last executing test programs:

1m11.202424133s ago: executing program 1 (id=226):
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0xb, 0x141341)
ioctl$USBDEVFS_SETINTERFACE(r0, 0x80085504, &(0x7f0000000100)={0x0, 0x100})

1m11.143063259s ago: executing program 1 (id=227):
r0 = socket$kcm(0x10, 0x3, 0x0)
write$cgroup_subtree(r0, &(0x7f0000001ec0)=ANY=[@ANYBLOB="13120000120091ef04e9befbbd00005c0a"], 0xfe33)
recvmsg$kcm(r0, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000800)=[{&(0x7f00000039c0)=""/4096, 0x1000}, {&(0x7f00000019c0)=""/233, 0xe9}, {&(0x7f00000005c0)=""/194, 0xc2}, {&(0x7f00000006c0)=""/87, 0x57}, {&(0x7f0000000400)=""/211, 0xd3}, {&(0x7f00000010c0)=""/210, 0xd2}, {&(0x7f0000000280)=""/209, 0xd1}], 0x7}, 0x0)

1m11.142794492s ago: executing program 1 (id=228):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000000700), 0xff, 0x49b, &(0x7f0000001040)="$eJzs3MtvVNUfAPDvnbY8fjzaHyIKglbQSHy0tKCycKFGExeamOgCl7UtiAzU0JoIabQYg0tD4t64NPEvcOfGqAtj4lYTl4aEaGNCcTXmvugwnSltaTvS+XyS6ZxzH3PO9957Zs69p/cG0LH60z9JxPaI+DUievPsrQv0529zs9OjN2anR5Oo1d74M8mWuz47PVouWq63rcgcrkRUPkni+WRhuZMXLp4ZqVbHzxf5wamz7w1OXrj41OmzI6fGT42fGz5+/NjRoWefGX56VeJM47q+78OJ/XtfeevKa6Mnrrz9w9dptfYcyOfXx3FbN5oE1ER/utX+qmUa5z26jLrfDXbUpZPuNlaEZemKiHR39WTtvze6Yn7n9cbLH7dec/P6VBBYM+lv0yIteaYGbGBJtLsGQHuUP/Tp+W/5Wqeux3/CtRciNhXpudnp0bmb8XdHpZjes4bl90fEiZl/vkhfsdzrEAAAK5D1bZ5s1v+rxJ7sPR/r2FmMofRFxP8jYldE3BMRuyPi3ohs2fsi4v585VrvEsvvb8gv7P9Urjat8ypJ+3/P1fX95uriL976uorcjiz+nuTk6er4kWKbHI6ezWl+aJEyvn3pl89azavv/6WvtPyyL1hU4Gp3wwW6sZGpkdXaCNcuRezrbhZ/cnMkID0C9kbEvuV99M4ycfrxr/a3Wuj28S9iFcaZal9GPJbv/5loiL+ULD4+ObglquNHBsujYqEff778eqvy7yj+VXDt4AN5Yn7/NyzR+3eSj9f2RLU6fn5y+WVc/u3Tluc0Kz3+NyVvZmPWP72TT/tgZGrq/FDEpuTVLF+e02XTh+fXLfPl8unxf/hQ8/a/q1gnjT/dSulBfCAiHoyIh4q6PxwRByPi0CLxf//iI+8uEn8SSbRv/1+KGGv6/Xfz+O9L6sfrV5DoOvPdN61GzOv3fy1ptf+PxUz2XZvLvv9uY6kVvMPNBwAAAHeFSkRsj6QykKf7t0elMjCQ/w//7vhfpToxOfXEyYn3z43l9wj0RU+lvNLVW3c9dCiZKT4xzw8X14rL+UeL68afd23N8gOjE9WxNscOnW7bre0/yvaf+qOr3bUD1pz7taBzNbb/SpvqAay/pfz+OxeAjenW9r8l/bO1XXUB1pfzf+hczdr/Rw15/X/YmBY+AOj3Jo+sAzYi/X/oXNo/dC7tHzpSfif8lVjJff0rT5Q3C6z8c7Ys+Q7/TkmUT7xYy7K2xvyUqLQ95A5KpC1mfQudf4YKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA3ezfAAAA//+5XeWQ")
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0xb8)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000740)='./bus\x00', 0x283016, 0x0, 0x11, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

1m11.046234373s ago: executing program 1 (id=231):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3M1rI2UYAPAn/djtfrgW8eBtBxahhU1o+rHoreoufmCXsurBk6ZJGrKbZEqTprUnDx7Fg/+JKHjy6N/gwbM38aB4E5TMTHXrBwhNm+3294PJM++bN888b1gWnpmSAC6s+eTXn0txI65ExHREXI/IzkvFkVnPwwsRcTMiph47SsX8nxOXIuJqRNwYJc9zloq3Pr89vLX201u/fPPd5ZlrX3z9/eR2DUzaixHR3cnP97t5TFt5fFjM14btLHZXh0XM3+g+KsZpHvebW1mG/drRuloWV1r5+nRnrz+K251afRRb7e1sfqeXX7A/bB3lyT7wsLabjRvNrSy2+2kWW4d5XQeH+f9th/1BnqdR5PsoSx+DwVHM55sHzXw/O4+yWO8Nivk8b9poHozisIjF5aKedhpZHVsn+aafbG+3e3sHybC522+nvWStUn2pUr1Tru6mjeaguVqudRt3VpOFVme0rDxo1rrrrTRtdZqVetpdTBZa9Xq5Wk0W7ja32rVeUq1WVipL5bXF4ux28vr995JOI1kYxVfbvb1Bu9NPttPdJP/EYrJcWXl5MblVTd7Z2Ew2H9y7t7H57gd337//ysabrxWL/lFWsrC8tLxcri6Vl6uLF2j/nxRFj3H/cCKlSRcAcP7o/4FJOL3+f/dBxOn3/6H/H4tz1f9e9P7/FPYPJ6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sH6Y/fKN7GQ+H18r5p8ppp4rxqWImIqI3//FdFw6lnO6yDP7H+tn/1bDt6XIMoyucbk4rkbEenH89uxpfwsAAADw9Prq45uf5d16/jI/6YI4S/lNm6nrH44p31xEzM7/OKZsU6OX58eULPv3PRMHY8qW3cCaG1Oy/JbbzLiy/S/Tx8LcY6GUh6kzLQcAADgTxzuBs+1CAAAAOEufTroAJqMUR48yj54FZ395/9cDwSvHRgAAAMA5VJp0AQAAAMCpy/p/v/8HAAAAT7f89/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgD3bu5zZxIIoD8LPBC/tPi1Z731b2BmVsCXvcY0QBaYICciAtpAFqILeUEEGExyEQcYjksa1E3yc5k7HMjzcIDjMjDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KX7ar24vfp93TZnt28nz2gAAACAS7bVelH/M0v9r839782tn02/iIgyIi7N3Ufx6Sxz1ORUL8/fnD5fvarhLqJOOLzHpLm+RMSf5nr80fWnAAAAAB/XZrmap9l6+jMbuiD6lBZtym9/M+UVEVHNHjKllYe8X5nC6u/3OP5nSqsXsKaZwtKS2zhX2pvUP/fjqt30pClSU1582bHIbGMHAAB6NDpr+p2FAAAA0Kd/QxfAMIp43so8bgVOUtNs730+6wEAAADvUDF0AQAAAEDn6vl/T+f/7Z3/BwAAAMNI5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpW21XmyWq3nbnN2+nTyjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCf25x0FQiAMwmDv+s5k7n9YadDU1KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjzu7/8n5gaZ5K518bS80iydmpsnRp758bRH8bXrwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxQIgSCIgjnjfyd9/8NKgp5BhAhoeFRRiwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNi5n9c4qjgA4G9mdra2Kq5R9hARBQ96sdttbe1NPCjBg3+CENJtjd36o83BliLm4k1y7kX0KCIo8db/IecEcom3HPYQwbMyszPZyQ9w/TWzST4fePO+Owzzvm8WQr7zXgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBp9PYkTrJDZxzHxbnNvYdLWb91qM88Xtuez1oWR3UmfTK8WP0QdZtLBAAAgLMjKev7EMJOur6Q9XEnr//T8pqs5v/26XFc1vOH6/6yL2v/rP3y8+7z+wN1xuNkN725PBxcOppK6/+b5Wx75i+vaOVPPn/3kuRfSPze6nOjNH+e0dcbG++08/BcHdkCAP/ExbIvgvL3oazvN5kYAGdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6jFbDk2UchRDmW5M4s7X3cOm4/vHa9nzZrj16tBa+nNwzu0UaQri5PBxcqnU2s+3e/Qe3F4fDwd36g5dCCE2N/lYx/dsfTHFxCI08H8F/FMTFlz0r+ZyMoMEfSgAAnEpp0bK6fiddX8jORXMh/PHdwfr/1Uocpqz/dz+8tlkdq1r/92ub4ezrrdz5tHfv/oPXl+8s3hrcGnz8xuX+m/0r169evd7L35X0vDEBAADg32kXrVr/x3NH1/8vVOIwZf3/2Tf9L6pjJer/Y00W/ZrOBAAA4Gx79uXff4uOOR+12+HzxZWVu/3xcf/z5fGxgVT/tnNFq9b/yVzTWQEAAAB1GK1GB9b/b1TiMOX6/1Pfv/Bj9Z5JCOF8sf5/cemT4Y36pjPT6vhz4qbnCAAAQLPOF626/p/m+//j/S0PcQjhtVfGcfFvAKeq/5N3v/qhOlZ1//+V+qY4k+Lu+HnkfTeEVrfpjAAAADjNnihaVuz/mq4vfPTThffb9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O3PAAAA//9WwT6Z")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1c0000000, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r0, 0x4018f50b, &(0x7f0000000000)={0xfffffffc, 0x2110, 0x2})
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000980)='./file0\x00', 0x24a080, &(0x7f0000000000)={[{@gid}, {@unhide}, {@block={'block', 0x3d, 0x100}}]}, 0x1, 0x92f, &(0x7f0000001c80)="$eJzs3T9vG+cZAPDnKDFhlcBxaieWlSFEbBWq0cokDds1vFQWKZkpJRaSDCToorZWCsNCUyQt4AYdXKDoVKMdig7t5rGTgSyZCn+KDl38FYJO2hjckbKkmBRlQdLJ9u8HHO8Pn3uf5/Qe74VIkBe8yDqdTjbtc/3Wv4+yWI6fGyNPHj56kE5/vB+vxUhcTr6KKEVEOWI0IsYjirP1pfbCkIbuRqxGxOOIJCJej+58T1Yj+Wu8ubX+OJJ/pXk5fB1eaXmffwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcBwls/VKpZpEq7l466PyYNktwHd5frO9diF9LLSH5o1I0ilKpc1bfY+f2nr6nfThgzjTXTuT3ZA8SvHFG++evH5qtLC5/y4FHYnPf//F3Z+vr699lnchOZlvLDaX282FmflGubncLl+7cqVy8ebccnmu2Wosf7y80lgozy41ZlbaS+Wp2e+Xq9euXSo3pj9u31qcr8+0Gpsbr/6wVqlcKX84/dPGzNJye/Hih9PLszebrVZzcT6LSZ9OY66mJ+JPmivllcbMQrn8yZ31tUvDikyDqnsJqg0LqlVqtWq1VqteuXzt8tVKZfSZDZVviWci8j9pydeBX8Nhvzq98R8AAAB4eSXZe+zp///F7H34JOaarUZlR0xnJLfyAAAAgAOQffJ/Jp0V06XxSJ79/x8AAAB4sQ3/jt3QiOQHcbYbcfZ2d367F9H7nt/YXLPVmJ5tt65X43tPv+3Xv7Vi9vbDhZjoRk2MdedjO1sspVHV6evVuBDvdSPemzqXzs5N9YmsdSN737wp7xJ5KY0EgJfdB0PG472M/xdishsxOZEOpjE60WdkrRhZAeC4ePoLNoe4kPcxAgA7GaUBAAAAAAAAAAAAAAAAAAAAAAAAAADg4B3F7//va6EUEcegjBd24bU4FmVYeFEX8r4yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8mpKIkX7bCxGvR0QlIi4efVWH537eBeQs2YiNuBcn8q4DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBl0/v9/0J05290N8VoIWIyIlYj4md513iQNvIuIGfbfv8/7fPoJDHa7fZIirP1pfZC2v3ZvR8KTx4+epBO+8mTNpBm2HFziV6GwXu9ne01Vl/7/O5vP/1NuX4jK/LGylyrvjC/9OOtwHeTLyPK0Z02bdb7h8n//K3PkX+ZHune8s5leevP5j3Tb+/d8+7mzvpaLc200vho5Xe/vnNv21PfjYmIc1MRUzsz/SqdBmSaiOJu2ZKvkz8nJ+IfsZr1f/rXSDpJ2kVvZcf/nU/urK9N//LT9dsDajoZ4xFxO6K095rGs+tJX9lZVyimWStZUPpwequ90m4HM6zF6oBjeDvORsTYcx3D2cHHkBnyd+9VdGlARafi/efu6feHZOwr+Tr5X3Iz/ht/2nb/j0La/5Oxl1dnGpNFbjtTBkYWupHZkdd2bXPgq5JD8Jf4Rfzoaf8Xtl3/e311NNejbRmP5HXx2Vg2Ip3+1ojUu/oMqrJX5+lu1IA634nzEaMTz3VFOT/kinJYr/9/JlPx/7jv/j8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDxl0SM9NteiJiMiJMR8Va6Xo7oHES+wlhyEM3s2/1cs+cv2YiNuBcn8q4DAAAAAAAAgINxo/7k4aMH6ZR9Hj8S55OvIkrdT/pHI+Jk8vfibH2pvTCkoWLEakQ83kcN6X7x5tb643RtfB8NAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw0vomAAD//7ZNs3I=")

1m10.563407332s ago: executing program 1 (id=234):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff1c, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='generic_add_lease\x00', r0}, 0x18)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r1, 0x400, 0x0)

1m10.204173733s ago: executing program 1 (id=235):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x8})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f0000001fc0))

1m10.143143967s ago: executing program 32 (id=235):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = epoll_create(0x4)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000100)={0x8})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x80044940, &(0x7f0000001fc0))

32.559121402s ago: executing program 3 (id=781):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001880)={0x34, 0x3e, 0x1, 0x80000, 0x0, {0x1}, [@typed={0x4}, @nested={0x10, 0x1, 0x0, 0x1, [@nested={0xc, 0x10, 0x0, 0x1, [@nested={0x5, 0xb, 0x0, 0x1, [@generic="e8"]}]}]}, @typed={0xc, 0x2, 0x0, 0x0, @u64}]}, 0x34}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)

32.483532779s ago: executing program 3 (id=783):
pipe2$watch_queue(&(0x7f0000002340)={<r0=>0xffffffffffffffff}, 0x80)
tee(r0, r0, 0x400, 0x0)

32.433398804s ago: executing program 3 (id=784):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)="d800000019008111e0020f060d8107040a60090000020000000455a1bc00090008000699e3ffffff140005000800000006000567b8b7b94002000009080016060000000000000074d67f6f9400f7d1d9bbe94fa27100a007a2f7457f01896034277ce06bbace8017cb39b62ee5a7cef4090000001fb791643a5e83d42365f003724a237ee4b11602b2a10000000014d6d930dfe1d9c322fe040000005025acca262f3d40fad95667e006dcdf634c1f215ce3bb9ad809d50b694138c9f1ac76efb42a9ecbee5de6ccd44242f4d643f6fd0f26187b51980dd6", 0xd8}], 0x1}, 0x10000800)

32.432942517s ago: executing program 3 (id=786):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000180)={[{@min_batch_time={'min_batch_time', 0x3d, 0x83}}, {@init_itable}, {@mblk_io_submit}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080))
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)

32.302903318s ago: executing program 3 (id=788):
r0 = socket$inet(0x2, 0x3, 0x9)
sendmmsg$inet(r0, &(0x7f0000000c80)=[{{&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}}, {{&(0x7f00000001c0)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000300)=ANY=[@ANYRESOCT], 0x20}}], 0x2, 0x0)

32.023699512s ago: executing program 3 (id=789):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000611884000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

32.007880706s ago: executing program 33 (id=789):
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000611884000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.810283856s ago: executing program 2 (id=1265):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x2, 0x100)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, 0x0)

1.752896087s ago: executing program 2 (id=1267):
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x15, 0x4, &(0x7f0000001240)=ANY=[@ANYBLOB="b4000000000000007910000000000000630a00ff000000009500740000000000eef56304c842e6977831a29c58454ace7894959b"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_reuseport}, 0x48)

1.752731794s ago: executing program 2 (id=1268):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$sock_bt_hidp_HIDPGETCONNINFO(r0, 0x5405, &(0x7f0000000400)={@none, 0xffffff27, 0xfa, 0x75, 0x7f, 0xfffd, "b3b0f7ff1415cb451d92aca715527c2f9de12ea430c7e380e515917496f7bd70cb3f79452086899243a691af53b05228e6a60daa3952ea279cdcb15c793c7a1990b818f0c6f60dbd12f157c543a1241bac2f247a488f172566e0e9edb5f6c5d424b2136a373fa1307915bc21b5d062517afda385ed2f57daf95ec2c2cde18de7"})

1.752563602s ago: executing program 2 (id=1269):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c)
r1 = syz_open_procfs(0x0, &(0x7f0000000780)='net/tcp6\x00')
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000001140)=""/4096, 0x1000}], 0x1, 0x300, 0x0)

