last executing test programs:

4m12.84627291s ago: executing program 2 (id=450):
r0 = openat$vim2m(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000140)={0x4, 0x1, 0x4, 0x0, 0x80})
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000200)={0x1, @raw_data="91f1e257028a2a6b2610005fd0c38c7b9eed8b57f7d3976db8e6c3b45cb13417040e1de8454c6220737d84bb294bfeb21912d2c107ca9693252db784a826721ee176f63ac809efd9d33e5ba605dac6bd11f5b50fbcbe75d2dd26e2bda9d0b0cdb62a390a5c41bc2c0417e0606b65109d56854ecbd4fb5ffd5d486d5ce6996b743d24ee7a08fe42ea8b9db9686f5e34f1cbfd08d282adb28855b7559a18368822eb4635e6c795017644851db64bfc19a8ba3023815be9a89904eef5d4a45f9eee1625e9e77cf5d202"})

4m12.75973168s ago: executing program 2 (id=452):
syz_emit_ethernet(0x66, &(0x7f0000000b80)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x360, 0x0, 0x0, 0x6c, 0x0, @private}, {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x3}, {}, {}, {0x8, 0x88be, 0xffffffff, {{0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}}, {0x8, 0x22eb, 0x0, {{0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4, 0x2}}}}}}}}, 0x0)

4m12.678956597s ago: executing program 2 (id=454):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340"], 0xec}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

4m12.678512146s ago: executing program 2 (id=455):
r0 = syz_io_uring_setup(0x24f7, &(0x7f0000000b80)={0x0, 0x7687, 0x10100, 0x3, 0x33a}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0x100, 0x70bd28}, 0x18}}, 0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB=':'], 0x38}, 0x1, 0x0, 0x0, 0xc1}, 0x1)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8})
io_uring_enter(r0, 0x22d3e, 0x0, 0x20, 0x0, 0x58)

4m12.55947399s ago: executing program 2 (id=456):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1e2)
mount(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000300)='devpts\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000480)='./file0/../file0/../file0\x00', &(0x7f0000000240)='debugfs\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

4m12.532921819s ago: executing program 2 (id=457):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x1008400, &(0x7f0000000e80)=ANY=[], 0x84, 0x6a5, &(0x7f0000000cc0)="$eJzs3ctvXFcZAPDvjsdjTyipmyY0RZViNRIgLBI/5ILZNCCEvKiqqixYsLISJxllkoI9ILdC1Ly3XeQPKELesUBI7CPKhg3suvWOSgg23eCuLrqPedjjsWca3LGT3y+6c8+9555zv/PNfcwj1gTw1Fqdi+qjSGJ17rWtbHl3Z6m5u7N0v12OiKmIqERUi1kk/03T9IOIG1FM8WK2suwuGbSfh42VNz/8ePejYqlaTvn2laPaDWc7e5iJiNmImCjnj9lf3mfWz82j+5s8vrukM8IsYVfbiYNxy47eNPfvh8WaH/3tmU5Nj/phradPPkDg5JSneVLcN/vMRJwrT/TsdUBxVyzu2Wfa9rgDAAAAgM/As3uxF1txftxxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFlS/v5/Uk6Vdnk2kvbv/9fKdVGWT5cro23+6KTiAAAAAAAAAIDHk46y8ZW92IutON9pnOTf+b+cL1zMHz8Xk7EZ67ExcS22Yi1a0YqNWIiImZ6OaltrrdbGQqdl+38G5C2jt+XioS0Xjwl0qpzXRxkdAAAAAAAAADw1fhGr3e//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNEgiJopZPl1sl2eiUo2I6YioZdttR/yjXT7LHo07AAAAAHgM6ZDbPbsXe7EV5zvtkvw9/xfy9/3T8eN4EK1oRCuasR638s8Cinf9ld2dpebuztL9bOrv91v/GSncvMcoPns4fM+X8y3qcTsa+ZprcTPeiiS5FZW8ZeZyO57D4/p5FlPyamFyyMhulfNs5O+V8z7vjjTYQUb8MGUmz8hkJyPzZWxZNp7rycJkfyZGfHYO7mkhKp1gLx7I+YFB7Mv5q0Pu71w5z8bzm0E5H4uDmVjsOfri6KMv4st//sP37zYf3Lt7e3Pu9AzpOFP7lorrSr0/E0s9mXjhyczEAPN5Ji51llfju/G9mIvZeCM2ohE/ibVoxXrMxnfy0lp5PCc9p/yATN3Yt/TGcZHUyiO0uIrui6maPfbHVOvE9HLe9nw04vV4K27FeryS/1uMhfh6LMdyrPQ8w5eGuNJW9p313cMo/fyhwV/9SlmoR8Rvy3nuTvW4gZ+wLK/P9eS195o7k9f1rulm6cII96P2tfGPR4dS/WJZyPbxy3J+OhzMxEJPJp4/OhO/yy8rm80H9zburv3g969fGGJ3F94rC9l59OtTdZfIjpdsCNWe56d9dGR1z5d1k/nUzVet/MalON4rfXWXOnXFmbo98Eytla/h+ntazOteOLRuKa+73FN38PVWs/N66En48gfgiXXuq+dq9X/V/15/v/6r+t36a9PfnvrG1Eu1mPzr5Der8xNfqryU/Cnej5913/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACf3ubb79xbazbXNw4U0jR9d0DVWS5MlMMeUHUSO33xmYhxDbkWEacj85+kaVquSU5DPEcX0sxUpJ+y+V8iYriNqxFxWNWV8SdhzBcm4MRdb93/4fXNt9/5WuP+2p31O+sPVpaXV+ZXll9Zun670VyfLx7HHSVwEro3/XFHAgAAAAAAAAAAAAzr//GnAskxf98yeO/Tn+VQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDNqdS6qjyKJhflr89ny7s5SM5va5e6W1YioRETy04jkg4gbUUwx09NdMmg/Dxsrb3748e5H3b6q7e0rR7UbznY5xWxETJTz49T71nySFvb3d3PI/gZL2iP8Zzboq+3Ewbj9LwAA//8yFAv9")
llistxattr(&(0x7f00000001c0)='./file1\x00', 0x0, 0x0)

3m57.50872109s ago: executing program 32 (id=457):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x1008400, &(0x7f0000000e80)=ANY=[], 0x84, 0x6a5, &(0x7f0000000cc0)="$eJzs3ctvXFcZAPDvjsdjTyipmyY0RZViNRIgLBI/5ILZNCCEvKiqqixYsLISJxllkoI9ILdC1Ly3XeQPKELesUBI7CPKhg3suvWOSgg23eCuLrqPedjjsWca3LGT3y+6c8+9555zv/PNfcwj1gTw1Fqdi+qjSGJ17rWtbHl3Z6m5u7N0v12OiKmIqERUi1kk/03T9IOIG1FM8WK2suwuGbSfh42VNz/8ePejYqlaTvn2laPaDWc7e5iJiNmImCjnj9lf3mfWz82j+5s8vrukM8IsYVfbiYNxy47eNPfvh8WaH/3tmU5Nj/phradPPkDg5JSneVLcN/vMRJwrT/TsdUBxVyzu2Wfa9rgDAAAAgM/As3uxF1txftxxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFlS/v5/Uk6Vdnk2kvbv/9fKdVGWT5cro23+6KTiAAAAAAAAAIDHk46y8ZW92IutON9pnOTf+b+cL1zMHz8Xk7EZ67ExcS22Yi1a0YqNWIiImZ6OaltrrdbGQqdl+38G5C2jt+XioS0Xjwl0qpzXRxkdAAAAAAAAADw1fhGr3e//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNEgiJopZPl1sl2eiUo2I6YioZdttR/yjXT7LHo07AAAAAHgM6ZDbPbsXe7EV5zvtkvw9/xfy9/3T8eN4EK1oRCuasR638s8Cinf9ld2dpebuztL9bOrv91v/GSncvMcoPns4fM+X8y3qcTsa+ZprcTPeiiS5FZW8ZeZyO57D4/p5FlPyamFyyMhulfNs5O+V8z7vjjTYQUb8MGUmz8hkJyPzZWxZNp7rycJkfyZGfHYO7mkhKp1gLx7I+YFB7Mv5q0Pu71w5z8bzm0E5H4uDmVjsOfri6KMv4st//sP37zYf3Lt7e3Pu9AzpOFP7lorrSr0/E0s9mXjhyczEAPN5Ji51llfju/G9mIvZeCM2ohE/ibVoxXrMxnfy0lp5PCc9p/yATN3Yt/TGcZHUyiO0uIrui6maPfbHVOvE9HLe9nw04vV4K27FeryS/1uMhfh6LMdyrPQ8w5eGuNJW9p313cMo/fyhwV/9SlmoR8Rvy3nuTvW4gZ+wLK/P9eS195o7k9f1rulm6cII96P2tfGPR4dS/WJZyPbxy3J+OhzMxEJPJp4/OhO/yy8rm80H9zburv3g969fGGJ3F94rC9l59OtTdZfIjpdsCNWe56d9dGR1z5d1k/nUzVet/MalON4rfXWXOnXFmbo98Eytla/h+ntazOteOLRuKa+73FN38PVWs/N66En48gfgiXXuq+dq9X/V/15/v/6r+t36a9PfnvrG1Eu1mPzr5Der8xNfqryU/Cnej5913/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACf3ubb79xbazbXNw4U0jR9d0DVWS5MlMMeUHUSO33xmYhxDbkWEacj85+kaVquSU5DPEcX0sxUpJ+y+V8iYriNqxFxWNWV8SdhzBcm4MRdb93/4fXNt9/5WuP+2p31O+sPVpaXV+ZXll9Zun670VyfLx7HHSVwEro3/XFHAgAAAAAAAAAAAAzr//GnAskxf98yeO/Tn+VQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDNqdS6qjyKJhflr89ny7s5SM5va5e6W1YioRETy04jkg4gbUUwx09NdMmg/Dxsrb3748e5H3b6q7e0rR7UbznY5xWxETJTz49T71nySFvb3d3PI/gZL2iP8Zzboq+3Ewbj9LwAA//8yFAv9")
llistxattr(&(0x7f00000001c0)='./file1\x00', 0x0, 0x0)

2m42.099304382s ago: executing program 3 (id=1390):
r0 = socket(0x10, 0x3, 0x9)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x7fffffffffffffff)

2m41.074182204s ago: executing program 3 (id=1396):
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x100000)
socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
connect$nfc_llcp(r3, &(0x7f00000000c0)={0x27, 0x0, 0xffffffffffffffff, 0x7, 0x6, 0xb, "374319e60fae76677774ff62cb52ff4689378bd4dd64378ce15159dc9570050a855699577846a63396dfc19acd80afce21b431edbac43f6cb15810c407db1a", 0x28}, 0x60)

2m40.148993905s ago: executing program 3 (id=1404):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x1, 0x0, '\x00', 0x0, 0x0}, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x18, &(0x7f00000006c0)=ANY=[@ANYBLOB="180000000000000000000000ffffffff180800002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000400008500000006000000b7080000000000007baaf8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a700000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r4}, 0xc)

2m38.645832372s ago: executing program 3 (id=1414):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000140), 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000100)='./file1\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000140)='./file1\x00', 0x100, 0x110)
mount$9p_fd(0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cb19976d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "64885973ff030000000000000000d01cd3160000ffffff7f0000000000002000", [0x200]})
creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc)

2m38.492981717s ago: executing program 3 (id=1416):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x10a)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x100)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESOCT=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
setresuid(0x0, 0x0, 0xee00)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chmod(0x0, 0x0)
write$FUSE_POLL(0xffffffffffffffff, 0x0, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, 0x0, 0x0)

2m38.189689864s ago: executing program 3 (id=1417):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)="711f63377256c1d015c929eb9258", 0xe}, 0x1, 0x0, 0x0, 0x20008986}, 0x4044004)
recvmmsg(r0, &(0x7f0000001700)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x1}], 0x2, 0x12162, 0x0)

2m38.082538998s ago: executing program 33 (id=1417):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)="711f63377256c1d015c929eb9258", 0xe}, 0x1, 0x0, 0x0, 0x20008986}, 0x4044004)
recvmmsg(r0, &(0x7f0000001700)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, 0x0}, 0x1}], 0x2, 0x12162, 0x0)

2m25.385334864s ago: executing program 1 (id=1511):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x80000c, &(0x7f0000000000)=ANY=[], 0x1, 0x6f7, &(0x7f0000000640)="$eJzs3c1r5OYZAPBH47E9dmHjTfajLYEMCaSlprv2Gqd1L92WUnwIJU0PPZtdb9bsrDfYTnFCqb1N/4AecuopPfi29FBS6HGhPTcESq4+Bgq55OTbFGmk+fB82hmvneT3M5Je6f3Qq0cjaTTCKIBvrNX5KNfr9b3V+dd30/nDg6XaxMHSdJ5di4ipiChFlBuTSDYjy72dD/GddGFePum3ng82Vt789IvDzxpz5XzIypcG1ethqnvRfj5ENSIm8mm3yT4tfnR89R3t3elsr18jAyTNLUwD9koRuPjLyZuCcap32W/mPflvNh5U/STHLXBBJY3rZpe5iNmIqEQ0rvr52aH0bHs3fvvn3QEAAAA4qZlhBbpv1587iqPYjUtn1SUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Osrf/5/kQ6lIVyMp3v8/lS+LPP2V9Ml0Y/r0vDsCAAAAAAAAAGPw0lEcxW5cKubrSfbM/+W2Z/zfindiO9ZjK27EbqzFTuzEVixGxFxbQ1O7azs7W4tZzYgrA2reio971LzVv4+3B2/CP399mg0HAAAAAAAAgIurMiT/wWT3sj/Gauv5PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXARJxERjkg1XivRclMoRUYmIqbTcfsTHRfrCeX+619Kk18KnZ94ZAAAAGK9K52xSGaHOc3txFLtxqZivJ9k9/7XsfrkS78Rm7MRG7EQt1uNufg+d3vWXDg+WaocHSw/Tobvdn31+oq5nLUbjt4fea/52VmIm7sVGtuRG3Ikk6plS0fm9xvTh4UHSo1+P0z4lP80N6M1EW/puOrr+UZb+c+evCOUTbeIplfrmzGW5k82ILDxu1bhc7Jnee2jo3ikPXNNilJq//FwZvKbeMX88eO2zx0r1/OXmXByPxK0oNffQtcGRiPjeP5789n5t88H9e9vzF2eTetobWuJ4JJbaInH9axSJ4RaySFxtzq/GL+M3MR+fT78RW7ERv4u12In1apG/ln+e0/Hc4Eh9Mts+98awnqTHZLV5/urVp2p09Cmq8YsstRYvRxJzcSk2IolHEZPr8Vr2dysWm2eD1h6+OsJRXxrhTNum8v1s0gxTzPQv+7fRmhyXNK6X2+Lads7NjoPLHUtaUXq+Z5SKa93o16M25e/mibSF9wdeH56145FYbIvEC/0+L42Q/rWejrdrmw+27q+9PeL6Xs2nxaezx4mk/mW25/TSPfx8VPKNu5yN096ln44074VmrzvjNZU/cWkodeVdbdZrHKm/ikdxN9qP1B/FcizHSlb6WlZ6suuKleZdb7bUeQ5P89JvWuXmg53271uPotb4PgTAxTb7g9mpmf/N/Gfmw5k/zdyfeb3y8+kfT784FZP/nvxJeWHi1dKLyd/jw/hD6/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ve1333uwVqutb/VOlHpnJYNrrdWKN/INKtORSPJX5YxQOBmpwcGJ6Xzzv2w7HYnqqRos3tY4vHB1fF3tSiT7+Q5rLqkM3xfZW572RtrLSVfA08qn7nPxfqkzisaYEtXxNVh8YAeVGXpUFm9W68iaiIhehYecOCbGdQYCzsvNnYdv39x+970fbjxce2v9rfXNyeXllYWV5deWbt7bqK0vNMZtFZ7Jy2+BZ6F10W9fWop4aXjdAS9qBQAAAAAAAAAAAM7Q8f/oOIv/hXhy3hsJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfKWtzkf5aSSxuHBjIZ0/PFiqpUORbpUsR0QpIpLfRyT/irgdjSHm2ppL+q3ng42VNz/94vCzVlvlonwpYr9vvdHs50NUI2Iin46rvTvD25tqJad7ZCfNyKQBe6UIHJy3/wcAAP//vGfxGQ==")
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, 0x0)

2m25.20764717s ago: executing program 1 (id=1513):
r0 = syz_open_dev$video4linux(&(0x7f0000000080), 0xff, 0x0)
ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f00000003c0)={0x1, 0x0, {0x1001, 0x4, 0x1015, 0x2, 0x0, 0x6, 0x1, 0x4}})

2m25.15746072s ago: executing program 1 (id=1515):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b08000009058d67c8002a000009050502000000000009058b6e", @ANYRESOCT], 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_usb_ep_write(r0, 0x8d, 0xe, &(0x7f0000000340)="d0be166e5e8b26a5e6b39aa93e00")

