]  vpanic+0x281/0x750
[  383.593082][   T13]  ? __pfx__printk+0x10/0x10
[  383.594920][   T13]  ? __pfx_vpanic+0x10/0x10
[  383.596784][   T13]  ? is_bpf_text_address+0x26/0x2b0
[  383.598599][   T13]  panic+0xb9/0xc0
[  383.599792][   T13]  ? __pfx_panic+0x10/0x10
[  383.601235][   T13]  __warn+0x31b/0x4b0
[  383.602525][   T13]  ? rt6_multipath_rebalance+0x455/0x8b0
[  383.604284][   T13]  ? rt6_multipath_rebalance+0x455/0x8b0
[  383.606080][   T13]  report_bug+0x2be/0x4f0
[  383.607485][   T13]  ? rt6_multipath_rebalance+0x455/0x8b0
[  383.609229][   T13]  ? rt6_multipath_rebalance+0x455/0x8b0
[  383.610966][   T13]  ? rt6_multipath_rebalance+0x457/0x8b0
[  383.612712][   T13]  handle_bug+0x84/0x160
[  383.614031][   T13]  exc_invalid_op+0x1a/0x50
[  383.615483][   T13]  asm_exc_invalid_op+0x1a/0x20
[  383.617071][   T13] RIP: 0010:rt6_multipath_rebalance+0x455/0x8b0
[  383.618987][   T13] Code: ff ff 44 89 e1 80 e1 07 38 c1 0f 8c 85 fe ff ff 4c 89 e7 e8 2d 50 f3 f7 e9 78 fe ff ff e8 13 e6 8f f7 eb 05 e8 0c e6 8f f7 90 <0f> 0b 90 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc
[  383.624914][   T13] RSP: 0018:ffffc90000106ea0 EFLAGS: 00010293
[  383.626748][   T13] RAX: ffffffff8a2fc95d RBX: ffff88801ebf5c00 RCX: ffff88801c2f8000
[  383.629106][   T13] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  383.631579][   T13] RBP: dffffc0000000000 R08: 0000000000000003 R09: 0000000000000004
[  383.634034][   T13] R10: dffffc0000000000 R11: fffff52000020dcc R12: ffff888107f23cde
[  383.636579][   T13] R13: ffff88801ebf5c90 R14: 0000000000000000 R15: 1ffff11003d7eb92
[  383.639197][   T13]  ? rt6_multipath_rebalance+0x44d/0x8b0
[  383.641286][   T13]  fib6_ifdown+0x401/0x4c0
[  383.642968][   T13]  ? __pfx_fib6_ifdown+0x10/0x10
[  383.644486][   T13]  fib6_clean_node+0x24d/0x590
[  383.645936][   T13]  ? __pfx_fib6_clean_node+0x10/0x10
[  383.647697][   T13]  ? __lock_acquire+0xab9/0xd20
[  383.649180][   T13]  ? __local_bh_enable_ip+0x12d/0x1c0
[  383.650790][   T13]  fib6_walk_continue+0x67b/0x910
[  383.652272][   T13]  fib6_walk+0x149/0x290
[  383.653538][   T13]  __fib6_clean_all+0x234/0x380
[  383.654991][   T13]  ? __fib6_clean_all+0x9b/0x380
[  383.656501][   T13]  ? __pfx_fib6_ifdown+0x10/0x10
[  383.657964][   T13]  ? __pfx___fib6_clean_all+0x10/0x10
[  383.659528][   T13]  ? __pfx_fib6_clean_node+0x10/0x10
[  383.661092][   T13]  ? __pfx_fib6_ifdown+0x10/0x10
[  383.662532][   T13]  ? __mutex_trylock_common+0x153/0x260
[  383.664306][   T13]  rt6_disable_ip+0x120/0x720
[  383.665776][   T13]  ? rcu_is_watching+0x15/0xb0
[  383.667191][   T13]  ? trace_contention_end+0x39/0x120
[  383.668919][   T13]  ? __pfx_rt6_disable_ip+0x10/0x10
[  383.670486][   T13]  addrconf_ifdown+0x15d/0x1880
[  383.671919][   T13]  ? __mutex_unlock_slowpath+0x1a1/0x760
[  383.673608][   T13]  ? tls_dev_event+0x717/0xec0
[  383.675042][   T13]  ? __pfx_addrconf_ifdown+0x10/0x10
[  383.676754][   T13]  addrconf_notify+0x1bc/0x1010
[  383.678277][   T13]  notifier_call_chain+0x1b6/0x3e0
[  383.679791][   T13]  netif_close_many+0x29c/0x410
[  383.681324][   T13]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  383.683242][   T13]  ? __pfx_netif_close_many+0x10/0x10
[  383.684924][   T13]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  383.686666][   T13]  unregister_netdevice_many_notify+0x7b9/0x1ff0
[  383.688554][   T13]  ? __local_bh_enable_ip+0x12d/0x1c0
[  383.690183][   T13]  ? __pfx___local_bh_enable_ip+0x10/0x10
[  383.692096][   T13]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  383.694264][   T13]  ? unregister_netdevice_queue+0x1b3/0x380