1.682982714s ago: executing program 2 (id=1270):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000180)='./bus\x00', 0x10, &(0x7f0000000040)=ANY=[], 0xff, 0x5a82, &(0x7f0000001080)="$eJzs3X+QHNV9IPDXM7Pa2V39WAkcZDCrRUYJwbG14lf5RyqWc4mdAoeSyynH4mTDglZE9kqo9COATGKRA591YJedci7ByR/EhX1nW3FxZV+MQpmAOYnzLxUXH3VlU2ffYf/hK8KhMqCjXD42tTP9Zmd6p7dnZ2elBT6fkran37z59rdfv+np92Z2JwAAAPCqcPzOfaeuPvd3v/1nEy989Pf+YdftYahcK6/GCsPp8pYzlSGnU39lbW2Z7Re/9pEv/XT0ht/+1v2Dn3/x2PYLdvzwd8664cEPXXn0nr9+5PkVX3vpqaK4sT9dPLOePJOEUP3Gyb/42LHvnDNdlqyc/lk6FMLqZM0jq5NMiLFfhBC2T+cYQlibufOrL1y6Y3p5+139LeWrMvX091e36eM83bEOnrr5DeFH79h6x/fWfeXv+o48fWimSlJt6k8hrLyu+fF9IYSB9H9I+2Jo6o+x024JIQw2Pe7NBXm9vsP8N+asn5cul6XLoYI48f71mfVSpl52PerLLAcLtrdQeXl0U6/cQZ3lmfXsyWih8vKM5avT5dfT5cXzjF9O96GchFISKo30J5OZPhKajlsSktqxrDbWS41jG9L9z6wnmfVSZr3cl9mv2nbTjlZOktbyWC9THk/HlbT8guZzdRvvzSl/bbqspk/UF+N6yN6oG5p1o7FfNTGvk3PkcjqUms5B7cobBz49GENp2VCyZtZjptqI9x3beveG8rZvHh/OySO5P0njJ13FP/jd1cs/+OXDB7Kv643415XS+KWu4v/4qhPPXnP4c5/Njf+pGL/cVfxLHhp85qpH71yf2z4nY/tUuoo//tRjn1h39vVHcvO/N8avdhV/89ET/StOPfRwbv5jsX0Guor/5Nve+ZMvPvHA07nxQ4w/2FX8bUf3fLJ/5NRFufEfju0z1F3/ee7IFT8YGfnZaF78x2P8FV3F/8Khe95636q7rsw9vlti+wx3Ff/dFz54x/JTD5yfd+5M7u30FRaAds5Kr7E+nq53Nc6cys5azF/TeOGvRiv1a77l6f8VC47eJHPxOb2dlb2MDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhNe84b++63+/b/iZSrren954slRfxvJlISQDIYR9+8f37t+5+8bRD910YO/u8cnR8f2jE7v377119LLfGN07sWdy/Nbpe8feeGn9cWtCUl8m58/a9kCYmioNt5bF7f2rC4/8aMOb/88/hzD2mu+PVHLz33jPrvvObvMzI9k89fZdB67+/uV/m+7XcJrXcJu8pqampkJOXv/3/b+8789P/vSiEMZ+Za68Hnvyt/6xJaFawUycVKk/1BPqTwbb5tHIOs0ntldlx87JibG523f68eWc/fjXH3n6Fztu+fQv6+1bzd2PDtt3YPPUZOkvt777///lbfWCorzO1HEvau+4FzG/2H7VtL1Xpvu1Mme/Kjn7def3Hn7iG+cezm/ogv3qSztAX/LajrYb924wWd1SXk3rx0Ti4zbu37Vn475bD75x567xGydunNj9lk2Xbbpi7PIrLt9Y2/ONvdn/5w+Fscpz6wZD3P6vdrj/vehPA9ln36ztrvrjQ1+PPzvrT615LZt3e0znVdwezRnlPf8G3/uxz7zlnkevrhcU9fNYu3E+SZeD08d5U2jqb7Pbqt1+FR2fEMJou3Z49vkrwzn/Y+cdReeh5iPT/DMj2Tz1nfU//9s3/83a36wXnJbzfHNCXZ7nG1nP5FNrr+qOnbc3111q7dsfyul+DbXNa9N3Hu27+/g//0kjv2XLwi3j+/fv3VT/uTzNdHlyXtu8sqVxv9bVfpZDenhDo5u26a/T+kI9v+z5M1bPtupQet9QsqbtfmXF+45tvXtDeds3j+e1dHJ/fYsDYUV9mbwup+Zk5oHlRsLttr9Un39F/WPkXX/ztfd97e8vm9U/Lqn/LNqvJGe/vvLEFz7z+U//27/v3X6967dODP/8f/7RhnrBkj+vlOuJNLJO80lmziuTE5eEUPT8Wxfa70fj+ffvyzFumlH7/Sl6/mW3M1O/fbzRzPpQKHf1fL3kocFnrnr0zvW5z9eTcz1fm3f2tpbHlQuer0ul/2SfX0mlNY/Fe361dJRk89S3Pn7WoUc+uuXcekHR62Wjdrt+fWkH44+c/frHa34wctPov/nvvTtvfOk3vnrtD8c3/2m9oPvjHnPpzXGvpu1bzWnfRtZx3Nncvm+64abJ7fXyonY+c9e/6bJg/BNPJftuPfjh8cnJib37OtuvTl9P43ayrdzt62k8u60p2K/SrP1avBudtFenz7eY//au26v1+TYUkq5eFw5+d/XyD3758IHhWY9KN3RdKY1f6ir+j6868ew1hz/32dz4n4rxK13FH3/qsU+sO/v6I7nx703S+NWu4m8+eqJ/xamHHs6NPxbzH+gq/pNve+dPvvjEA0/nxg8x/lBX8VM/y43/eJJuZ/oaKYSvvnDpjvp6EvrS51vMo68lr5BdTzLrpcx6uXm9FGcR0g2Uk6S1PNZLyy9oyqWdP8wpj1dh1bX15YtxPWRvzF2+1JSazv3tyouuUwEAXuni+//xGjS+/z+RXijlzzTAjG7HYT9+7sgVPxgZ+dnanLhxHDYzn9P6HuvaNH58fJwHHHlTGJte3j5av9Cf7/sI8fmQneeM27no9a0xCuc5p2rbnzXPWTT/vj6zHvOqz5dXmsahqdnjmkroYP59fSZM0fx7ZveL388a/fistEab5q2yx68vnTFr93mH0NoulekIef0jOy8WP88xsjJsqW2vw/6R/RxNPA7Zz9HE7ZybOXF2+zmavP4xPLsdWvKK/SPWm6N/1FIufj9y9vELc7TvzPFrHy17/OZxvKsh/KfPxZXFen+2B/OGbU9pncwb9rfZQryv83nDxX0/zLxkTvz0CdbBvOFLq1oed3rnDWN53I9Kh/OJ78sp79V8YjxdxLxOzpHL6WA+EXiliuP/+BoxPf6fvgD/f5l6ReOU7FVjjJf7Ob1y+3yKxh2zP6c32NXr+Lajez7ZP3LqotzrnIc7/Zzenpa1wYLP/RS144bMemE75kzQFI33stspavfs5zKGwoqu2v0Lh+55632r7royt9231F9Ii9v9My1rKwrafbE/z/ny/5yB8ULb+Ev8cwydzp+dsc8xpB98WqzxyB/klM93PDI460Zjv2qW7nhk5oW0v3UCDwCgrTj+b7x/lo7//1eskF5HFI1bL86sx3i549ac65O8cevvp8tbMvWH0t+omO9187svfPCO5aceOD933HJvp+PQ/9iyNlw4Dl3YuDl3HLGlN58Xzx1HNMZZCxsn5ubfGCcubJye8zZt0zh9YePo3PZpjKNb5wE+c6Kz+HEeIDd+Yx6gh+Pcl2Yqnb5xbsF8XWZjcbXT+bozMo5e2bqfizKOTn99drHG0e/NKZ/vOHpo1o3GftUs3XF0a7lxNADwShXH//EyLo7/H83UW+j77Lnjgh5dt2f/Hkgj/uOLMq6cid+j93+Lx32LPW7NG9cnh9ptJd7b+bh+seclXu7v/y72vNBw7Q94pvE3rewwfqfzZGfs/eWlMi5ON2pcDADAUhbH/wPpev74f2Hjk1njt776JeTM+OTlNz5vrnfmxue9et/d+Lxt/E7ft86Jv3Tmvxb3czKv+vF/XE9Xp4z/AQBYguL4P/7aY/z7f/8lXc/+3fqlN06fSi9JF+l99LQ9jNON08Mc4/S35/y+R7y/83F6j+fZYvzmzwGYBzi9n48fmKlvHgAAgDOhrzZSmv179h9Il9nfs8/7vfxrcurXdPA3USvp5fH1+/dOTFx7YM/28f0T1+6+afvEvmtv3rtz//6J3fV6Cx035o5b0iT7QiVtj/b1suO2VenEwKqcv4eQrR/Dnle7MfvvIWQ3O1DwdwRmjl9n+eYdv9Ic9dv1j7zjnRf/D3PqR43jf8MfXXLtjn3X7ty9c//O8cmdBydao083xOA8vjczSf/P6/tSH3vy3x0PoX6r9q2ZGaX5f39nPDzzzKPlx6wnUmm6RZLc4z+dR5LJY3Wayeq87z/Iyfvb/+3P//jCqV9+MYSx15RfN9+8W0NunvrP75/4/f3Hv79nOv/SnPk3aqZ5FX1fabZ+3J/K5E379r9hx00Hdme/UbI7cT6j1FhfpPmM9Olf7nB+YltO+Xx/f78868bS1PH8xLR3XH/6EgMAWOLi+//xeja+f/jp9AIqlnc+Tq9fOHb7/nHuOH2ss3F69nvJisbp2fpxfzsdp1cXOE7Pbj9/nD6QW7/dOD1v3J0X/w9y6s9X5/2ki9/HiMPPLx8+kNtPrsv2k4G29bLfZ1DUT7L159tPkgX2k+z2i+Zz2tVv10/yjnte/Pfk1M9T1B8qjf6wsN+fye0Pn+rsvPHrmfWi/pCtP9/+UFpgf8huv6g/tKvfrj/kHd+8+Ffn1O9Ua/+Y7hi1fjFx7c037f1wU73F/v6LMPsjGZ3kt2zmsYv7/R/d6rx9F/dzXwvPP4TNtZK8/Bf3c2ULz7+o/efx+18rw6zPleXm/3jOCaTn+S/u97tk5FWf/fjTNV+bngmKPn9WNI+7Nad8vvO4y2bdWJrmNY8L9FQc/8e3e+L4/6502eu3gV7+35Pme8zaxu/R95gVXce86l7Ps2+5ez0HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAePnrD6G/srZ28/id+05dfe7vfvvPJl746O/9w67bf+0jX/rp6A2//a37Bz//4rHtF+z44e+cdcODH7ry6D1//cjzK7720lOFsYdrPysXp6vVEJJnkhCq3zj5Fx879p1zpsuSEEI5GT4UwupkzSOrk0yEsV+EELbHVCutd371hUt3TC9vv6u/pXxVJkh2v8JQOebTnGcItxTuES9D1bSfHTx18xvCj96x9Y7vrfvK3/UdefrQTJWk2tSfQlh5XfPj+0IIA+n/UH/K1KyND06XW0IIg02Pe3NBXq/vMP+NOevnpctl6XKoIE68f31mvZSpl12P+jLLwYLtLVReHt3WK7I8s549GS1UXp6xfHW6/Hq6vHie8cvxfxJKSag00p9MZvpIaDpuSUhqx7LaWC81jm1I9z+znmTWS5n1cl9mv2rbTTtaOUlay2O9THk8HVfS8guaz9VtvDen/LXpspo+UV+M6yF7o25o1o3GftXEvE7OkUvqPxRX6V6p6RzUrrxx4NODMZSWDSVrZj1mqo1437Gtd28ob/vm8eGcPJL7kzR+0lX8g99dvfyDXz58YG1e/OtKafxSV/F/fNWJZ685/LnP5sb/VIxf7ir+JQ8NPnPVo3euz22fk7F9Kl3FH3/qsU+sO/v6I7n53xvjV7uKv/noif4Vpx56ODf/sdg+A13Ff/Jt7/zJF5944Onc+CHGH+wq/rajez7ZP3Lqotz4D8f2Gequ/zx35IofjIz8bDQv/uMx/oqu4n/h0D1vvW/VXVfmHt8tsX2Gu4r/7gsfvGP5qQfOzzt3Jvf26pUT4NXprPQa6+PperfjzIVqGi/81Wilfs23PP2/opcbypjezspFjA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCvTP9122Qfe//b3bK0kISQ5dabaiPeVl23ePNrFdsefeuwT686+/khz2dou4gAAAADF4ji81CiphrXh5mQgnNe2fpwjOC+uJa3l2WWMk50j6DROyMQptYlT6iJOuUf5VHoUp69HcZb1KE5/j+JUC+JUQ2dxBuaIU5nuAR3mMzhnPp3HGepRnOU9irOiR3FW9ijOqh7FGZ4zTuf9cHWP4qzpUZyzehTn7B7FeU2P4vxKj+Kc06M42Tnl+fbDFWnNc/Pi1G6UC+NUknLjjnbz6eek2zl/gdsZmnM71akVRa/HHW5noGB/4nZen3lcqXg7h5rrVzvczq/Ofzut+9/hdn59gdspFWwn9ttbsvnF7cS1Dvv/rT2Kc7BHcT7Sozi39SjOn8wnTpv3yGKcP+1RPh9dYByATsXx/8x4bzj0V34zDKZnnOwsQBzvrqv9nP16l3dCivFelylfVhQvO1DPxFs33/yyEwiZeOsz0fpa4lUa45E54lWb423I3DnX/r5tc/vcmuNdnCnvnyNeTXZiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAW0T/ddtkH3v/292wNSZj+19ZUG/G+8rLNm0e72O6xrXdvKG/75vHmsv5KF4EAAACAQnEc3tcoqYb+yqbQnyxrqVdN5wGq6Xp5uL4cWRm2TC+T0VJtfTBZPefjKunjNu7ftWfjvlsPvnHnrvEbJ26c2P2WTZdtumLs8isu37hj5+TEWP1nCP0F8UIItemHfbce/PD45OTE3n31wmz+a9PHra0lW/tXe9zIm8LY9PL2NP81Bdsrzdre4t3o6AACAAAAAAAAAADAv7Brt6GSluUDwK9nZs7MeHT/zh/fxsU9DusqVlZqx9ASzwNBgi+LByHmWCdZciXp6C66K2aTLqSmFIGysGz4oQ2TNOmLLymRLywYZgmdTUKl/FAfCi1DxQ+hTJwz88yZmTPjnAZx1+33+/C8XPd139dzPx8OXM8ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAP0WJjer4+Mzs3mUQkQ3KaA2Rj+WKa1sao+5Untv+gNPXO6d2xUmGMhQAAAICRsj58ohMpR6mQj3ycuHy3MboGYqXvBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/vcsNqbn6zOzc0cmEcmQnOYA2Vi+mKa1Meq++tZDn31paupv3bHqGOsAAAAAo2V9eK4TKUc1TomJ5MSlzr8Tzb4NrO+b38pbka2zYY15/d8OhuWdssa809aY97EReZvb55sCAAAAPvqy/r/QiVSiVFi3qh/O+v9RfX2Wd3JfXr59XvtvBYprzgQAAADeX9b/lzqRapQK1U6/vtZ+f2NfXjZ/1P/ts/mnDpk/6v/5l7bP/k8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8di43p+frM7Fw+iUiG5DQHyMbyxTStjVH37Ccn/3Hx/ts3dsdKhTEWAgAAAEbK+vCV1rscpcJkTMSRy33/1IX3PvKlRx6bjohWm18sxk1bduy4/uzWMcs76/n9E99/9vVvr8o7q3U8aBsEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+MIuN6fn6zOzcEUlEMiSnOUA2li+maW2Muq98/ot/eeDFx1/rjlXHWAcAAAAYLevDV3r/clSjGMU4fvmuu9dfkuubP+ybAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD4uOGbN39jy8LC1utdHJyLZj7iEHgMFy56Lw72XyYAAOCDdnIk0fwvnXDZwX5qAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgULDYmJ6vz8zOlZOIZEhOs9nctXTolo3li2laG6Nu+sQLpXXvPPl0d6w6xjoAAADAaFkfvtL7l6MaEzERxy3fDfomsNz/Vz7EhwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKYuN6fn6zOzcuiQiGZLTHCAbyxfTtDZG3ft37f3cfUd/76LuWKkwxkIAAADASFkfXuxEylEqfDxKcVL7fqF3QpJvnwd/F1iZt71n2uSa5zW6ZhUjv+Z5d/btrNDeTWteuR3NV1rnzrzayrxce16ta141OuVrnXnLL2t3T7V1I55z0LsHAACAD0vW/5c6kUqUCqWu/v+nPfkVfS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMMRiY3q+PjM7lyQRyZCc5gDZWL6YprUx6t782/8/6qs/u2tnd6w6xjoAAADAaFkfvtL7l6MaG+L/YsNy3x+V3vws75/1d++7519/PT3izOMPTBX6l/1RdvHrVy54qv8QkevNzkUc3a6XDKn3m9/fc+Om5rsPRJx5XP6kVfXi/ev1Lpk2H61vvXTHswe2j3g5AAAAcJjI+v+JTqQSpcJ1Q/v/rPMe0f93LDfgR9+46xfHto/tjrxvRq7SrpcbUu8Lmx7686nn/v31pf5/db1Pdq4+vffa+47tKdiK9EnS5sy1OzcfOGdfLtt1q36+r372Xr78rdf+ffVNd7/bql+Ocju+vu9RWtVWH/vKR9pcyO2Zu+S9PY3e+oUh+7/9d0+/+Kv1d729VP+tkyc79U+LQfVbOy8MrR9HpM3Jy+/Yfd7e/Zt760dELfKr67/x9kVxwh+vua1//5N9C3e/+e5j/wtIm89vfHPfufdWz++tnyzV75K9/5+/eP/un9z93cey+tlvRU4/Za31c331n7vzmF3P3HrZ+t76ub762f6fuuKlqW217/yhf/9X9axaGPoUq/f/4BkPX/nylvSW/iEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDDy2Jjer4+MzuXSyKSITnNAbKxfDFNa2PUffXiF9644q4f/7A7Vh1jHQAAAGC0rA9f6f3LUY1iFGNyue9/tL710h3PHtgeldZo0j4XFrbdsOMTV2/bed1VB+nJAQAAgLV69eJkuf8vdCKVKBU2xUS7/5+5dufmA+fsy2X9f27pnETE1dcsbD0zOnnP3XnMrmduvWx95ztBxPLPAspLeZ9Zybvwghcqb/7p66cOzDt7Je/5jW/uO/fe6vlZXnTnnRWd7xMPnvHwlS9vSW/pPF933qe+tm2h/XkiW3fy8jt2n7d3/+Zc9h2jfZ5sr5vlLeT2zF3y3p5GrhKlpfF8O6/c3jcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsNpiY3q+PjM7F/mIZEhOs1s7kI3li2laG6PuJZt+edtR7zy+oTtWKoyxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAfduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrBffyFSlX0cwJ9nZvbd2Z1d3dUX2orW1YrCLpSCiLqpqAiNELoyJCzNiygIIgq7aA2NxIpugqwbiQqqLQSD3CTRYo3+STddVFBgXQQiLdQu0kXGzjxnnD3OaXS2AunzgeHZ5znnfM/vnOeZM3sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4LzSWxmpt0d2PDJ750W3fvbU/TNP3v7BQ9uueOKtn8Y23fzp3v7XT05tXr7l21uWbjrwwJrJ3a8c/m3wvT+OdQx+vNGsTN1qCPFEDKH64fSLT099fsHcWAwhlOPQeAjDccnh4ZhLWP17CGFzs875G/fNXLNlrt22q3fe+OJcSP66Qq2c1dMwNL/eVqfyYZx3qmmdbZ197Krw/U3rt3+57N13eiaOj5/eJc7tU07rKYRFG1uP7wkh9KXPnGy1jWQHp3ZdCKG/5bjrOtR16VnWv6qgf3Fq/5faWoecbPuKXL+U2y/fz/Tk2v4O51uoojq63a+TgVw//zBaqGadq9qPD6f2/dSuPMf8cvaJoRRDpVn+g/H0Ggkt8xZDrM9ltdkvZXNbCen6e1qOiyHEXL+U65d7ctdVP29aaOUY549n++XGs8dxJY0vb31Wt3FXwfiFqa2mL+rJrB/yfzTUzvijeV11WV3Tf1HLv6HU8gxqN96c+DQZtTRWi0vOOOZUG9m2qfXPXl7e8NGRoYI64t6Y8mNX+Vu/GB645+2dj44U5W8spfxSV/k/rD36y907X325MP+FLL/cVf7VB/tPrP14x4rC+zOd3Z/KWeXH1M+23Xvsk+eW/f++iXZzXc/fk+VXu6r/xsmjvYOzBw8V1r86uz99XeV/d8NtP7759f7jhfkhy+/vKn/D5MPP947OXlmYf6jxVajVV2gX6+fXiWu/GR39eawo/6vs/g+2yY8d898Y3339a4t3rSlcn+uy+zOU8vvOqf47LjuwfWB2/yVFz8645+/65QT4b1qa/sd6JvU7vWfumym1fc9cqJb3hZfGKo1foIH06fRuuBBz51n0D+YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwJztwQAIAAAAg6P/rdgQKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwVAAAAP//y70YrQ==")
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x48241, 0x141)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pwrite64(r0, &(0x7f0000000140)="f6", 0xffffff07, 0x8001000)