2m23.546595601s ago: executing program 1 (id=1529):
syz_mount_image$jfs(&(0x7f0000000100), &(0x7f0000000000)='./file1\x00', 0x1010006, &(0x7f00000013c0)=ANY=[@ANYBLOB='quota,discard=0x000000000000aff9,iocharset=none,nointegrity,iocharset=cp1251,integrity,nodiscard,noquota,uid=', @ANYRESHEX=0xee01, @ANYBLOB="2c00c38b4986bd7086e58f5d7fd70ab0f8e8bb0e5f5b35be555a19034ea00aa5cc6053411b1c187a24d1f68a37ecec3d26f9ba8207f6ce22b0a47e28485c69c14dc952b0c5e5f1ffe29eb2ce10e7e2a59e32a5a7ea7d8a6fa0b5e90476f3fa2cb4fcba14a881906678b3f96174c0ea0e4edc3068e37fec09729df129bb3e5b9490df2879472cb2e2"], 0x24, 0x621a, &(0x7f0000001500)="$eJzs3cuPHFfZB+C3+jaXfHGsLKJ8FhKTxFxCiK/BGAIkWcCCDQvkHUK2JpPIwgFkG+REFp5otuzZgpBYIsSSFX9AFmzZsUXCko0EygJSqGbOGddUuqdnbE9Xt+t5pHHV26dq+pR/XX2ZquoTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB89zvfP1tExOWfpxuOR/xf9CN6EStVvRYRK2vH6+s8H9vN8VxEDJciqvW3/3km4rWI+OhYxL37t9erm88dsB/f/sNff/vDp773l98PT//7jzf7r09a7tatX/7rT3cefnsBAACgi8qyLIv0Mf9ERAzSZ3sA4MmXX//LJN+unrt6c876o1ar1eoFrOvK8e7Ui4jYrK9TvWdwOB4AFsxmfNx2F2iR/DttEBFPtd0JYK4VbXeAI3Hv/u31IuVb1F8P1nba87kge/LfLHav75g0naZ5jsmsHl9b0Y9nJ/RnZUZ9mCc5/14z/8s77aO03FHnPyuT8h/tXPrUOTn/fjP/hicn/97Y/Lsq5z84VP59+QMAAAAAwBzLf/8/3vLx36VH35QD2e/479qM+gAAAAAAAAAAj9thx/8bNMb/22X8PwAAAJhb1Wf1yq+PPbht0nexVbdfKiKebiwPdEy6WGa17X4AAAAAAAAAAAAAQJcMds7hvVREDCPi6dXVsiyrn7pmfViPuv6i6/r2Q5e1/SQPAAA7PjrWuJa/iFiOiEvpu/6Gq6urZbm8slqulitL+f3saGm5XKl9rs3T6ral0QHeEA9GZfXLlmvr1U37vDytvfn7qvsalf0DdGw2WgwcACJi59Xo3qRXpP94vVpMZflMtPwmhwWxz/7PgrL/cxBtP04BAACAo1eWZVmkr/M+kY7599ruFAAwE/n1v3lcQK1Wq9Xqg9e/+uzffzBP/VFPquvK8e7Ui4jYrK9TvWcwHD8ALJjN+LjtLtAi+XfaICKeb7sTwFwr2u4AR+Le/dvrRcq3qL8epPHd87kge/LfLLbXy+uPm07TPMdkVo+vrejHsxP689yM+jBPcv69Zv6Xd9pHablHz7/c82fCts4xmpR/tZ3HW+hP23L+/Wb+DUe9/8/KVvTG5t9VOf/BofLvyx8AAAAAAOZY/vv/8bk6/jt62M2Zar/jv2tj1zi6vgAAAAAAAADA43Lv/u31fN1rPv7/mTHLuf7zyZTzL+TfSTn/XiP/LzaW69fm7771IP9/3r+9/rub//j/PD1o/kt5pkiPrCI9Iop0T8UgTR9l6z5ta9gfVfc0LHr9QTrnpxy+E1fjWmzEmT3L9tL/x4P2s3vaq54Ot9vL/k77uT3tg932vP75Pe3DdHZRuZLbT8V6/CSuxdvb7VXb0pTtX57SXk5pz/n37f+dlPMf1H6q/FdTe9GYVu5+2PvUfl+fjrufN6/+d59vHp6drejvbltdtX0vttCf7Wecp0bxsxsb10/dunLz5vWzkSZ7bj0XafKY5fyH6Wf3+f+lnfb8vF/fX+9+ODp0/vNiKwYT83+pNl9t78sz7lsbcv6j9JPzfzu1j9//Fzn/yfv/Ky30BwAAAAAAAAAAAAAAAPZTluX2JaJvRsSFdP1PW9dmAgCzlV//y8ZV+rOq+zO+P7V6wetizvoz0/qTcr76o1YvYl1XjvdGvYiIP9fXqd4z/GLcLwMA5tknEfG3tjtBa+TfYfn7/qrpybY7A8zUjfc/+NGVa9c2rt9ouycAAAAAAAAAwMPK43+u1cZ/PlmW5Z3GcnvGf30r1h51/M9BntkdYHTCQNX9w2/TfrZ6o36vNtz4CzFp/O/h7tx+438PptzfcEr7aEr70pT25Snt04Zbzvm/UBvv/GREnGgMv96F8V+bY953Qc7/xdrjucr/C43l6vmXv1nk/Ht78j99872fnr7x/gevXn3vyrsb7278+PzZs2fOX7hw8eLF0+9cvbZxZuffFnt8tHL+eexr54F2S84/Zy7/bsn5fy7V8u+WnP/nUy3/bsn55/d78u+WnH/+7CP/bsn5v5xq+XdLzv9LqZZ/t+T8X0m1/Lsl5//lVMu/W3L+r6Za/t2S8z+Vavl3S87/dKoPmP/KUfeL2cj55yNc9v9uyfnnMxvk3y05/3Opln+35PzPp1r+3ZLzfy3V8u+WnP9XUi3/bsn5X0i1/Lsl5//VVMu/W3L+F1Mt/27J+X8t1fLvlpz/11Mt/27J+b+eavl3S87/G6mWf7fk/L+Zavl3S87/W6mWf7fk/N9Itfy75cH3/5sxY8ZMnmn7mQkAAAAAAAAAAAAAaJrF6cRtbyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2MHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdi7uxi5zvp+4Gf2zWsHEgMhfyd/A2vHGONssuuX+IXWxSThpeGtBEKhL9iud20W/IbXLoFGsmmgRMKoqKJtuGgLKGpzU+GLXNAqoFygVkiVSHtBbxAVKhdRFVBAqkQryFZz5nmenZmdndn1rtdnzvl8JPvnnTkz5zlnnnN2frv+zgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmm25f/rztSzL6n/yvzZm2cvq/14/tjG/7U03eoQAAADASv0q//vFW9INh5fwoKZl/vm133t6bm5uLvvQ4J8Pf3luLt0xlmXD67Isvy+6+qMP15qXCR7LRmsDTV8P9Fj9YI/7h3rcP9zj/pEe96/rcf9oj/sX7IAF1jd+HpM/2bb8nxsbuzS7NRvO79vW4VGP1dYNDMSf5eRq+WPmhk9kM9mpbDqbbFm+sWwtX/6ZLfV1vSOL6xpoWtfm+gz52aPH4xhqYR9va1nX/HNGP3lLNvbznz16/G8vvHB7p9pzN7Q8X2OcO7bWx/nZcEtjrLVsXdoncZwDTePc3OE1GWwZZy1/XP3f7eN8cYnjHJwf5ppqf81Hs4H838/l+2mo+cd6aT9tDrf94s4syy7PD7t9mQXrygayDS23DMy/PqONGVl/jvpUemU2tKx5umUJ87Rep7a1ztP2YyK+/lvC44YWGUPzy/STz4w0ve6/nLuWeRrVt3qxY6V9Dq72sVKUORjnxXP5Rj/ecQ5uC9v/6PbF52DHudNhDqbtbpqDW3vNwYGRwXzM6UWo5Y+Zn4O7WpYfzNdUy+vz27vPwYkLp89NzH7q03fPnD52cvrk9Jk9u3ZN7tm378CBAxMnZk5NTzb+vsa9XXwbsoF0DGwN+y4eA29oW7Z5qs59bWTB+fdaj8PRLsfhxrZlV/s4HGrfuNraHJAL53Tj2PhAfaePXhnIFjnG8tdn58qPw7TdTcfhUNNx2PF7SofjcGgJx2F9mXM7l/aeZajpT6cxLP69YGVzcGPTHGx/P9I+B1f7/UhR5uBomBc/2Ln494LNYbyPjy/3/cjggjmYNjece+q3pPf7owfy0mle3lG/46aR7OLs9Pl7Hjl24cL5XVkoa+JVTXOlfb5uaNqmbMF8HVj2fD0889rH7+hw+8awr0bvrv81uuhrVV9m7z3dX6v8u1vn/dly6+4slFW21vuz03fz+v4cybKvfOczD33r0a/cv+j+rPebn51Y+Xvx1Jc2nX+HFzn/xr7/pcb60lM9Njg81Dh+B9PeGW45H7e+VEP5uauWr/vFiaWdj4fDn7U+H9/a5Xy8qW3Z1T4fD7dvXDwf13r9tGNl2l/P0TBPTk12Px/Xl9m0e7lzcqjr+fjOUGth/78xdAqpL2qaO4vN27SuoaHhsF1DcQ2t83RPy/LDoTerr+up3eFNYRrl0ubpjjsbyw82PS5aq3k61rbsas/T9LOvxeZprddP365N++s5GubFrXu6z9P6Ms/uXfm5c338Z9O5c6TXHBweHKmPeThNwvx8n82tj3Pwnux4djY7lU3l947k86mWr2v83qWdK0fCn7U+V27qMgd3tC272nMwfR9bbO7VhhZu/Cpofz1Hw7x44t7uc7C+zAP7V/e9645wS1qm6b1r+8/XFvuZ1x1tu+l6zZWhMM7v7O/+s9n6MqcOLLfP7L6f7gq33NRhP7Ufv4sdU1PZ2uynTWGcLxxYfD/Vx1Nf5ssHlzifDmdZdukT9+U/7w2/X7l08ftPt/zepdPvdC594r6fvvzEPy1n/AD0v5caZUPje13Tb6aW8vt/AAAAoC/Evn8g1ET/DwAAAKUR+/74v8IT/T8AAACURuz7h0JNytD//3HvRTY98MLMS5eylMyfC+L9aTc82FguZlwnw9djc/Pqt9/35PR//+OlpQ1vIMuyXz74Rx2X3/RgHFfDWBjn1be23r7A03cvad1HH76U1tucX/9qeP64PUudBp0iuJNZlj1zyxfz9Yx9+Epen33waF4fuvz4Y/VlXjzY+Do+/vlXNZb/qxD+PXziWMvjnw/74cehTr6z8/6Ij/vGlTdu3v/B+fXFx9W23pxv9hMfaTxv/JycLz3WWD7u58XG/60vPPWN+vKPvL7z+C8NdB7/U+F5nwz1f17TWL75Nah/HR/3uTD+uL74uHu+/u2O47/6+cby597WWO5oqHH9O8LX2972wkzz/nqkdqxlu7K3N5aL65/8/p/m98fni8/fPv7RI1da9kf7/Hj23xrPM9G2fLw9rif6h7b115+neX7G9T/1J0db9nOv9V996PnX1J+3ff13tS137hM78/XPP1/rJzb99ee+2HF9cTyH//5cy/Ycfl84jsP6n/hImI/h/v+92ni+9k9XOPq+1vNPXP6rGy+1bE/0jp831n/1zSfzum50/YabXvbymy+/rr7vsuy5dY3n67X+k39ztmX8X7utsT/i/TGj377+xcT1n//k+JmzsxdnptJeffSW/LNz3tUYTxzvLeHc2v71kbMXPjp9fmxybDLLxsr7EXrX7Ouh/rRRLndfem7BGXTnw+H1vOMvn9mw/V+/EG//9w80br/yzsb3rTeE5b4Ubt8YXr/lrX+hJ7bclh/ftWfDCOcWfl7wSmze9l8HlrRg2P729wVxvp979Ufz/VC/L/++EY/rFY7/h1ON5/lm2K9z4ZOZt942v77m5eNnI1x5f+N4X/H+C6e5+Lr+XXi93/3jxvPHccXt/WF4H/PtTa3nuzg/vnlpoP3580/xuBzOJ9nlxv1xqbi/r7x4W8fhxc8hyS7fnn/9Z+l5bl/WZi5m9lOzE6dmzlx8ZOLC9OyFidlPffrI6bMXz1w4kn+W55GP9Xr8/PlpQ35+mpretzfLz1ZnG+U6u9HjP/fw8an9k9unpk8cu3jiwsPnps+fPD47e3x6anb7sRMnpj/Z6/EzU4d27T64Z//u8ZMzU4cOHDy45+D4zJmz9WE0BtXDvsmPj585fyR/yOyhvQd33Xvv3snx02enpg/tn5wcv9jr8fn3pvH6o/9w/Pz0qWMXZk5Pj8/OfHr60K6D+/bt7vlpgKfPnZgdmzh/8czExdnp8xONbRm7kN9c/97X6/GU0+x/NN7Ptqs1Pogve+9d+9Lns9Y9+ZlFn6qxSNsHiL4QPovmu684d2ApX8e+fzjUpAz9PwAAAJCLff9IqIn+HwAAAEoj9v3rQk30/wAAAFAase8fDTX9l4CK9P+ly/9vurSk9cv/y/837y/5/4rl/99ftPx/43wh/786Vpq/l/8Pipn/H87k/+X/Czx++X/5fxYqWv4/9v3rs8zv/wEAAKCkYt+/IdRE/w8AAAClEfv+m0JN9P8AAABQGrHvf1moSUX6f/l/+X/5/5Lm/4cWX7/8v/x/mcn/d9fn+X/X/1+D/H9Wrfz/5dUc/w3I/69v/kL+nyIqWv4/9v0vDzWpSP8PAAAAVRD7/ptDTfT/AAAAUBqx778l1ET/DwAAAKUR+/6NoSYV6f/l/1eU/0+ZK/n/1vHL/7dy/f8wH+T/5f/XgPx/d/L/Pcj/u/5/f+X/W8j/U0RFy//Hvv8VoSYV6f8BAACgCmLf/8pQE/0/AAAAFM/QtT0s9v2vCjVZ0P9f4woAAACAGy72/bdmbUHwivz+X/7f9f/l/+X/5f87r3/p+f/BTP6/OOT/u5P/70H+X/5f/l/+n1VVtPx/3vdno9mrQ00q0v8DAABAFcS+/7ZQE/0/AAAAlEbs+/9fqIn+HwAAAEoj9v2bQk0q0v/L/5cm//+L5pdO/l/+v9v65f9d/7/M5P+7k//vQf5f/l/+X/6fVVW0/H/s+28PNalI/w8AAABVEPv+O0JN9P8AAABQGrHv//+hJvp/AAAAKI3Y928ONalI/y//X/D8f0yOuv6//L/8fyHz/6Py/4Uj/9+d/H8P8v/y//L/8v+sqqLl/2Pf/5pQk4r0/wAAAFAFse9/baiJ/h8AAABKI/b9rws10f8DAABAacS+fyzUpCL9/3Ly/7XL8v+Luc7X/x9ZwvX/W8j/y/93W7/8v+v/l5n8f3fy/z3I/8v/y//L/7Oqipb/j33/llCTivT/AAAAUAWx798aaqL/BwAAgNKIff+doSb6fwAAACiN2PdvCzWpSP/v+v99kf/P5P/l/+X/5f/l/5dG/r87+f8e5P/l/+X/5f9ZVUXL/8e+//WhJhXp/wEAAKAKYt+/PdRE/w8AAAClEfv+N4Sa6P8BAACgNGLfvyPUpCL9v/y//L/8f1/k/+9fn8n/y//L/y+F/H938v89yP/L/8v/y/+zqoqW/499/xtDTSrS/wMAAEAVxL5/Z6iJ/h8AAABKI/b9d4Wa6P8BAACgNGLfPx5qUpH+X/5f/l/+vy/y/67/L/8v/79E8v/dyf/3IP8v/y//L//Pqipa/j/2/XeHmlSk/wcAAIAqiH3/PaEm+n8AAAAojdj3T4Sa6P8BAACgNGLfPxlqUpH+X/5f/l/+X/5/Wfn/180/r/x/w3XN/z8g/79c8v/dyf/3IP8v/3/D8//D8v+UStHy/7Hv3xVqUpH+HwAAAKog9v27Q030/wAAAFAase/fE2qi/wcAAIDSiH3/3lCTivT/8v/y//L/8v+u/995/YXI/7v+/7LJ/3e3+vn/uIlFyf+vk/9fgRudn+/38bv+v/w/CxUt/x/7/ntDTSrS/wMAAEAVxL5/X6iJ/h8AAABKI/b9+0NN9P8AAABQGrHvPxBqUpH+X/5f/l/+X/5f/r/z+uX/+5P8f3eu/9+D/L/8fx/n/+tzS/6foila/j/2/QdDTSrS/wMAAEAVxL7/TaEm+n8AAAAojdj3/1qoif4fAAAASiP2/b8ealKR/l/+X/5f/l/+v+j5/xH5f/n/ZZD/707+vwf5f/n/Ps7/u/4/RVS0/H/s+w+FmlSk/wcAAIAqiH3/b4Sa6P8BAACgNGLf/+ZQE/0/AAAAlEbs+w+HmlSk/5f/X6P8f7xR/l/+X/7f9f/l/68r+f/u5P97kP+X/5f/l/9nVRUt/x/7/reEmlSk/wcAAIAqiH3/faEm+n8AAAAojdj33x9qov8HAACA0oh9/wOhJhXp/+X/++z6/6NlzP8Pt4xd/n/+cfL/DfL/8v/LIf/fnfx/D/L/8v/y//L/rKqi5f9j3//WUJOK9P8AAABQBbHvf1uoif4fAAAASiP2/W8PNdH/AwAAQGnEvv8doSYV6f/l//ss/+/6//L/8v/y//L/Xcn/dyf/34P8v/y//L/8P6uqaPn/2Pf/ZqhJRfp/AAAAqILY9z8YaqL/BwAAgNKIff87Q030/wAAAFAase9/V6hJRfp/+X/5f/l/+X/5/87rl//vT/L/3fVZ/v9XN4fb5f8b5P+LPf7l5v+H2r6+Lvn/Hy2W/59b1/54+X+uh6Ll/2Pf/+5Qk4r0/wAAAFAFse9/T6iJ/h8AAABKI/b97w010f8DAABAacS+/7dCTSrS/8v/18cxn16W/5f/z2+Q/19O/n9I/l/+v0jk/7vrs/y/6/+3kf8v9vhd/1/+n4WKlv+Pff/7Qk0q0v8DAABAFcS+/6FQE/0/AAAAlEbs+98faqL/BwAAgNKIff8HQk0q0v/L/7v+v/y//L/r/3dev/x/f5L/707+vwf5f/n/ouX//1P+n/5WtPx/7PsfDjWpSP8PAAAAVRD7/g+Gmuj/AQAAoDRi3//boSb6fwAAACiN2Pd/KNSkIv2//H+/5P/H5P+Xmf8fCbfJ/8v/y/9Xi/x/d/L/Pcj/y/8XLf/v+v/0uaLl/2Pf/+FQk6X3/6NLXhIAAAC4IWLf/zuhJs39f/svowAAAIC+Evv+3w01qcj//wcAAIAqiH3/74WaVKT/l//vl/y/6/9nrv8v/9+2PfL/8v+drF3+P5555P/l/+X/I/l/+X/5f9oVLf8f+/7fDzWpSP8PAAAAVRD7/o+EGvhMPwAAAOgTnf5PdrvY9x8JNfH7fwAAACiN2PcfDTWpSP8v/y//L/9f0Pz/X2z9lx987z1Hd8n/t+T/L8v/y//3sKbX/68f/K7/L/8v/5/I/8v/y//Trmj5/9j3Hws1mW/83iUMAAAAAP0t9v1/EGpSkd//AwAAQBXEvv94qIn+HwAAAEoj9v1ToSYV6f/l/+X/5f8Lmv/v4+v/x/3RT9f/H1/XR/n/eNKV/+9oTfP/H5zPicv/Lzf/P9Lx1vb8f03+v4X8/7LH/90sy+T/5f+5gYqW/499/3SoSUX6fwAAAKiC0PcPnGjU+Tv0/wAAAFAase8/GWqi/wcAAIDSiH3/R0NNKtL/y//L/8v/y//30/X/M9f/d/3/HuT/uytO/r8z1/+X/+/n8cv/y/+zUNHy/7Hvnwk1qUj/DwAAAFUQ+/6PhZro/wEAAKA0Yt//8VAT/T8AAACURuz7T4WaVKT/l/+X/5f/l/+X/++8fvn//iT/3538fw/y//L/8v/y/6yqouX/Y99/OtTk/9i7kydLyyqP4zfpJKgKNr3rRS+69/0nsGjW3X+ACyIMFxphuAAV54nCecR5HnAWBxxAESecJ3BCcRYV53nAGTXKgDrnVGXmm+/NrLqZ+dzn+XwWHkhI7y2tgPpV1rfeQfY/AAAAjCB3/6Vxi/0PAAAA3cjdf1ncYv8DAABAN3L3PzBuGWT/6//1/932//+r/9/t9fX/+v+e6f/n6f+X0P/r//X/+n9WqrX+P3f/g+KWQfY/AAAAjCB3/4PjFvsfAAAAupG7//K4xf4HAACAbuTuf0jcMsj+39b/byzG7P8z49X/99T/e/7/rq+v/9f/9+xw+/8r7/4nn/5f/6//D/p//b/+n+1a6/9z9z80bhlk/wMAAMAIcvc/LG6x/wEAAKAbufsfHrfY/wAAANCN3P2PiFsG2f+e/+/5//p//b/+f/r19f/ryfP/543U/19+24WX3nnDf964n9fX/+v/9f/6f1artf4/d/8j45ZB9j8AAACMIHf/o+IW+x8AAAC6kbv/0XGL/Q8AAABr6PjkR3P3PyZuGWT/6//1//r/6P+P6f/1//r/Huj/543U/5/N6+v/9f/6f/0/q9Va/5+7/7FxyyD7HwAAAEaQu/9xcYv9DwAAAO2a+oXYM3L3XxG32P8AAADQjdz9J+KWQfa//v/g+/9/6v/Xo//3/H/9v/6/C/r/efr/JfT/+n/9v/6flWqt/8/df2XcMsj+BwAAgBHk7n983GL/AwAAQDdy9z8hbrH/AQAAoBu5+58Ytwyy//X/nv+v/9f/6/+nX1//v570//P0/0vo/8+1nz9f/6//1/9zpn32/3fN/GN7Jf1/7v4nxS2D7H8AAAAYQe7+J8ct9j8AAAB0I3f/U+IW+x8AAAC6kbv/qXHLIPtf/6//1/+33P9vLpru/3d+17uH/n+a/v9w6P/nNdP/b2xOflj/v/b9v+f/6//1/2zR2vP/c/c/LW4ZZP8DAADACHL3Pz1umdn/+/7JfAAAAOBI5e5/Rtzi6/8AAACw9rI6y93/zLhlkP2v/9f/6/9b7v89/3/RaP9/4xnvT//fFv3/vGb6/13o//X/6/z+9f/6f3Zqrf/P3f+suGWQ/Q8AAAAjyN1/Vdxi/wMAAEA3cvc/O26x/wEAAKAbufufE7cMsv+n+//Tf13/vzf6/63vX/8//f1jVf1//jfq/2f7/4s9/39M+v95+v8l9P/6f/3/bv3/8WWfr/9nSmv9f+7+58Ytg+x/AAAAGEHu/ufFLfY/AAAAdCN3//PjFvsfAAAAupG7/wVxyyD73/P/9f/6//Xr/z3//5SjfP7/4tD7/039/x7p/+fp/5fQ/+v/9f/zz/+f+V0A9P9Maa3/z93/wrhlkP0PAAAAI8jd/6K4xf4HAACA9XDmrx3Y/gtKQ+7+F8ct9j8AAAB0I3f/S+KWfvb/7LM69f/6f/2//l//P/36bfX/nv+/V/r/efr/JfT/B9HPb3bW/1+92+e30P9fcdD9/wz9P1O29P83nf74UfX/uftfGrf0s/8BAABgeLn7Xxa32P8AAADQjdz9L49b7H8AAADoRu7+V8Qtg+z/A+//Z373Af2//l//r//X/+v/V03/P0//v4T+3/P/Pf9f/89Kben/z3BU/X/u/lfGLYPsfwAAABhB7v5XxS32PwAAAHQjd//VcYv9DwAAAN3I3f/quGWQ/e/5//p//b/+X/8//fr6//V0Tv39efr/ov/X/+v/9f/6f1agtf4/d/9r4pZB9j8AAACMIHf/a+MW+x8AAAC6kbv/dXGL/Q8AAADdyN3/+rhlkP2v/z/Y/j8/rv/X/y/0//p//f+hGPb5/xtT/ybaaZf+/5b7n/j/rR/R/+v/9f/6f/0/e/TvM3+tif7/5OkfXebuf0PcMsj+BwAAgBHk7n9j3GL/AwAAQDdy978pbrH/AQAAoBu5+6+JW/a5/+eah5bp/z3/X/+v/9f/T7++/n89Ddv/75Hn/y+h/9f/6//1/6xUE/3/GX+eu//NcYuv/wMAAEA3cve/JW6x/wEAAKAbufvfGrfY/wAAANCN3P1vi1sG2f/6f/2//l//r/+ffn39/3rS/8/T/y+xTv3/NefQ/29Of/io+/lzddTvX/+v/2en1vr/3P3Xxi2D7H8AAAAYQe7+t8ct9j8AAAB0I3f/O+IW+x8AAAC6kbv/nXHLIPtf/6//1//r//X/06+v/19P+v95+v/FYnHdzBuY6v9PXtBm/+/5/829f/2//p+dWuv/c/e/K24ZZP8DAADACHL3Xxe32P8AAADQjdz918ct9j8AAAB0I3f/u+OWQfa//l//r//X/+v/p19f/7+e9P/z9P9LrNPz//X/zb1//b/+n51a6/9z978nbhlk/wMAAMAIcvffELfY/wAAANCN3P3vjVvsfwAAAOhG7v4b45ZB9r/+X/+v/9f/6/+nX1//v54Orv9f6P/1//r/JfT/+n/9P9u11v/n7n9f3DLI/gcAAIAR5O5/f9xi/wMAAEA3cvd/IG6x/wEAAKAbufs/GLcMsv/1//p//b/+v8/+/wL9/6A8/3+e/n8J/b/+X/+v/2elpvv/K46s/8/d/6G4ZZD9DwAAACPI3X9T3GL/AwAAQDdy9384brH/AQAAoBu5+z8Stwyy//X/+v+t/f9iof/X//fR/6/F8/+PLfT/K6f/n6f/X0L/32f/f96io/7/+K6fr/+nRa09/z93/0fjlkH2PwAAAIwgd//H4hb7HwAAALqRu//jcYv9DwAAAN3I3f+JuGWQ/a//1/97/r/+X/8//fqe/7+e9P/z9P9L6P/77P89/1//z5Fprf/P3f/JuGWQ/Q8AAAAjyN3/qbjF/gcAAIBu5O7/dNxi/wMAAEA3cvd/Jm4ZZP/r//X/+n/9v/5/+vX1/+tJ/z9P/7+E/l//r//X/7NSrfX/ufs/G7fsOvy2/8gUAAAAaF3u/pvjlkG+/g8AAAAjyN1/S9xi/wMAAEA3cvd/Lm4ZZP/r//X/+v/17P+P6f/1//r/Sa30/xdd9H+36v/1//p//b/+X/8/utb6/9z9n49bBtn/AAAAMILc/V+IW+x/AAAA6Ebu/i/GLfY/AAAAdCN3/5filkH2/87+//zFqUL1lKn+Pxo1/f8Z9P9b37/+f/r7h+f/6//1/wevlf7f8//P7v3r//X/6/z+99X///fOz9f/06PW+v/c/bfGLYPsfwAAABhB7v4vxy32PwAAAHQjd/9X4hb7HwAAALqRu/+2uGWQ/e/5//p//b/+X/8//fr6//Wk/5+n/19C/6//9/z/y+77b/p/Vqe1/j93/1fjlkH2PwAAAIwgd//X4hb7HwAAALqRu//rcYv9DwAAAN3I3f+NuGWQ/a//1//r//X/+v/p19f/ryf9/zz9f9n+TTtlnP7/2NQHj7qfP1dH/f676f89/58Vaq3/z93/zbhlkP0PAAAAI8jd/624xf4HAACAbuTu/3bcYv8DAABAN3L3fyduGWT/6//1//33//fR/297ff2//r9n+v/8N/o0/f8S4/T/k466n1/396//1/+zU2v9f+7+2+OWQfY/AAAAjCB3/3fjFvsfAAAAupG7/3txi/0PAAAA3cjd//24ZZD9r/8fq//fWIzY/3v+v/5f/z8S/f88/f8S+n/9v/5f/89Ktdb/5+6/Y2NzyP0PAAAA6+pe//OA2/f6995xz38eW/wgbrl4cXKPX8YGAAAAGnf37t/YXCx+eM+f+fo/AAAA9Ch3/4/ilkH2v/5/rP5/fZ//f5P+X/+v/9f/74n+f57+fwn9v/5f/6//Z6Va6/9z9/84bjlj+G3u+1sJAAAAtCR3/0/ilkG+/g8AAAAjyN3/07hlx/732wECAADAusrd/7O4ZZCv/+v/G+//FwfU/8fftz79v+f/6//1//r/vdH/zzvH/v/khv5f/z9D/6//1/+zXWv9f+7+n8ctg+x/AAAA6NSWn1HI3f+LuMX+BwAAgG7k7v9l3GL/AwAAQDdy9/8qbhlk/+v/D73/z1T9AJ//f7z+qJ/n/+v/z6r/v+rY5Ovr//X/PdP/z/P8/yX0/730/xfo//X/tKG1/j93/6/jlvnhd+/5byUAAADQktz9v4lbBvn6PwAAAIwgd/9v4xb7HwAAALqRu/93ccsg+1//3/jz/8+q/9/D8//1/2P0/7u8fj/9/39ceOLmS+53/bX6f047zP4/vy/o//X/+v9TGur/j+T93/3/j/5f/89Wq+//N7d8cL/9f+7+38ctg+x/AAAAGEHu/jvjFvsfAAAAupG7/w9xi/0PAAAA3cjd/8e4ZZD9r//X/7fS/+f/1kfQ/5846/7/+GKxOJL+P5vi0ft/z//X/+/k+f/z9P9L6P/1/57/r/9npVbf/2/94H77/9z9f4pbBtn/AAAAMILc/X+OW3L/b+z7p+4BAACAxuTu/0vc4uv/AAAA0I3c/X+NWwbZ//p//X8r/X/y/P/Tn9fX8/8vqTh1zP7/v+qP9P8H6zD6//zRgv5f/6//30r/r//X/7PdAfX/+cOwfff/ufv/FrcMsv8BAABgBLn774pb7H8AAADoRu7+v8ct9j8AAAB0I3f/P+KWQfa//r/X/j+LeP2//r+V/t/z/z3//3B4/v88/f8S+n/9v/5f/89Ktfb8/9z9/woAAP//j2p0PQ==")
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000004c0)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x120000, 0x159)