[  383.696091][   T13]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  383.698400][   T13]  ? batadv_meshif_destroy_netlink+0x1b0/0x250
[  383.700571][   T13]  default_device_exit_batch+0x819/0x890
[  383.702329][   T13]  ? __pfx___might_resched+0x10/0x10
[  383.703914][   T13]  ? __pfx_default_device_exit_batch+0x10/0x10
[  383.705979][   T13]  ? __pfx_rdma_dev_exit_net+0x10/0x10
[  383.707565][   T13]  ? net_generic+0x1e/0x240
[  383.708949][   T13]  ? __pfx_default_device_exit_batch+0x10/0x10
[  383.710852][   T13]  ops_undo_list+0x525/0x990
[  383.712318][   T13]  ? __pfx_ops_undo_list+0x10/0x10
[  383.713920][   T13]  ? do_raw_spin_unlock+0x4d/0x240
[  383.715511][   T13]  cleanup_net+0x4c5/0x800
[  383.717072][   T13]  ? __pfx_cleanup_net+0x10/0x10
[  383.718634][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  383.720169][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  383.721855][   T13]  ? process_scheduled_works+0x9ef/0x17b0
[  383.723620][   T13]  process_scheduled_works+0xae1/0x17b0
[  383.725372][   T13]  ? __pfx_process_scheduled_works+0x10/0x10
[  383.727155][   T13]  worker_thread+0x8a0/0xda0
[  383.728697][   T13]  kthread+0x711/0x8a0
[  383.729960][   T13]  ? __pfx_worker_thread+0x10/0x10
[  383.731595][   T13]  ? __pfx_kthread+0x10/0x10
[  383.733103][   T13]  ? _raw_spin_unlock_irq+0x23/0x50
[  383.734699][   T13]  ? lockdep_hardirqs_on+0x9c/0x150
[  383.736508][   T13]  ? __pfx_kthread+0x10/0x10
[  383.737949][   T13]  ret_from_fork+0x3fc/0x770
[  383.739476][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  383.741062][   T13]  ? __switch_to_asm+0x39/0x70
[  383.742527][   T13]  ? __switch_to_asm+0x33/0x70
[  383.744007][   T13]  ? __pfx_kthread+0x10/0x10
[  383.745467][   T13]  ret_from_fork_asm+0x1a/0x30
[  383.747032][   T13]  </TASK>
[  383.748703][   T13] Kernel Offset: disabled
[  383.750067][   T13] Rebooting in 86400 seconds..

VM DIAGNOSIS:
07:30:37  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000009 RBX=ffffea0000e60e00 RCX=0000000000000000 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000002 RBP=1ffff9200076be36 RSP=ffffc90003b5f088
R8 =ffff88802eceb67f R9 =1ffff11005d9d6cf R10=dffffc0000000000 R11=ffffed1005d9d6d0
R12=1ffff9200076be36 R13=0000000000000000 R14=dffffc0000000000 R15=ffffc90003b5f1a0
RIP=ffffffff8b76a343 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8621000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000555582af6808 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00ffff00000000ff XMM01=0a0a0a0a0a0a0a0a 0a0a0a0a0a0a0a0a
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00ffff00000000ff XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000043 RBX=0000000000000043 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc90000106650
R8 =ffff88801f998237 R9 =1ffff11003f33046 R10=dffffc0000000000 R11=ffffffff854e7aa0
R12=dffffc0000000000 R13=ffffffff99af48ee R14=ffffffff99de94e0 R15=0000000000000000
RIP=ffffffff854e7b1c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c21000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000002940 CR3=000000003d2e2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fa9d7f87498 00007fa9d7f87470 XMM03=00007fa9d7f874a8 00007fa9d7f874a0
XMM04=00007fa9d8aed100 00007fa9d7f87460 XMM05=00007fa9d7f87478 00007fa9d7f874c0
XMM06=00007fa9d7f874b8 00007fa9d7f874b0 XMM07=00007fa9d7f874a8 00007fa9d7f874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fa9d7e12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