828.499294ms ago: executing program 0 (id=1276):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect$802154_dgram(r0, &(0x7f0000000000)={0x10, @short}, 0x2)

805.864236ms ago: executing program 2 (id=1277):
r0 = syz_usb_connect(0x2, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000016038308c5109a8146e40102230109022d0001000000000904000003030000000905be3b"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000bc0)={0x84, &(0x7f0000000600)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={0x20, 0x1, 0x1, 0x4}, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)

804.358606ms ago: executing program 0 (id=1278):
mremap(&(0x7f00007f5000/0x4000)=nil, 0x4000, 0xffff00000ad7e000, 0x3, &(0x7f0000ec0000/0x4000)=nil)

718.665764ms ago: executing program 0 (id=1279):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x14b}, {&(0x7f0000000280)=""/85, 0x53}, {&(0x7f0000000fc0)=""/4096, 0x564}, {&(0x7f0000000400)=""/106, 0x14}, {&(0x7f0000000740)=""/73, 0x60}, {&(0x7f0000000200)=""/77, 0x630}, {&(0x7f00000007c0)=""/154, 0x4a}, {&(0x7f0000000100)=""/16, 0x158}], 0x8, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x2, &(0x7f0000003700)={0x77359400})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x3a})

629.833631ms ago: executing program 0 (id=1280):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
writev(r0, &(0x7f0000000000)=[{0x0}, {0x0}, {&(0x7f0000001480)}], 0x3)
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xad82, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5393, &(0x7f0000000000))

629.492171ms ago: executing program 0 (id=1281):
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000180)='./bus\x00', 0x12, &(0x7f0000000000)=ANY=[], 0xff, 0x5a53, &(0x7f0000007f00)="$eJzs3X+QHNV9IPDXM7Pa1a5+rAQOMpjVIqOE4Nha8av8IxVvcomdApuSyynH4mTDAisiWxIq/QggSBA58KECXDiFK5GTuiIuzB1GcVEFF6NQJvw4ibOxVVx81BWmzr7D/sN3hENlQEdRPu/V7vSbnemZ3p6dnRULfD4lbU+/efPt191vevr7uncnAAAA8I5w5JZdxy8+9Q++9xfjr934h/+47aYwUJ4q74sVBtPptW9WCzmReiurpqbZfvEb13/zZ8NX/N53H+j/xuuHrzxj849+/6QrHvnChYcO/M3jry596FcvFMWN/ens6fnkpSSEvu8c++qXDj99ymRZsmzyZ2lfCCuSlY+vSDIhRt4I4d/1pzOrMk8++Nq5myenN93W21C+PFNPf39nm9zPkx1r7/Fr3hd+/Lsbb/7B6m/9fc/BF/dNV0n66vpTCMsuq399Twhhcfp/UuxtsT/GTrshhNBf97oPFrTrvW22f13O/GnpdFE6HSiIE59fk5kvZepl56OezLS/YHlzldeOTusVWZKZzx6M5iqvnbF8RTr9djo9e5bxy+k6lJNQSkKl1vytyXQfCXX7LQnJ1L7sq82Xavs2pOufmU8y86XMfLkns15Ty007WjlJGstjvUx5PBxX0vIz6o/VLXy67nF9vXfHsvSN+nq2TiboQNOD2npNie06NkNbToRS3TGoVXltx6c7YyAtG0hWNr1mooX43OGNt68tb3riyGBOO5IHkjR+0lH8vd9fseTz9+/fk/1cr8W/rJTGL3UU/ycXHX35kv1f/1pu/Dtj/HJH8c95tP+li568ZU3u9jkWt0+lo/hjLzx1x+qTLz+Y2/67Y/y+VvH/9/KcRcQKo4eO9i49/uhjue0fidtncUftf/4jH/vpfc8+/GJu/BDj93cUf9OhHV/uHTp+Vm78x+L2Geis/7xy8ILnhoZ+PpwX/5kYf2lH8e/dd+DD9yy/7cLc/bshbp/BjuJ/4sxHbl5y/OHT846dyd3d+uQEeGc6KT3HujWd7zTPnKu6fOGvhyvVc74l6f+l3VxQ5uRzcjnLuhkfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEII73rff/74//zM4EuVdL43ffB8qTqN5YtCSBaHEHbtHtu5e8v2q4a/cPWendvHtg6P7R4e375753XD5/3W8M7xHVvHrpt8duT951ZftzIk1WlyetOyeycmJkqDjWVxef/qzIM/XvvB//UvIYy864dDldz2rzuw7Z6TW/zMSEYnPrptz8U/PP/v0vUaTNs12KJdExMTEyGnXf/ns7+85y+P/eysEEZ+baZ2PfX87/xTQ4OmCqbjpEq9odqg3qS/ZTtqrU7bE7dXZfOWreMjM2/fydeXc9bjX1//4hubr/3KL6vbty93PdrcvotHJ7aW/mrjJ/7fX91QLShqVzf2++sTVbPZ70XbO65FbF/cfn3p9l6WrteynPWq5KzXLT947NnvnLr/1X1hpPLK6uZl169Xq+3dk3aAnuTdbS03LqE/WdFQ3pfWj3s8vm7d7m071u26bu/7t2wbu2r8qvHtH1p/3voLRs6/4Px1U2u+rsvrH5f/622u/4noTyeH5X+679vxZ3v9qbFdi2a9PSbbVbw96luU9/7r//SX7vrQgScvrhYU9fNYu3Y8Saf9k/t5fajrb83bqtV6Fe2fEMJwq+3w8qsXhlP+25abi45D9Xum/mdGMjrx9Jpf/N0H/3bVb1cLTshxvr5BHR7na62ebs/U9upL98fEAt2+vaGcrtdAy3atf/rJntuP/Muf1dq3aFG4dmz37p3rqz+XpC1dkpzWsl3Z0rheq6d+lkO6WUKtm7bor5N6QrV92eNnrJ7dqgPpcwPJypbrlRWfO7zx9rXlTU8cydvSyQPVJS4OS6vT5D05NbdmXliuNbjV8tt4/zV0yYXSP4Y+/rcPfeahfzivqX+cU/1ZtF5JTr//1rP33vWNr/zbf+jeen38d44O/uK//8naasGCP66Uqw2ptTptT1J/XDknhKL33+rQej1y33+l1utT9P7LLme6fut4w5n5gVDu6P16zqP9L1305C1rct+vx2Z6v9av7A0NrysXvF8XSv/Jvr+SSmM75u/91dBRktGJ79560r7Hb9xwarWg6POyVrtVvz63jfwjZ73+6ZLnhq4e/jf/tXvHjW/+1oOX/mhs9M+rBZ3v99iW7uz3vnT79uVs31qrY95Zv30/cMXVW6+slhdt5zfv/DedFuQ/8VCy67q9XxzbunV856721qvd8624nOxW7vTzNB7dVhasV6lpvebvQTvbq933W2z/lR1vr8b320BIOvpc2Pv9FUs+f//+PYNNr0oXdFkpjV/qKP5PLjr68iX7v/613Ph3xviVjuKPvfDUHatPvvxgbvy7kzR+X0fxRw8d7V16/NHHcuOPxPYv7ij+8x/52E/ve/bhF3Pjhxh/oLPt/8rBC54bGvp5bvxnknQ5k+dIITz42rmbq/NJ6Enfb7EdPQ3tCtn5JDNfysyX6+dLcRQhXUA5SRrLY720/Iy6trTyxznl8Sysb1V1+nqcD9kHM5cvNKW6Y3+r8qLzVACAt7t4/T+eg8br/+PpiVL+SANMm2setionbszDpsdzGq+xrkrjx9fHccChD4SRyelNw9UT/dleR4jvh+w4Z1zOWe9tjFE4zjkxtfymcc6i8fc1mfnYrup4eaUuD0015zWV0Mb4e/NyZh5/z6x+8fWs4VubmjVcN26V3X896YhZq/sdMu2tTEbI6x/ZcbF4P8fQsrBhanlt9o/sfTRxP2Tvo4nLOTVz4Oz0Ppq8/jHYvB0a2hX7R6w3Q/+YanLx9cjm/Rdm2L7T+691tOz+m8X+7pusP9/XZ7swbtjykHbixg3n93qYccmc+OkbbKGPG8byuB6VNscTP5NT3q3xxHi4iO06NkNbTgTjicDbVcz/42fEZP4/eQL+fzP1ivKU7FljjJd7n1C5dXuK8o7m+/T6O/oc33Rox5d7h46flXue81i79+ntaJjrL7jvp2g7rs3MF27HnAGaonwvu5yi7Z69L2MgLO1ou9+778CH71l+24W5231D9YO0eLvf1TC3tGC7vwXyhdbx5Qud5Qs97cVfKPnCfI+fvWn5SHrj03zlI3+UUz7bfKS/6UFtvaYs3Hxk+oO0IR/pObHtAgDeOmL+X7t+lub//yOeWKTnEUV569mZ+RgvN2/NOT/Jy1s/mU6vzdQfSH+jYrbnzZ8485Gblxx/+PRW55Y9U3lFu3nof2iYGyzMQ+eWN+fmERu6c794bh5Ry7Pmlifmtr+WJ84tT8+5TFuXp88tj87dPrU8unEc4K6j05nGTPHjOEBu/No4QBevi/1qutKJy3MLxusyC4uz7Y7XvSl59LLG9ZyXPDr99dn5yqM/nVM+2zx6oOlBbb2mLNw8urFcHg0AvF3F/D+exk3l/70hPJmpN9fr7Ll5QZfO27N/D6QW/5l5ySursUPY163rv8V533znrfOd18/3uMQCvl90hhxiOi+e73Ghwak/4NnNcbJQN072pl1fXih5cbrQd3xeXLsPdnRe2gcAwNzE/H9xOh+v/zfn/3PLT5ryt570OnstP+l+fh66eH92q/yzvp78PCf+WyE/78Z165z4C2f8q/v3yQT5f9518dcn3qn5PwAAC1rM/+OvPca///ef0vns361/K+bpwXV0efpbIU//5FdD6PY4W4xffx+AcYATe3/84un6C3UcIJvOGwcAAHh76ZnKlJp/z/5z6TT7e/Z5v5d/SU79dlXS0+PLd+8cH790z44rx3aPX7r96ivHd116zc4tu3ePb6/Wm2vemJu3pHljT6ik26N1vWzetjz9ewjLc/4eQrZ+DHva1IPmv4eQXezigr8jML3/2mtv3v4rzVC/Vf/I29/Z+Aeerrbzj3PqR7X9f8WfnHPp5l2Xbtm+ZfeWsa1b9o431pvMWvtn8b2ZSfp/Vt+XmvnRpDT77++Mu2du7Sg1taMn3R5538+eZNqxIm3JirzvP8hp9/f+y1/+6ZkTv7wvhJF3ld8zp+2XjE78x8+Of3L3kR/umGx/acb212qm7Sr6vtJs/bg+la1X79r9vs1X79me/UbJzsTxjFJtfp7GM9K3f7nN8YlNOeWz/f39ctODhant8QkAABrE6//xfDZeP/xKegIVy9vP0+d2/Tg3Tx9pL0/Pfi9ZUZ6erR/Xt908vW+OeXp2+UV5eqv6rfL0vLw7L/4f5dSfrfb7SQf3ecT08/79e3L7yWXt9ZPs9xkU9ZNs/dn2k2SO/SS7/KJ+0qp+q36St9/z4n8qp36eov5QqfWHud2Xk9sf7myvP/xmZr6oP2Trz7Y/lObYH7LLL+oPreq36g95+zcv/sU59dvV2D8mO8ZUvxi/9Jqrd36xrt58f/9FaL4lo532LZp+7fx+/0en2t++83vf19zbH/+iRF774/WBRbNqf7v3lc29/UXbfxb3lS0LTfeV5bb/mbmNhLXf/vn9fpeMvOrNrz9R47Vptyu6/6xoHHdjTvlsx3EXNT1YmIzjwpsn5v/xck/M/29Lp92+DPTW/54033vcMv7kEbs89/vji85juv15/sZC/zzPXnL3eQ4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwttBbWTU1PXLLruMXn/oH3/uL8ddu/MN/3HbTb1z/zZ8NX/F7332g/xuvH77yjM0/+v2TrnjkCxceOvA3j7+69KFfvVAYeHDqZ+XsdLYvhOSlJIS+7xz76pcOP33KZFkSQigng/tCWJGsfHxFkokw8kYI4cpaOxuffPC1czdPTm+6rbehfHkmSHa9wkA5tqe+nSFcW7hGvAX1pf1s7/Fr3hd+/Lsbb/7B6m/9fc/BF/dNV0n66vpTCMsuq399Twhhcfp/Uuxtq+KL0+mGEEJ/3es+WNCu97bZ/nU586el00XpdKAgTnx+TWa+lKmXnY96MtP+guXNVV47Oq1XZElmPnswmqu8dsbyFen02+n07FnGL8f/SSgloVJr/tZkuo+Euv2WhGRqX/bV5ku1fRvS9c/MJ5n5Uma+3JNZr6nlph2tnCSN5bFepjwejitp+Rn1x+oWPp1T/u502pe+UV+P8yH7oGqg6UFtvabEdh2boS2pf9+6uFL8yjaU6o5BrcprOz7dGQNp2UCysuk1Ey3E5w5vvH1tedMTRwZz2pE8kKTxk0z80bbi7/3+iiWfv3//nlV58S8rpfFLHbX/JxcdffmS/V//Wm78O2P8ckfxz3m0/6WLnrxlTe72ORa3T6Wj+GMvPHXH6pMvP5jb/rtj/L5O4g+PHjrau/T4o4/ltn8kbp/FHbX/+Y987Kf3Pfvwi7nxQ4zf31H8TYd2fLl36PhZufEfi9tnoLP+88rBC54bGvr5cF78Z2L8pR3Fv3ffgQ/fs/y2C3P374a4fQY7iv+JMx+5ecnxh0/PO3Ymd3frkxPgnemk9Bzr1nS+0zxzruryhb8erlTP+Zak/5d2c0EZk8tZNo/xAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4e/rnG8773Gc/+qmNlSSEJKfORAvxufKi0dHhDpY79sJTd6w++fKD9WWrOogDAAAAFIt5eKlW0hdWhWuSxeG06mxmUCDOnhbnksby7BhCjJMdI+g0TqlFnFIHccpdak+lS3F6uhRnUZfi9HYpTl9BnL7QXpzFM8SpTPaANtvTP2N72o8z0KU4S7oUZ2kmRKdxlnWpPcu7FGdwxjjt98MVXYqzsktxTupSnJO7FOddXYrza12Kc0qX4mTHlGfbD5emNU/NizP1oFwYp5KUa0+0Gk8/JV3O6XNczkDBcpYWfR63uZzFbS7nvZnXlWa5nL42l/Prc1xO0uZyfnOOyykVLCf222uz7YvLiXNt9v/ruhRnb5fiXN+lODd0Kc6fdSnOn3cpzo1zjAPQrpj/T+d7g6G38tuhPz3inJapH/Pd1VM/mz/v8g5IMd57MuWLiuJlE/VMvNWzbV92ACETb02mvKchXqWWj8wQr68+3trMkzOt70dGW7etPt7ZmfLeGeI1rAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnAD/fMN5n/vsRz+1MSRh8l9LEy3E58qLRkeHO1ju4Y23ry1veuJIfVlvpYNAAAAAQKGYh/fUSvpCb2V96E0WNdTrS8cB+tL58mB1OrQsbJicJsOlqfn+ZMWMr6ukr1u3e9uOdbuu2/v+LdvGrhq/anz7h9aft/6CkfMvOH/d5i1bx0eqP0PoLYgXQpgafth13d4vjm3dOr5zV7Uw2/5V6etWpfNJ+rqhD4SRyelNaftXFiyv1LS8+XtQvPcAAAAAAAAAAAAAAAAAAAAAAACA/8+u3YXIVZ4PAH/OzOzMuJq/88evMZh1iFFsa1tN16KtuAcKFfwILkKZtd1KqJFKVxM0EWunGqhapaWgBEKKF02xUq30xo8qpX4QsFhboZtKUWm9aC9atLWo5KJEpuzunNmZ2RlnO0gS09/v4nw87/O+z3nPxcJzZgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAQ2u+MTlbn5qeGU8ikgE5zT6ysXwxTWsj1P3K09t+UJo4cHZnrFQYYSEAAABgqKwPH2tHylEq5CMfpy7erY+OgVju+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP89843J2frU9MyxSUQyIKfZRzaWL6ZpbYS6b7z76GdfnZj4W2esOsI6AAAAwHBZH55rR8pRjTNiLDl1ofNvR7NvA2t75i/lLcvWWbfKvN5vB4Pyzlhl3lmrzPvYkLxNrfOtAQAAAB99Wf9faEcqUSqsWdEPZ/3/sL4+yzu9Jy/fOtc6kz5QcTVJAAAAwCpk/X+pHalGqVBt9+ur7ffX9+Rl84f9bp/NP3PA/GG/51/ROvudHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+OuYbk7P1qemZfBKRDMhp9pGN5YtpWhuh7sZnxv9x2b671nfGSoURFgIAAACGyvrw5da7HKXCeIzFsYt9/8QlDzz+pcefnIyIpTa/WIxbN2/fftPGhWNszPLOe2nf2PdfeOvbK/LOWzoetg0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmvnG5Gx9anrmmCQiGZDT7CMbyxfTtDZC3dc//8W/PPzKU292xqojrAMAAAAMl/Xhy71/OapRjGKcvHjX2esvyPXMH/TNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADh63PzN276xeW5uy00uDs9FMx9xBDyGCxfdF4f7LxMAAPBhOz2SaP6XTrnycD81AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwJJhvTM7Wp6ZnyklEMiCn2Uc2li+maW2EuunTL5fWHHjmuc5YdYR1AAAAgOGyPny59y9HNcZiLE5avOv3TWCx/68cwocEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjijzjcnZ+tT0zJokIhmQ0+wjG8sX07Q2Qt2Hdu753IPHf+/SzlipMMJCAAAAwFBZH15sR8pRKnw8SnFa636ue0KSb537fxdYnreta9r4quc1uublVz3vnp6dFVq7WZpXztarLJ3b82rL83KtebWOedVol6+15y2+rF1d1dYMec6Vbx4AAAAOnaz/L7UjlSgVSh39/0+78iv6XAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABggPnG5Gx9anomSSKSATnNPrKxfDFNayPUve23/3/cV392747OWHWEdQAAAIDhsj58ufcvRzXWxf/FusW+Pyrd+VneP+sHH7z/X389O+Lck/dPFHqX/VF28evXL3629xCR687ORRzfqpcMqPeb399/y4bmwYcjzj0pf9qKevHB9bqXTJtP1Ldcsf2F/duGvBwAAAA4SmT9/1g7UolS4caB/X/WeQ/p/9sWG/Djb9n5ixNbx1ZH3jMjV2nVyw2o94UNj/75zAv+/tZC/7+y3ifbV5/ec8ODJ3YVXIr0SNLm1A07Nu0/f28u2/VS/XxP/ey9fPlbb/77ulvvO7hUvxzlVnxtz6MsVVt57CkfaXMut3vm8vd3N7rrFwbs/67fPffKr9be+95C/XdPH2/XPyv61V/aeWFg/TgmbY5fdfeuC/fs29RdPyJq/eq//d6lccofr7+zd//jPQt3vvnOY+8LSJsvrX9n7wUPVC/qrp/01M/e/89feWjXT+777pNZ/ex/Rc4+Y7X1cz31X7znhJ3P33Hl2u76uQH7f/bqVye21r7zh979X9u1amHgU6zc/yPnPHbNa5vT23uHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAji7zjcnZ+tT0TC6JSAbkNPvIxvLFNK2NUPeNy15+++p7f/zDzlh1hHUAAACA4bI+fLn3L0c1ilGM8cW+/4n6liu2v7B/W1SWRpPWuTC39ebtn7hu644brz1MTw4AAACs1huXJYv9f6EdqUSpsCHGWv3/1A07Nu0/f28u6/9zC+ckIq67fm7LudHOe/GeE3Y+f8eVa9vfCSIW/y2gvJD3meW8Sy5+ufLOn75+Zt+8jct5L61/Z+8FD1QvyvKiM++8aH+feOScx655bXN6e/v5OvM+9bWtc63PE9m641fdvevCPfs25bLvGK3zeGvdLG8ut3vm8vd3N3KVKC2M51t55da+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICV5huTs/Wp6ZnIRyQDcpqdWoFsLF9M09oIdS/f8Ms7jzvw1LrOWKkwwkIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsJ+3YTGVfVxAD5nJnkzySRt0r5gVEzTqih10aIgfmxU/KIVKbiqFKm2diEKgohSF6bSiqUqbgSrmyIqqFEKFWwsllZJxa/ixoUKCtWFUIoBTSguVDI5dzJzO9dpp1FQnweGk3Puvb/7v/eeOZMLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/KD1dw7X2yI6HZm4/76ZPnrh3+vFb33tg2yWPvfHD6KYbPt7b9+rJyc3Lt3x949JNB+5bM7H7pcO/DLzz27G2wY/ONStTtxJCPBFDqLw/9fyTk5+eMzsWQwjlODgWwlBccngo5hJW/xpC2Fyvs3njvukrtsy223b1NI0vzoXkrytUy1k9cwab6+XfpZLm2daZRy4L316/fvvny95+q3v8+Nj8LnF2n3KaTyEs2th4fHcIoTd9ZmWzbTg7OLXrQgh9Dcdd1aauC0+z/lUF/fNT+7/UVtvkZNtX5Pql3H75fqY71/a1Od/ZKqqj0/3a6c/15xejq29ZiPx6natajw+l9t3UrjzD/HL2iaEUQ1e9/Pvj/BwJDc8thlh7lpV6v1R/tiFdf64fc/1Srl/uzl1X7bxpopVjbB7P9suNZ8txVxpf3rhWt3BHwfi5qa2kL+rJrB/yf8ypnvJH/bpqsrqm/qSWv0OpYQ1qNV5/8OlhVNNYNS455ZjfW8i2Ta5/+uLyhg+ODBbUEffGlB87yt/62VD/XW/ufHi4KH9jKeWXOsr/bu3Rn+7c+fKLhfnPZfnljvIvP9h3Yu2HO1YU3p+p+RXkdPJj6mfb7j720TPL/n/PeKtnXcvck93/Skf1XzdxtGdg5uChwvpXZ/ent6P8b669+fvXv9x/vDA/ZPl9HeVvmHjw2Z6RmUsL8w/NfRWqtRnawfz5efzKr0ZGfhwtyv8iu/8DLfJj2/zXxnZf88riXWsK5+e67P4MpvzeM6r/tosObO+f2X9B0doZ9yzULyfAf0XzL/LS9D/WU6nf7j1z33Sp5Xvm2Wp4X3hhtGvuF6g/fQYW8kQ5s+dZ9BfmAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwB/swAEJAAAAgKD/r9sRKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8FQAAAD//38INHQ=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x8004587d, &(0x7f0000000080))