2m22.064630043s ago: executing program 1 (id=1533):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000), 0xc02, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000340)=0x4)

2m21.255916382s ago: executing program 1 (id=1547):
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7b, &(0x7f00000000c0)=@assoc_value, &(0x7f0000000080)=0x8)

2m21.166610429s ago: executing program 34 (id=1547):
move_pages(0x0, 0x1efe, &(0x7f0000000080), 0x0, &(0x7f0000000040), 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x7b, &(0x7f00000000c0)=@assoc_value, &(0x7f0000000080)=0x8)

2.028939205s ago: executing program 4 (id=3053):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=@allocspi={0xf8, 0x16, 0x1, 0x0, 0x0, {{{@in=@empty, @in=@dev={0xac, 0x14, 0x14, 0x37}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0, 0x0, 0x73, 0x0, 0xffffffffffffffff}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@broadcast, {0x4}, {0x0, 0x2, 0x0, 0xdfc}, {}, 0x8, 0x0, 0x2}}}, 0xf8}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ff01000000000000000000000000000100000000000000000000000033000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="fe8800000000000000000000000000010000000033000000ffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000678f00000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000fdffff7fffffffff000000000000000000000000000000000000000002e4"], 0xf8}}, 0x0)

1.958035984s ago: executing program 4 (id=3056):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000680)='./file2\x00', 0x800000, &(0x7f00000007c0)=ANY=[@ANYBLOB="6e6f757365725f78617474722c666c7573685f6d657267652c6673796e635f6d6f64653d706f7369782c64697361626c655f6578745f6964656e746966792c6261636b67726f756e645f67633d73796e632c6673796e635f6d6f64653d7374726963742c6e6f626172726965722c6e6f696e6c696e655f646174612c6e6f626172726965722c71756f74612c6261636b67726f756e645f67633d6f66662c6e6f61636c2c6e6f657874656e745f63616368652c6e6f646973636172642c6163746976655f6c6f67733d342c00e62bc03000c35169ed09803fa1bee488c680f339e530b5e8ad120a2b4f078093a8e0ba2b3d1b5fe99356b80a454c1ec2f8e12392bbffe9fae2fa05e18a6b61f5eded2e484f574d2757a5fe762c770477aa3460313ee54451c6a6159eca600d6c85a8c09cef9996dc851a5f5edf1a4a22576c6dfe6b9e8dade2d3a8e6a8c7710733c1f69aabd8880291"], 0x1, 0x5504, &(0x7f000000c0c0)="$eJzs3M1rI2UYAPB32u1+uxbx4G0HFqGFTWj6seit6i5+YJey6sGTpsk0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJl3qls/QGma2O3vB5Nn5p03zzxvKIVnJiQA59Z8+vOPSbgRroQQZkMI10Mo9pNyK6zH8Fx5buaxLSnHfx+4GEK4GkK4MUoecyblqU9vD2+t/fDGT199c+nCtc++/HZ6qwam7fkQQncn7u93Y8xbMT4sx+vDdhG7q8MyxhPdR+VxHuN+tlVk2K8fzasXcaUV5+c7e/1R3O7UG6PYam8X4zu9eMH+sHWUp3jDw/pucdzMtorY7udFbB3Gug4O4/+2w/4g5mmW+T4o0ofB4CjG8ewgi+vZeVTERm9Qjse8eTM7GMVhGcvLhUbeaRZ1bJ3kk/5/e7Pd2ztIh9luv5330rVq7YVq7U6ltps3s0G2Wql3m3dW04VWZzStMsjq3fVWnrc6WbWRdxfThVajUanV0oW72Va73ktrtepKdamytlju3U5fvf9O2mmmC6P4cru3N2h3+ul2vpvGdyymy9WVFxfTW7X0rY3NdPPBvXsbm2+/d/fd+y9tvP5KOekvZaULy0vLy5XaUmW5tniO1v9RWfQY1w8nkky7AICz57/2/zf1/8AYnF7/v/sghNPv/4P+fyzOVP973vv/U1g/nIj+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg3Ppu7vPXip35eHytHH+qHHqmPE5CCDMhhF//xmy4eCznbJln7h/mz/2phq+TUGQYXeNSuV0NIayX2y9Pn/anAAAAAE+uLz68+Uns1uPL/LQLYpLiTZuZ6++PKV8SQpib/35M2WZGL8+OKVnx930hHIwpW3ED6/KYksVbbhfGle1fmT0WLj8WkhhmJloOAAAwEcc7gcl2IQAAAEzSx9MugOlIwtGjzKNnwcU37/94IHjl2BEAAABwBiXTLgAAAAA4dUX/7/f/AAAA4MkWf/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5j535yUgfiOID/WuiD9y+PvLj3Ku7gGB7BpUvDAbwER8AreAHPgDuPYMDQqUQU3XRKI/l8kjJMQ77MELqY3yQDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTpsVrO7m7Ob9vmrDft5JkNAAAAcMiqWs7qN5PU/93c/9vc+t/0i4goI+LQ2n0QP/YyB01O9cnnq3djuI+oE7bfMWquXxFx0VzP/7r+FQAAAOB0PcwX07RaTy+TvgfEMaWiTfnnMlNeERHV5ClTWrnNO8sUVv+/h3GdKa0uYI0zhaWS2zBX2kcHouvHfVe1G79pitSUX0dmmzsAAHBEg72mw1UIAAAAPbvqewD0o4jXrczdVuAoNc323s+9HgAAAPANFX0PAAAAAOhcvf53/h8AAACctnT+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF1aVctZNV9M2+asN+3kmQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALywP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/uzs7WVsUYJYeIKHjQi023tbU38aAED/4JQki3NXbrjzYHW4qQizfJuRfRo4igxFv/h55b6KXeesihghcvlTc/kmkMuFo7s20+H3jzvjsZ3vu+GQj5zkwWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNr2u7txljZzZdyv9t28d3U19bf29Mn1zduLqaW412bSj4eXmx96C90lAgAAwMGR1fV9RNzJt5ZT358r6v+8PibV/N89W8Z1Pb+37q/7uvZP7ddf7r64M9FcOU8a9OzaZHzs76kMHt0qZ9tz/3jEoDjzxb2XrLgg/Q82XtjOi/PZ++bGjfeGRXiojWwBgP/iaN1XQf33UOpHXSYGwIExaBTedf2fzXWbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAbtjfi6TruRcTiYDdObt27urpff33z9mLdTl27ttkcMw2RR8TZtcn4WItrmXWXLl85vzKZjC+2H7wSEV3N/k61/PMfTXFwRCfnR/A/Bf3qYs9KPg8T5NVaHv1cHf1CAgDgiZVXLdX1d/Kt5bSvNx9x//sH6//XG3FMWf/f/fjUzeZczfp/1NoKZ9/S+oXPly5dvvLm2oWVc+Nz40/fOj56e3Ti9MmTp5eKeyVL7pgAAADwcIZVa9b/wz3HpJ8dacQxZf3/xbejr5rjZOr/fe0+9Os6EwAAgIPt+Vf/+L23z/7ecBhfrqyvXxyV253Px8ttB6n+a4eq1qz/s/muswIAAADasL3Re+D9/zONOKZ8/v/MDy/91Bwzi4jD1fP/o6ufTc60t5yZ1sa/Lne9RgAAALp1uGrN5//5fKr/+zuvPPQj4o3Xyrj6GsCp6v/s/a9/bM7VfP//RHtLnEn9hfJ8FP1CxGCh64wAAAB4Uv15P+KpKFsq9n/Lt5Y/+fnIh0Pv/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC07a8AAAD//3npOno=")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x103042, 0x5d9f61795f7ff7ff)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000001, 0x3032, 0xffffffffffffffff, 0x0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r0, 0x4018f514, &(0x7f0000011600)={0xd0, 0x80000000, 0x3})

1.8384103s ago: executing program 5 (id=3057):
lsm_get_self_attr(0x64, &(0x7f0000000040), &(0x7f0000000000)=0x101, 0x0)
lsm_get_self_attr(0x64, &(0x7f0000000040)={0x0, 0x0, 0xdf, 0xbf, ""/191}, &(0x7f0000000180)=0xdf, 0x1)

1.769746636s ago: executing program 5 (id=3058):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000180)="71e67a15", 0x4)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
io_setup(0x20000000001005, &(0x7f0000000880)=<r2=>0x0)
sendmmsg(r1, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000040)
io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f00000000c0)={0x5000000, 0x0, 0xd, 0x0, 0x0, r1, &(0x7f0000000080)='=', 0x11}])

1.297660798s ago: executing program 0 (id=3062):
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast2, @empty}}}, @ip_retopts={{0x18, 0x110, 0xd, {[@timestamp_addr={0x44, 0x4}]}}}], 0x38}, 0x0)

1.293073292s ago: executing program 5 (id=3063):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000700), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x3c, r1, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_CHANNELS_TX_COUNT={0x8, 0x7, 0x5464}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}, @ETHTOOL_A_CHANNELS_COMBINED_COUNT={0x8, 0x9, 0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20040001}, 0x4000000)

1.218965378s ago: executing program 0 (id=3064):
r0 = socket(0xa, 0x801, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
getsockopt(r0, 0x0, 0x20, 0x0, &(0x7f0000001ffc))

1.20492906s ago: executing program 5 (id=3065):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
socket$can_j1939(0x1d, 0x2, 0x7)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000180)={0x26, 'rng\x00', 0x0, 0x0, 'stdrng\x00'}, 0x58)
r3 = io_uring_setup(0x4f10, 0x0)
r4 = syz_io_uring_setup(0x10f, &(0x7f0000000140)={0x0, 0xb423, 0x0, 0x5, 0x199, 0x0, r3}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x3, r2, 0x0, 0x0, 0x0, 0x80800})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r9=>0x0})
sendmsg$NL80211_CMD_SET_WOWLAN(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, 0x0, 0x1, 0x70bd26, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r9}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4044040}, 0x40)
sendmsg$NL80211_CMD_SET_MPATH(r7, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x44, 0x0, 0x800, 0x70bd2b, 0x25dfdbff, {{}, {@void, @val={0xc, 0x99, {0xfffffff9, 0x10}}}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MAC={0xa}]}, 0x44}, 0x1, 0x0, 0x0, 0x40008}, 0x144)
io_uring_enter(r4, 0x3516, 0x3e44, 0x8, 0x0, 0x0)

1.202931761s ago: executing program 4 (id=3066):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x300, 0x59555956, 0x7, 0x0, [{0x0, 0x1000}, {}, {0x1, 0x6}, {0x8}, {}, {0x0, 0x4}], 0x6, 0x6}})

1.139584502s ago: executing program 0 (id=3067):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000180)=0xfff, 0x4)
bind$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @ipv4}, 0x1c)

1.078495122s ago: executing program 0 (id=3068):
syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaaaa0806000108140604"], 0x0)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x50, 0x0, &(0x7f0000000000)="ff", 0x0, 0x36, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)

859.724837ms ago: executing program 0 (id=3069):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
r0 = syz_io_uring_setup(0x83f, &(0x7f00000000c0)={0x0, 0xa9ee, 0x0, 0x3, 0x8002ae}, &(0x7f0000000140)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x109880})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)

559.501107ms ago: executing program 4 (id=3070):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x18)
sigaltstack(0x0, 0x0)

462.87052ms ago: executing program 4 (id=3071):
syz_mount_image$hfsplus(&(0x7f0000007340), &(0x7f0000000000)='./file2\x00', 0x1600008, &(0x7f0000000100)={[{@umask={'umask', 0x3d, 0x3}}, {@nodecompose}, {@part={'part', 0x3d, 0x7}}, {@nodecompose}, {@nobarrier}, {@nls={'nls', 0x3d, 'iso8859-1'}}, {@type={'type', 0x3d, "25f205c1"}}]}, 0x3, 0x643, &(0x7f0000000c00)="$eJzs3UtsG2kdAPD/OI4TB9TN7qa7Ba1EtJUWRESbh1IIF8pDKIcVWpUD56h1G6tuWiUuSiuEwkscuHCoOJdDbpyQeo9UznBBveZYCdRLDyg3oxmPHeftvGoHfr9q/H2fv5lv/vO352Gn1gTwf2t+IoobkcT8xOeraXtzfaa2uT4zlHfXIiKtFyKKzSKSpYjkZbP7ZvrwlfTJfP7koPU8q87devV283WzVWwtnJTS2vDByx2lueBaPsV4RAzk5V6D3Y66Y7zbB463n3//Yf8gm4Gm23y1lTjotcYea8dZ/MT7LdA/kuZ5c4/RiJHsDN28Doj86FB4t9GdvWMd5QAAAOCCem8rttYajUav4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLJL//f5JPhVZ9PJLW/f9LHbOXehjqmdjodQAAAAAAAAAAcCKNgc7W17ZiK1bjUrs3yf7m/2nWGMsevxSPYyUqsRzXYjUWoh71WI6piBjtGKi0ulCvL091seT0vktOn+tGAwAAAAAAAMD/ul/H/Pbf/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoB8kEQPNIpvGWvXRKBQjYjgiSul8axH/aNUvso1eBwAAAADvwHtbsRWrcanVbiTZZ/6Pss/9w/E4lqIe1ahHLSpxJ/suoPmpv7C5PlPbXJ95kE57x/3TfxqZLsPIRozmdw/7r/lKNkc57kY1e+Za3I6HUSt3jnKlFc/+cf3qTTr293JdRnYnL9Mt/2Ne9ofRLCOD7YxM5rGleXz/8Ex8/81J1zSermkqCu1vfsbOIecjeZnsKntvd86no5DlO/XR4ZmI+PqLv/xssbZ0f/HuykT/bNIJNTPRaDQzMZS1Wpn4+MhMDMXOTNx45/Gfncls2y+32/Px4/hpTMR4fBHLUY2fx0LUoxLj8aOstpC/n9PH0V2ZKuwc+uaO1hdHRVLKX5fmUfR4MX2aLXspqvGTeBh3ohI3sn/TMRXfjtmYjbmOV/hyF3t94Xh7/dVv5JX0kP77vOwPaV7f78hr5zF3NOvrfGY7Sx+c/bGx+NW8kq7jNxHxwzPcztPZnYn0LPHiy82+Dw/PxJ+z64SV2tL95cWFR12u77O8TPej3/XVWSJ9v3yQvlhZa+e7I+37cN++qaxvrN1X2NN3ud131J5ayq/h9o40nfV9vG/fTNZ3paNvz/VW+3oIgD428s2RUvlf5b+Xn5d/W14sfz78g6HvDH1SisG/DX63ODnwWeGT5K/xPH65/fkfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4uZUnT+8v1GqV5SMrSXbz/4iuZu6otG7ndPjMSRSzG/kcZ2SVWq0yHH0RxrEqtX9GdDyT9DqefqgM9dubv7fHJeD8Xa8/eHR95cnTb1UfLNyr3KssDc7Ozk3Ozd6YuX63WhuI9LEy2esogfOwfdLPmoO9jgcAAAAAAAAAAAA42uE/A2j9d8DT/Zygx5sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXHDzE1HciCSmJq9Npu3N9ZlaOrXq23MWI6IQEckvIpKXETejOcVox3DJQet5Vp279ert5uvtsYqt+QuHLdedtXyK8YgYyMuzGu/2qcdL2luYJuxq6XTBwZn5bwAAAP//uI4Hww==")
creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x2020)

343.209701ms ago: executing program 4 (id=3072):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x1a, 0x3, &(0x7f0000000200)=@framed={{0x18, 0xa, 0x0, 0x4100}}, &(0x7f0000000000)='syzkaller\x00', 0x4, 0x1b, 0xffffffffffffffff}, 0x94)

179.416369ms ago: executing program 0 (id=3073):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
r1 = socket$caif_seqpacket(0x25, 0x5, 0x5)
r2 = syz_io_uring_setup(0x10d, &(0x7f0000000300)={0x0, 0x40000, 0x0, 0xfffffffc, 0x238}, &(0x7f0000000380)=<r3=>0x0, &(0x7f0000000280)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r1, 0x0})
io_uring_enter(r2, 0x3f70, 0x0, 0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(0x0, &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r7, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x0, 0x20}, 0xc)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r7, &(0x7f0000000180)="1a", 0x34000, 0x0, &(0x7f0000000480)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmmsg$sock(r7, &(0x7f0000000340)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1}}, {{0x0, 0x3f, &(0x7f0000000040)=[{&(0x7f00000002c0)="a6", 0x3f}], 0x1}}], 0x2, 0x40448c0)
shutdown(r7, 0x1)
r8 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r8, &(0x7f0000000000)={0xa, 0x4e20, 0xfffffffc, @local, 0x2}, 0x1c)

91.132501ms ago: executing program 5 (id=3074):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="30000000030805000000000000000000000000000c0004800800014000000000060002400000000005000300ff"], 0x30}}, 0x0)

0s ago: executing program 5 (id=3075):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000580)=[@in={0x2, 0x4e21, @local}], 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x1)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="3000000010000108000000000000db0000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000080004004400000008001b"], 0x30}}, 0x0)
r2 = dup(r0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000000)={0x0, 0x18, 0xfa00, {0x3, 0x0, 0x2, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, 0x0, 0x13f, 0x1}}, 0x34000)

kernel console output (not intermixed with test programs):