334.896613ms ago: executing program 4 (id=1285):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x200a017, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f0000000240)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x8)
fadvise64(r0, 0x8, 0x8, 0x4)

331.436691ms ago: executing program 4 (id=1286):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000000)=ANY=[], 0x1, 0x6eb, &(0x7f0000001240)="$eJzs3c1vHGcdB/DvrNeON1Sp0yY0QkGYRCpIEYkTK4VwwSCEcqhQVQ49W4nTWNkkVeKitELgAoITEof+AQXJNw4IiXtQuHApt159rITEJeIQ9bJoZmft3fX6LfFLAp9PNJ5n5nnmmd/+5pkZ7zqrCfB/6+q5NB+myNVzbz4ol1dXZturK7NH6up2krLcSJrdWYo7SfEomSvri74pffMNPl688vZnj1c/7y4166lqP7bVdiOMaLtcT5mu+5seueX4TnexXIeXl5Jcq+eDJnba10DDMmln6zkcus6gRjrLu9l8N+ct8Jzp3Z2K7n1zg6nkaJLJ+veA1FeHxsFFuKe+3ivs6ioHAAAAL6hP7x52BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDiqZ7/31pbbHRXJdMpes//n+itq8vPobkdt3y4r3EAAAAAAAAAwMH42pM8yYMcK8vjSTpF9Tf/M1XliXzRSb6U93M/C7mX83mQ+SxlKfdyMclUX0cTD+aXlu5dXNuyNHrLSyO3vHSQrxoAAAAAAAAA/uf8Mq3u3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB5USRj3Vk1najnmUqjmfW6LCf/TDJx2PHuQjFq5cODjwMAAACeyeRTbPPykzzJgxzrLXeK6j3/l6v3y5N5P3eylMUspZ2FXK/fQ5fv+hurK7Pt1ZXZ2+VULg/2+/1/7yqMibqHsWpp1J5PVS1auZHFas35XKuCuZ5Gd99nk1O9ePri6vNRGVPxvdoOI2vWaS139vvNPkXYE4MfRTS2aNlaDy5Zy8hMHVu55fFuBorqg5pkOBPDR2fDzpoDS1NVk/G1PV1MY+2TnxP7kPOj9bx8Pb/Z15zvRH8u1jLRSJWJS73RV54zW2ci+cZf//TOzfadWzdv3D93uC9pF8Y2WT88Jmb7MvHaC52J5i7bz1SZOLm2fDU/yk9yLtN5K/eymJ9mPktZSKeun6/Hc/lzautMzQ0svbVdJBP1cekes53ENJ0fVqX5nKm2PZbFFLmb61nIG9W/S7mYb+dyLudK3xE+uWnc1WurzvrG8FnfO9J/Gxn82W/WhfLq9tv1q9zcVq94s9G5V7rX/jKvx/vy2h31j9daHe87D2b6svRKLzvjIzt/mmtj8yt1odzHr7a5TxysqToT5QnUu0v0onu1m4lmdS/aOM7/0Cm3S/tOp3Nz/r1N+l8eWn69npfDauWr27XuGX0o9lY5Xl7JZH0lGRwdZd2ra1eZvrrO+lju1g3eccvtTlZ1RdE7U3+cu9UA2HimTtS/w23s6VJV99pQ3en6Gl7WneqrG/h9K3fTzvUDyB8AT+Mf76wVp3J0ovWv1qetT1q/bt1svTn5gyPfOXJ6IuN/H/9uc2bs9cbp4i/5JD9ff/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vfsffHhrvt1euDe60Ni8aqDQyvCa7XoeKhT1A31GtblVP6VgVx0ecmEyycCa6jlHBx5GaziMDYXOL5IDz0/vIYKj2/yuLDR3dLjnBtb8eWOHH20fz1iGxuEOzot9LDSyLz13Xt5kJIxl9AA4rCsScFAuLN1+78L9Dz781uLt+XcX3l24M3758pWZK5ffmL1wY7G9MNP9edhRAvth/aZ/2JEAAAAAAAAAAAAAOzXqqwJnXtruSyMbCo0kw9/x8D8LAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgD1x9VyaD1Pk4sz5mXJ5dWW2XU698nrLZpJGIyl+lhSPkrl0p0z1dVfkj4/SGbGfjxevvP3Z49XP1/tqdtsnjXq+ua1rkyzXU6aTjNXzZzDQ37Vn7q/4T+81lAn7otPpzD1bfLA3/hsAAP//ShfsxA==")
r0 = creat(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
write$UHID_INPUT(r0, &(0x7f0000001680)={0x8, {"250cdf697acb4f0605d5043e74bfab6dd6791417c1a43c66aba7ceedeec78b57bc7f7b05ead024e54726eede5ecb73353ef74348a32b5afe16dad00068ff38d4811272802fd37ecc096eb6a2927af806b2ea70ae521ea63114461bfd55c46e1d4d6b8b80a72f7b6599774a45c2400fca7557da82a37f937ac786ce43641a60f3420b06484795af35e877c3b5dcbb14e5e8753b8c825c0a95ffe0f6fd898fe3c05a4fe0161c2704647c93edacbbe05d18c800ecdd17d613a697875ec5c25260c574fe7601b5343c7c960ec7bcc87e70647b11938b78fa3a9f379e7adc340c6b46182659c6eec10ed0fe94d687c5ba9d9c7a7f3ae65f1e987f4884a4dc67fbf0834896025823b9031037c0c7d6b7d52cd78c66432b5c30b56ce2159ced612a5557d17c94fd39081f5da362d93f9b153c1dfd924a5f06f72a690ec00ace5ba2a86a22adebf45ab6e9a7c32f7d62008cd5a74e53d8da35491e9f798449d2333c5ab64ae33c1677aec53eb0fd7fea9a4cb9e123f9c1c07eb709666e7b1d458e58b53f8ea694818fdbcaea6f4e017329a287f1234b90a039d3da8fcba36938ad4b838ea98bcd273f12d19fabe7ae423f750b3216562cd4fad38ecb4962ad39b6dd4c5d82594a850fec12053ceb2c9913702a6f9335346bff816b8de0fbdb05af0026e24acc2cd4c27a8bec965453238f1eaa4d796ba9346e1de72235a33fb3d1171a0bb37ec03564562b700d3bd7ae0efd52c08b47151ddbd5da50e7dfdf2c9cc4cd6f755c241f80f1a518d5338222ee586d9d305033e7975edfb55ec8acf2f60c5148c6c0557356233dd1f3877b314e5adb504970bce1b1f2c73c4bcaeeddd50ef1fbb42dbd52a5845023747dc2bd92dfa9312f5ffbfebbb31570e57fea6db225a375609efeab91a39d518c5c597b11018df436d1ef38ade9dae1c4404f6a736276080496cbc073b7a0e3fd8145fbb3a65136781a392045e644e5e6c6e40306ad92599ea2d7d4037538284393a86f7ac6a7c2b55cdbee04a367da8c0b2f91b473646c7a997d7c01aeb75305a3b1b8c0c4e50e588659af31cd108acd8d52ddb272df059c5a81c55c738264b6234ffa932f30e20c9f5bd70b77fcc3f76b0199016fc2c7bf0149cb521752715faf9ba8ab0d28498109e89d19ba90dcb64f0fb62f5a9f85c3891722a9a52fde49344f72ac94a9ccc701a7b491efa385559764e22c3edd23e64bc9df9ab403fefc13a0a6b202e57d61f75919835af13339116b24e8e7367baec45c3506db11b9d3bfbe8583ee42a108abfd04a3bb0dac11972bb51eba6bb0a122c649ee97919d1041a350f64909c45cdc70010a92571a67465479380e5c9c19b430b0cf0b24f5e265b17f4fbf8eb5525f62558b0ddca7a360d936c72f05356949de6bcacf8dd7288e7f58343c6588b80b3ab650db3e82f76fdc5e0344528f9a25ad99c1026cbb717bcf9152bea4f65cc92e7c99ea3fcbc7635c06d7e08cb33c56256ac41d7d39ae2405140a2cde55fcf46d484cbda5326d3ab44aa8d1ef7216aeddaa18a4a727310a739fd5daa719f06dbd853f90c8658188e7208ac6a05d4a88360b0bbd5fb0c12d4673df7fff696bfc69a5b47505eadddc403c6a80715bda8616d90a2873c766bb335a7d558567cce1abf393e6906f817fb2b592d43708625d1f5428e18c00348dc9790ffa0ab5215e03773bb6d4dd67ff1f785ee844bdf21a2f16865bb5cb982a04e658e2408bfb15b3ec64e47b0a74cdd264a4f334ef53500bf3f9295e6804fcdcea3755233c0758818c55a4b0521777f8f2baab456a1f84ccae6ef1bf3b043d6b8f04547acaa9d346f37f06e85282567fd63fe5174398339d32f2d212825f6fd2d6cc7fa3421017452a0e2bf80945ddb6ba876f9858ef79706ef70311aad51ef2750f8ee048f96f5d0f77282e74b583e72511b4e04473723219f9c2f57e89d1837b4fbba9adfca55f42830880571cc2c648e2a146bf6ab4c7bbbc06e7649a7884eb4992c9f364c2242f949b052916767262b41cda49f0e3035498c3c5d9a4d0f25e4a3ba0fe090912b143cc67e298996ff6b8ed1ef000ea3d9e2b3eb5d0f107a5d17a4465a6b44b33b270788eefdc034fecce8f5eee4f574abac7769d4ec932535653e7953d9a5155afaf06d570002fb2faa4a305c55ecda17023e741c194bac7ef3bc470a1468f86d640c50b278259b6a39e60f1947fda8415fea3fbcbb834d6cf95cd9a69a3fa89293fcf79b6e239a59a06d2b50c8cee830ff99c022098c436ebf6ecf751642930c14a35860919b17df5b9611d7a6ea7091f11e4e4a0f0851539e3b6aa3c0ea1efcb04388ebce2e5d75b5cdc6ee503220f246000422e7c22d7d174c0f743b3d7fd14796238559e4fc32dbd3905e0a1426d3dd33cc336338915473d5c35cbb6ae6943e5612947628cf17c25ea98ea8640151e6ea37c290fde0c4f75b75689ed698ff213312993ac31440f51ec9f3f2ccb253edbe33ff4ab105dcc4153f62ad0fb4bdea058e51ece7ce8e52a8af0f79abaa57e903c0609fdc9a8c1f4af5926236245dd26f7c5a8c0b33326d77f8262bc76a60c31f691a45287400e85deececa933c6e9fa7aad6f998b987bc3cabdeebaaeee82529e387db3be24ddef2a0ebc640d7ad8b3aaee1a9890b6f1963b5616d530d79fb20a718b468541814a342cc64eb49b8825fa3667f7705b541efbf94370abd3e29e17bbee2cb4bca3dbff1f7efd494c1e4f580a870c33dc5e400d19e6bc2446f5178b0d0e7391c4d2bb9d81ff50fe51e46602b078ba1baf27fc1da1a93de8c86306dbe0b218e6074037cf98958fe6839826eefa99ecd627eff1bc77c13eb5254cf9fb95c40c311d8da11bdf040250fabad9e00d556b1d7312e91c9de60ed450e4a166318aefc0da3221cb89fa01ac6be84af81f9ea26dbf61af12a059116100711bdcc8b6b06585ad6a3c2636aeef281684c0e66ea7a1730e9de4cc3c44f3ed8e5f98c977a2ece1ec625807573f105d9e88280f38ad65b9c981f5ef6d8a057e9ec0f46b83d5607ff2b506dd9da65c071865bd32f4e4fc28dfe23bc8aca0d3ca992b21c6ef9bcd3ff022b9649c3dfad513b117cd9e27d14fc376900bab6d815846ba5279a34b421fd24b385e7d10ede5912b9e9427bff1877d34d818efa6591d63c84aa2a1fed05493dda75aaf4a2cb4cc9b9598c298f042641da6b49cb89f0ae499681d77bbc3a79bb0e8ff2b983bc99eaf32503413cf5edac6a7fb80476f8dcef69d1741df8065b06f1fe7539578183645caad9416e03d001dbab6103a16cad98bc7212e7dafbd3519059c8dc3a15414a2456f75e8f474d6990a7c5202d42e04fac3b5917e056eb562930f9d388fd18ee645b797f38bd10c765250a111e48eeeda8f310d025526ad78da1c13cfd0e3a595859d2b3708875672376999134c68390ff66284d0270aaebdce2772df67bcc414d9905f7a344803bbdfa71f4b2c7c28b2e995805d4caf3fee844d70b9e8590bf1a86c12330233b50ea24f34ade88d989c9c29daac0173d1b1619f66a442e1435effb19a115925738ed7eaca5b1e0f53e35783c47755941d633c24b2e505bd5a3da4f02aab9821e8a8cacfbc4fdf31e129bc40c4c5d7a2197848a64b7f9854f3d0a715d15d8fa862cd10c8243c5ddb1e11257dc67b1d2174cfb55046f6beaff1c886600d05a49faef290c7da43e9ed4d10370a7ba6068116f2780f7fa3fd8e08e4081920aff11857d1ff7a1d71887373f418cfa658cebdf2d7ff4c514e7ccdd8e7f92ed47bc2b7d6c018342d74d041ff815e3b4d91bcb5f193986e18893c63edf9f5640925ef33a8928a0b6c65ccf51b5cdd51334b5b20ab5cc237e72fa9ca0550c22142e516153035def2d87637861aff5c2c4172b3f5e9bceb3ff690b500f256ce900ed6d4e0550d7a0e40396edb0d6424ee4d67514a482cf37428c43131c06ab1f5ab95c6180aad6fe892333d4b77acb6473c6dca6b6d200747dfaa35705c7fbee300b54c54d7f290384da59dfc1d3e734814a2b122850928c01251f12977b3a9e715b7bd823f1b845108e501a24859e6fe1cd1ad405097f1bb5f160c879c80606b1d4a05e048bdedf956ee31cb85a5fc4af9a114a18776b8530f968abeb93ea2ade58695cedbad8d0f87671956599f0828ab8438f7d0db5ca6f8cec8e5e344f0d3244105924ffc10eb70ecb7405eb0ae86e20f94a4963ca12743fb375bdc61137545be1c6897feac6349ccbd98a59482cf23980cc48e0b51f1c2a859dd1c9f9d886349f90a672026845342f9ee0fe8b8520c33e1839d2435eceda7f632efe7f5836981b0540527d412bf544159e4a9003252f74506078ffadfa17b8d483c2018c87b3ea07f790f6f3cf5c737cd0df8a9989001281e063991f7dc8f86e05b1cf00d596ec725b05df3f21c3060440dce376d5e6a4bdae57c4036360da35bdfed4910a9b4f295e91a66ae0b3f47eeb159c02531f4ed1f5991643979ef43259c2cbbcea78849776f983edd8f6c71a9d0debb692803a80a9e91fdd30646160a1ee000162e5024e6ea60a337e9e1bc16f51a4f6b7a2ac31c84c80c8f8e6d7bbf2567cacf36d427eb7595b6bf99cb6eab4ff430bacd137c0f3f974afdb2c699967f9fc2574ae64fe284a63f7f6693e9585e7adbea191fffeb9eff8f3e0e8fa6e6e7054dc178fb678916272fa152ba9d118fea3828cf17680d753be582d355d902a748994c5a3b2e338a3c654f65ccaac82923db89b86e65e27e2b8047d1314b6b94447f0b3e75aab80f52a3d11cb74d6221afbec4e203258356875464d26a74591b079635857d732060b6f061465840b0a46d6f3dc1da7d49c511e9c9b1de16ec60640f75cf7059abcf809759512f8196e95c7ac6d020e585e72522e305b907e95f6405de1ce7db90747edb1c024ef569599655866cb67f0b0cda72c2627ec039006421b2c4704b76af622de9c656238a27e9f2a1164163e258bccda6d265cc1df23688c86edb83de1fbee14d384d2f78cd9d4f4eff2c1fb24fe8aeea002ac5d00597968c30d10c9ffdc5b84f729c89157972a3427de7eb2d395a5c2ca987ff01c4db2c75eedb242d9b818cd7447bafb61e46e522b0a435399bab62eaa3a8c699d812dc2d96ec4fe87fa2606d3479277e5a7b3a0374c026ffbe3726b69171f8a746caaff016da482b8be58234054df7bc963c205fb0c41ef39a6f262c570e8f0ebd9c1707cdc3039c50fea2e1a64065f6477c551cce3d387f5c2d748a75828fc5a3b894e7243b6bbf6b63655919125d63c94dae1588d1da71798ee48a274295e31ab2577bb761a49e649e3eac3b52c1e6d52d20f05a4cbac2e548a10b7833c7cc5a06a45bc91ae96e80e9b9a1ad197cd63bd2379ff6beff6ac880611836190a456de8ecbac82af03b3617f43e796ea584f66d6265c204f8f815937c77e83e0b35656ea35d0f9164fb6dd0a45ade6f219680649e83c0d52b07b142c00b3dd76507159922d03ccfa321d79a3aa0f8334fac81dd5f9da69153d9fea7d202bfef16390d27b462d2396282af8697e2f8fa903f51ec95f2087fe7be667067558ade4f9e0530897a9adff8a930ffbf8cf902d6b8329826d07632a581c7d1457412f1abfa3bc788939279f647d100fe9141c3e4b174627c77eb4abfc247c0c738c38d6c796b5f823493fbf23b286af02ae268f23a518af0195535ab69af4e68f08b513e214ae4a2ef60b3f88a427da1f33afac9b129d4cc757caea0d194a3ccbf5bb500", 0x1000}}, 0x1006)
unlink(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
close(r0)