ion found
[  251.670000][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  251.673398][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  251.676790][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  251.680250][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  251.683592][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  251.687032][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  251.690217][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  251.693021][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  251.695997][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  251.699153][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  251.702462][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  251.705953][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  251.709219][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  251.712653][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  251.716102][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  251.719442][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  251.722523][    C0] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  251.790545][T10771] loop4: detected capacity change from 0 to 4096
[  251.795182][T10771] nilfs2: Unknown parameter '0000000000000000000600000000000000000000006'
[  252.230777][T10782] loop5: detected capacity change from 0 to 256
[  252.259243][   T33] audit: type=1804 audit(1758719931.411:44): pid=10782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.1841" name="/newroot/91/file0/bus" dev="loop5" ino=1048658 res=1 errno=0
[  252.470649][T10790] netlink: 'syz.4.1844': attribute type 10 has an invalid length.
[  252.474142][T10790] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1844'.
[  252.479416][T10790] dummy0: entered promiscuous mode
[  252.485784][T10790] bridge0: port 3(dummy0) entered blocking state
[  252.489009][T10790] bridge0: port 3(dummy0) entered disabled state
[  252.492230][T10790] dummy0: entered allmulticast mode
[  252.499185][T10790] bridge0: port 3(dummy0) entered blocking state
[  252.501931][T10790] bridge0: port 3(dummy0) entered forwarding state
[  252.787559][T10793] loop4: detected capacity change from 0 to 40427
[  252.794795][T10793] F2FS-fs (loop4): invalid crc value
[  252.805952][  T794] usb 1-1: USB disconnect, device number 28
[  252.878533][T10793] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  252.885079][T10793] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  252.914308][ T5849] bcachefs (loop0): shutting down
[  252.916750][ T5849] bcachefs (loop0): going read-only
[  252.918491][ T5849] bcachefs (loop0): finished waiting for writes to stop
[  252.922748][ T5849] bcachefs (loop0): flushing journal and stopping allocators, journal seq 3
[  252.932281][ T5849] bcachefs (loop0): flushing journal and stopping allocators complete, journal seq 4
[  252.936106][ T5849] bcachefs (loop0): clean shutdown complete, journal seq 5
[  252.938876][ T5849] bcachefs (loop0): marking filesystem clean
[  252.954096][ T5849] bcachefs (loop0): shutdown complete
[  253.571566][ T9606] syz-executor: attempt to access beyond end of device
[  253.571566][ T9606] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  253.585898][ T9606] CPU: 0 UID: 0 PID: 9606 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  253.585912][ T9606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  253.585917][ T9606] Call Trace:
[  253.585920][ T9606]  <TASK>
[  253.585923][ T9606]  dump_stack_lvl+0x189/0x250
[  253.585956][ T9606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  253.585964][ T9606]  ? __pfx_queue_work_on+0x10/0x10
[  253.585972][ T9606]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  253.585983][ T9606]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  253.586004][ T9606]  f2fs_handle_critical_error+0x37c/0x540
[  253.586045][ T9606]  f2fs_write_end_io+0x886/0xb60
[  253.586069][ T9606]  __submit_merged_bio+0x27a/0x6a0
[  253.586086][ T9606]  __submit_merged_write_cond+0x255/0x530
[  253.586105][ T9606]  f2fs_write_data_pages+0x261d/0x3000
[  253.586138][ T9606]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  253.586186][ T9606]  ? folios_put_refs+0x559/0x640
[  253.586210][ T9606]  ? __lock_acquire+0xab9/0xd20
[  253.586229][ T9606]  ? do_raw_spin_lock+0x121/0x290
[  253.586242][ T9606]  ? do_raw_spin_unlock+0x4d/0x240
[  253.586251][ T9606]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  253.586258][ T9606]  do_writepages+0x32e/0x550
[  253.586272][ T9606]  ? do_raw_spin_unlock+0x4d/0x240
[  253.586282][ T9606]  filemap_fdatawrite+0x199/0x240
[  253.586292][ T9606]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  253.586319][ T9606]  ? do_raw_spin_unlock+0x4d/0x240
[  253.586329][ T9606]  f2fs_sync_dirty_inodes+0x31f/0x830
[  253.586343][ T9606]  f2fs_write_checkpoint+0x95a/0x1df0
[  253.586360][ T9606]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  253.586383][ T9606]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  253.586390][ T9606]  ? kfree+0x18e/0x440
[  253.586400][ T9606]  ? kill_f2fs_super+0x298/0x6c0
[  253.586409][ T9606]  kill_f2fs_super+0x2c3/0x6c0
[  253.586419][ T9606]  ? __pfx_kill_f2fs_super+0x10/0x10
[  253.586425][ T9606]  ? radix_tree_delete_item+0x2b6/0x400
[  253.586435][ T9606]  ? shrinker_free+0x2ce/0x3e0
[  253.586444][ T9606]  deactivate_locked_super+0xbc/0x130
[  253.586454][ T9606]  cleanup_mnt+0x425/0x4c0
[  253.586462][ T9606]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.586471][ T9606]  task_work_run+0x1d4/0x260
[  253.586481][ T9606]  ? __pfx_task_work_run+0x10/0x10
[  253.586489][ T9606]  ? __x64_sys_umount+0x122/0x160
[  253.586501][ T9606]  ? exit_to_user_mode_loop+0x40/0x110
[  253.586512][ T9606]  exit_to_user_mode_loop+0xec/0x110
[  253.586522][ T9606]  do_syscall_64+0x2bd/0x3b0
[  253.586529][ T9606]  ? lockdep_hardirqs_on+0x9c/0x150
[  253.586536][ T9606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.586542][ T9606]  ? exc_page_fault+0x9f/0xf0
[  253.586550][ T9606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  253.586556][ T9606] RIP: 0033:0x7fdd0318ff57
[  253.586565][ T9606] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  253.586571][ T9606] RSP: 002b:00007fff6cf0ef38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  253.586579][ T9606] RAX: 0000000000000000 RBX: 00007fdd03211c2d RCX: 00007fdd0318ff57
[  253.586584][ T9606] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff6cf0eff0
[  253.586588][ T9606] RBP: 00007fff6cf0eff0 R08: 0000000000000000 R09: 0000000000000000
[  253.586592][ T9606] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff6cf10080
[  253.586597][ T9606] R13: 00007fdd03211c2d R14: 000000000003ddbe R15: 00007fff6cf100c0
[  253.586609][ T9606]  </TASK>
[  253.586635][ T9606] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  254.086062][T10803] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1849'.
[  254.151804][T10801] loop4: detected capacity change from 0 to 32768
[  254.188404][T10801] syz.4.1848: attempt to access beyond end of device
[  254.188404][T10801] loop4: rw=2049, sector=4680032, nr_sectors = 8 limit=32768
[  254.237340][  T116] blkno = 8ed2c, nblocks = 1
[  254.239343][  T116] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map
[  254.239343][  T116] 
[  254.250107][  T116] ERROR: (device loop4): remounting filesystem as read-only
[  254.340476][T10811] netlink: 140 bytes leftover after parsing attributes in process `syz.5.1854'.
[  254.501296][T10815] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1856'.
[  254.806011][ T5852] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  254.966514][ T5852] usb 6-1: Using ep0 maxpacket: 32
[  254.972426][ T5852] usb 6-1: unable to get BOS descriptor or descriptor too short
[  254.977361][ T5852] usb 6-1: config 7 has an invalid interface number: 112 but max is 1
[  254.980778][ T5852] usb 6-1: config 7 has no interface number 1
[  254.983576][ T5852] usb 6-1: config 7 interface 112 has no altsetting 0
[  254.988217][ T5852] usb 6-1: config 7 interface 0 has no altsetting 0
[  254.994731][ T5852] usb 6-1: New USB device found, idVendor=04e2, idProduct=1420, bcdDevice=b5.bb
[  254.999356][ T5852] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.003446][ T5852] usb 6-1: Product: syz
[  255.005212][ T5852] usb 6-1: Manufacturer: syz
[  255.007286][ T5852] usb 6-1: SerialNumber: syz
[  255.146116][  T794] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  255.223632][ T5852] xr_serial 6-1:7.112: xr_serial converter detected
[  255.228417][ T5852] xr_serial ttyUSB0: Failed to set reg 0x60: -71
[  255.230630][ T5852] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71
[  255.238775][ T5852] usb 6-1: USB disconnect, device number 6
[  255.243866][ T5852] xr_serial 6-1:7.112: device disconnected
[  255.297993][  T794] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  255.301463][  T794] usb 5-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00
[  255.304696][  T794] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.314199][  T794] usb 5-1: config 0 descriptor??
[  255.366078][T10305] usb 1-1: new low-speed USB device number 29 using dummy_hcd
[  255.401905][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  255.405707][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  255.518583][T10305] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  255.526211][T10305] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.533810][T10305] usb 1-1: config 0 descriptor??
[  255.744329][  T794] nintendo 0003:057E:200E.0005: unbalanced collection at end of report description
[  255.749287][  T794] nintendo 0003:057E:200E.0005: HID parse failed
[  255.768054][  T794] nintendo 0003:057E:200E.0005: probe - fail = -22
[  255.771108][  T794] nintendo 0003:057E:200E.0005: probe with driver nintendo failed with error -22
[  255.939210][  T794] usb 5-1: USB disconnect, device number 9
[  256.503159][T10855] netlink: 'syz.4.1872': attribute type 27 has an invalid length.
[  256.505924][T10855] netlink: 'syz.4.1872': attribute type 3 has an invalid length.
[  256.509601][T10855] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1872'.
[  256.591634][T10859] loop4: detected capacity change from 0 to 512
[  256.594414][T10859] EXT4-fs: Ignoring removed oldalloc option
[  256.615709][T10859] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.1874: Parent and EA inode have the same ino 15
[  256.628545][T10859] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.1874: Parent and EA inode have the same ino 15
[  256.635226][T10859] EXT4-fs (loop4): 1 orphan inode deleted
[  256.638108][T10859] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  256.646754][T10859] EXT4-fs error (device loop4): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.4.1874: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  256.674054][ T9606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  256.999301][T10871] loop4: detected capacity change from 0 to 32768
[  257.007367][T10871] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1879 (10871)
[  257.020463][T10871] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  257.024649][T10871] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  257.056448][T10871] BTRFS info (device loop4): enabling ssd optimizations
[  257.058792][T10871] BTRFS info (device loop4): enabling free space tree
[  257.084889][ T9606] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  257.361411][T10305] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  257.365467][T10305] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write RX_CTL mode to 0x0088: ffffffb9
[  257.371312][T10305] asix 1-1:0.0: probe with driver asix failed with error -71
[  257.379945][T10305] usb 1-1: USB disconnect, device number 29
[  257.546513][ T5852] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  257.560884][T10909] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1890'.
[  257.626700][T10913] binder: Binderfs stats mode cannot be changed during a remount
[  257.667816][T10915] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  257.671660][T10915] bridge0: port 3(dummy0) entered disabled state
[  257.675349][T10915] bridge0: port 2(bridge_slave_1) entered disabled state
[  257.680343][T10915] bridge0: port 1(bridge_slave_0) entered disabled state
[  257.717672][ T5852] usb 6-1: config 0 has an invalid interface number: 113 but max is 0
[  257.721081][ T5852] usb 6-1: config 0 has no interface number 0
[  257.723712][ T5852] usb 6-1: config 0 interface 113 has no altsetting 0
[  257.735439][ T5852] usb 6-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8
[  257.740077][ T5852] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  257.743659][ T5852] usb 6-1: Product: syz
[  257.745416][ T5852] usb 6-1: Manufacturer: syz
[  257.749493][ T5852] usb 6-1: SerialNumber: syz
[  257.757264][T10917] netlink: 'syz.4.1894': attribute type 1 has an invalid length.
[  257.757721][ T5852] usb 6-1: config 0 descriptor??
[  257.760521][T10917] netlink: 'syz.4.1894': attribute type 4 has an invalid length.
[  257.774142][T10917] netlink: 15586 bytes leftover after parsing attributes in process `syz.4.1894'.
[  257.968692][    C0] usb 6-1: NFC: Urb failure (status -71)
[  257.978690][    C0] usb 6-1: NFC: Urb failure (status -71)
[  257.984762][ T5852] usb 6-1: NFC: Unable to get FW version
[  257.997899][ T5852] pn533_usb 6-1:0.113: probe with driver pn533_usb failed with error -71
[  258.015780][ T5852] usb 6-1: USB disconnect, device number 7
[  258.170677][T10931] bond0: (slave bond_slave_0): Releasing backup interface
[  258.226428][   T10] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  258.420038][   T10] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  258.424662][   T10] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  258.428845][   T10] usb 1-1: config 1 has no interface number 1
[  258.432470][   T10] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  258.438248][   T10] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  258.455647][   T10] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  258.460218][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.464072][   T10] usb 1-1: Product: syz
[  258.466030][   T10] usb 1-1: Manufacturer: syz
[  258.493394][   T10] usb 1-1: SerialNumber: syz
[  258.554320][T10926] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  258.676814][T10937] loop5: detected capacity change from 0 to 1756
[  258.745202][T10939] netlink: 40 bytes leftover after parsing attributes in process `syz.5.1904'.
[  258.833803][   T10] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor
[  258.839934][   T10] usb 1-1: 2:1 : no or invalid class specific endpoint descriptor
[  258.898510][   T10] usb 1-1: USB disconnect, device number 30
[  258.960969][ T5853] udevd[5853]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  259.293367][T10955] loop4: detected capacity change from 0 to 512
[  259.308336][T10955] EXT4-fs: Ignoring removed bh option
[  259.311640][T10955] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  259.340531][T10955] EXT4-fs (loop4): 1 truncate cleaned up
[  259.344480][T10955] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.459475][ T9606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  259.543635][T10968] loop5: detected capacity change from 0 to 1024
[  259.606874][T10968] EXT4-fs (loop5): corrupt root inode, run e2fsck
[  259.615088][T10968] EXT4-fs (loop5): mount failed
[  259.674243][T10974] loop0: detected capacity change from 0 to 1024
[  259.811077][ T1092] hfsplus: b-tree write err: -5, ino 4
[  259.966147][T10987] netlink: 209588 bytes leftover after parsing attributes in process `syz.5.1926'.
[  260.141448][T10979] loop4: detected capacity change from 0 to 32768
[  260.191336][T10979] XFS (loop4): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  260.212659][T10979] XFS (loop4): Ending clean mount
[  260.280555][ T9606] XFS (loop4): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  260.373148][T10995] loop0: detected capacity change from 0 to 32768
[  260.374928][ T5907] usb 6-1: new low-speed USB device number 8 using dummy_hcd
[  260.488703][T10995] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  260.514231][T10995] XFS (loop0): Ending clean mount
[  260.523459][T10995] XFS (loop0): Quotacheck needed: Please wait.
[  260.554685][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  260.564247][T10995] XFS (loop0): Quotacheck: Done.
[  260.566709][ T5907] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  260.570630][ T5907] usb 6-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00
[  260.575138][ T5907] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  260.584917][ T5907] usb 6-1: config 0 descriptor??
[  260.676471][ T5849] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  261.075985][ T5907] logitech-djreceiver 0003:046D:C52F.0006: ignoring exceeding usage max
[  261.085521][ T5907] logitech-djreceiver 0003:046D:C52F.0006: hidraw0: USB HID v0.00 Device [HID 046d:c52f] on usb-dummy_hcd.5-1/input0
[  261.263292][T10996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  261.278155][T10996] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  261.284998][T10996] loop5: detected capacity change from 0 to 128
[  261.297503][T10996] vfat: Unknown parameter '18446744073709551615'
[  261.303701][   T10] usb 6-1: USB disconnect, device number 8
[  261.417023][ T5907] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  261.678753][ T5907] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  261.687759][ T5907] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  261.695130][ T5907] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  261.702356][ T5907] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.705294][ T5907] usb 1-1: Product: syz
[  261.709718][ T5907] usb 1-1: Manufacturer: syz
[  261.711766][ T5907] usb 1-1: SerialNumber: syz
[  261.716083][ T5907] usb 1-1: config 0 descriptor??
[  261.940183][ T5907] usb 1-1: USB disconnect, device number 31
[  261.974359][ T6622] udevd[6622]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  262.315619][T11038] loop4: detected capacity change from 0 to 8192
[  262.320909][T11038] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  262.347234][   T10] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  262.499768][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  262.507156][   T10] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  262.516999][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  262.520572][   T10] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  262.526090][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  262.535529][   T10] usb 6-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  262.551020][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  262.554404][   T10] usb 6-1: Product: syz
[  262.556089][   T10] usb 6-1: Manufacturer: syz
[  262.559239][   T10] usb 6-1: SerialNumber: syz
[  262.564228][   T10] usb 6-1: config 0 descriptor??
[  262.677290][T11050] loop0: detected capacity change from 0 to 4096
[  262.692864][T11050] ntfs3(loop0): ino=b, mi_enum_attr
[  262.695248][T11050] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  262.699245][T11050] ntfs3(loop0): Failed to load $Extend (-22).
[  262.701709][T11050] ntfs3(loop0): Failed to initialize $Extend.
[  262.785546][   T10] radio-si470x 6-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  262.801356][   T10] radio-si470x 6-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  262.805127][T11057] loop0: detected capacity change from 0 to 128
[  262.811988][T11057] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  262.816719][T11057] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  262.986246][   T10] radio-si470x 6-1:0.0: si470x_get_report: usb_control_msg returned -71
[  262.999210][   T10] radio-si470x 6-1:0.0: si470x_get_scratch: si470x_get_report returned -71
[  263.012354][   T10] radio-si470x 6-1:0.0: probe with driver radio-si470x failed with error -5
[  263.024778][   T10] usb 6-1: USB disconnect, device number 9
[  263.042387][T11069] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1957'.
[  263.382064][T11090] loop0: detected capacity change from 0 to 2048
[  263.388637][T11090] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  263.506392][T11099] loop4: detected capacity change from 0 to 512
[  263.512137][T11099] EXT4-fs: Ignoring removed oldalloc option
[  263.515438][T11099] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  263.519960][T11099] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended
[  263.524433][T11099] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a856c02c, mo2=0102]
[  263.528389][T11099] System zones: 0-2, 18-18, 34-34
[  263.543785][T11099] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.1972: iget: bad i_size value: 360287970189639680
[  263.550298][T11099] EXT4-fs (loop4): Remounting filesystem read-only
[  263.553716][T11099] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  263.645870][ T9606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.900694][T11111] loop5: detected capacity change from 0 to 256
[  263.906204][T11111] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d)
[  263.923180][   T33] audit: type=1800 audit(1758719943.070:45): pid=11111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1976" name="file1" dev="loop5" ino=1048660 res=0 errno=0
[  266.242282][T11164] loop0: detected capacity change from 0 to 1024
[  266.245698][T11164] EXT4-fs: inline encryption not supported
[  266.252298][T11164] EXT4-fs: Ignoring removed bh option
[  266.283055][T11164] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.315681][   T33] audit: type=1800 audit(1758719945.460:46): pid=11164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1997" name="bus" dev="loop0" ino=18 res=0 errno=0
[  266.388521][T11159] loop4: detected capacity change from 0 to 32768
[  266.410602][T11164] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 18: block 305:freeing already freed block (bit 19); block bitmap corrupt.
[  266.432533][T11164] EXT4-fs (loop0): Remounting filesystem read-only
[  266.491568][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  266.515369][T11171] program syz.5.2000 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  266.840779][  T794] usb 1-1: new full-speed USB device number 32 using dummy_hcd
[  266.887504][   T10] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  266.967550][T10305] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  267.002194][  T794] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  267.005997][  T794] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[  267.009770][  T794] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  267.013519][  T794] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  267.019308][  T794] usb 1-1: config 0 descriptor??
[  267.023847][  T794] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  267.026604][  T794] dvb-usb: bulk message failed: -22 (3/0)
[  267.036130][  T794] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  267.040982][  T794] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  267.044211][  T794] usb 1-1: media controller created
[  267.049235][   T10] usb 6-1: config 0 has an invalid interface number: 117 but max is 0
[  267.049390][  T794] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  267.052666][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  267.063580][  T794] dvb-usb: bulk message failed: -22 (6/0)
[  267.066435][   T10] usb 6-1: config 0 has no interface number 0
[  267.066478][   T10] usb 6-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0
[  267.066493][   T10] usb 6-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  267.069561][   T10] usb 6-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0
[  267.082958][  T794] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  267.083429][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.090489][   T10] usb 6-1: Product: syz
[  267.091639][  T794] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input8
[  267.101199][   T10] usb 6-1: Manufacturer: syz
[  267.102851][   T10] usb 6-1: SerialNumber: syz
[  267.104768][  T794] dvb-usb: schedule remote query interval to 150 msecs.
[  267.108077][  T794] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  267.113152][   T10] usb 6-1: config 0 descriptor??
[  267.118771][T10305] usb 5-1: Using ep0 maxpacket: 32
[  267.123238][T10305] usb 5-1: config 0 contains an unexpected descriptor of type 0x2, skipping
[  267.126405][T10305] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  267.130797][T10305] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  267.136397][T10305] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  267.141736][T10305] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.144923][T10305] usb 5-1: Product: syz
[  267.146664][T10305] usb 5-1: Manufacturer: syz
[  267.148592][T10305] usb 5-1: SerialNumber: syz
[  267.152415][T10305] usb 5-1: config 0 descriptor??
[  267.241287][T10305] usb 1-1: USB disconnect, device number 32
[  267.273993][T10305] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  267.364032][   T10] usb 5-1: USB disconnect, device number 10
[  267.527967][T10305] usb 6-1: USB disconnect, device number 10
[  268.072763][T11192] loop4: detected capacity change from 0 to 4096
[  268.076820][T11192] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  268.093175][T11192] ntfs3(loop4): ino=1a, mi_enum_attr
[  268.095479][T11192] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  268.246432][T11199] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2012'.
[  268.943614][   T33] audit: type=1326 audit(1758719948.089:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2026" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd0318ec29 code=0x7ffc0000
[  268.948278][T11225] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  268.953286][   T33] audit: type=1326 audit(1758719948.089:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2026" exe="/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fdd03190b7a code=0x7ffc0000
[  268.954719][T11225] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  268.959969][T11225] vhci_hcd vhci_hcd.0: Device attached
[  268.964071][   T33] audit: type=1326 audit(1758719948.089:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2026" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdd0318d590 code=0x7ffc0000
[  268.970105][T11226] vhci_hcd: connection closed
[  268.979556][   T33] audit: type=1326 audit(1758719948.089:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2026" exe="/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdd0318d6df code=0x7ffc0000
[  268.982658][ T5707] vhci_hcd: stop threads
[  268.992509][ T5707] vhci_hcd: release socket
[  268.994388][ T5707] vhci_hcd: disconnect device
[  269.021811][   T33] audit: type=1326 audit(1758719948.109:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2026" exe="/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fdd0318d88a code=0x7ffc0000
[  269.055110][   T33] audit: type=1326 audit(1758719948.109:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2026" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd0318ec29 code=0x7ffc0000
[  269.072101][   T33] audit: type=1326 audit(1758719948.109:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11224 comm="syz.4.2026" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd0318ec29 code=0x7ffc0000
[  269.083932][T11231] loop5: detected capacity change from 0 to 256
[  269.100516][T11231] FAT-fs (loop5): Directory bread(block 64) failed
[  269.103580][T11231] FAT-fs (loop5): Directory bread(block 65) failed
[  269.106072][T11231] FAT-fs (loop5): Directory bread(block 66) failed
[  269.109030][T11231] FAT-fs (loop5): Directory bread(block 67) failed
[  269.111585][T11231] FAT-fs (loop5): Directory bread(block 68) failed
[  269.113989][T11231] FAT-fs (loop5): Directory bread(block 69) failed
[  269.116370][T11231] FAT-fs (loop5): Directory bread(block 70) failed
[  269.118835][T11231] FAT-fs (loop5): Directory bread(block 71) failed
[  269.121159][T11231] FAT-fs (loop5): Directory bread(block 72) failed
[  269.123384][T11231] FAT-fs (loop5): Directory bread(block 73) failed
[  269.185712][ T1091] kworker/u9:4: attempt to access beyond end of device
[  269.185712][ T1091] loop5: rw=1, sector=1224, nr_sectors = 4 limit=256
[  269.235108][T11233] loop5: detected capacity change from 0 to 512
[  269.273287][T11233] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  269.398664][T10019] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.400816][T11229] loop0: detected capacity change from 0 to 32768
[  269.456016][T11229] overlayfs: upper fs needs to support d_type.
[  269.469205][T11229] overlayfs: upper fs does not support tmpfile.
[  269.490477][T11229] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  269.514145][T11229] ERROR: (device loop0): dbAlloc: the hint is outside the map
[  269.514145][T11229] 
[  269.537464][T11229] ERROR: (device loop0): remounting filesystem as read-only
[  269.546206][T11229] overlayfs: failed to set uuid (/file0, err=-5); falling back to uuid=null.
[  269.817527][T11251] netlink: 'syz.4.2036': attribute type 10 has an invalid length.
[  269.840662][T11251] 8021q: adding VLAN 0 to HW filter on device team0
[  269.845519][T11251] bond0: (slave team0): Enslaving as an active interface with an up link
[  270.036486][T11257] pim6reg: entered allmulticast mode
[  270.042931][T11256] pim6reg: left allmulticast mode
[  270.353327][T11267] loop0: detected capacity change from 0 to 128
[  270.360534][T11267] FAT-fs (loop0): bogus number of reserved sectors
[  270.372524][T11267] FAT-fs (loop0): This looks like a DOS 1.x volume, but isn't a recognized floppy size (128 sectors)
[  270.376749][T11267] FAT-fs (loop0): Can't find a valid FAT filesystem
[  270.403070][ T5907] IPVS: starting estimator thread 0...
[  270.508018][T11270] IPVS: using max 77 ests per chain, 184800 per kthread
[  270.734934][T11285] loop4: detected capacity change from 0 to 256
[  270.830615][T11289] loop4: detected capacity change from 0 to 512
[  270.888635][T11293] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2055'.
[  270.924996][T11289] EXT4-fs (loop4): failed to open journal device unknown-block(0,0) -6
[  270.994177][T11300] input: syz0 as /devices/virtual/input/input10
[  271.023941][T11302] CUSE: DEVNAME unspecified
[  271.788219][   T10] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  271.866117][T11333] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  271.948300][   T10] usb 1-1: Using ep0 maxpacket: 32
[  271.952513][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  271.956640][   T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3
[  271.972014][   T10] usb 1-1: New USB device found, idVendor=093b, idProduct=a104, bcdDevice= 0.01
[  271.976048][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.989260][   T10] usb 1-1: Product: syz
[  271.994215][   T10] usb 1-1: Manufacturer: syz
[  271.996293][   T10] usb 1-1: SerialNumber: syz
[  272.013699][   T10] usb 1-1: config 0 descriptor??
[  272.024827][   T10] go7007 1-1:0.0: probe with driver go7007 failed with error -12
[  272.226602][  T794] usb 1-1: USB disconnect, device number 33
[  272.777183][   T33] audit: type=1400 audit(1758719951.919:54): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5D15F47DB2D pid=11341 comm="syz.0.2076"
[  272.883398][T11346] loop0: detected capacity change from 0 to 164
[  272.991491][T11350] loop0: detected capacity change from 0 to 1024
[  273.028181][T11339] comedi comedi2: reset error (fatal)
[  273.053639][ T1092] hfsplus: b-tree write err: -5, ino 4
[  273.331670][    C0] vkms_vblank_simulate: vblank timer overrun
[  273.358285][  T794] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  273.529805][  T794] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  273.534395][  T794] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2