242.420204ms ago: executing program 0 (id=1287):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000400)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4044011}, 0x4000)
dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0xb)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_udp_int(r5, 0x11, 0x65, &(0x7f0000000040)=0x4d, 0x4)
sendmmsg$inet6(r5, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4001c00)

242.01757ms ago: executing program 4 (id=1288):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x9e3a, 0x10100, 0x80000, 0x1bd}, &(0x7f0000002000), &(0x7f0000000000))
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000380)=""/113, 0x71}], 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

162.74655ms ago: executing program 4 (id=1289):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="300000001c00010428bd700002dcdf2507e089fe", @ANYRES32=r1, @ANYBLOB="8000e4090a000200bbbbbbbbbbbb000008000e"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x24040040)

162.497632ms ago: executing program 4 (id=1290):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4}, 0x1c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r2, 0x29, 0x1a, &(0x7f0000000100)=0x401, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @empty, 0xffffffff}, 0x1c)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x14e22, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x3d}}}, 0x1c)

0s ago: executing program 4 (id=1291):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(0x4)
syz_open_procfs$namespace(0x0, &(0x7f0000000080)='ns/ipc\x00')
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000400000000000000000000f195"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8, 0x1, r1}]}, @IFLA_GROUP={0x8}, @IFLA_MASTER={0x8}]}, 0x3c}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:59008' (ED25519) to the list of known hosts.
syzkaller login: [   40.628117][ T5771] cgroup: Unknown subsys name 'net'
[   40.761543][ T5771] cgroup: Unknown subsys name 'cpuset'
[   40.764921][ T5771] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   42.368717][ T5771] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   45.435977][ T5844] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   45.439193][ T5844] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   45.442581][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   45.445966][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   45.449275][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   45.489644][ T5236] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   45.492902][ T5236] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   45.496022][ T5236] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   45.509878][ T5852] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   45.513159][ T5852] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   45.516428][ T5852] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   45.530622][ T5857] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   45.541690][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   45.545794][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   45.549596][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   45.550780][ T5843] chnl_net:caif_netlink_parms(): no params data found
[   45.600860][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.603714][ T5843] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.606060][ T5843] bridge_slave_0: entered allmulticast mode
[   45.608272][ T5843] bridge_slave_0: entered promiscuous mode
[   45.616706][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.619045][ T5843] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.621708][ T5843] bridge_slave_1: entered allmulticast mode
[   45.624087][ T5843] bridge_slave_1: entered promiscuous mode
[   45.642213][ T5843] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   45.651247][ T5843] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   45.670979][ T5843] team0: Port device team_slave_0 added
[   45.674040][ T5843] team0: Port device team_slave_1 added
[   45.686380][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_0
[   45.688673][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   45.697957][ T5843] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   45.702583][ T5843] batman_adv: batadv0: Adding interface: batadv_slave_1
[   45.705218][ T5843] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   45.714618][ T5843] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   45.738913][ T5843] hsr_slave_0: entered promiscuous mode
[   45.741633][ T5843] hsr_slave_1: entered promiscuous mode
[   45.808241][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   45.850031][ T5847] chnl_net:caif_netlink_parms(): no params data found
[   45.894412][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.896961][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.899275][ T5850] bridge_slave_0: entered allmulticast mode
[   45.902115][ T5850] bridge_slave_0: entered promiscuous mode
[   45.904821][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.907533][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.910237][ T5850] bridge_slave_1: entered allmulticast mode
[   45.912614][ T5850] bridge_slave_1: entered promiscuous mode
[   45.936011][ T5847] bridge0: port 1(bridge_slave_0) entered blocking state
[   45.938815][ T5847] bridge0: port 1(bridge_slave_0) entered disabled state
[   45.941771][ T5847] bridge_slave_0: entered allmulticast mode
[   45.944297][ T5847] bridge_slave_0: entered promiscuous mode
[   45.951852][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   45.958712][ T5847] bridge0: port 2(bridge_slave_1) entered blocking state
[   45.962034][ T5847] bridge0: port 2(bridge_slave_1) entered disabled state
[   45.964961][ T5847] bridge_slave_1: entered allmulticast mode
[   45.968108][ T5847] bridge_slave_1: entered promiscuous mode
[   45.972639][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   45.998256][ T5850] team0: Port device team_slave_0 added
[   46.003822][ T5847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   46.008141][ T5850] team0: Port device team_slave_1 added
[   46.014432][ T5843] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   46.020265][ T5847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   46.028898][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.031606][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.041076][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.044950][ T5843] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   46.055033][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.057369][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.066003][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.076177][ T5843] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   46.090490][ T5850] hsr_slave_0: entered promiscuous mode
[   46.093106][ T5850] hsr_slave_1: entered promiscuous mode
[   46.095499][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   46.097731][ T5850] Cannot create hsr debugfs directory
[   46.100767][ T5843] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   46.105507][ T5847] team0: Port device team_slave_0 added
[   46.114848][ T5847] team0: Port device team_slave_1 added
[   46.140285][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_0
[   46.142728][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.151958][ T5847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   46.156212][ T5847] batman_adv: batadv0: Adding interface: batadv_slave_1
[   46.158846][ T5847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   46.168778][ T5847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   46.193375][ T5847] hsr_slave_0: entered promiscuous mode
[   46.195818][ T5847] hsr_slave_1: entered promiscuous mode
[   46.198168][ T5847] debugfs: 'hsr0' already exists in 'hsr'
[   46.200683][ T5847] Cannot create hsr debugfs directory
[   46.214036][ T5843] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.216397][ T5843] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.218930][ T5843] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.221428][ T5843] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.292741][ T5850] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   46.300645][ T5850] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   46.308569][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.311170][ T5850] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   46.317827][ T5850] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   46.334680][ T5847] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   46.340961][ T1836] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.343577][ T1836] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.354654][ T5847] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   46.358671][ T5847] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   46.362421][ T5847] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   46.373437][ T5843] 8021q: adding VLAN 0 to HW filter on device team0
[   46.387687][ T1836] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.390759][ T1836] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.397464][ T1836] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.399910][ T1836] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.461504][ T5847] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.468909][ T5847] 8021q: adding VLAN 0 to HW filter on device team0
[   46.478136][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.481208][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.491258][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   46.503377][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.505760][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.512075][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   46.527639][   T28] bridge0: port 1(bridge_slave_0) entered blocking state
[   46.530598][   T28] bridge0: port 1(bridge_slave_0) entered forwarding state
[   46.539038][   T28] bridge0: port 2(bridge_slave_1) entered blocking state
[   46.541519][   T28] bridge0: port 2(bridge_slave_1) entered forwarding state
[   46.564667][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0
[   46.594437][ T5843] veth0_vlan: entered promiscuous mode
[   46.613665][ T5843] veth1_vlan: entered promiscuous mode
[   46.632621][ T5847] 8021q: adding VLAN 0 to HW filter on device batadv0
[   46.643296][ T5843] veth0_macvtap: entered promiscuous mode
[   46.648041][ T5843] veth1_macvtap: entered promiscuous mode
[   46.653295][ T5847] veth0_vlan: entered promiscuous mode
[   46.663912][ T5847] veth1_vlan: entered promiscuous mode
[   46.667028][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   46.673842][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0
[   46.684880][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1
[   46.693431][ T5896] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   46.698817][ T5874] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   46.704201][ T5847] veth0_macvtap: entered promiscuous mode
[   46.712527][ T5847] veth1_macvtap: entered promiscuous mode
[   46.715349][ T5874] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   46.721253][ T5874] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   46.725073][ T5850] veth0_vlan: entered promiscuous mode
[   46.732244][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0
[   46.737120][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1
[   46.746080][ T5850] veth1_vlan: entered promiscuous mode
[   46.756869][ T1017] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.756992][ T5896] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   46.763862][ T1017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.764789][ T5896] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   46.771256][ T5896] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   46.774778][ T5896] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   46.794893][ T1836] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.798087][ T1836] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.803419][ T5850] veth0_macvtap: entered promiscuous mode
[   46.806932][ T5850] veth1_macvtap: entered promiscuous mode
[   46.822375][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   46.836351][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   46.842190][ T5843] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   46.852103][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.865098][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.871113][ T5874] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   46.883348][ T5874] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   46.895189][ T5874] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   46.912874][ T5874] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   46.924757][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.935236][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.941818][ T1017] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.945231][ T1017] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   46.948933][ T5914] loop0: detected capacity change from 0 to 1024
[   46.967271][ T5913] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   46.971848][ T1017] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   46.975069][ T1017] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   47.359575][ T5875] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   47.382715][ T5933] mmap: syz.2.11 (5933) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   47.486119][ T1017] hfsplus: b-tree write err: -5, ino 4
[   47.512285][ T5875] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[   47.515869][ T5875] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[   47.540829][ T5875] usb 2-1: config 220 has an invalid descriptor of length 184, skipping remainder of the config
[   47.545180][ T5875] usb 2-1: config 220 has no interface number 2
[   47.547740][ T5875] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[   47.560036][ T5236] Bluetooth: hci1: command tx timeout
[   47.589442][ T5875] usb 2-1: config 220 interface 0 has no altsetting 0
[   47.592383][ T5875] usb 2-1: config 220 interface 76 has no altsetting 0
[   47.595330][ T5875] usb 2-1: config 220 interface 1 has no altsetting 0
[   47.635897][ T5939] syz.0.14 uses obsolete (PF_INET,SOCK_PACKET)
[   47.644156][ T5236] Bluetooth: hci2: command tx timeout
[   47.663470][ T5875] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[   47.682894][ T5875] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   47.686035][ T5875] usb 2-1: Product: syz
[   47.687452][ T5875] usb 2-1: Manufacturer: syz
[   47.688915][ T5875] usb 2-1: SerialNumber: syz
[   48.174818][ T5941] Driver unsupported XDP return value 0 on prog  (id 5) dev N/A, expect packet loss!
[   48.347814][ T5875] usb 2-1: selecting invalid altsetting 0
[   48.350594][ T5875] usb 2-1: Found UVC 7.01 device syz (8086:0b07)
[   48.352720][ T5875] usb 2-1: No valid video chain found.
[   48.356918][ T5875] usb 2-1: selecting invalid altsetting 0
[   48.359430][ T5875] usbtest 2-1:220.1: probe with driver usbtest failed with error -22
[   48.365751][ T5875] usb 2-1: USB disconnect, device number 2
[   48.955206][ T5948] netlink: 'syz.1.17': attribute type 3 has an invalid length.
[   48.989571][ T5236] Bluetooth: hci0: command tx timeout
[   49.196503][ T5966] netdevsim netdevsim0 : renamed from netdevsim0 (while UP)
[   49.265425][ T5972] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   49.350218][  T880] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   49.435926][ T5974] loop0: detected capacity change from 0 to 40427
[   49.439003][ T5974] F2FS-fs (loop0): Small segment_count (9 < 1 * 24)
[   49.442096][ T5974] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   49.474547][ T5974] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   49.479049][ T5974] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   49.482360][ T5974] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   49.496760][   T33] audit: type=1800 audit(1755798434.381:2): pid=5974 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.29" name="file1" dev="loop0" ino=10 res=0 errno=0
[   49.499725][  T880] usb 3-1: Using ep0 maxpacket: 8
[   49.508633][  T880] usb 3-1: unable to get BOS descriptor or descriptor too short
[   49.513010][  T880] usb 3-1: config 9 has an invalid interface number: 229 but max is 0
[   49.516633][  T880] usb 3-1: config 9 has an invalid interface number: 255 but max is 0
[   49.520305][  T880] usb 3-1: config 9 has 2 interfaces, different from the descriptor's value: 1
[   49.524238][ T5843] syz-executor: attempt to access beyond end of device
[   49.524238][ T5843] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   49.529603][  T880] usb 3-1: config 9 has no interface number 0
[   49.530736][ T5843] CPU: 1 UID: 0 PID: 5843 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   49.530752][ T5843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   49.530760][ T5843] Call Trace:
[   49.530765][ T5843]  <TASK>
[   49.530769][ T5843]  dump_stack_lvl+0x189/0x250
[   49.530788][ T5843]  ? __pfx_dump_stack_lvl+0x10/0x10
[   49.530799][ T5843]  ? __pfx_queue_work_on+0x10/0x10
[   49.530813][ T5843]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   49.530830][ T5843]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   49.530849][ T5843]  f2fs_handle_critical_error+0x37c/0x540
[   49.530868][ T5843]  f2fs_write_end_io+0x886/0xb60
[   49.530884][ T5843]  __submit_merged_bio+0x27a/0x6a0
[   49.530903][ T5843]  __submit_merged_write_cond+0x255/0x530
[   49.530920][ T5843]  f2fs_write_data_pages+0x261d/0x3000
[   49.530937][ T5843]  ? arch_stack_walk+0xfc/0x150
[   49.530988][ T5843]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   49.531005][ T5843]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   49.531023][ T5843]  ? rcu_is_watching+0x15/0xb0
[   49.531047][ T5843]  ? folios_put_refs+0x559/0x640
[   49.531064][ T5843]  ? __pfx_folios_put_refs+0x10/0x10
[   49.531076][ T5843]  ? rcu_is_watching+0x15/0xb0
[   49.531087][ T5843]  ? lru_add+0xa2f/0xd80
[   49.531098][ T5843]  ? lru_add+0x198/0xd80
[   49.531111][ T5843]  ? do_raw_spin_lock+0x121/0x290
[   49.531128][ T5843]  ? do_raw_spin_unlock+0x4d/0x240
[   49.531143][ T5843]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   49.531159][ T5843]  do_writepages+0x32e/0x550
[   49.531175][ T5843]  ? rcu_is_watching+0x15/0xb0
[   49.531188][ T5843]  ? do_raw_spin_unlock+0x4d/0x240
[   49.531203][ T5843]  filemap_fdatawrite+0x199/0x240
[   49.531221][ T5843]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   49.531247][ T5843]  ? rcu_is_watching+0x15/0xb0
[   49.531259][ T5843]  ? do_raw_spin_unlock+0x4d/0x240
[   49.531274][ T5843]  f2fs_sync_dirty_inodes+0x31f/0x830
[   49.531290][ T5843]  f2fs_write_checkpoint+0x95a/0x1df0
[   49.531310][ T5843]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   49.531335][ T5843]  ? rcu_is_watching+0x15/0xb0
[   49.531347][ T5843]  ? kill_f2fs_super+0x298/0x6c0
[   49.531360][ T5843]  kill_f2fs_super+0x2c3/0x6c0
[   49.531374][ T5843]  ? __pfx_kill_f2fs_super+0x10/0x10
[   49.531385][ T5843]  ? radix_tree_delete_item+0x2b6/0x400
[   49.531403][ T5843]  ? shrinker_free+0x2ce/0x3e0
[   49.531416][ T5843]  deactivate_locked_super+0xbc/0x130
[   49.531431][ T5843]  cleanup_mnt+0x425/0x4c0
[   49.531445][ T5843]  task_work_run+0x1d4/0x260
[   49.531462][ T5843]  ? __pfx_task_work_run+0x10/0x10
[   49.531477][ T5843]  ? __x64_sys_umount+0x122/0x160
[   49.531499][ T5843]  ? __pfx___x64_sys_umount+0x10/0x10
[   49.531515][ T5843]  ? rcu_is_watching+0x15/0xb0
[   49.531526][ T5843]  exit_to_user_mode_loop+0xec/0x110
[   49.531542][ T5843]  do_syscall_64+0x2bd/0x3b0
[   49.531560][ T5843]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.531573][ T5843]  ? exc_page_fault+0x9f/0xf0
[   49.531588][ T5843]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.531599][ T5843] RIP: 0033:0x7fef7698ff17
[   49.531611][ T5843] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   49.531620][ T5843] RSP: 002b:00007fff61534dd8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   49.531633][ T5843] RAX: 0000000000000000 RBX: 00007fef76a11c05 RCX: 00007fef7698ff17
[   49.531641][ T5843] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff61534e90
[   49.531649][ T5843] RBP: 00007fff61534e90 R08: 0000000000000000 R09: 0000000000000000
[   49.531656][ T5843] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff61535f20
[   49.531664][ T5843] R13: 00007fef76a11c05 R14: 000000000000c0cf R15: 00007fff61535f60
[   49.531677][ T5843]  </TASK>
[   49.531683][ T5843] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   49.534900][  T880] usb 3-1: config 9 has no interface number 1
[   49.534922][  T880] usb 3-1: config 9 interface 229 altsetting 112 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[   49.534933][  T880] usb 3-1: config 9 interface 229 has no altsetting 0
[   49.536611][  T880] usb 3-1: New USB device found, idVendor=2b53, idProduct=0031, bcdDevice=12.34
[   49.630002][ T5236] Bluetooth: hci1: command tx timeout
[   49.632640][  T880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   49.705484][  T880] usb 3-1: Product: syz
[   49.707339][  T880] usb 3-1: Manufacturer: syz
[   49.709263][  T880] usb 3-1: SerialNumber: syz
[   49.711553][ T5236] Bluetooth: hci2: command tx timeout
[   49.849454][   T33] audit: type=1326 audit(1755798434.731:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5953 comm="syz.1.20" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4f438ebe9 code=0x7fc00000
[   49.922460][  T880] hub 3-1:9.229: Invalid hub with more than one config or interface
[   49.925135][  T880] hub 3-1:9.229: probe with driver hub failed with error -22
[   49.935518][  T880] usb 3-1: USB disconnect, device number 2
[   49.952604][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:9.229/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   50.238479][ T5992] loop0: detected capacity change from 0 to 512
[   50.244673][ T5992] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[   50.249884][ T5992] EXT4-fs (loop0): orphan cleanup on readonly fs
[   50.253309][ T5992] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.35: bad orphan inode 15
[   50.258074][ T5992] ext4_test_bit(bit=14, block=18) = 1
[   50.262067][ T5992] is_bad_inode(inode)=0
[   50.263988][ T5992] NEXT_ORPHAN(inode)=1023
[   50.266007][ T5992] max_ino=32
[   50.267478][ T5992] i_nlink=0
[   50.269182][ T5992] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2962: inode #15: comm syz.0.35: corrupted xattr block 19: e_value size too large
[   50.276552][ T5992] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117)
[   50.282288][ T5992] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   50.303144][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.443499][ T6005] netlink: 16 bytes leftover after parsing attributes in process `syz.0.41'.
[   50.447348][ T6005] netlink: 16 bytes leftover after parsing attributes in process `syz.0.41'.
[   50.451317][ T6005] netlink: 5 bytes leftover after parsing attributes in process `syz.0.41'.
[   50.480208][ T6007] netlink: 104 bytes leftover after parsing attributes in process `syz.2.42'.
[   50.507562][ T6011] loop2: detected capacity change from 0 to 1024
[   50.524891][ T6011] EXT4-fs: Ignoring removed nomblk_io_submit option
[   50.563146][ T6011] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   50.599065][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.850834][ T6030] tmpfs: Bad value for 'nr_inodes'
[   50.877163][ T6026] loop2: detected capacity change from 0 to 32768
[   50.883844][ T6026] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.50 (6026)
[   50.904123][ T6026] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   50.923498][ T6026] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[   50.926840][ T6026] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   50.932610][ T6037] netlink: 5 bytes leftover after parsing attributes in process `syz.1.54'.
[   50.936610][ T6037] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   50.989664][ T6026] BTRFS info (device loop2): rebuilding free space tree
[   51.000298][ T6026] BTRFS info (device loop2): disabling free space tree
[   51.002747][ T6026] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   51.006819][ T6026] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   51.032457][ T6026] BTRFS info (device loop2): setting nodatasum
[   51.036716][ T6026] BTRFS info (device loop2): setting nodatacow
[   51.046400][ T6026] BTRFS info (device loop2): enabling ssd optimizations
[   51.062574][ T6026] BTRFS info (device loop2): turning off barriers
[   51.065271][ T6026] BTRFS info (device loop2): enabling disk space caching
[   51.068213][ T6026] BTRFS info (device loop2): force clearing of disk cache
[   51.075584][ T6026] BTRFS info (device loop2): max_inline set to 4096
[   51.080295][ T5236] Bluetooth: hci0: command tx timeout
[   51.114046][ T5847] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   51.202253][ T6066] loop2: detected capacity change from 0 to 512
[   51.205253][ T6066] =======================================================
[   51.205253][ T6066] WARNING: The mand mount option has been deprecated and
[   51.205253][ T6066]          and is ignored by this kernel. Remove the mand
[   51.205253][ T6066]          option from the mount to silence this warning.
[   51.205253][ T6066] =======================================================
[   51.219961][ T5979] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   51.220710][ T6066] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   51.228438][ T6066] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   51.235229][ T6066] EXT4-fs (loop2): 1 truncate cleaned up
[   51.237586][ T6066] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.295677][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.309567][   T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   51.371506][ T5979] usb 1-1: Using ep0 maxpacket: 16
[   51.375812][ T5979] usb 1-1: config 0 has an invalid interface number: 131 but max is 0
[   51.379762][ T5979] usb 1-1: config 0 has no interface number 0
[   51.382420][ T5979] usb 1-1: config 0 interface 131 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[   51.387396][ T5979] usb 1-1: New USB device found, idVendor=0856, idProduct=ac29, bcdDevice=b6.9e
[   51.399069][ T5979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   51.417390][ T5979] usb 1-1: config 0 descriptor??
[   51.470993][   T10] usb 2-1: Using ep0 maxpacket: 16
[   51.475044][   T10] usb 2-1: config 0 has an invalid interface number: 251 but max is 0
[   51.478485][   T10] usb 2-1: config 0 has no interface number 0
[   51.482843][   T10] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[   51.487009][   T10] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[   51.495268][   T10] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[   51.499211][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   51.506612][   T10] usb 2-1: Product: syz
[   51.508441][   T10] usb 2-1: Manufacturer: syz
[   51.515709][ T6075] loop2: detected capacity change from 0 to 512
[   51.519147][   T10] usb 2-1: SerialNumber: syz
[   51.521819][ T6075] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   51.527856][   T10] usb 2-1: config 0 descriptor??
[   51.532390][ T6075] EXT4-fs (loop2): 1 truncate cleaned up
[   51.532533][ T6062] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   51.534668][ T6075] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.537425][ T6062] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   51.553452][ T6075] EXT4-fs warning (device loop2): ext4_group_add:1736: No reserved GDT blocks, can't resize
[   51.578169][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.630996][ T5979] mos7840 1-1:0.131: missing endpoints
[   51.639521][ T5979] usb 1-1: USB disconnect, device number 2
[   51.709442][ T5236] Bluetooth: hci1: command tx timeout
[   51.723311][ T6078] loop2: detected capacity change from 0 to 40427
[   51.728605][ T6078] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[   51.733457][ T6078] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   51.737569][ T6078] F2FS-fs (loop2): invalid crc value
[   51.751337][ T6062] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   51.754119][ T6062] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   51.759523][ T6078] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   51.763110][ T6078] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   51.765969][ T6078] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   51.789241][ T5847] syz-executor: attempt to access beyond end of device
[   51.789241][ T5847] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   51.789573][ T5236] Bluetooth: hci2: command tx timeout
[   51.794887][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   51.794903][ T5847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   51.794910][ T5847] Call Trace:
[   51.794913][ T5847]  <TASK>
[   51.794916][ T5847]  dump_stack_lvl+0x189/0x250
[   51.794976][ T5847]  ? __pfx_dump_stack_lvl+0x10/0x10
[   51.794988][ T5847]  ? __pfx_queue_work_on+0x10/0x10
[   51.794999][ T5847]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   51.795013][ T5847]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   51.795030][ T5847]  f2fs_handle_critical_error+0x37c/0x540
[   51.795048][ T5847]  f2fs_write_end_io+0x886/0xb60
[   51.795064][ T5847]  __submit_merged_bio+0x27a/0x6a0
[   51.795076][ T5847]  __submit_merged_write_cond+0x255/0x530
[   51.795091][ T5847]  f2fs_write_data_pages+0x261d/0x3000
[   51.795106][ T5847]  ? arch_stack_walk+0xfc/0x150
[   51.795128][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   51.795143][ T5847]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   51.795157][ T5847]  ? rcu_is_watching+0x15/0xb0
[   51.795175][ T5847]  ? folios_put_refs+0x559/0x640
[   51.795190][ T5847]  ? __pfx_folios_put_refs+0x10/0x10
[   51.795201][ T5847]  ? rcu_is_watching+0x15/0xb0
[   51.795211][ T5847]  ? lru_add+0xa2f/0xd80
[   51.795221][ T5847]  ? lru_add+0x198/0xd80
[   51.795232][ T5847]  ? folio_batch_move_lru+0x319/0x3a0
[   51.795244][ T5847]  ? filemap_get_folios_tag+0xed/0x630
[   51.795255][ T5847]  ? rcu_is_watching+0x15/0xb0
[   51.795266][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   51.795278][ T5847]  do_writepages+0x32e/0x550
[   51.795291][ T5847]  ? rcu_is_watching+0x15/0xb0
[   51.795302][ T5847]  ? do_raw_spin_unlock+0x4d/0x240
[   51.795316][ T5847]  filemap_fdatawrite+0x199/0x240
[   51.795331][ T5847]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   51.795356][ T5847]  ? rcu_is_watching+0x15/0xb0
[   51.795368][ T5847]  ? do_raw_spin_unlock+0x4d/0x240
[   51.795381][ T5847]  f2fs_sync_dirty_inodes+0x31f/0x830
[   51.795391][ T5847]  f2fs_write_checkpoint+0x95a/0x1df0
[   51.795408][ T5847]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   51.795432][ T5847]  ? kill_f2fs_super+0x298/0x6c0
[   51.795444][ T5847]  kill_f2fs_super+0x2c3/0x6c0
[   51.795456][ T5847]  ? __pfx_kill_f2fs_super+0x10/0x10
[   51.795465][ T5847]  ? radix_tree_delete_item+0x2b6/0x400
[   51.795478][ T5847]  ? shrinker_free+0x2ce/0x3e0
[   51.795494][ T5847]  deactivate_locked_super+0xbc/0x130
[   51.795507][ T5847]  cleanup_mnt+0x425/0x4c0
[   51.795521][ T5847]  task_work_run+0x1d4/0x260
[   51.795536][ T5847]  ? __pfx_task_work_run+0x10/0x10
[   51.795549][ T5847]  ? __x64_sys_umount+0x122/0x160
[   51.795562][ T5847]  ? __pfx___x64_sys_umount+0x10/0x10
[   51.795571][ T5847]  ? rcu_is_watching+0x15/0xb0
[   51.795582][ T5847]  exit_to_user_mode_loop+0xec/0x110
[   51.795597][ T5847]  do_syscall_64+0x2bd/0x3b0
[   51.795612][ T5847]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.795623][ T5847]  ? exc_page_fault+0x9f/0xf0
[   51.795637][ T5847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.795647][ T5847] RIP: 0033:0x7fe20238ff17
[   51.795657][ T5847] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   51.795666][ T5847] RSP: 002b:00007ffd193af278 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   51.795675][ T5847] RAX: 0000000000000000 RBX: 00007fe202411c05 RCX: 00007fe20238ff17
[   51.795682][ T5847] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd193af330
[   51.795689][ T5847] RBP: 00007ffd193af330 R08: 0000000000000000 R09: 0000000000000000
[   51.795696][ T5847] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd193b03c0
[   51.795703][ T5847] R13: 00007fe202411c05 R14: 000000000000c8f9 R15: 00007ffd193b0400
[   51.795716][ T5847]  </TASK>
[   51.796192][ T5847] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   52.156784][ T6088] openvswitch: netlink: IP tunnel TTL not specified.
[   52.159990][   T10] asix 2-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver
[   52.169436][   T10] asix 2-1:0.251: probe with driver asix failed with error -524
[   52.214832][ T6086] loop2: detected capacity change from 0 to 32768
[   52.234746][ T6086] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.67 (6086)
[   52.241464][ T6086] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   52.244942][ T6086] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   52.252382][ T6095] loop0: detected capacity change from 0 to 1024
[   52.266222][ T6086] BTRFS info (device loop2): enabling ssd optimizations
[   52.268539][ T6086] BTRFS info (device loop2): enabling free space tree
[   52.271840][ T6095] EXT4-fs: Ignoring removed nobh option
[   52.291390][ T6086] BTRFS error: failed to open device for path k8/";W_#GdteRU':ryA*5ڤ)di$6yrfߋHcDH,	J{dDn with flags 0x1: -2
[   52.292989][ T6095] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   52.310045][ T5847] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   52.375978][ T5313] usb 2-1: USB disconnect, device number 3
[   52.381243][ T6115] process 'syz.0.71' launched './file2' with NULL argv: empty string added
[   53.150151][ T5236] Bluetooth: hci0: command tx timeout
[   53.658745][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   53.789480][ T5236] Bluetooth: hci1: command tx timeout
[   53.796402][ T6136] loop0: detected capacity change from 0 to 4096
[   53.821682][ T6136] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[   53.827609][ T6136] ntfs3(loop0): Failed to load $Extend (-22).
[   53.830885][ T6136] ntfs3(loop0): Failed to initialize $Extend.
[   53.869413][ T5236] Bluetooth: hci2: command tx timeout
[   54.127666][   T54] Bluetooth: hci3: unexpected event 0x0f length: 0 < 4
[   54.258374][ T6156] netlink: 60 bytes leftover after parsing attributes in process `syz.2.91'.
[   54.280866][ T6158] loop2: detected capacity change from 0 to 512
[   54.285857][ T6158] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.92: Invalid inode bitmap blk 4 in block_group 0
[   54.293652][ T6158] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   54.304486][   T33] audit: type=1326 audit(1755798439.191:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.2.92" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe20238ebe9 code=0x7ffc0000
[   54.315210][   T33] audit: type=1326 audit(1755798439.191:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.2.92" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe20238ebe9 code=0x7ffc0000
[   54.326355][   T33] audit: type=1326 audit(1755798439.201:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6157 comm="syz.2.92" exe="/syz-executor" sig=0 arch=c000003e syscall=275 compat=0 ip=0x7fe20238ebe9 code=0x7ffc0000
[   55.687724][ T6164] loop1: detected capacity change from 0 to 65536
[   55.696834][ T6164] XFS (loop1): Deprecated V4 format (crc=0) not supported by kernel.
[   56.189378][ T5236] Bluetooth: hci3: Opcode 0x1003 failed: -110
[   56.189554][   T54] Bluetooth: hci3: command 0x1003 tx timeout
[   56.293451][ T6175] loop0: detected capacity change from 0 to 2048
[   56.302817][ T6175] EXT4-fs (loop0): failed to initialize system zone (-117)
[   56.306003][ T6175] EXT4-fs (loop0): mount failed
[   56.838764][ T6197] loop1: detected capacity change from 0 to 64
[   56.876483][ T6199] loop1: detected capacity change from 0 to 256
[   56.969451][  T792] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   57.119843][  T792] usb 1-1: Using ep0 maxpacket: 8
[   57.125571][  T792] usb 1-1: New USB device found, idVendor=2040, idProduct=b910, bcdDevice=18.c2
[   57.129602][  T792] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   57.133000][  T792] usb 1-1: Product: syz
[   57.134802][  T792] usb 1-1: Manufacturer: syz
[   57.136808][  T792] usb 1-1: SerialNumber: syz
[   57.142126][  T792] usb 1-1: config 0 descriptor??
[   57.146140][  T792] smsusb:smsusb_probe: board id=8, interface number 1
[   57.151534][  T792] smsusb:smsusb_probe: board id=8, interface number 0
[   57.288191][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   57.360108][  T792] usb 1-1: USB disconnect, device number 3
[   57.931269][ T6222] capability: warning: `syz.1.118' uses 32-bit capabilities (legacy support in use)
[   58.167920][ T6230] loop0: detected capacity change from 0 to 40427
[   58.172059][ T6230] F2FS-fs (loop0): build fault injection rate: 771
[   58.175776][ T6230] F2FS-fs (loop0): invalid crc value
[   58.235983][ T6230] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   58.241732][ T6230] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   58.406324][ T6239] loop2: detected capacity change from 0 to 32768