[  273.540799][  T794] usb 1-1: config 1 has no interface number 0
[  273.543514][  T794] usb 1-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  273.548513][  T794] usb 1-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  273.559430][  T794] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  273.576561][  T794] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  273.587166][  T794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.596277][  T794] usb 1-1: Product: syz
[  273.602364][  T794] usb 1-1: Manufacturer: syz
[  273.607213][  T794] usb 1-1: SerialNumber: syz
[  274.036641][T11360] netlink: 277 bytes leftover after parsing attributes in process `syz.4.2084'.
[  274.499131][  T794] cdc_ncm 1-1:1.1: bind() failure
[  274.716021][  T794] usb 1-1: USB disconnect, device number 34
[  274.788700][T11369] loop5: detected capacity change from 0 to 2048
[  274.795876][T11369] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  274.810274][   T33] audit: type=1800 audit(1758719953.959:55): pid=11369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2088" name="bus" dev="loop5" ino=1367 res=0 errno=0
[  274.927277][T11372] program syz.4.2089 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  275.097771][T11374] sp0: Synchronizing with TNC
[  275.660367][T11386] netlink: 'syz.5.2095': attribute type 1 has an invalid length.
[  275.676643][T11386] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2095'.
[  276.746591][T11403] loop0: detected capacity change from 0 to 32768
[  276.753911][T11403] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  276.783060][T11403] XFS (loop0): Ending clean mount
[  276.817897][ T5849] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  276.994349][T11426] IPVS: wlc: FWM 3 0x00000003 - no destination available
[  277.322632][T11434] loop0: detected capacity change from 0 to 32768
[  277.414350][T11434] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  277.428520][T11434] XFS (loop0): Ending clean mount
[  277.439834][T11434] XFS (loop0): Quotacheck needed: Please wait.
[  277.483215][T11434] XFS (loop0): Quotacheck: Done.
[  277.645977][ T5849] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  278.292247][T11468] loop5: detected capacity change from 0 to 32768
[  278.295218][T11468] xfs: Unknown parameter 'smackfstransmute'
[  278.317135][T11473] loop0: detected capacity change from 0 to 32768
[  278.326517][T11473] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2125 (11473)
[  278.383116][T11473] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  278.387147][T11473] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  278.630465][T11473] BTRFS info (device loop0): enabling ssd optimizations
[  278.643630][T11473] BTRFS info (device loop0): enabling free space tree
[  278.858716][ T5849] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  278.890652][T11514] loop5: detected capacity change from 0 to 2048
[  278.953920][T11514] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #2: comm syz.5.2134: pblk 0 bad header/extent: eh_entries is 0 but eh_depth is > 0 - magic f30a, entries 0, max 4(4), depth 5(5)
[  278.988518][T11514] EXT4-fs (loop5): get root inode failed
[  278.993371][T11514] EXT4-fs (loop5): mount failed
[  279.137745][T11523] loop5: detected capacity change from 0 to 1024
[  279.593277][  T794] kernel write not supported for file /575/clear_refs (pid: 794 comm: kworker/1:2)
[  279.689921][T11537] loop4: detected capacity change from 0 to 128
[  279.716742][T11537] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  279.734749][T11537] ext4 filesystem being mounted at /259/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  279.776964][T11537] EXT4-fs (loop4): shut down requested (1)
[  279.784083][T11537] fscrypt (loop4, inode 12): Error -5 getting encryption context
[  279.873219][ T9606] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  279.987838][T11544] loop4: detected capacity change from 0 to 8
[  280.001073][T11544] SQUASHFS error: zlib decompression failed, data probably corrupt
[  280.004453][T11544] SQUASHFS error: Failed to read block 0x9b: -5
[  280.007651][T11544] SQUASHFS error: Unable to read metadata cache entry [99]
[  280.011433][T11544] SQUASHFS error: Unable to read inode 0x127
[  280.595318][T11550] netlink: 'syz.0.2147': attribute type 1 has an invalid length.
[  280.616419][T11550] netlink: 'syz.0.2147': attribute type 4 has an invalid length.
[  280.620212][T11550] netlink: 15130 bytes leftover after parsing attributes in process `syz.0.2147'.
[  280.811305][T11552] loop0: detected capacity change from 0 to 1764
[  280.997854][   T26] hfsplus: b-tree write err: -5, ino 3
[  281.179919][T11546] loop4: detected capacity change from 0 to 32768
[  281.203485][T11546] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  281.209257][T11546] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  281.295533][T11570] netlink: 'syz.5.2154': attribute type 1 has an invalid length.
[  281.298715][T11570] netlink: 144 bytes leftover after parsing attributes in process `syz.5.2154'.
[  281.314192][T11570] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2154'.
[  281.557868][T11575] loop0: detected capacity change from 0 to 1024
[  281.712386][T11575] RDS: rds_bind could not find a transport for ::ffff:0.0.0.224, load rds_tcp or rds_rdma?
[  281.764028][T11570] loop5: detected capacity change from 0 to 32768
[  281.789026][T11570] debugfs: 'B1DE653C5FFC4D88B33B244AAB9EB3E9' already exists in 'ocfs2'
[  281.802584][T11570] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode.
[  282.164710][T10019] ocfs2: Unmounting device (7,5) on (node local)
[  282.195067][ T9606] ocfs2: Unmounting device (7,4) on (node local)
[  283.735572][T11597] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2166'.
[  283.739071][T11597] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address.
[  283.749599][T11597] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (7)
[  286.531023][T11649] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2190'.
[  286.569373][T11649] tipc: Enabled bearer <udp:syz0>, priority 10
[  286.909690][T11666] syz.5.2198 (11666): attempted to duplicate a private mapping with mremap.  This is not supported.
[  287.329998][T11680] loop5: detected capacity change from 0 to 64
[  287.359696][T11680] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  287.479750][T11679] minix_free_inode: bit 5 already cleared
[  287.570609][ T5907] tipc: Node number set to 2252639711
[  288.937904][T11696] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  289.018512][T11700] loop4: detected capacity change from 0 to 256
[  289.380557][T11716] loop5: detected capacity change from 0 to 164
[  289.535938][T11704] loop0: detected capacity change from 0 to 32768
[  289.567956][T11704] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  289.595859][T11704] XFS (loop0): Ending clean mount
[  289.603995][T11704] XFS (loop0): Quotacheck needed: Please wait.
[  289.637270][T11704] XFS (loop0): Quotacheck: Done.
[  289.666100][ T5849] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  289.733306][T10305] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  289.792131][ T5907] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  289.892219][T10305] usb 6-1: config 8 has an invalid interface number: 177 but max is 0
[  289.892665][T11734] loop0: detected capacity change from 0 to 512
[  289.895678][T10305] usb 6-1: config 8 has no interface number 0
[  289.895743][T10305] usb 6-1: config 8 interface 177 altsetting 9 endpoint 0x8 has invalid maxpacket 1023, setting to 64
[  289.916814][T10305] usb 6-1: config 8 interface 177 has no altsetting 0
[  289.919672][T10305] usb 6-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=59.b1
[  289.919817][T11734] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.936095][T11734] ext4 filesystem being mounted at /716/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  289.946455][T10305] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.970327][ T5907] usb 5-1: Using ep0 maxpacket: 32
[  289.986900][T11719] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  289.988860][ T5907] usb 5-1: unable to get BOS descriptor or descriptor too short
[  289.997190][ T5907] usb 5-1: config 2 has an invalid interface number: 221 but max is 0
[  290.002849][ T5907] usb 5-1: config 2 has no interface number 0
[  290.005227][ T5907] usb 5-1: config 2 interface 221 has no altsetting 0
[  290.016044][ T5907] usb 5-1: string descriptor 0 read error: -22
[  290.019101][ T5907] usb 5-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=85.42
[  290.023207][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.049554][ T5907] usb 5-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  290.060959][ T5907] usb 5-1: No valid video chain found.
[  290.206140][T10305] usb 6-1: string descriptor 0 read error: -71
[  290.215321][    C1] ir_toy 6-1:8.177: out urb status: -71
[  290.281247][ T5850] usb 5-1: USB disconnect, device number 11
[  290.731170][T10305] ir_toy 6-1:8.177: could not write reset command: -110
[  290.735943][T10305] ir_toy 6-1:8.177: probe with driver ir_toy failed with error -110
[  290.746627][T10305] usb 6-1: USB disconnect, device number 11
[  290.968244][T11740] loop5: detected capacity change from 0 to 8192
[  291.318656][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.359424][T11747] loop5: detected capacity change from 0 to 1024
[  291.371220][T11747] hfsplus: Unknown parameter 'g'
[  291.551758][T11756] kAFS: unable to lookup cell ''
[  292.062877][T11770] loop5: detected capacity change from 0 to 1764
[  292.094805][T11770] iso9660: Corrupted directory entry in block 14 of inode 1920
[  292.711377][ T5852] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  292.892654][ T5852] usb 1-1: Using ep0 maxpacket: 16
[  292.908505][ T5852] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  292.926339][ T5852] usb 1-1: config 0 has no interface number 0
[  292.933940][ T5852] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  292.955630][ T5852] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  292.975558][ T5852] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  292.985415][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.019293][ T5852] usb 1-1: config 0 descriptor??
[  293.087989][T11781] netlink: 'syz.5.2243': attribute type 4 has an invalid length.
[  293.091783][T11781] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2243'.
[  293.120431][T11781] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  293.664280][ T5852] uclogic 0003:28BD:0071.0007: pen parameters not found
[  293.667244][ T5852] uclogic 0003:28BD:0071.0007: interface is invalid, ignoring
[  293.872622][T10305] usb 1-1: USB disconnect, device number 35
[  293.922965][T11796] loop7: detected capacity change from 0 to 16384
[  293.933374][T11797] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2250'.
[  293.949005][T11797] netlink: 'syz.5.2250': attribute type 1 has an invalid length.
[  294.069693][    C1] I/O error, dev loop7, sector 5376 op 0x0:(READ) flags 0x80700 phys_seg 32 prio class 2
[  294.076176][T11798] loop7: detected capacity change from 16384 to 0
[  295.765619][T11845] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2267'.
[  295.971905][T11841] loop0: detected capacity change from 0 to 32768
[  295.975960][T11841] btrfs: Deprecated parameter 'usebackuproot'
[  295.978499][T11841] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  295.983740][T11841] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2265 (11841)
[  295.997476][T11841] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  296.010978][T11841] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  296.041215][T10305] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  296.088948][T11841] BTRFS info (device loop0): rebuilding free space tree
[  296.109514][T11841] BTRFS info (device loop0): allowing degraded mounts
[  296.113341][T11841] BTRFS info (device loop0): enabling ssd optimizations
[  296.116182][T11841] BTRFS info (device loop0): turning on flush-on-commit
[  296.119075][T11841] BTRFS info (device loop0): enabling free space tree
[  296.122290][T11841] BTRFS info (device loop0): force clearing of disk cache
[  296.125441][T11841] BTRFS info (device loop0): trying to use backup root at mount time
[  296.128895][T11841] BTRFS info (device loop0): use zstd compression, level 3
[  296.192930][T10305] usb 5-1: not running at top speed; connect to a high speed hub
[  296.202402][T10305] usb 5-1: config 1 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  296.214119][T10305] usb 5-1: config 1 interface 0 has no altsetting 0
[  296.229603][T10305] usb 5-1: New USB device found, idVendor=07c0, idProduct=1125, bcdDevice= 0.40
[  296.245819][T10305] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.249241][T10305] usb 5-1: Product: syz
[  296.253342][T10305] usb 5-1: Manufacturer: syz
[  296.255370][T10305] usb 5-1: SerialNumber: syz
[  296.285813][ T5849] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  296.504896][T11878] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2273'.
[  296.514773][T10305] usbhid 5-1:1.0: can't add hid device: -71
[  296.517491][T10305] usbhid 5-1:1.0: probe with driver usbhid failed with error -71
[  296.547433][T10305] usb 5-1: USB disconnect, device number 12
[  296.711125][ T5907] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  296.864708][ T5907] usb 6-1: config 220 has an invalid interface number: 76 but max is 2
[  296.867537][ T5907] usb 6-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  296.871794][ T5907] usb 6-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  296.875405][ T5907] usb 6-1: config 220 has no interface number 2
[  296.877476][ T5907] usb 6-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  296.883769][ T5907] usb 6-1: config 220 interface 0 has no altsetting 0
[  296.886340][ T5907] usb 6-1: config 220 interface 76 has no altsetting 0
[  296.889656][ T5907] usb 6-1: config 220 interface 1 has no altsetting 0
[  296.894390][ T5907] usb 6-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  296.897460][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.900138][ T5907] usb 6-1: Product: syz
[  296.903254][ T5907] usb 6-1: Manufacturer: syz
[  296.904970][ T5907] usb 6-1: SerialNumber: syz
[  297.047454][T11885] loop0: detected capacity change from 0 to 16
[  297.071723][T11885] erofs (device loop0): mounted with root inode @ nid 36.
[  297.089401][T11885] erofs (device loop0): bogus dirent @ nid 36
[  297.128834][ T5907] usb 6-1: Found UVC 7.01 device syz (8086:0b07)
[  297.131732][ T5907] usb 6-1: No valid video chain found.
[  297.133722][ T5907] usb 6-1: selecting invalid altsetting 0
[  297.164157][ T5907] usb 6-1: selecting invalid altsetting 0
[  297.166427][ T5907] usbtest 6-1:220.1: probe with driver usbtest failed with error -22
[  297.173384][ T5907] usb 6-1: USB disconnect, device number 12
[  297.296970][T11898] sd 0:0:0:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x24 ascq=0x0
[  297.330502][T11900] raw_sendmsg: syz.0.2285 forgot to set AF_INET. Fix it!
[  297.592230][T11910] loop0: detected capacity change from 0 to 32768
[  297.595789][T11910] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2290 (11910)
[  297.606236][T11910] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  297.609785][T11910] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  297.630390][T11910] BTRFS info (device loop0): rebuilding free space tree
[  297.655562][T11910] BTRFS info (device loop0): enabling ssd optimizations
[  297.660395][T11910] BTRFS info (device loop0): turning on sync discard
[  297.663421][T11910] BTRFS info (device loop0): enabling free space tree
[  297.670889][T11910] BTRFS info (device loop0): force clearing of disk cache
[  297.682104][T11910] BTRFS info (device loop0): doing ref verification
[  297.686997][T11910] BTRFS info (device loop0): max_inline set to 0
[  297.828412][ T5849] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  298.251914][T11941] loop4: detected capacity change from 0 to 16
[  298.265347][T11941] erofs (device loop4): mounted with root inode @ nid 36.
[  298.486880][T11952] loop4: detected capacity change from 0 to 1024
[  298.509210][T11952] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  298.536561][ T9606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  298.831408][ T5850] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  299.001357][ T5850] usb 5-1: Using ep0 maxpacket: 32
[  299.004996][ T5850] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 81, changing to 10
[  299.008836][ T5850] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  299.012566][ T5850] usb 5-1: New USB device found, idVendor=056a, idProduct=0315, bcdDevice= 0.00
[  299.016466][ T5850] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.023102][ T5850] usb 5-1: config 0 descriptor??
[  299.211459][  T794] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  299.353690][T11975] loop0: detected capacity change from 0 to 256
[  299.364935][  T794] usb 6-1: Using ep0 maxpacket: 32
[  299.373663][  T794] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  299.378314][  T794] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  299.381357][T11975] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d)
[  299.386190][  T794] usb 6-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  299.391213][  T794] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.408962][  T794] usb 6-1: config 0 descriptor??
[  299.438323][ T5850] wacom 0003:056A:0315.0008: unbalanced collection at end of report description
[  299.442953][ T5850] wacom 0003:056A:0315.0008: parse failed
[  299.445538][ T5850] wacom 0003:056A:0315.0008: probe with driver wacom failed with error -22
[  299.587798][T11981] bridge0: port 2(bridge_slave_1) entered disabled state
[  299.640550][T10305] usb 5-1: USB disconnect, device number 13
[  299.826047][  T794] ft260 0003:0403:6030.0009: unknown main item tag 0x0
[  299.828960][  T794] ft260 0003:0403:6030.0009: unknown main item tag 0x0
[  300.023626][  T794] ft260 0003:0403:6030.0009: chip code: 6424 8183
[  300.228103][  T794] ft260 0003:0403:6030.0009: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.5-1/input0
[  300.432451][  T794] ft260 0003:0403:6030.0009: failed to retrieve status: -32, no wakeup
[  300.451766][  T794] ft260 0003:0403:6030.0009: failed to retrieve status: -32
[  300.459265][T12007] loop0: detected capacity change from 0 to 128
[  300.473212][T12007] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  300.492412][T12007] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  300.659718][ T5850] usb 6-1: USB disconnect, device number 13
[  301.004204][T12029] loop0: detected capacity change from 0 to 4096
[  301.006545][T12032] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2338'.
[  301.011059][T12029] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512).
[  301.024519][T12029] ntfs3(loop0): MFT: r=1, expect seq=1 instead of 0!
[  301.027185][T12029] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  301.036976][T12029] ntfs3(loop0): Failed to load $MFTMirr (-22).
[  301.221826][T12044] loop4: detected capacity change from 0 to 164
[  302.081901][   T10] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  302.361813][   T10] usb 5-1: Using ep0 maxpacket: 32
[  302.366428][   T10] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  302.369833][   T10] usb 5-1: config 0 has no interface number 0
[  302.378337][   T10] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  302.382172][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.385696][   T10] usb 5-1: Product: syz
[  302.387484][   T10] usb 5-1: Manufacturer: syz
[  302.389494][   T10] usb 5-1: SerialNumber: syz
[  302.397267][   T10] usb 5-1: config 0 descriptor??
[  302.406915][   T10] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  302.438994][T12074] netlink: 'syz.5.2356': attribute type 29 has an invalid length.
[  302.442877][T12074] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2356'.
[  302.505086][T12076] loop5: detected capacity change from 0 to 2048
[  302.516142][T12076] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  302.609739][   T10] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  302.624447][   T10] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  302.749627][T12089] loop5: detected capacity change from 0 to 1024
[  302.843091][   T33] audit: type=1800 audit(1758719981.985:56): pid=12089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2363" name="file1" dev="loop5" ino=20 res=0 errno=0
[  303.011226][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  303.021617][   T10] usb 5-1: USB disconnect, device number 14
[  303.052611][   T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  303.069386][   T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  303.085089][   T10] quatech2 5-1:0.51: device disconnected
[  303.129202][T12099] loop5: detected capacity change from 0 to 8
[  303.153862][T12099] SQUASHFS error: Unable to read inode 0x6
[  303.490689][T12102] loop5: detected capacity change from 0 to 256
[  303.547985][T12102] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x40a90196, utbl_chksum : 0xe619d30d)
[  303.602235][T12102] input: syz0 as /devices/virtual/input/input12
[  303.860803][T12115] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2373'.
[  303.958426][T12119] loop0: detected capacity change from 0 to 2048
[  303.963048][T12119] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  303.966678][T12119] NILFS (loop0): mounting unchecked fs
[  303.968953][T12119] NILFS (loop0): recovery required for readonly filesystem
[  303.973782][T12119] NILFS (loop0): write access will be enabled during recovery
[  303.983799][T12119] NILFS (loop0): norecovery option specified, skipping roll-forward recovery
[  303.996058][T12119] NILFS (loop0): couldn't remount because the filesystem is in an incomplete recovery state
[  304.004834][ T5846] udevd[5846]: incorrect nilfs2 checksum on /dev/loop0
[  304.278691][   T33] audit: type=1800 audit(1758719983.415:57): pid=12130 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2381" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  304.388685][T12136] loop5: detected capacity change from 0 to 128
[  304.418236][T12136] overlay: Unknown parameter 'uni_xlate'
[  304.629410][T12140] sctp: [Deprecated]: syz.5.2385 (pid 12140) Use of struct sctp_assoc_value in delayed_ack socket option.
[  304.629410][T12140] Use struct sctp_sack_info instead
[  305.033413][ T5236] Bluetooth: hci0: unexpected event for opcode 0x0804
[  305.041367][T12153] loop4: detected capacity change from 0 to 256
[  305.363182][T12155] loop4: detected capacity change from 0 to 16384
[  305.383723][T12159] bond0: entered promiscuous mode
[  305.385957][T12159] bond_slave_0: entered promiscuous mode
[  305.398846][T12159] bond_slave_1: entered promiscuous mode
[  305.408793][T12159] dummy0: entered promiscuous mode
[  305.421900][T12159] batadv0: entered promiscuous mode
[  305.426016][T12159] batadv0: left promiscuous mode
[  305.428947][T12159] bond0: left promiscuous mode
[  305.437362][T12159] bond_slave_0: left promiscuous mode
[  305.440251][T12159] bond_slave_1: left promiscuous mode
[  305.449778][T12159] dummy0: left promiscuous mode
[  305.482690][T12155] bcachefs (loop4): starting version 1.13: inode_has_child_snapshots opts=metadata_checksum=none,data_checksum=none,str_hash=crc64,erasure_code,prjquota,journal_flush_disabled,norecovery,recovery_pass_last=reconstruct_snapshots,read_only,reconstruct_alloc,version_upgrade=none
[  305.482711][T12155]   features: new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  305.504031][T12165] loop5: detected capacity change from 0 to 2048
[  305.510679][T12165] UDF-fs: error (device loop5): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  305.514690][T12165] UDF-fs: warning (device loop5): udf_load_vrs: No anchor found
[  305.517363][T12155] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  305.524644][T12155] bcachefs (loop4): recovering from clean shutdown, journal seq 18
[  305.528170][T12155] bcachefs (loop4): dropping and reconstructing all alloc info
[  305.529492][T12165] UDF-fs: Scanning with blocksize 512 failed
[  305.565038][T12155] bcachefs (loop4): accounting_read... done
[  305.570496][T12155] bcachefs (loop4): alloc_read... done
[  305.575110][T12155] bcachefs (loop4): snapshots_read... done
[  305.578234][T12155] bcachefs (loop4): reading quotas
[  305.580991][T12155] bcachefs (loop4): quotas done
[  305.584486][T12155] bcachefs (loop4): done starting filesystem
[  305.589995][T12165] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  305.672362][ T9606] bcachefs (loop4): shutting down
[  305.732324][ T9606] bcachefs (loop4): shutdown complete
[  305.974865][T12178] loop5: detected capacity change from 0 to 256
[  307.275672][T10305] hid-generic 0004:0006:0003.000A: unknown main item tag 0x1
[  307.307130][T12199] loop5: detected capacity change from 0 to 1024
[  307.331943][T10305] hid-generic 0004:0006:0003.000A: hidraw0: <UNKNOWN> HID v0.09 Device [syz1] on syz1
[  307.380005][   T33] audit: type=1800 audit(1758719986.515:58): pid=12199 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.2411" name="file1" dev="loop5" ino=20 res=0 errno=0
[  307.711956][T12214] Bluetooth: hci0: unsupported parameter 64000
[  307.714597][T12214] Bluetooth: hci0: unsupported parameter 64000
[  307.752642][ T5852] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  307.906212][ T5852] usb 1-1: config 0 descriptor has 1 excess byte, ignoring
[  307.909565][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  307.914769][ T5852] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  307.918875][ T5852] usb 1-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00
[  307.924645][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  307.934760][ T5852] usb 1-1: config 0 descriptor??
[  307.973376][T12220] loop5: detected capacity change from 0 to 32768
[  307.980729][T12220] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  307.997584][T12220] XFS (loop5): Ending clean mount
[  308.024300][T10019] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  308.358762][ T5852] hid (null): invalid report_size 12034
[  308.379817][ T5852] razer 0003:1532:010E.000B: invalid report_size 12034
[  308.388612][ T5852] razer 0003:1532:010E.000B: item 0 4 1 7 parsing failed
[  308.407461][ T5852] razer 0003:1532:010E.000B: probe with driver razer failed with error -22
[  308.600110][ T5852] usb 1-1: USB disconnect, device number 36
[  309.675356][T12270] loop5: detected capacity change from 0 to 128
[  309.680842][T12270] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  309.694561][T12270] ext4 filesystem being mounted at /278/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  309.723439][T10019] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  310.167396][T12281] loop5: detected capacity change from 0 to 32768
[  310.337420][T12281] XFS (loop5): DAX unsupported by block device. Turning off DAX.
[  310.343012][T12281] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  310.533104][T12304] loop4: detected capacity change from 0 to 736
[  310.541225][T12304] iso9660: Unknown parameter '>N&#z8Z}5trnCogBRFcBڕݝ"jxn'
[  310.594310][T12281] XFS (loop5): Ending clean mount
[  310.627622][T10019] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  310.827317][T12318] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144
[  311.235449][T12330] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input13
[  311.318927][T12327] loop0: detected capacity change from 0 to 32768
[  311.332636][T12327] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.2461 (12327)
[  311.361172][T12321] loop5: detected capacity change from 0 to 32768
[  311.398123][T12327] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  311.416462][T12327] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm
[  311.657429][T12327] BTRFS info (device loop0): enabling ssd optimizations
[  311.660137][T12327] BTRFS info (device loop0): enabling free space tree
[  311.826941][ T5849] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  312.069142][T12349] [U] v3f"S/4:XTzWtlW=
[  312.085423][T12349] [U] J"e:"
[  313.108612][T12361] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2468'.
[  313.126413][T12364] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2470'.
[  313.129788][T12364] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2470'.
[  313.477142][T12372] overlayfs: statfs failed on './file0'
[  313.626162][   T10] usb 1-1: new full-speed USB device number 37 using dummy_hcd
[  313.774771][   T10] usb 1-1: config 0 has an invalid interface number: 207 but max is 0
[  313.777393][   T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  313.790034][   T10] usb 1-1: config 0 has no interface number 0
[  313.791745][T12381] loop5: detected capacity change from 0 to 512
[  313.800937][   T10] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  313.812924][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.823233][   T10] usb 1-1: Product: syz
[  313.826404][T12381] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[  313.826947][   T10] usb 1-1: Manufacturer: syz
[  313.829688][T12381] System zones: 0-2, 18-18, 34-35
[  313.838053][   T10] usb 1-1: SerialNumber: syz
[  313.844964][   T10] usb 1-1: config 0 descriptor??
[  313.845618][T12381] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  313.851196][T12381] ext4 filesystem being mounted at /285/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  313.852938][   T10] qmi_wwan 1-1:0.207: probe with driver qmi_wwan failed with error -22
[  313.900971][T10019] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.094965][   T10] usb 1-1: USB disconnect, device number 37
[  314.104101][T12403] loop5: detected capacity change from 0 to 8
[  314.106642][T12403] squashfs: Bad value for 'errors'
[  314.189700][T12407] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2488'.
[  314.198409][T12407] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2488'.
[  314.845303][T12420] loop0: detected capacity change from 0 to 32768
[  315.671532][   T33] audit: type=1800 audit(1758719994.294:59): pid=12422 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2494" name="file1" dev="loop0" ino=9 res=0 errno=0
[  315.797663][T12426] loop4: detected capacity change from 0 to 1764
[  316.240928][T12431] loop4: detected capacity change from 0 to 40427
[  316.267713][T12431] F2FS-fs (loop4): invalid crc value
[  316.359010][T12431] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  316.363900][T12431] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  316.380242][   T33] audit: type=1804 audit(1758719995.514:60): pid=12431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2499" name="/newroot/388/file1/file1" dev="loop4" ino=10 res=1 errno=0
[  316.423051][ T9606] syz-executor: attempt to access beyond end of device
[  316.423051][ T9606] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  316.434303][ T9606] CPU: 1 UID: 0 PID: 9606 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  316.434320][ T9606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  316.434328][ T9606] Call Trace:
[  316.434333][ T9606]  <TASK>
[  316.434338][ T9606]  dump_stack_lvl+0x189/0x250
[  316.434359][ T9606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  316.434373][ T9606]  ? __pfx_queue_work_on+0x10/0x10
[  316.434386][ T9606]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  316.434407][ T9606]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  316.434433][ T9606]  f2fs_handle_critical_error+0x37c/0x540
[  316.434496][ T9606]  f2fs_write_end_io+0x886/0xb60
[  316.434517][ T9606]  __submit_merged_bio+0x27a/0x6a0
[  316.434538][ T9606]  __submit_merged_write_cond+0x255/0x530
[  316.434563][ T9606]  f2fs_write_data_pages+0x261d/0x3000