[   58.427814][ T6239] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   58.440296][ T6239] XFS (loop2): Ending clean mount
[   58.443928][ T6239] XFS (loop2): Quotacheck needed: Please wait.
[   58.451418][ T6239] XFS (loop2): Quotacheck: Done.
[   58.465849][ T5847] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   58.844347][ T6263] loop0: detected capacity change from 0 to 32768
[   58.847233][ T6263] XFS: ikeep mount option is deprecated.
[   58.852987][ T6263] XFS (loop0): Invalid superblock magic number
[   58.893407][ T6272] loop1: detected capacity change from 0 to 2048
[   58.905642][ T6272] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   58.918668][ T6272] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[   58.934089][ T6272] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   59.038722][ T6276] netlink: 'syz.1.133': attribute type 4 has an invalid length.
[   59.043227][ T6265] loop2: detected capacity change from 0 to 40427
[   59.052521][ T6265] F2FS-fs (loop2): invalid crc value
[   59.055973][ T6276] netlink: 'syz.1.133': attribute type 4 has an invalid length.
[   59.086821][ T6265] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   59.102086][ T6265] F2FS-fs (loop2): Start checkpoint disabled!
[   59.106999][ T6265] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   59.135151][   T27] kworker/u10:0: attempt to access beyond end of device
[   59.135151][   T27] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   59.142271][   T27] CPU: 1 UID: 0 PID: 27 Comm: kworker/u10:0 Not tainted syzkaller #0 PREEMPT(full) 
[   59.142310][   T27] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   59.142318][   T27] Workqueue: writeback wb_workfn (flush-7:2)
[   59.142340][   T27] Call Trace:
[   59.142345][   T27]  <TASK>
[   59.142350][   T27]  dump_stack_lvl+0x189/0x250
[   59.142368][   T27]  ? __pfx_dump_stack_lvl+0x10/0x10
[   59.142381][   T27]  ? __pfx_queue_work_on+0x10/0x10
[   59.142402][   T27]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   59.142417][   T27]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   59.142436][   T27]  f2fs_handle_critical_error+0x37c/0x540
[   59.142454][   T27]  f2fs_write_end_io+0x886/0xb60
[   59.142470][   T27]  __submit_merged_bio+0x27a/0x6a0
[   59.142488][   T27]  __submit_merged_write_cond+0x255/0x530
[   59.142505][   T27]  f2fs_write_data_pages+0x261d/0x3000
[   59.142532][   T27]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   59.142553][   T27]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   59.142576][   T27]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   59.142595][   T27]  ? trace_f2fs_writepages+0x7f/0x200
[   59.142610][   T27]  ? f2fs_write_node_pages+0x478/0x6e0
[   59.142622][   T27]  ? xa_load+0x60/0x210
[   59.142638][   T27]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[   59.142650][   T27]  ? do_raw_spin_lock+0x121/0x290
[   59.142665][   T27]  ? rcu_is_watching+0x15/0xb0
[   59.142675][   T27]  ? set_shrinker_bit+0x7c/0x350
[   59.142688][   T27]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   59.142705][   T27]  do_writepages+0x32e/0x550
[   59.142719][   T27]  ? unwind_next_frame+0xa5/0x2390
[   59.142734][   T27]  __writeback_single_inode+0x145/0xff0
[   59.142750][   T27]  ? do_raw_spin_unlock+0x4d/0x240
[   59.142763][   T27]  writeback_sb_inodes+0x6c7/0x1010
[   59.142783][   T27]  ? fprop_reflect_period_percpu+0x6b/0x330
[   59.142800][   T27]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   59.142822][   T27]  ? rcu_is_watching+0x15/0xb0
[   59.142837][   T27]  wb_writeback+0x43b/0xaf0
[   59.142876][   T27]  ? queue_io+0x3c1/0x590
[   59.142892][   T27]  ? __pfx_wb_writeback+0x10/0x10
[   59.142906][   T27]  ? rcu_is_watching+0x15/0xb0
[   59.142916][   T27]  wb_workfn+0x409/0xef0
[   59.142926][   T27]  ? __pfx_wb_workfn+0x10/0x10
[   59.142932][   T27]  ? rcu_is_watching+0x15/0xb0
[   59.142939][   T27]  ? rcu_is_watching+0x15/0xb0
[   59.142946][   T27]  ? process_scheduled_works+0x9ef/0x17b0
[   59.142953][   T27]  ? rcu_is_watching+0x15/0xb0
[   59.142959][   T27]  ? lock_acquire+0x5f/0x360
[   59.142970][   T27]  ? rcu_is_watching+0x15/0xb0
[   59.142975][   T27]  ? process_scheduled_works+0x9ef/0x17b0
[   59.142981][   T27]  ? process_scheduled_works+0x9ef/0x17b0
[   59.142988][   T27]  process_scheduled_works+0xae1/0x17b0
[   59.142999][   T27]  ? __pfx_process_scheduled_works+0x10/0x10
[   59.143008][   T27]  worker_thread+0x8a0/0xda0
[   59.143020][   T27]  kthread+0x711/0x8a0
[   59.143029][   T27]  ? __pfx_worker_thread+0x10/0x10
[   59.143035][   T27]  ? __pfx_kthread+0x10/0x10
[   59.143043][   T27]  ? _raw_spin_unlock_irq+0x23/0x50
[   59.143051][   T27]  ? lockdep_hardirqs_on+0x9c/0x150
[   59.143060][   T27]  ? __pfx_kthread+0x10/0x10
[   59.143068][   T27]  ret_from_fork+0x3fc/0x770
[   59.143076][   T27]  ? __pfx_ret_from_fork+0x10/0x10
[   59.143084][   T27]  ? __switch_to_asm+0x39/0x70
[   59.143092][   T27]  ? __switch_to_asm+0x33/0x70
[   59.143101][   T27]  ? __pfx_kthread+0x10/0x10
[   59.143108][   T27]  ret_from_fork_asm+0x1a/0x30
[   59.143120][   T27]  </TASK>
[   59.143451][   T27] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   59.420425][ T6288] loop1: detected capacity change from 0 to 32768
[   59.782413][ T6322] loop1: detected capacity change from 0 to 32768
[   59.841351][ T6322] bcachefs (loop1): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=12,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=yes,nojournal_transaction_names
[   59.841370][ T6322]   allowing incompatible features above 0.0: (unknown version)
[   59.841377][ T6322]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   59.861600][ T6322] bcachefs (loop1): Using encoding defined by superblock: utf8-12.1.0
[   59.865013][ T6322] bcachefs (loop1): initializing new filesystem
[   59.873078][ T6322] bcachefs (loop1): going read-write
[   59.877018][ T6322] bcachefs (loop1): marking superblocks
[   59.884057][ T6322] bcachefs (loop1): initializing freespace
[   59.887068][ T6328] loop0: detected capacity change from 0 to 40427
[   59.888626][ T6322] bcachefs (loop1): done initializing freespace
[   59.891182][ T6328] F2FS-fs (loop0): invalid crc value
[   59.900727][ T6322] bcachefs (loop1): reading snapshots table
[   59.903326][ T6322] bcachefs (loop1): reading snapshots done
[   59.914237][ T6322] bcachefs (loop1): done starting filesystem
[   59.914619][ T6328] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   59.921731][ T6328] F2FS-fs (loop0): Start checkpoint disabled!
[   59.929761][ T6328] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[   59.947293][ T6322] syz.1.153 (6322) used greatest stack depth: 15568 bytes left
[   59.950942][   T33] audit: type=1800 audit(1755798444.831:7): pid=6328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.156" name="file1" dev="loop0" ino=10 res=0 errno=0
[   59.951055][ T6328] syz.0.156: attempt to access beyond end of device
[   59.951055][ T6328] loop0: rw=2049, sector=77824, nr_sectors = 800 limit=40427
[   59.965561][ T5850] bcachefs (loop1): shutting down
[   59.967733][ T5850] bcachefs (loop1): going read-only
[   59.972642][ T5850] bcachefs (loop1): finished waiting for writes to stop
[   59.976924][ T5850] bcachefs (loop1): flushing journal and stopping allocators, journal seq 2
[   59.995537][   T33] audit: type=1800 audit(1755798444.881:8): pid=6328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.156" name="file1" dev="loop0" ino=10 res=0 errno=0
[   59.996596][ T5850] bcachefs (loop1): flushing journal and stopping allocators complete, journal seq 3
[   60.010582][ T6328] syz.0.156: attempt to access beyond end of device
[   60.010582][ T6328] loop0: rw=2049, sector=78624, nr_sectors = 800 limit=40427
[   60.012784][ T5850] bcachefs (loop1): clean shutdown complete, journal seq 4
[   60.018518][ T5850] bcachefs (loop1): marking filesystem clean
[   60.030133][ T5850] bcachefs (loop1): shutdown complete
[   60.038381][ T1091] kworker/u9:3: attempt to access beyond end of device
[   60.038381][ T1091] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   60.045926][ T1091] CPU: 0 UID: 0 PID: 1091 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(full) 
[   60.045943][ T1091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   60.045951][ T1091] Workqueue: writeback wb_workfn (flush-7:0)
[   60.045972][ T1091] Call Trace:
[   60.045977][ T1091]  <TASK>
[   60.045982][ T1091]  dump_stack_lvl+0x189/0x250
[   60.046000][ T1091]  ? __pfx_dump_stack_lvl+0x10/0x10
[   60.046012][ T1091]  ? __pfx_queue_work_on+0x10/0x10
[   60.046024][ T1091]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   60.046039][ T1091]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   60.046057][ T1091]  f2fs_handle_critical_error+0x37c/0x540
[   60.046077][ T1091]  f2fs_write_end_io+0x886/0xb60
[   60.046095][ T1091]  __submit_merged_bio+0x27a/0x6a0
[   60.046112][ T1091]  __submit_merged_write_cond+0x255/0x530
[   60.046137][ T1091]  f2fs_write_data_pages+0x261d/0x3000
[   60.046165][ T1091]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   60.046187][ T1091]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   60.046210][ T1091]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   60.046230][ T1091]  ? trace_f2fs_writepages+0x7f/0x200
[   60.046246][ T1091]  ? f2fs_write_node_pages+0x478/0x6e0
[   60.046263][ T1091]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[   60.046279][ T1091]  ? f2fs_update_inode+0x13d9/0x2620
[   60.046295][ T1091]  ? f2fs_write_inode+0x3fb/0x5f0
[   60.046310][ T1091]  ? __pfx_f2fs_balance_fs+0x10/0x10
[   60.046325][ T1091]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   60.046342][ T1091]  do_writepages+0x32e/0x550
[   60.046358][ T1091]  ? unwind_next_frame+0xa5/0x2390
[   60.046376][ T1091]  __writeback_single_inode+0x145/0xff0
[   60.046411][ T1091]  ? do_raw_spin_unlock+0x4d/0x240
[   60.046432][ T1091]  writeback_sb_inodes+0x6c7/0x1010
[   60.046453][ T1091]  ? fprop_reflect_period_percpu+0x6b/0x330
[   60.046471][ T1091]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   60.046499][ T1091]  ? rcu_is_watching+0x15/0xb0
[   60.046514][ T1091]  wb_writeback+0x43b/0xaf0
[   60.046530][ T1091]  ? queue_io+0x3c1/0x590
[   60.046545][ T1091]  ? __pfx_wb_writeback+0x10/0x10
[   60.046561][ T1091]  ? rcu_is_watching+0x15/0xb0
[   60.046574][ T1091]  wb_workfn+0x409/0xef0
[   60.046591][ T1091]  ? __pfx_wb_workfn+0x10/0x10
[   60.046602][ T1091]  ? rcu_is_watching+0x15/0xb0
[   60.046614][ T1091]  ? rcu_is_watching+0x15/0xb0
[   60.046627][ T1091]  ? process_scheduled_works+0x9ef/0x17b0
[   60.046637][ T1091]  ? rcu_is_watching+0x15/0xb0
[   60.046648][ T1091]  ? lock_acquire+0x5f/0x360
[   60.046666][ T1091]  ? rcu_is_watching+0x15/0xb0
[   60.046676][ T1091]  ? process_scheduled_works+0x9ef/0x17b0
[   60.046686][ T1091]  ? process_scheduled_works+0x9ef/0x17b0
[   60.046698][ T1091]  process_scheduled_works+0xae1/0x17b0
[   60.046719][ T1091]  ? __pfx_process_scheduled_works+0x10/0x10
[   60.046736][ T1091]  worker_thread+0x8a0/0xda0
[   60.046756][ T1091]  kthread+0x711/0x8a0
[   60.046771][ T1091]  ? __pfx_worker_thread+0x10/0x10
[   60.046782][ T1091]  ? __pfx_kthread+0x10/0x10
[   60.046797][ T1091]  ? rcu_is_watching+0x15/0xb0
[   60.046807][ T1091]  ? __pfx_kthread+0x10/0x10
[   60.046821][ T1091]  ret_from_fork+0x3fc/0x770
[   60.046834][ T1091]  ? __pfx_ret_from_fork+0x10/0x10
[   60.046875][ T1091]  ? __switch_to_asm+0x39/0x70
[   60.046889][ T1091]  ? __switch_to_asm+0x33/0x70
[   60.046902][ T1091]  ? __pfx_kthread+0x10/0x10
[   60.046916][ T1091]  ret_from_fork_asm+0x1a/0x30
[   60.046936][ T1091]  </TASK>
[   60.047539][ T1091] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   60.333231][ T6347] loop0: detected capacity change from 0 to 512
[   60.354093][ T6347] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.159: bad orphan inode 11862016
[   60.359099][ T6347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[   60.365448][ T6347] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   60.397670][ T5843] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[   60.939688][ T5313] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   61.089483][ T5313] usb 3-1: Using ep0 maxpacket: 32
[   61.093361][ T5313] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[   61.097123][ T5313] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   61.102114][ T5313] usb 3-1: config 0 descriptor??
[   61.109466][ T5313] gspca_main: sunplus-2.14.0 probing 041e:400b
[   61.522089][ T6380] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   61.563302][ T6382] Zero length message leads to an empty skb
[   61.652032][ T6388] loop0: detected capacity change from 0 to 1024
[   61.749457][ T5990] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   61.929534][ T5990] usb 2-1: Using ep0 maxpacket: 32
[   61.941181][ T5990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   61.945547][ T5990] usb 2-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00
[   61.949761][ T5990] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   61.964518][ T5990] usb 2-1: config 0 descriptor??
[   62.392050][ T5990] belkin 0003:1020:0006.0001: hidraw0: USB HID v0.00 Device [HID 1020:0006] on usb-dummy_hcd.1-1/input0
[   62.524208][ T5313] gspca_sunplus: reg_w_riv err -71
[   62.526623][ T5313] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[   62.533194][ T5313] usb 3-1: USB disconnect, device number 3
[   62.581167][  T880] usb 2-1: USB disconnect, device number 4
[   63.502002][ T5990] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   63.722841][ T5990] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[   63.731278][ T5990] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   63.773138][ T6429] loop1: detected capacity change from 0 to 32768
[   63.776375][ T6429] XFS (loop1): stripe width (9) must be a multiple of the stripe unit (38034)
[   63.830976][ T5990] usb 3-1: config 0 descriptor??
[   63.840134][ T5990] gspca_main: spca508-2.14.0 probing 8086:0110
[   64.071163][ T5990] gspca_spca508: reg_read err -32
[   64.285750][ T5990] gspca_spca508: reg_read err -71
[   64.296919][ T5990] gspca_spca508: reg_read err -71
[   64.303869][ T5990] gspca_spca508: reg_read err -71
[   64.306872][ T5990] gspca_spca508: reg write: error -71
[   64.309148][ T5990] spca508 3-1:0.0: probe with driver spca508 failed with error -71
[   64.325856][ T5990] usb 3-1: USB disconnect, device number 4
[   64.516377][ T6451] loop1: detected capacity change from 0 to 32768
[   64.520182][ T6451] XFS: ikeep mount option is deprecated.
[   64.556714][ T6451] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   64.593101][ T6451] XFS (loop1): Ending clean mount
[   64.596303][ T6451] XFS (loop1): Quotacheck needed: Please wait.
[   64.603010][ T6451] XFS (loop1): Quotacheck: Done.
[   64.933532][ T6463] loop2: detected capacity change from 0 to 32768
[   64.946608][ T6463] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.204 (6463)
[   65.227906][ T6463] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   65.236694][ T5850] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   65.240381][ T6463] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   65.298443][ T6463] BTRFS info (device loop2): enabling ssd optimizations
[   65.305542][ T6463] BTRFS info (device loop2): enabling free space tree
[   65.370452][ T5847] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   65.444770][ T6496] netlink: 392 bytes leftover after parsing attributes in process `syz.1.212'.
[   65.904656][ T6509] netlink: 96 bytes leftover after parsing attributes in process `syz.1.218'.
[   66.262541][ T6497] loop2: detected capacity change from 0 to 32768
[   66.273159][ T6497] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[   66.369511][ T6497] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   66.509197][ T6517] netlink: 4 bytes leftover after parsing attributes in process `syz.2.210'.
[   67.462969][ T5847] ocfs2: Unmounting device (7,2) on (node local)
[   67.567622][ T6529] usb usb1: usbfs: process 6529 (syz.1.226) did not claim interface 0 before use
[   67.623841][ T6534] loop1: detected capacity change from 0 to 512
[   67.653274][ T6534] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.228: casefold flag without casefold feature
[   67.669747][ T6534] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.228: couldn't read orphan inode 15 (err -117)
[   67.674616][ T6534] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   67.688521][ T6534] evm: overlay not supported
[   67.723287][ T5850] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.922613][ T6542] loop1: detected capacity change from 0 to 40427
[   67.929964][ T6542] F2FS-fs (loop1): invalid crc value
[   67.959148][ T6542] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   67.964215][ T6542] F2FS-fs (loop1): Start checkpoint disabled!
[   67.967959][ T6542] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[   68.049673][ T6542] loop1: detected capacity change from 40427 to 0
[   68.049814][    C0] I/O error, dev loop1, sector 28736 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2
[   68.056916][ T6551] syz.1.231: attempt to access beyond end of device
[   68.056916][ T6551] loop1: rw=12288, sector=28736, nr_sectors = 8 limit=0
[   68.063354][ T6551] syz.1.231: attempt to access beyond end of device
[   68.063354][ T6551] loop1: rw=12288, sector=28736, nr_sectors = 8 limit=0
[   68.068605][ T6551] syz.1.231: attempt to access beyond end of device
[   68.068605][ T6551] loop1: rw=12288, sector=28736, nr_sectors = 8 limit=0
[   68.074461][ T6551] syz.1.231: attempt to access beyond end of device
[   68.074461][ T6551] loop1: rw=12288, sector=28736, nr_sectors = 8 limit=0
[   68.079970][ T6551] syz.1.231: attempt to access beyond end of device
[   68.079970][ T6551] loop1: rw=12288, sector=28736, nr_sectors = 8 limit=0
[   68.084937][ T6551] syz.1.231: attempt to access beyond end of device
[   68.084937][ T6551] loop1: rw=12288, sector=28736, nr_sectors = 8 limit=0
[   68.090130][ T6551] syz.1.231: attempt to access beyond end of device
[   68.090130][ T6551] loop1: rw=12288, sector=28736, nr_sectors = 8 limit=0
[   68.096688][ T6551] syz.1.231: attempt to access beyond end of device
[   68.096688][ T6551] loop1: rw=12288, sector=28736, nr_sectors = 8 limit=0
[   68.102542][ T6551] CPU: 0 UID: 0 PID: 6551 Comm: syz.1.231 Not tainted syzkaller #0 PREEMPT(full) 
[   68.102563][ T6551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   68.102572][ T6551] Call Trace:
[   68.102579][ T6551]  <TASK>
[   68.102585][ T6551]  dump_stack_lvl+0x189/0x250