[  316.434603][ T9606]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  316.434648][ T9606]  ? __mod_zone_page_state+0xd7/0x140
[  316.434670][ T9606]  ? folios_put_refs+0x560/0x640
[  316.434690][ T9606]  ? __lock_acquire+0xab9/0xd20
[  316.434712][ T9606]  ? do_raw_spin_lock+0x121/0x290
[  316.434732][ T9606]  ? do_raw_spin_unlock+0x4d/0x240
[  316.434744][ T9606]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  316.434755][ T9606]  do_writepages+0x32e/0x550
[  316.434779][ T9606]  ? do_raw_spin_unlock+0x4d/0x240
[  316.434794][ T9606]  filemap_fdatawrite+0x199/0x240
[  316.434808][ T9606]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  316.434855][ T9606]  ? do_raw_spin_unlock+0x4d/0x240
[  316.434870][ T9606]  f2fs_sync_dirty_inodes+0x31f/0x830
[  316.434892][ T9606]  f2fs_write_checkpoint+0x95a/0x1df0
[  316.434922][ T9606]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  316.434973][ T9606]  ? kill_f2fs_super+0x298/0x6c0
[  316.434988][ T9606]  kill_f2fs_super+0x2c3/0x6c0
[  316.435004][ T9606]  ? __pfx_kill_f2fs_super+0x10/0x10
[  316.435013][ T9606]  ? radix_tree_delete_item+0x2b6/0x400
[  316.435030][ T9606]  ? shrinker_free+0x2ce/0x3e0
[  316.435043][ T9606]  deactivate_locked_super+0xbc/0x130
[  316.435058][ T9606]  cleanup_mnt+0x425/0x4c0
[  316.435070][ T9606]  ? lockdep_hardirqs_on+0x9c/0x150
[  316.435083][ T9606]  task_work_run+0x1d4/0x260
[  316.435099][ T9606]  ? __pfx_task_work_run+0x10/0x10
[  316.435120][ T9606]  ? __x64_sys_umount+0x122/0x160
[  316.435140][ T9606]  ? exit_to_user_mode_loop+0x40/0x110
[  316.435159][ T9606]  exit_to_user_mode_loop+0xec/0x110
[  316.435173][ T9606]  do_syscall_64+0x2bd/0x3b0
[  316.435184][ T9606]  ? lockdep_hardirqs_on+0x9c/0x150
[  316.435194][ T9606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.435207][ T9606]  ? exc_page_fault+0x9f/0xf0
[  316.435219][ T9606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  316.435229][ T9606] RIP: 0033:0x7fdd0318ff57
[  316.435243][ T9606] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  316.435251][ T9606] RSP: 002b:00007fff6cf0ef38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  316.435265][ T9606] RAX: 0000000000000000 RBX: 00007fdd03211c2d RCX: 00007fdd0318ff57
[  316.435272][ T9606] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff6cf0eff0
[  316.435279][ T9606] RBP: 00007fff6cf0eff0 R08: 0000000000000000 R09: 0000000000000000
[  316.435286][ T9606] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff6cf10080
[  316.435294][ T9606] R13: 00007fdd03211c2d R14: 000000000004d36a R15: 00007fff6cf100c0
[  316.435316][ T9606]  </TASK>
[  316.436254][ T9606] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  316.689431][T12449] loop0: detected capacity change from 0 to 32768
[  316.766207][T12449] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  316.821634][T12449] XFS (loop0): Ending clean mount
[  316.827268][T12449] XFS (loop0): Quotacheck needed: Please wait.
[  316.849472][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  316.852266][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  316.903027][T12449] XFS (loop0): Quotacheck: Done.
[  316.958231][ T5849] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  317.703730][   T10] usb 1-1: new high-speed USB device number 38 using dummy_hcd
[  317.857466][   T10] usb 1-1: config 0 has an invalid interface number: 69 but max is 0
[  317.860936][   T10] usb 1-1: config 0 has no interface number 0
[  317.871003][   T10] usb 1-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  317.940499][   T10] usb 1-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  317.947570][   T10] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  317.951150][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.964592][   T10] usb 1-1: Product: syz
[  317.966458][   T10] usb 1-1: Manufacturer: syz
[  317.968464][   T10] usb 1-1: SerialNumber: syz
[  317.996215][   T10] usb 1-1: config 0 descriptor??
[  318.004392][T12471] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  318.009502][   T10] cyberjack 1-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  318.026773][   T10] usb 1-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  318.303764][   T10] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  318.423983][ T5907] usb 1-1: USB disconnect, device number 38
[  318.438640][ T5907] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  318.453941][ T5907] cyberjack 1-1:0.69: device disconnected
[  318.454169][   T10] usb 5-1: Using ep0 maxpacket: 16
[  318.464606][   T10] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  318.470989][   T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.478244][   T10] usb 5-1: config 0 descriptor??
[  318.493059][   T10] gspca_main: sonixj-2.14.0 probing 0471:0327
[  319.064254][T12491] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2520'.
[  319.068891][T12491] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2520'.
[  319.089322][T12491] batadv1: entered promiscuous mode
[  319.091668][T12491] batadv1: entered allmulticast mode
[  319.799748][T12509] Bluetooth: hci0: load_link_keys: too big key_count value 32768
[  319.877188][   T33] audit: type=1326 audit(1758719999.013:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12510 comm="syz.5.2529" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f601092ae09 code=0x7ffc0000
[  319.893149][   T33] audit: type=1326 audit(1758719999.033:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12510 comm="syz.5.2529" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f601092ae09 code=0x7ffc0000
[  319.911754][   T33] audit: type=1326 audit(1758719999.033:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12510 comm="syz.5.2529" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f601092ae09 code=0x7ffc0000
[  319.921160][   T33] audit: type=1326 audit(1758719999.033:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12510 comm="syz.5.2529" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601098ec29 code=0x7ffc0000
[  319.934397][   T33] audit: type=1326 audit(1758719999.033:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12510 comm="syz.5.2529" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f601092ae09 code=0x7ffc0000
[  319.946380][   T33] audit: type=1326 audit(1758719999.033:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12510 comm="syz.5.2529" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f601092ae09 code=0x7ffc0000
[  319.964102][   T33] audit: type=1326 audit(1758719999.033:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12510 comm="syz.5.2529" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f601092ae09 code=0x7ffc0000
[  319.973283][   T33] audit: type=1326 audit(1758719999.033:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12510 comm="syz.5.2529" exe="/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f601092ae09 code=0x7ffc0000
[  320.373992][   T10] gspca_sonixj: i2c_w8 err -71
[  320.404082][   T10] sonixj 5-1:0.0: probe with driver sonixj failed with error -71
[  320.409877][   T10] usb 5-1: USB disconnect, device number 15
[  321.025010][T12532] loop5: detected capacity change from 0 to 1024
[  321.043652][T12532] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  321.050439][T12532] ext4 filesystem being mounted at /313/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  321.089382][ T1091] EXT4-fs error (device loop5): ext4_validate_block_bitmap:441: comm kworker/u9:4: bg 0: block 393: padding at end of block bitmap is not set
[  321.118162][ T1091] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 1 with error 28
[  321.122216][ T1091] EXT4-fs (loop5): This should not happen!! Data will be lost
[  321.122216][ T1091] 
[  321.125560][ T1091] EXT4-fs (loop5): Total free blocks count 0
[  321.127632][ T1091] EXT4-fs (loop5): Free/Dirty block details
[  321.129666][ T1091] EXT4-fs (loop5): free_blocks=0
[  321.131359][ T1091] EXT4-fs (loop5): dirty_blocks=0
[  321.134582][ T1091] EXT4-fs (loop5): Block reservation details
[  321.136744][ T1091] EXT4-fs (loop5): i_reserved_data_blocks=0
[  321.171807][T10019] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  321.336010][T12543] netlink: 'syz.4.2540': attribute type 4 has an invalid length.
[  321.345932][T12543] netlink: 'syz.4.2540': attribute type 4 has an invalid length.
[  321.396363][T12545] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  321.461685][T12551] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2544'.
[  321.507877][T12553] loop0: detected capacity change from 0 to 256
[  321.528940][T12553] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a39, chksum : 0xd54015fb, utbl_chksum : 0xe619d30d)
[  322.294211][  T794] usb 1-1: new high-speed USB device number 39 using dummy_hcd
[  322.454317][  T794] usb 1-1: Using ep0 maxpacket: 32
[  322.462260][  T794] usb 1-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  322.471432][  T794] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  322.476624][  T794] usb 1-1: config 0 descriptor??
[  322.482725][  T794] gspca_main: sunplus-2.14.0 probing 041e:400b
[  323.492361][  T794] gspca_sunplus: reg_w_riv err -71
[  323.497095][  T794] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  323.506742][  T794] usb 1-1: USB disconnect, device number 39
[  324.993160][T12606] loop5: detected capacity change from 0 to 1024
[  325.031428][T12606] hfsplus: invalid catalog btree flag
[  325.046624][T12606] hfsplus: failed to load catalog file
[  325.244020][T12619] loop0: detected capacity change from 0 to 256
[  325.275437][T12619] exfat: Deprecated parameter 'utf8'
[  325.295753][T12619] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  325.408067][T12628] loop5: detected capacity change from 0 to 1024
[  325.434710][T12628] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  325.445776][T12628] ext4 filesystem being mounted at /331/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  325.470746][T12628] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  325.616916][  T794] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  325.643294][T12641] overlayfs: failed to clone upperpath
[  325.784866][  T794] usb 5-1: Using ep0 maxpacket: 32
[  325.791872][  T794] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  325.803905][  T794] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  325.820321][  T794] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  325.824330][  T794] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.842255][  T794] usb 5-1: config 0 descriptor??
[  325.857328][  T794] hub 5-1:0.0: USB hub found
[  325.869933][T12655] loop0: detected capacity change from 0 to 16
[  325.900036][T12655] evm: overlay not supported
[  325.921832][T12655] overlayfs: failed to get index nlink (file2/file1, err=-61)
[  326.008176][T12661] loop0: detected capacity change from 0 to 512
[  326.069311][T12661] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0007-000000000000 r/w without journal. Quota mode: writeback.
[  326.084249][T12661] ext4 filesystem being mounted at /847/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  326.089424][  T794] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  326.099764][T12661] __quota_error: 36 callbacks suppressed
[  326.099774][T12661] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[  326.110490][T12661] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  326.114136][T12661] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.2593: Failed to acquire dquot type 0
[  326.126341][T12661] Quota error (device loop0): do_check_range: Getting block 67108864 out of range 0-8
[  326.142546][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0007-000000000000.
[  326.330811][  T794] hid-generic 0003:046D:C31C.000C: item fetching failed at offset 0/1
[  326.339434][  T794] hid-generic 0003:046D:C31C.000C: probe with driver hid-generic failed with error -22
[  326.635908][  T794] usb 5-1: USB disconnect, device number 16
[  326.937962][   T33] audit: type=1326 audit(1758720006.082:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12679 comm="syz.5.2601" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601098ec29 code=0x7ffc0000
[  326.946470][   T33] audit: type=1326 audit(1758720006.092:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12679 comm="syz.5.2601" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601098ec29 code=0x7ffc0000
[  326.956057][   T33] audit: type=1326 audit(1758720006.102:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12679 comm="syz.5.2601" exe="/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f601098ec29 code=0x7ffc0000
[  326.967740][   T33] audit: type=1326 audit(1758720006.102:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12679 comm="syz.5.2601" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601098ec29 code=0x7ffc0000
[  326.978631][   T33] audit: type=1326 audit(1758720006.102:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12679 comm="syz.5.2601" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601098ec29 code=0x7ffc0000
[  326.987911][   T33] audit: type=1326 audit(1758720006.112:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12679 comm="syz.5.2601" exe="/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f601098ec29 code=0x7ffc0000
[  326.998593][   T33] audit: type=1326 audit(1758720006.112:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12679 comm="syz.5.2601" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f601098ec29 code=0x7ffc0000
[  327.154415][T12688] loop0: detected capacity change from 0 to 512
[  327.778419][T12694] loop0: detected capacity change from 0 to 2048
[  327.864602][T12694] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  327.921993][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  328.102936][T12699] loop0: detected capacity change from 0 to 64
[  328.167470][T12699] Trying to free block not in datazone
[  328.335959][T12719] loop4: detected capacity change from 0 to 128
[  328.342266][T12719] EXT4-fs: Ignoring removed nomblk_io_submit option
[  328.348294][T12719] EXT4-fs: Ignoring removed nomblk_io_submit option
[  328.351319][T12719] EXT4-fs (loop4): Test dummy encryption mode enabled
[  328.356185][T12719] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  328.360463][T12719] ext4 filesystem being mounted at /407/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  328.373183][T12719] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  328.411021][ T9606] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  328.598170][T12736] netlink: 'syz.4.2623': attribute type 64 has an invalid length.
[  328.612100][T12736] netlink: 'syz.4.2623': attribute type 4 has an invalid length.
[  328.615806][T12736] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2623'.
[  328.665164][T12738] netlink: 172 bytes leftover after parsing attributes in process `syz.0.2624'.
[  328.922929][T12756] loop4: detected capacity change from 0 to 164
[  328.953449][T12756] Unable to read rock-ridge attributes
[  329.398056][T12772] Unable to read rock-ridge attributes
[  330.585846][T12789] gfs2: path_lookup on /dev/virtual_nci returned error -2
[  331.203567][T12791] loop0: detected capacity change from 0 to 8192
[  331.254155][ T5846]  loop0: p1 p2[DM] p4
[  331.259512][ T5846] loop0: p1 size 196608 extends beyond EOD, truncated
[  331.269446][ T5846] loop0: p2 start 4292936063 is beyond EOD, truncated
[  331.271751][ T5846] loop0: p4 size 50331648 extends beyond EOD, truncated
[  331.284219][T12791]  loop0: p1 p2[DM] p4
[  331.288778][T12791] loop0: p1 size 196608 extends beyond EOD, truncated
[  331.297153][T12791] loop0: p2 start 4292936063 is beyond EOD, truncated
[  331.300059][T12791] loop0: p4 size 50331648 extends beyond EOD, truncated
[  331.760909][T12811] loop4: detected capacity change from 0 to 64
[  331.819720][T12811] syz.4.2658: attempt to access beyond end of device
[  331.819720][T12811] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  331.843546][T12811] Buffer I/O error on dev loop4, logical block 134217734, async page read
[  331.869471][T12811] syz.4.2658: attempt to access beyond end of device
[  331.869471][T12811] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  331.892134][T12811] Buffer I/O error on dev loop4, logical block 134217734, async page read
[  331.998876][T12823] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  332.103146][T12829] loop0: detected capacity change from 0 to 512
[  332.130216][T12829] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  332.142282][T12829] ext4 filesystem being mounted at /884/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  332.147958][T12834] netdevsim netdevsim4: Direct firmware load for ./file0/file1 failed with error -2
[  332.155478][T12834] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0/file1
[  332.175519][T12829] __quota_error: 47 callbacks suppressed
[  332.175537][T12829] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[  332.181911][T12829] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  332.185909][T12829] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.2668: Failed to acquire dquot type 1
[  332.224958][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.271198][T12836] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0
[  332.460786][T12846] loop0: detected capacity change from 0 to 1024
[  332.465045][T12846] EXT4-fs: Ignoring removed nobh option
[  332.471287][T12846] EXT4-fs: Ignoring removed bh option
[  332.498640][T12846] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  332.561411][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.758656][T12863] loop0: detected capacity change from 0 to 2048
[  332.791903][T12863] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  332.809568][T12863] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[  332.847148][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.998040][T12873] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2685'.
[  333.073901][T12876] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  333.114426][T12882] loop4: detected capacity change from 0 to 512
[  333.119514][T12882] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.2689: casefold flag without casefold feature
[  333.124141][T12882] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.2689: couldn't read orphan inode 15 (err -117)
[  333.131987][T12882] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  333.158126][ T9606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.285151][T12891] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2692'.
[  333.294786][T12891] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2692'.
[  333.514865][T12905] loop4: detected capacity change from 0 to 128
[  333.660280][T12908] dlm: no locking on control device
[  334.225035][T12920] loop0: detected capacity change from 0 to 256
[  334.230485][T12920] exfat: Deprecated parameter 'namecase'
[  334.235714][T12920] exfat: Deprecated parameter 'utf8'
[  334.241778][T12920] exfat: Deprecated parameter 'utf8'
[  334.244513][T12920] exFAT-fs (loop0): Invalid exboot-signature(sector = 5): 0x00000000
[  334.248837][T12920] exFAT-fs (loop0): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0xe119aafb)
[  334.253379][T12920] exFAT-fs (loop0): invalid boot region
[  334.258004][T12920] exFAT-fs (loop0): failed to recognize exfat type
[  335.016522][  T794] usb 1-1: new high-speed USB device number 40 using dummy_hcd
[  335.185833][  T794] usb 1-1: Using ep0 maxpacket: 32
[  335.190511][  T794] usb 1-1: config 0 has an invalid interface number: 51 but max is 0
[  335.193543][  T794] usb 1-1: config 0 has no interface number 0
[  335.198079][  T794] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  335.201761][  T794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.205030][  T794] usb 1-1: Product: syz
[  335.206677][  T794] usb 1-1: Manufacturer: syz
[  335.208308][  T794] usb 1-1: SerialNumber: syz
[  335.212935][  T794] usb 1-1: config 0 descriptor??
[  335.218493][  T794] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  335.265831][ T5852] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  335.416049][ T5852] usb 5-1: Using ep0 maxpacket: 32
[  335.421538][ T5852] usb 5-1: config 0 has an invalid interface number: 255 but max is 0
[  335.426600][ T5852] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  335.427088][  T794] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  335.430727][ T5852] usb 5-1: config 0 has no interface number 0
[  335.439051][ T5852] usb 5-1: config 0 interface 255 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  335.441359][  T794] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  335.443184][ T5852] usb 5-1: config 0 interface 255 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  335.455823][ T5852] usb 5-1: config 0 interface 255 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  335.465197][ T5852] usb 5-1: New USB device found, idVendor=0499, idProduct=152e, bcdDevice=b4.9a
[  335.472359][ T5852] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  335.475907][ T5852] usb 5-1: Product: syz
[  335.477831][ T5852] usb 5-1: Manufacturer: syz
[  335.480068][ T5852] usb 5-1: SerialNumber: syz
[  335.499052][ T5852] usb 5-1: config 0 descriptor??
[  335.764150][ T5852] usb 5-1: USB disconnect, device number 17
[  335.792453][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.255/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  335.828488][    C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71
[  335.833903][  T794] usb 1-1: USB disconnect, device number 40
[  335.849709][  T794] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  335.880694][  T794] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  335.886081][  T794] quatech2 1-1:0.51: device disconnected
[  336.490891][ T5850] IPVS: starting estimator thread 0...
[  336.576265][T12956] IPVS: using max 77 ests per chain, 184800 per kthread
[  336.905244][T12951] loop4: detected capacity change from 0 to 40427
[  336.913658][T12951] F2FS-fs (loop4): build fault injection rate: 14
[  336.916603][T12951] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  336.956722][T12951] F2FS-fs (loop4): invalid crc value
[  337.081371][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  337.253185][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  337.310677][T12977] sctp: [Deprecated]: syz.5.2728 (pid 12977) Use of struct sctp_assoc_value in delayed_ack socket option.
[  337.310677][T12977] Use struct sctp_sack_info instead
[  337.346460][T12951] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  337.350403][T12951] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  337.361409][T12951] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  337.392796][T12951] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  337.403612][T12951] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x249/0x1cf0
[  337.410588][T12951] F2FS-fs (loop4): inconsistent node block, node_type:1, nid:3, node_footer[nid:3,ino:3,ofs:0,cpver:1219692001,blkaddr:4098]
[  337.474551][    C1] F2FS-fs (loop4): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[  337.480242][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  337.480286][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  337.480294][    C1] Call Trace:
[  337.480300][    C1]  <TASK>
[  337.480307][    C1]  dump_stack_lvl+0x189/0x250
[  337.480328][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  337.480342][    C1]  ? __pfx_queue_work_on+0x10/0x10
[  337.480356][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  337.480375][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  337.480393][    C1]  ? f2fs_hw_is_readonly+0x39b/0x470
[  337.480413][    C1]  f2fs_handle_critical_error+0x37c/0x540
[  337.480433][    C1]  f2fs_write_end_io+0x886/0xb60
[  337.480455][    C1]  blk_update_request+0x57e/0xe60
[  337.480479][    C1]  blk_mq_end_request+0x3e/0x70
[  337.480494][    C1]  blk_flush_complete_seq+0x678/0xcc0
[  337.480514][    C1]  flush_end_io+0xbaf/0xe60
[  337.480537][    C1]  __blk_mq_end_request+0x46a/0x630
[  337.480553][    C1]  blk_done_softirq+0x10a/0x160
[  337.480569][    C1]  handle_softirqs+0x286/0x870
[  337.480583][    C1]  ? run_ksoftirqd+0x9b/0x100
[  337.480599][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  337.480612][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  337.480626][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  337.480636][    C1]  run_ksoftirqd+0x9b/0x100
[  337.480648][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  337.480665][    C1]  smpboot_thread_fn+0x542/0xa60
[  337.480677][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  337.480693][    C1]  kthread+0x711/0x8a0
[  337.480709][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  337.480719][    C1]  ? __pfx_kthread+0x10/0x10
[  337.480734][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  337.480749][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  337.480760][    C1]  ? __pfx_kthread+0x10/0x10
[  337.480774][    C1]  ret_from_fork+0x439/0x7d0
[  337.480789][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  337.480804][    C1]  ? __switch_to_asm+0x39/0x70
[  337.480817][    C1]  ? __switch_to_asm+0x33/0x70
[  337.480829][    C1]  ? __pfx_kthread+0x10/0x10
[  337.480843][    C1]  ret_from_fork_asm+0x1a/0x30
[  337.480867][    C1]  </TASK>
[  337.480871][    C1] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  337.586152][ T9606] F2FS-fs (loop4): do_checkpoint failed err:-5, stop checkpoint
[  337.772912][T12994] netlink: 'syz.5.2736': attribute type 11 has an invalid length.
[  337.859107][T12998] loop4: detected capacity change from 0 to 24
[  337.863101][T12998] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  337.887958][T12998] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  337.954902][T13004] loop4: detected capacity change from 0 to 512
[  337.971285][T13004] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  337.975710][T13004] ext4 filesystem being mounted at /437/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  337.981299][ T5850] usb 1-1: new high-speed USB device number 41 using dummy_hcd
[  338.115813][ T9606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.136727][ T5850] usb 1-1: Using ep0 maxpacket: 16
[  338.141239][ T5850] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  338.145866][ T5850] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  338.150175][ T5850] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  338.154726][ T5850] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  338.182565][ T5850] usb 1-1: config 0 descriptor??
[  338.622993][ T5850] corsair 0003:1B1C:1B02.000D: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.0-1/input0
[  338.646331][ T5907] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  338.799379][ T5907] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  338.803315][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  338.809755][ T5907] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  338.827361][ T5907] usb 5-1: New USB device found, idVendor=05f3, idProduct=0240, bcdDevice=1b.24
[  338.830304][ T5907] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.833078][ T5907] usb 5-1: Product: syz
[  338.834818][ T5907] usb 5-1: Manufacturer: syz
[  338.844395][ T5907] usb 5-1: SerialNumber: syz
[  338.848124][ T5907] usb 5-1: config 0 descriptor??
[  338.850629][T13017] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  339.025350][  T794] usb 1-1: USB disconnect, device number 41
[  339.100966][ T5907] powermate: unknown product id 0240
[  339.103443][ T5907] powermate: Expected payload of 3--6 bytes, found 1024 bytes!
[  339.112010][ T5907] input: Griffin SoundKnob as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input14
[  339.569907][T13029] netlink: 392 bytes leftover after parsing attributes in process `syz.0.2750'.
[  339.683350][    C1] powermate: config urb returned -71
[  339.683806][ T5850] usb 5-1: USB disconnect, device number 18
[  339.685617][    C1] powermate: usb_submit_urb(config) failed
[  339.688734][    C1] powermate 5-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  340.524059][T13058] netlink: 'syz.5.2764': attribute type 2 has an invalid length.
[  340.536437][T13058] netlink: 'syz.5.2764': attribute type 8 has an invalid length.
[  340.539850][T13058] netlink: 1148 bytes leftover after parsing attributes in process `syz.5.2764'.
[  340.584906][T13060] overlayfs: failed to resolve './cgroup': -2
[  340.596385][ T5852] usb 5-1: new full-speed USB device number 19 using dummy_hcd
[  340.639995][T13054] loop0: detected capacity change from 0 to 32768
[  340.647488][T13062] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  340.748497][ T5852] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[  340.751392][ T5852] usb 5-1: config 1 has no interface number 0
[  340.753765][ T5852] usb 5-1: config 1 interface 105 has no altsetting 0
[  340.759534][ T5852] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  340.763176][ T5852] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.766985][ T5852] usb 5-1: Product: syz
[  340.768727][ T5852] usb 5-1: Manufacturer: syz
[  340.770665][ T5852] usb 5-1: SerialNumber: syz
[  340.900379][T13075] netlink: 'syz.0.2772': attribute type 21 has an invalid length.
[  340.978146][ T5852] aqc111 5-1:1.105: probe with driver aqc111 failed with error -22
[  341.005602][T13073] bridge0: port 3(netdevsim0) entered disabled state
[  341.009448][T13073] bridge0: port 2(bridge_slave_1) entered disabled state
[  341.013293][T13073] bridge0: port 1(bridge_slave_0) entered disabled state
[  341.029896][T13073] bond0: left allmulticast mode
[  341.032302][T13073] bond_slave_0: left allmulticast mode
[  341.034797][T13073] bond_slave_1: left allmulticast mode
[  341.183044][ T5852] usb 5-1: USB disconnect, device number 19
[  341.295839][T13073] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  341.313964][T13073] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  341.675451][   T12] netdevsim netdevsim5 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  341.686799][ T5874] netdevsim netdevsim5 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  341.691031][ T5874] netdevsim netdevsim5 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  341.704829][ T5874] netdevsim netdevsim5 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  342.298362][T13115] loop4: detected capacity change from 0 to 32768
[  342.312905][T13115] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  342.329043][T13115] XFS (loop4): Log size 516 blocks too small, minimum size is 636 blocks
[  342.332542][T13115] XFS (loop4): AAIEEE! Log failed size checks. Abort!
[  342.347620][  T794] usb 1-1: new high-speed USB device number 42 using dummy_hcd
[  342.352263][T13115] XFS (loop4): log mount failed
[  342.545315][  T794] usb 1-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=da.8e
[  342.549793][  T794] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  342.553271][  T794] usb 1-1: Product: syz
[  342.561390][  T794] usb 1-1: Manufacturer: syz
[  342.567795][  T794] usb 1-1: SerialNumber: syz
[  342.581166][  T794] usb 1-1: config 0 descriptor??
[  342.585264][  T794] hub 1-1:0.0: bad descriptor, ignoring hub
[  342.588833][  T794] hub 1-1:0.0: probe with driver hub failed with error -5
[  342.592765][  T794] usbsevseg 1-1:0.0: USB 7 Segment device now attached
[  342.917877][  T794] usb 1-1: USB disconnect, device number 42
[  342.921292][  T794] usbsevseg 1-1:0.0: USB 7 Segment now disconnected
[  343.276808][   T47] usb 5-1: new full-speed USB device number 20 using dummy_hcd
[  343.429462][   T47] usb 5-1: config 2 has an invalid interface number: 211 but max is 0
[  343.438974][   T47] usb 5-1: config 2 has no interface number 0
[  343.441548][   T47] usb 5-1: config 2 interface 211 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64
[  343.445811][   T47] usb 5-1: config 2 interface 211 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 4
[  343.461450][   T47] usb 5-1: New USB device found, idVendor=2040, idProduct=8268, bcdDevice=27.95
[  343.470552][   T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.476800][   T47] usb 5-1: Product: syz
[  343.484525][   T47] usb 5-1: Manufacturer: syz
[  343.486483][   T47] usb 5-1: SerialNumber: syz
[  343.497346][T13139] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  343.503206][   T47] em28xx 5-1:2.211: New device syz syz @ 12 Mbps (2040:8268, interface 211, class 211)
[  343.507906][   T47] em28xx 5-1:2.211: Device initialization failed.
[  343.516960][   T47] em28xx 5-1:2.211: Device must be connected to a high-speed USB 2.0 port.
[  343.535103][T13157] loop0: detected capacity change from 0 to 512
[  343.574641][T13157] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  343.589887][T13157] ext4 filesystem being mounted at /924/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  343.622709][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.712978][T10305] usb 5-1: USB disconnect, device number 20
[  344.030071][T13168] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2808'.
[  344.033670][T13168] netlink: 'syz.5.2808': attribute type 5 has an invalid length.
[  345.045457][T13196] Sensor A: =================  START STATUS  =================
[  345.050092][T13196] Sensor A: Test Pattern: 75% Colorbar
[  345.056471][T13196] Sensor A: Show Information: All
[  345.060446][T13196] Sensor A: Vertical Flip: false
[  345.062829][T13196] Sensor A: Horizontal Flip: true
[  345.064827][T13196] Sensor A: Brightness: 128
[  345.071377][T13196] Sensor A: Contrast: 128
[  345.073105][T13196] Sensor A: Hue: 0
[  345.074925][T13196] Sensor A: Saturation: 128
[  345.078068][T13196] Sensor A: ==================  END STATUS  ==================
[  345.279347][T13202] netlink: 100 bytes leftover after parsing attributes in process `syz.0.2824'.
[  345.758910][T13216] loop0: detected capacity change from 0 to 128
[  345.776491][T13216] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  345.793376][T13216] hpfs: filesystem error: improperly stopped
[  345.795427][T13216] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  345.798431][T13216] hpfs: You really don't want any checks? You are crazy...
[  345.801558][T13216] hpfs: hpfs_map_sector(): read error
[  345.803525][T13216] hpfs: code page support is disabled
[  345.806517][T13216] hpfs: hpfs_map_4sectors(): unaligned read
[  345.808829][T13216] hpfs: hpfs_map_4sectors(): unaligned read
[  345.811286][T13216] hpfs: filesystem error: unable to find root dir
[  345.820788][T13216] hpfs: hpfs_map_4sectors(): unaligned read
[  346.387095][ T5850] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  346.540482][ T5850] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  346.544822][ T5850] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  346.549657][ T5850] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  346.553518][ T5850] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  346.560109][ T5850] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  346.563946][ T5850] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  346.567862][ T5850] usb 5-1: Manufacturer: syz
[  346.572089][ T5850] usb 5-1: config 0 descriptor??
[  346.984781][ T5850] appleir 0003:05AC:8243.000E: unknown main item tag 0x0
[  346.996800][ T5850] appleir 0003:05AC:8243.000E: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  347.250730][ T5850] usb 5-1: USB disconnect, device number 21
[  347.830034][T13286] loop4: detected capacity change from 0 to 128
[  347.850272][T13290] netlink: 65039 bytes leftover after parsing attributes in process `syz.0.2864'.
[  347.856372][T13286] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  347.883990][T13286] ext4 filesystem being mounted at /464/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  347.890916][T13293] autofs4:pid:13293:validate_dev_ioctl: path string terminator missing for cmd(0xc018937e)
[  347.901613][T13286] EXT4-fs warning (device loop4): verify_group_input:137: Cannot add at group 25 (only 1 groups)
[  347.935481][ T9606] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  348.308154][T10305] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  348.470611][T10305] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  348.470683][T10305] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  348.470693][T10305] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  348.470703][T10305] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  348.472419][T10305] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  348.472431][T10305] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.472439][T10305] usb 5-1: Product: syz
[  348.472445][T10305] usb 5-1: Manufacturer: syz
[  348.472451][T10305] usb 5-1: SerialNumber: syz
[  348.474348][T10305] usb 5-1: config 0 descriptor??
[  348.718800][T10305] adutux 5-1:0.0: Could not retrieve serial number
[  348.718891][T10305] adutux 5-1:0.0: probe with driver adutux failed with error -5
[  348.740591][T13310] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2872'.
[  348.762670][T13310] team1: entered promiscuous mode
[  348.762688][T13310] team1: entered allmulticast mode
[  348.922097][   T47] usb 5-1: USB disconnect, device number 22
[  349.013484][T13319] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  349.064346][T13322] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2879'.
[  349.279811][T13336] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2885'.
[  349.508103][T13346] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  349.554900][T13350] loop0: detected capacity change from 0 to 512
[  349.614547][T13352] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2893'.
[  350.896585][T13380] loop0: detected capacity change from 0 to 4096
[  350.906058][T13380] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512).
[  350.919758][T13380] ntfs3(loop0): ino=3, mi_enum_attr
[  350.979120][T13380] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  350.985738][T13384] syzkaller1: entered promiscuous mode
[  350.991979][T13384] syzkaller1: entered allmulticast mode
[  351.307403][T13398] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2908'.
[  352.193372][T13422] loop0: detected capacity change from 0 to 2048
[  352.376197][T13437] loop0: detected capacity change from 0 to 256
[  352.404310][T13437] FAT-fs (loop0): Directory bread(block 64) failed
[  352.407271][T13437] FAT-fs (loop0): Directory bread(block 65) failed
[  352.415454][T13437] FAT-fs (loop0): Directory bread(block 66) failed
[  352.420749][T13437] FAT-fs (loop0): Directory bread(block 67) failed
[  352.423459][T13437] FAT-fs (loop0): Directory bread(block 68) failed
[  352.426131][T13437] FAT-fs (loop0): Directory bread(block 69) failed
[  352.439270][T13437] FAT-fs (loop0): Directory bread(block 70) failed
[  352.442418][T13437] FAT-fs (loop0): Directory bread(block 71) failed
[  352.445858][T13437] FAT-fs (loop0): Directory bread(block 72) failed
[  352.457896][T13437] FAT-fs (loop0): Directory bread(block 73) failed
[  352.642665][T13452] loop0: detected capacity change from 0 to 512
[  352.646952][T13452] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  352.666176][T13452] EXT4-fs (loop0): 1 truncate cleaned up
[  352.680857][T13452] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  352.706555][T13452] syz.0.2935 (pid 13452) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  352.738568][ T5849] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  353.000123][T13467] loop4: detected capacity change from 0 to 4096
[  353.250532][   T26] ntfs3(loop4): ino=5, mi_enum_attr
[  353.658889][T10305] usb 1-1: new high-speed USB device number 43 using dummy_hcd
[  353.820069][T10305] usb 1-1: Using ep0 maxpacket: 16
[  353.844157][T10305] usb 1-1: config 0 has an invalid interface number: 64 but max is 0
[  353.850062][T10305] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  353.855576][T10305] usb 1-1: config 0 has no interface number 0
[  353.872506][T10305] usb 1-1: New USB device found, idVendor=0bd3, idProduct=05f4, bcdDevice= 0.5b
[  353.876980][T10305] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  353.893766][T10305] usb 1-1: config 0 descriptor??
[  353.916607][T10305] usb 1-1: Found UVC 0.00 device <unnamed> (0bd3:05f4)
[  353.943349][T10305] usb 1-1: No valid video chain found.
[  354.124847][T10305] usb 1-1: USB disconnect, device number 43
[  354.588790][T13522] loop4: detected capacity change from 0 to 128
[  354.595687][T13522] EXT4-fs (loop4): Test dummy encryption mode enabled
[  354.600862][T13522] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  354.605526][T13522] ext4 filesystem being mounted at /496/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  354.651548][ T9606] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  354.942254][T13528] netlink: 'syz.4.2967': attribute type 4 has an invalid length.
[  356.037344][T13555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2981'.
[  356.044202][T13555] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2981'.
[  356.050715][T13555] netlink: 'syz.0.2981': attribute type 20 has an invalid length.
[  356.069851][ T5707] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  356.080803][T13555] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2981'.
[  356.084615][T13555] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2981'.
[  356.088516][ T5707] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  356.092053][ T5707] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  356.095635][ T5707] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  356.103922][T13555] netlink: 'syz.0.2981': attribute type 20 has an invalid length.
[  356.187145][T13564] loop0: detected capacity change from 0 to 1024
[  356.245476][T13564] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2985'.
[  356.385670][   T33] audit: type=1326 audit(1758720035.519:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13567 comm="syz.5.2986" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f601098ec29 code=0x0
[  356.514482][T13571] loop0: detected capacity change from 0 to 1024
[  356.878385][ T5852] usb 1-1: new high-speed USB device number 44 using dummy_hcd
[  356.882094][T13561] loop4: detected capacity change from 0 to 131072
[  356.888037][T13561] F2FS-fs (loop4): Invalid log sectorsize (67108873)
[  356.890919][T13561] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  356.894743][T13561] F2FS-fs (loop4): invalid crc value
[  356.926283][T13561] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  356.931911][T13561] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  356.934962][T13561] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  357.032827][ T5852] usb 1-1: config 0 has an invalid interface number: 174 but max is 1
[  357.036285][ T5852] usb 1-1: config 0 has an invalid interface number: 66 but max is 1
[  357.040017][ T5852] usb 1-1: config 0 has no interface number 0
[  357.042645][ T5852] usb 1-1: config 0 has no interface number 1
[  357.045234][ T5852] usb 1-1: config 0 interface 174 has no altsetting 0
[  357.048139][ T5852] usb 1-1: config 0 interface 66 has no altsetting 0
[  357.051256][ T5852] usb 1-1: New USB device found, idVendor=04c1, idProduct=009d, bcdDevice=d2.d0
[  357.055277][ T5852] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.065793][ T5852] usb 1-1: config 0 descriptor??
[  357.292585][ T5852] usb 1-1: string descriptor 0 read error: -71
[  357.319373][ T5852] usb 1-1: USB disconnect, device number 44
[  357.364457][T13581] lo speed is unknown, defaulting to 1000
[  358.135358][T13607] tc_dump_action: action bad kind
[  358.456632][T13620] netlink: 'syz.4.3005': attribute type 1 has an invalid length.
[  358.461804][T13620] netlink: 'syz.4.3005': attribute type 3 has an invalid length.
[  358.464373][T13620] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3005'.
[  358.575214][T13628] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  358.614147][T13630] loop4: detected capacity change from 0 to 16
[  358.624813][T13630] erofs (device loop4): mounted with root inode @ nid 36.
[  358.633053][T13630] syz.4.3010: attempt to access beyond end of device
[  358.633053][T13630] loop4: rw=524288, sector=34359738360, nr_sectors = 64 limit=16
[  358.659630][T13630] syz.4.3010: attempt to access beyond end of device
[  358.659630][T13630] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  358.666015][T13630] erofs (device loop4): failed to readdir of logical block 0 of nid 36
[  358.677075][T13630] syz.4.3010: attempt to access beyond end of device
[  358.677075][T13630] loop4: rw=0, sector=34359738360, nr_sectors = 8 limit=16
[  358.688169][T13630] erofs (device loop4): failed to readdir of logical block 0 of nid 36
[  358.755502][T13635] loop4: detected capacity change from 0 to 512
[  358.783135][T13635] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  358.810729][T13635] ext4 filesystem being mounted at /521/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  358.833239][T13646] loop0: detected capacity change from 0 to 8
[  358.837010][T13646] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  358.845049][T13635] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.3012: corrupted inode contents
[  358.850180][T13646] cramfs: Error -5 while decompressing!
[  358.855691][T13646] cramfs: ffffffff99bf86a8(26)->ffff88801261b000(4096)
[  358.860415][T13646] cramfs: Error -3 while decompressing!
[  358.863009][T13646] cramfs: ffffffff99bf86c2(26)->ffff888012619000(4096)
[  358.866503][T13646] cramfs: Error -3 while decompressing!
[  358.874852][T13635] EXT4-fs error (device loop4): ext4_dirty_inode:6538: inode #2: comm syz.4.3012: mark_inode_dirty error
[  358.878582][T13646] cramfs: ffffffff99bf86dc(16)->ffff888012618000(4096)
[  358.882015][T13646] cramfs: Error -5 while decompressing!
[  358.883948][T13646] cramfs: ffffffff99bf86a8(26)->ffff88801261b000(4096)
[  358.892277][T13635] EXT4-fs error (device loop4): ext4_do_update_inode:5653: inode #2: comm syz.4.3012: corrupted inode contents
[  358.899993][T13635] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.3012: mark_inode_dirty error
[  359.002405][ T9606] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.121882][T13656] Bluetooth: MGMT ver 1.23
[  359.304613][T13666] loop4: detected capacity change from 0 to 1024
[  359.349346][T13666] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem
[  359.352449][T13666] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  359.376875][T13666] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (59422!=20869)
[  359.409667][T13666] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  359.441896][T13666] EXT4-fs error (device loop4): ext4_get_journal_inode:5800: inode #17: comm syz.4.3021: iget: bad i_size value: 4398046511204
[  359.451853][T13666] EXT4-fs (loop4): no journal found
[  359.648334][T13675] loop0: detected capacity change from 0 to 128
[  359.917392][T13681] netlink: 'syz.5.3030': attribute type 21 has an invalid length.
[  360.999661][T13705] tipc: Started in network mode
[  361.001962][T13705] tipc: Node identity 4, cluster identity 4711
[  361.004837][T13705] tipc: Node number set to 4
[  361.146105][T13712] netdevsim netdevsim0 netdevsim0: entered promiscuous mode
[  361.455086][T13732] netlink: 'syz.0.3051': attribute type 4 has an invalid length.
[  361.963013][T13740] loop4: detected capacity change from 0 to 40427
[  361.979108][T13740] F2FS-fs (loop4): Small segment_count (9 < 1 * 24)
[  361.988519][T13740] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  362.194341][T13740] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  362.201784][T13740] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  362.205432][T13740] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  362.353329][ T9606] syz-executor: attempt to access beyond end of device
[  362.353329][ T9606] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  362.359785][ T9606] CPU: 1 UID: 0 PID: 9606 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  362.359807][ T9606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  362.359815][ T9606] Call Trace:
[  362.359821][ T9606]  <TASK>
[  362.359827][ T9606]  dump_stack_lvl+0x189/0x250
[  362.359851][ T9606]  ? __pfx_dump_stack_lvl+0x10/0x10
[  362.359867][ T9606]  ? __pfx_queue_work_on+0x10/0x10
[  362.359880][ T9606]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  362.359900][ T9606]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  362.359936][ T9606]  f2fs_handle_critical_error+0x37c/0x540
[  362.359981][ T9606]  f2fs_write_end_io+0x886/0xb60
[  362.360005][ T9606]  __submit_merged_bio+0x27a/0x6a0
[  362.360023][ T9606]  __submit_merged_write_cond+0x255/0x530
[  362.360042][ T9606]  f2fs_write_data_pages+0x261d/0x3000
[  362.360099][ T9606]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  362.360123][ T9606]  ? arch_stack_walk+0xfc/0x150
[  362.360163][ T9606]  ? __mod_zone_page_state+0xd7/0x140
[  362.360189][ T9606]  ? folios_put_refs+0x560/0x640
[  362.360215][ T9606]  ? __lock_acquire+0xab9/0xd20
[  362.360241][ T9606]  ? do_raw_spin_lock+0x121/0x290
[  362.360266][ T9606]  ? do_raw_spin_unlock+0x4d/0x240
[  362.360281][ T9606]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  362.360295][ T9606]  do_writepages+0x32e/0x550
[  362.360321][ T9606]  ? do_raw_spin_unlock+0x4d/0x240
[  362.360339][ T9606]  filemap_fdatawrite+0x199/0x240
[  362.360356][ T9606]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  362.360405][ T9606]  ? do_raw_spin_unlock+0x4d/0x240
[  362.360419][ T9606]  f2fs_sync_dirty_inodes+0x31f/0x830
[  362.360446][ T9606]  f2fs_write_checkpoint+0x95a/0x1df0
[  362.360478][ T9606]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  362.360528][ T9606]  ? call_rcu+0x6ff/0x9c0
[  362.360541][ T9606]  ? lockdep_hardirqs_on+0x9c/0x150
[  362.360555][ T9606]  ? kill_f2fs_super+0x298/0x6c0
[  362.360572][ T9606]  kill_f2fs_super+0x2c3/0x6c0
[  362.360591][ T9606]  ? __pfx_kill_f2fs_super+0x10/0x10
[  362.360602][ T9606]  ? radix_tree_delete_item+0x2b6/0x400
[  362.360620][ T9606]  ? shrinker_free+0x2ce/0x3e0
[  362.360636][ T9606]  deactivate_locked_super+0xbc/0x130
[  362.360654][ T9606]  cleanup_mnt+0x425/0x4c0
[  362.360666][ T9606]  ? lockdep_hardirqs_on+0x9c/0x150
[  362.360681][ T9606]  task_work_run+0x1d4/0x260
[  362.360700][ T9606]  ? __pfx_task_work_run+0x10/0x10
[  362.360714][ T9606]  ? __x64_sys_umount+0x122/0x160
[  362.360735][ T9606]  ? exit_to_user_mode_loop+0x40/0x110
[  362.360755][ T9606]  exit_to_user_mode_loop+0xec/0x110
[  362.360772][ T9606]  do_syscall_64+0x2bd/0x3b0
[  362.360783][ T9606]  ? lockdep_hardirqs_on+0x9c/0x150
[  362.360792][ T9606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.360800][ T9606]  ? exc_page_fault+0x9f/0xf0
[  362.360813][ T9606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.360825][ T9606] RIP: 0033:0x7fdd0318ff57
[  362.360837][ T9606] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  362.360847][ T9606] RSP: 002b:00007fff6cf0ef38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  362.360861][ T9606] RAX: 0000000000000000 RBX: 00007fdd03211c2d RCX: 00007fdd0318ff57
[  362.360870][ T9606] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff6cf0eff0
[  362.360877][ T9606] RBP: 00007fff6cf0eff0 R08: 0000000000000000 R09: 0000000000000000
[  362.360884][ T9606] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff6cf10080
[  362.360892][ T9606] R13: 00007fdd03211c2d R14: 00000000000586d1 R15: 00007fff6cf100c0
[  362.360921][ T9606]  </TASK>
[  362.361789][ T9606] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  363.118265][T13788] loop4: detected capacity change from 0 to 1024
[  363.209894][ T9606] hfsplus: bad catalog entry type
[  363.228239][ T9606] hfsplus: bad catalog entry type
[  363.230759][ T9606] hfsplus: bad catalog entry type
[  363.549575][T12331] ==================================================================
[  363.552875][T12331] BUG: KASAN: slab-use-after-free in __mutex_lock+0x801/0x1350
[  363.555621][T12331] Read of size 8 at addr ffff8881076300a0 by task khidpd_04580058/12331
[  363.558843][T12331] 
[  363.560556][T12331] CPU: 0 UID: 0 PID: 12331 Comm: khidpd_04580058 Not tainted syzkaller #0 PREEMPT(full) 
[  363.560574][T12331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  363.560582][T12331] Call Trace:
[  363.560588][T12331]  <TASK>
[  363.560594][T12331]  dump_stack_lvl+0x189/0x250
[  363.560611][T12331]  ? __kasan_check_byte+0x12/0x40
[  363.560633][T12331]  ? __pfx_dump_stack_lvl+0x10/0x10
[  363.560646][T12331]  ? lock_release+0x4b/0x3e0
[  363.560663][T12331]  ? __virt_addr_valid+0x4a5/0x5c0
[  363.560679][T12331]  print_report+0xca/0x240
[  363.560698][T12331]  ? __mutex_lock+0x801/0x1350
[  363.560710][T12331]  kasan_report+0x118/0x150
[  363.560724][T12331]  ? __mutex_lock+0x801/0x1350
[  363.560736][T12331]  __mutex_lock+0x801/0x1350
[  363.560747][T12331]  ? __mutex_lock+0x5bb/0x1350
[  363.560759][T12331]  ? l2cap_unregister_user+0x6a/0x1b0
[  363.560775][T12331]  ? __pfx___mutex_lock+0x10/0x10
[  363.560785][T12331]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  363.560803][T12331]  l2cap_unregister_user+0x6a/0x1b0
[  363.560818][T12331]  hidp_session_thread+0x3c9/0x410
[  363.560835][T12331]  ? __pfx_hidp_session_thread+0x10/0x10
[  363.560848][T12331]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  363.560863][T12331]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  363.560878][T12331]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  363.560895][T12331]  ? __kthread_parkme+0x7b/0x200
[  363.560906][T12331]  ? __kthread_parkme+0x1a1/0x200
[  363.560917][T12331]  kthread+0x711/0x8a0
[  363.560930][T12331]  ? __pfx_hidp_session_thread+0x10/0x10
[  363.560944][T12331]  ? __pfx_kthread+0x10/0x10
[  363.560956][T12331]  ? _raw_spin_unlock_irq+0x23/0x50
[  363.560970][T12331]  ? lockdep_hardirqs_on+0x9c/0x150
[  363.560980][T12331]  ? __pfx_kthread+0x10/0x10
[  363.560987][T12331]  ret_from_fork+0x439/0x7d0
[  363.560995][T12331]  ? __pfx_ret_from_fork+0x10/0x10
[  363.561002][T12331]  ? __switch_to_asm+0x39/0x70
[  363.561010][T12331]  ? __switch_to_asm+0x33/0x70
[  363.561018][T12331]  ? __pfx_kthread+0x10/0x10
[  363.561026][T12331]  ret_from_fork_asm+0x1a/0x30
[  363.561037][T12331]  </TASK>
[  363.561040][T12331] 
[  363.641536][T12331] Allocated by task 9606:
[  363.643472][T12331]  kasan_save_track+0x3e/0x80
[  363.645444][T12331]  __kasan_kmalloc+0x93/0xb0
[  363.647300][T12331]  __kmalloc_noprof+0x27a/0x4f0
[  363.649234][T12331]  hci_alloc_dev_priv+0x28/0x2060
[  363.651272][T12331]  vhci_create_device+0x120/0x650
[  363.653240][T12331]  vhci_write+0x3ce/0x4a0
[  363.654979][T12331]  vfs_write+0x5c9/0xb30
[  363.656830][T12331]  ksys_write+0x145/0x250
[  363.658787][T12331]  do_syscall_64+0xfa/0x3b0
[  363.660862][T12331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.663739][T12331] 
[  363.664727][T12331] Freed by task 11074:
[  363.666405][T12331]  kasan_save_track+0x3e/0x80
[  363.668369][T12331]  kasan_save_free_info+0x46/0x50
[  363.670416][T12331]  __kasan_slab_free+0x5b/0x80
[  363.672319][T12331]  kfree+0x18e/0x440
[  363.673910][T12331]  bt_host_release+0x82/0x90
[  363.675863][T12331]  device_release+0x9c/0x1c0
[  363.677843][T12331]  kobject_put+0x22b/0x480
[  363.679770][T12331]  vhci_release+0x15a/0x1a0
[  363.681698][T12331]  __fput+0x44c/0xa70
[  363.683406][T12331]  task_work_run+0x1d4/0x260
[  363.685364][T12331]  do_exit+0x6b5/0x2300
[  363.687147][T12331]  do_group_exit+0x21c/0x2d0
[  363.689186][T12331]  get_signal+0x1286/0x1340
[  363.691221][T12331]  arch_do_signal_or_restart+0x9a/0x750
[  363.693625][T12331]  exit_to_user_mode_loop+0x75/0x110
[  363.695843][T12331]  do_syscall_64+0x2bd/0x3b0
[  363.697789][T12331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.700290][T12331] 
[  363.701314][T12331] Last potentially related work creation:
[  363.703553][T12331]  kasan_save_stack+0x3e/0x60
[  363.705535][T12331]  kasan_record_aux_stack+0xbd/0xd0
[  363.707786][T12331]  insert_work+0x3d/0x330
[  363.709793][T12331]  __queue_work+0xbaf/0xfb0
[  363.711896][T12331]  queue_work_on+0x181/0x270
[  363.713843][T12331]  hci_cmd_sync_submit+0x285/0x2b0
[  363.715936][T12331]  process_scheduled_works+0xae1/0x17b0
[  363.718282][T12331]  worker_thread+0x8a0/0xda0
[  363.720248][T12331]  kthread+0x711/0x8a0
[  363.721933][T12331]  ret_from_fork+0x439/0x7d0
[  363.723901][T12331]  ret_from_fork_asm+0x1a/0x30
[  363.725917][T12331] 
[  363.726675][T12331] Second to last potentially related work creation:
[  363.729225][T12331]  kasan_save_stack+0x3e/0x60
[  363.730745][T12331]  kasan_record_aux_stack+0xbd/0xd0
[  363.732828][T12331]  insert_work+0x3d/0x330
[  363.734559][T12331]  __queue_work+0xbaf/0xfb0
[  363.736405][T12331]  queue_work_on+0x181/0x270
[  363.738202][T12331]  hci_abort_conn+0x1e4/0x330
[  363.740010][T12331]  process_scheduled_works+0xae1/0x17b0
[  363.742010][T12331]  worker_thread+0x8a0/0xda0
[  363.743525][T12331]  kthread+0x711/0x8a0
[  363.745153][T12331]  ret_from_fork+0x439/0x7d0
[  363.746730][T12331]  ret_from_fork_asm+0x1a/0x30
[  363.748218][T12331] 
[  363.748969][T12331] The buggy address belongs to the object at ffff888107630000
[  363.748969][T12331]  which belongs to the cache kmalloc-8k of size 8192
[  363.753130][T12331] The buggy address is located 160 bytes inside of
[  363.753130][T12331]  freed 8192-byte region [ffff888107630000, ffff888107632000)
[  363.757718][T12331] 
[  363.758509][T12331] The buggy address belongs to the physical page:
[  363.760479][T12331] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107630
[  363.763458][T12331] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  363.766334][T12331] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff)
[  363.769563][T12331] page_type: f5(slab)
[  363.771197][T12331] raw: 057ff00000000040 ffff88801a442280 ffffea000483d200 0000000000000006
[  363.774664][T12331] raw: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  363.778155][T12331] head: 057ff00000000040 ffff88801a442280 ffffea000483d200 0000000000000006
[  363.781653][T12331] head: 0000000000000000 0000000000020002 00000000f5000000 0000000000000000
[  363.785032][T12331] head: 057ff00000000003 ffffea00041d8c01 00000000ffffffff 00000000ffffffff
[  363.788230][T12331] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  363.791296][T12331] page dumped because: kasan: bad access detected
[  363.793504][T12331] page_owner tracks the page as allocated
[  363.795785][T12331] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 9535, tgid 9534 (syz.3.1390), ts 202139257556, free_ts 202001714680
[  363.803205][T12331]  post_alloc_hook+0x240/0x2a0
[  363.805253][T12331]  get_page_from_freelist+0x21e4/0x22c0
[  363.807379][T12331]  __alloc_frozen_pages_noprof+0x181/0x370
[  363.809509][T12331]  alloc_pages_mpol+0x232/0x4a0
[  363.811304][T12331]  allocate_slab+0x8a/0x370
[  363.813144][T12331]  ___slab_alloc+0xbeb/0x1420
[  363.815060][T12331]  __kvmalloc_node_noprof+0x429/0x5f0
[  363.817116][T12331]  netlink_alloc_large_skb+0x5d/0x110
[  363.818865][T12331]  netlink_sendmsg+0x5c6/0xb30
[  363.820401][T12331]  __sock_sendmsg+0x21c/0x270
[  363.821908][T12331]  sock_sendmsg+0x158/0x230
[  363.823816][T12331]  splice_to_socket+0x8ff/0xf10
[  363.825509][T12331]  direct_splice_actor+0x101/0x160
[  363.827189][T12331]  splice_direct_to_actor+0x5a8/0xcc0
[  363.828983][T12331]  do_splice_direct+0x181/0x270
[  363.830483][T12331]  do_sendfile+0x4da/0x7e0
[  363.831970][T12331] page last free pid 9535 tgid 9534 stack trace:
[  363.834319][T12331]  __free_frozen_pages+0xbc4/0xd30
[  363.836096][T12331]  __put_partials+0x156/0x1a0
[  363.837921][T12331]  put_cpu_partial+0x17c/0x250
[  363.839808][T12331]  __slab_free+0x2d5/0x3c0
[  363.841732][T12331]  qlist_free_all+0x97/0x140
[  363.843619][T12331]  kasan_quarantine_reduce+0x148/0x160
[  363.845417][T12331]  __kasan_slab_alloc+0x22/0x80
[  363.846910][T12331]  __kmalloc_noprof+0x224/0x4f0
[  363.848700][T12331]  copy_splice_read+0x143/0xa50
[  363.850619][T12331]  splice_direct_to_actor+0x4a9/0xcc0
[  363.852385][T12331]  do_splice_direct+0x181/0x270
[  363.854187][T12331]  do_sendfile+0x4da/0x7e0
[  363.855737][T12331]  __se_sys_sendfile64+0x13e/0x190
[  363.857720][T12331]  do_syscall_64+0xfa/0x3b0
[  363.859143][T12331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  363.861151][T12331] 
[  363.862090][T12331] Memory state around the buggy address:
[  363.864285][T12331]  ffff88810762ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  363.867240][T12331]  ffff888107630000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  363.870670][T12331] >ffff888107630080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  363.873922][T12331]                                ^
[  363.875677][T12331]  ffff888107630100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  363.878553][T12331]  ffff888107630180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  363.881862][T12331] ==================================================================
[  363.885481][T12331] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  363.888470][T12331] CPU: 0 UID: 0 PID: 12331 Comm: khidpd_04580058 Not tainted syzkaller #0 PREEMPT(full) 
[  363.892706][T12331] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  363.897004][T12331] Call Trace:
[  363.898338][T12331]  <TASK>
[  363.899424][T12331]  dump_stack_lvl+0x99/0x250
[  363.901358][T12331]  ? __asan_memcpy+0x40/0x70
[  363.903363][T12331]  ? __pfx_dump_stack_lvl+0x10/0x10
[  363.904971][T12331]  ? __pfx__printk+0x10/0x10
[  363.906889][T12331]  vpanic+0x281/0x750
[  363.908636][T12331]  ? __pfx_vpanic+0x10/0x10
[  363.910579][T12331]  ? irqentry_exit+0x74/0x90
[  363.912556][T12331]  panic+0xb9/0xc0
[  363.914183][T12331]  ? __pfx_panic+0x10/0x10
[  363.916099][T12331]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  363.918616][T12331]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  363.921121][T12331]  ? __mutex_lock+0x801/0x1350
[  363.923148][T12331]  check_panic_on_warn+0x89/0xb0
[  363.925273][T12331]  ? __mutex_lock+0x801/0x1350
[  363.927306][T12331]  end_report+0x78/0x160
[  363.929122][T12331]  kasan_report+0x129/0x150
[  363.931084][T12331]  ? __mutex_lock+0x801/0x1350
[  363.933215][T12331]  __mutex_lock+0x801/0x1350
[  363.935261][T12331]  ? __mutex_lock+0x5bb/0x1350
[  363.937275][T12331]  ? l2cap_unregister_user+0x6a/0x1b0
[  363.939629][T12331]  ? __pfx___mutex_lock+0x10/0x10
[  363.941331][T12331]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  363.943319][T12331]  l2cap_unregister_user+0x6a/0x1b0
[  363.945320][T12331]  hidp_session_thread+0x3c9/0x410
[  363.947162][T12331]  ? __pfx_hidp_session_thread+0x10/0x10
[  363.948994][T12331]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  363.951021][T12331]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  363.953321][T12331]  ? __pfx_hidp_session_wake_function+0x10/0x10
[  363.955584][T12331]  ? __kthread_parkme+0x7b/0x200
[  363.957218][T12331]  ? __kthread_parkme+0x1a1/0x200
[  363.958920][T12331]  kthread+0x711/0x8a0
[  363.960426][T12331]  ? __pfx_hidp_session_thread+0x10/0x10
[  363.962293][T12331]  ? __pfx_kthread+0x10/0x10
[  363.963887][T12331]  ? _raw_spin_unlock_irq+0x23/0x50
[  363.965632][T12331]  ? lockdep_hardirqs_on+0x9c/0x150
[  363.967374][T12331]  ? __pfx_kthread+0x10/0x10
[  363.968933][T12331]  ret_from_fork+0x439/0x7d0
[  363.970490][T12331]  ? __pfx_ret_from_fork+0x10/0x10
[  363.972285][T12331]  ? __switch_to_asm+0x39/0x70
[  363.973873][T12331]  ? __switch_to_asm+0x33/0x70
[  363.975584][T12331]  ? __pfx_kthread+0x10/0x10
[  363.977223][T12331]  ret_from_fork_asm+0x1a/0x30
[  363.978966][T12331]  </TASK>
[  363.980957][T12331] Kernel Offset: disabled
[  363.982626][T12331] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:07:54  Registers:
info registers vcpu 0

CPU#0
RAX=1ffffffff33bee05 RBX=00000000000003f9 RCX=0000000000000000 RDX=00000000000003f9
RSI=0000000000000000 RDI=0000000000000020 RBP=ffffc900035ff550 RSP=ffffc900035ff378
R8 =0000000000000003 R9 =0000000000000004 R10=dffffc0000000000 R11=ffffffff854fac90
R12=dffffc0000000000 R13=dffffc0000000000 R14=ffffffff99df7460 R15=0000000000000000
RIP=ffffffff854fad07 RFL=00000006 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b8613000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000000110c335817 CR3=000000010df46000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 00000000000001a4 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=f3f3f304f1f1f1f1 RBX=ffff888136640000 RCX=ffffffff819e049a RDX=0000000000000000
RSI=0000000000000004 RDI=ffff888136640000 RBP=ffffc90006e87158 RSP=ffffc90006e870b8
R8 =ffff88813fff89c7 R9 =1ffff11027fff138 R10=dffffc0000000000 R11=ffffed1027fff139
R12=1ffff92000dd0e18 R13=1ffff92000dd0e84 R14=ffff888136640000 R15=dffffc0000000000
RIP=ffffffff82231270 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f29224456c0 ffffffff 00c00000
GS =0000 ffff8881a3c13000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f60117056c0 CR3=00000001070f2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 000000030000000d XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00007f292230d100 00007f29217a7460 XMM05=00007f29217a7478 00007f29217a74c0
XMM06=00007f29217a74b8 00007f29217a74b0 XMM07=00007f29217a74a8 00007f29217a74a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f2921612fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