[   68.102608][ T6551]  ? __pfx_dump_stack_lvl+0x10/0x10
[   68.102624][ T6551]  ? __pfx_queue_work_on+0x10/0x10
[   68.102639][ T6551]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   68.102656][ T6551]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   68.102672][ T6551]  ? __pfx_down_write+0x10/0x10
[   68.102685][ T6551]  f2fs_handle_critical_error+0x37c/0x540
[   68.102705][ T6551]  f2fs_get_meta_folio_retry+0x84/0xa0
[   68.102726][ T6551]  do_garbage_collect+0x72e/0x6410
[   68.102747][ T6551]  ? rcu_is_watching+0x15/0xb0
[   68.102790][ T6551]  ? lock_release+0x4b/0x3e0
[   68.102813][ T6551]  ? __mutex_unlock_slowpath+0x1a1/0x740
[   68.102835][ T6551]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[   68.102860][ T6551]  ? __pfx_do_garbage_collect+0x10/0x10
[   68.102874][ T6551]  ? f2fs_get_victim+0x5a9a/0x6260
[   68.102893][ T6551]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[   68.102920][ T6551]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[   68.102937][ T6551]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[   68.102954][ T6551]  ? rcu_is_watching+0x15/0xb0
[   68.102969][ T6551]  ? up_write+0x1c4/0x420
[   68.102982][ T6551]  f2fs_gc+0xc87/0x2590
[   68.102996][ T6551]  ? rcu_is_watching+0x15/0xb0
[   68.103016][ T6551]  ? __pfx_f2fs_gc+0x10/0x10
[   68.103027][ T6551]  ? rcu_is_watching+0x15/0xb0
[   68.103041][ T6551]  ? sb_start_write+0x114/0x1c0
[   68.103054][ T6551]  ? mnt_want_write_file+0x164/0x200
[   68.103066][ T6551]  __f2fs_ioc_gc_range+0x754/0xb10
[   68.103084][ T6551]  ? __pfx___f2fs_ioc_gc_range+0x10/0x10
[   68.103101][ T6551]  ? __might_fault+0xcc/0x130
[   68.103141][ T6551]  __f2fs_ioctl+0x2e00/0xb610
[   68.103162][ T6551]  ? file_ioctl+0x22d/0x780
[   68.103179][ T6551]  ? __pfx_file_ioctl+0x10/0x10
[   68.103198][ T6551]  ? rcu_is_watching+0x15/0xb0
[   68.103219][ T6551]  ? __pfx___f2fs_ioctl+0x10/0x10
[   68.103232][ T6551]  ? lock_release+0x4b/0x3e0
[   68.103248][ T6551]  ? tomoyo_path_number_perm+0x47a/0x5a0
[   68.103265][ T6551]  ? kfree+0x18e/0x440
[   68.103282][ T6551]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[   68.103301][ T6551]  ? do_vfs_ioctl+0xb33/0x1430
[   68.103320][ T6551]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   68.103336][ T6551]  ? __pfx_css_rstat_updated+0x10/0x10
[   68.103352][ T6551]  ? count_memcg_event_mm+0x21/0x260
[   68.103370][ T6551]  ? has_not_enough_free_secs+0xf8b/0x18c0
[   68.103391][ T6551]  ? f2fs_ioctl+0x184/0x250
[   68.103404][ T6551]  ? __pfx_f2fs_ioctl+0x10/0x10
[   68.103416][ T6551]  __se_sys_ioctl+0xfc/0x170
[   68.103432][ T6551]  do_syscall_64+0xfa/0x3b0
[   68.103452][ T6551]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.103464][ T6551]  ? exc_page_fault+0x9f/0xf0
[   68.103480][ T6551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.103493][ T6551] RIP: 0033:0x7fc4f438ebe9
[   68.103505][ T6551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.103516][ T6551] RSP: 002b:00007fc4f5144038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.103532][ T6551] RAX: ffffffffffffffda RBX: 00007fc4f45b6090 RCX: 00007fc4f438ebe9
[   68.103543][ T6551] RDX: 0000200000000000 RSI: 000000004018f50b RDI: 0000000000000004
[   68.103551][ T6551] RBP: 00007fc4f4411e19 R08: 0000000000000000 R09: 0000000000000000
[   68.103558][ T6551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.103565][ T6551] R13: 00007fc4f45b6128 R14: 00007fc4f45b6090 R15: 00007ffed624c738
[   68.103580][ T6551]  </TASK>
[   68.103747][  T880] kworker/0:2: attempt to access beyond end of device
[   68.103747][  T880] loop1: rw=395265, sector=8, nr_sectors = 8 limit=0
[   68.170062][ T6551] F2FS-fs (loop1): Stopped filesystem due to reason: 2
[   68.171183][  T880] F2FS-fs (loop1): f2fs_commit_super fails to record stop_reason, err:-5
[   68.192213][ T5850] syz-executor: attempt to access beyond end of device
[   68.192213][ T5850] loop1: rw=524288, sector=45064, nr_sectors = 8 limit=0
[   68.517126][   T13] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.560612][   T13] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.614230][   T13] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.701703][ T6559] netlink: 44 bytes leftover after parsing attributes in process `syz.0.239'.
[   68.705666][ T6559] netlink: 'syz.0.239': attribute type 6 has an invalid length.
[   68.708981][ T6559] netlink: 'syz.0.239': attribute type 5 has an invalid length.
[   68.713860][ T6559] netlink: 'syz.0.239': attribute type 4 has an invalid length.
[   68.721380][   T13] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   68.827743][   T13] bridge_slave_1: left allmulticast mode
[   68.835965][   T13] bridge_slave_1: left promiscuous mode
[   68.838424][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[   68.847061][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   68.851588][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   68.851883][   T13] bridge_slave_0: left allmulticast mode
[   68.854498][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   68.856821][   T13] bridge_slave_0: left promiscuous mode
[   68.856972][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[   68.862419][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   68.868549][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   69.087094][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   69.095706][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   69.102287][   T13] bond0 (unregistering): Released all slaves
[   69.248776][ T6577] chnl_net:caif_netlink_parms(): no params data found
[   69.252632][ T6601] loop2: detected capacity change from 0 to 32768
[   69.256154][ T6601] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.248 (6601)
[   69.262793][ T6601] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   69.266275][ T6601] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   69.417657][ T6601] BTRFS info (device loop2): enabling ssd optimizations
[   69.421967][ T6601] BTRFS info (device loop2): enabling free space tree
[   69.815534][ T6577] bridge0: port 1(bridge_slave_0) entered blocking state
[   69.818312][ T6577] bridge0: port 1(bridge_slave_0) entered disabled state
[   69.821774][ T6577] bridge_slave_0: entered allmulticast mode
[   69.843643][ T6577] bridge_slave_0: entered promiscuous mode
[   69.849009][ T6577] bridge0: port 2(bridge_slave_1) entered blocking state
[   69.856842][ T6577] bridge0: port 2(bridge_slave_1) entered disabled state
[   69.860391][ T6577] bridge_slave_1: entered allmulticast mode
[   69.863624][ T6577] bridge_slave_1: entered promiscuous mode
[   69.922308][   T13] hsr_slave_0: left promiscuous mode
[   69.926984][   T13] hsr_slave_1: left promiscuous mode
[   69.929586][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   69.932809][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[   69.936073][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   69.938838][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[   69.945991][   T13] veth1_macvtap: left promiscuous mode
[   69.947999][   T13] veth0_macvtap: left promiscuous mode
[   69.951063][   T13] veth1_vlan: left promiscuous mode
[   69.953300][   T13] veth0_vlan: left promiscuous mode
[   70.019130][   T13] team0 (unregistering): Port device team_slave_1 removed
[   70.024245][   T13] team0 (unregistering): Port device team_slave_0 removed
[   70.056315][ T5847] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   70.104968][ T6577] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   70.122770][ T6577] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   70.162830][ T6577] team0: Port device team_slave_0 added
[   70.171661][ T6577] team0: Port device team_slave_1 added
[   70.271382][ T6577] batman_adv: batadv0: Adding interface: batadv_slave_0
[   70.274427][ T6577] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.298917][ T6577] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   70.313353][ T6663] netlink: 'syz.0.257': attribute type 13 has an invalid length.
[   70.328530][ T6577] batman_adv: batadv0: Adding interface: batadv_slave_1
[   70.334520][ T6577] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   70.365838][ T6577] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   70.493100][ T6577] hsr_slave_0: entered promiscuous mode
[   70.495389][ T6577] hsr_slave_1: entered promiscuous mode
[   70.498504][ T6577] debugfs: 'hsr0' already exists in 'hsr'
[   70.506639][ T6577] Cannot create hsr debugfs directory
[   70.712177][ T6666] loop2: detected capacity change from 0 to 40427
[   70.714864][ T6666] F2FS-fs: heap/no_heap options were deprecated
[   70.718568][ T6666] F2FS-fs (loop2): build fault injection rate: 19
[   70.738604][ T6666] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[   70.754249][ T6666] F2FS-fs (loop2): invalid crc value
[   70.760293][   T33] audit: type=1326 audit(1755798455.641:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6667 comm="syz.0.259" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x0
[   70.761510][ T6666] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[   70.777607][ T6577] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   70.782843][ T6577] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   70.787156][ T6577] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   70.790988][ T6666] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[   70.791831][ T6577] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   70.797615][ T6666] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   70.802526][ T6666] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   70.831499][ T6666] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_new_node_folio+0x131/0xa40
[   70.835678][ T6577] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.845456][ T6577] 8021q: adding VLAN 0 to HW filter on device team0
[   70.852786][   T27] bridge0: port 1(bridge_slave_0) entered blocking state
[   70.855769][   T27] bridge0: port 1(bridge_slave_0) entered forwarding state
[   70.856803][    C1] F2FS-fs (loop2): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[   70.862289][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[   70.862307][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   70.862314][    C1] Call Trace:
[   70.862318][    C1]  <TASK>
[   70.862323][    C1]  dump_stack_lvl+0x189/0x250
[   70.862341][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[   70.862353][    C1]  ? __pfx_queue_work_on+0x10/0x10
[   70.862366][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   70.862380][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   70.862392][    C1]  ? f2fs_hw_is_readonly+0x39b/0x470
[   70.862406][    C1]  f2fs_handle_critical_error+0x37c/0x540
[   70.862420][    C1]  f2fs_write_end_io+0x886/0xb60
[   70.862431][    C1]  blk_update_request+0x57e/0xe60
[   70.862446][    C1]  blk_mq_end_request+0x3e/0x70
[   70.862457][    C1]  blk_flush_complete_seq+0x678/0xcc0
[   70.862471][    C1]  flush_end_io+0xbaf/0xe60
[   70.862484][    C1]  __blk_mq_end_request+0x426/0x600
[   70.862496][    C1]  blk_done_softirq+0x10a/0x160
[   70.862507][    C1]  handle_softirqs+0x286/0x870
[   70.862517][    C1]  ? run_ksoftirqd+0x9b/0x100
[   70.862528][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[   70.862537][    C1]  ? schedule+0x91/0x360
[   70.862547][    C1]  ? rcu_is_watching+0x15/0xb0
[   70.862559][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[   70.862568][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[   70.862577][    C1]  run_ksoftirqd+0x9b/0x100
[   70.862587][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[   70.862597][    C1]  smpboot_thread_fn+0x542/0xa60
[   70.862606][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[   70.862616][    C1]  kthread+0x711/0x8a0
[   70.862628][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[   70.862637][    C1]  ? __pfx_kthread+0x10/0x10
[   70.862648][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[   70.862659][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[   70.862673][    C1]  ? __pfx_kthread+0x10/0x10
[   70.862686][    C1]  ret_from_fork+0x3fc/0x770
[   70.862699][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[   70.862711][    C1]  ? __switch_to_asm+0x39/0x70
[   70.862723][    C1]  ? __switch_to_asm+0x33/0x70
[   70.862761][    C1]  ? __pfx_kthread+0x10/0x10
[   70.862774][    C1]  ret_from_fork_asm+0x1a/0x30
[   70.862791][    C1]  </TASK>
[   70.862796][    C1] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   70.910341][   T54] Bluetooth: hci2: command tx timeout
[   70.913907][ T5847] F2FS-fs (loop2): do_checkpoint failed err:-5, stop checkpoint
[   70.965525][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[   70.968156][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[   71.060649][ T6577] 8021q: adding VLAN 0 to HW filter on device batadv0
[   71.100215][ T6577] veth0_vlan: entered promiscuous mode
[   71.114143][ T6577] veth1_vlan: entered promiscuous mode
[   71.164565][ T6577] veth0_macvtap: entered promiscuous mode
[   71.173348][ T6577] veth1_macvtap: entered promiscuous mode
[   71.194630][ T6577] batman_adv: batadv0: Interface activated: batadv_slave_0
[   71.239701][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.242479][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.283777][ T6577] batman_adv: batadv0: Interface activated: batadv_slave_1
[   71.305118][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   71.309073][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   71.316890][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   71.321752][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   71.335505][ T6702] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   71.416997][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   71.431847][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   71.468645][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   71.477010][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   71.842867][ T6716] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[   72.495903][ T6730] overlayfs: failed to clone upperpath
[   72.650568][ T6735] cgroup: Invalid name
[   73.001888][   T54] Bluetooth: hci2: command tx timeout
[   73.083113][ T6755] sock: sock_timestamping_bind_phc: sock not bind to device
[   73.131959][ T6757] netlink: 8 bytes leftover after parsing attributes in process `syz.2.284'.
[   73.210940][ T6762] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   73.254541][ T6767] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   73.282422][ T6767] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[   73.499438][  T792] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   73.706794][ T5313] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[   73.791479][  T792] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   73.795204][  T792] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   73.801867][  T792] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[   73.805374][  T792] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.808120][  T792] usb 4-1: Product: syz
[   73.810213][  T792] usb 4-1: Manufacturer: syz
[   73.811843][  T792] usb 4-1: SerialNumber: syz
[   73.814162][  T792] usb 4-1: config 0 descriptor??
[   73.859491][ T5313] usb 3-1: Using ep0 maxpacket: 16
[   73.864427][ T5313] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   73.867580][ T5313] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.871624][ T5313] usb 3-1: Product: syz
[   73.873320][ T5313] usb 3-1: Manufacturer: syz
[   73.874979][ T5313] usb 3-1: SerialNumber: syz
[   73.877681][ T5313] usb 3-1: config 0 descriptor??
[   74.021614][ T6769] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   74.027300][ T6769] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   74.084626][ T5313] dvb_usb_dtv5100 3-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -71
[   74.089758][ T5313] usb 3-1: USB disconnect, device number 5
[   74.235156][  T792] usb 4-1: USB disconnect, device number 2
[   74.375770][   T33] audit: type=1326 audit(1755798459.261:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6790 comm="syz.0.300" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fef7698ebe9 code=0x0
[   75.070364][   T54] Bluetooth: hci2: command tx timeout
[   75.884055][ T6839] loop3: detected capacity change from 0 to 32768
[   75.886737][ T6839] XFS: noikeep mount option is deprecated.
[   75.908089][ T6839] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   75.920987][ T6839] XFS (loop3): Ending clean mount
[   75.923890][ T6839] XFS (loop3): Quotacheck needed: Please wait.
[   75.931395][ T6839] XFS (loop3): Quotacheck: Done.
[   75.958522][ T6577] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   76.048014][ T6857] netlink: 'syz.3.322': attribute type 13 has an invalid length.
[   76.240485][ T6869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.329'.
[   76.455861][ T6887] capability: warning: `syz.0.336' uses deprecated v2 capabilities in a way that may be insecure
[   76.605228][ T6891] loop2: detected capacity change from 0 to 512
[   76.607949][ T6891] EXT4-fs: Ignoring removed orlov option
[   76.610845][ T6891] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   76.614615][ T6891] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[   76.618193][ T6891] EXT4-fs error (device loop2): ext4_iget_extra_inode:5104: inode #15: comm syz.2.338: corrupted in-inode xattr: e_value size too large
[   76.625013][ T6891] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.338: couldn't read orphan inode 15 (err -117)
[   76.632468][ T6891] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   76.653331][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   77.019152][ T6912] (unnamed net_device) (uninitialized): option arp_interval: mode dependency failed, not supported in mode balance-tlb(5)
[   77.139445][    T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[   77.149573][   T54] Bluetooth: hci2: command tx timeout
[   77.293066][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   77.297971][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   77.302747][    T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   77.308317][    T9] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   77.314812][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   77.319872][    T9] usb 3-1: config 0 descriptor??
[   77.546736][ T6940] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check.
[   77.734076][    T9] plantronics 0003:047F:FFFF.0002: reserved main item tag 0xd
[   77.744222][    T9] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[   77.771031][ T6953] netlink: 'syz.0.366': attribute type 16 has an invalid length.
[   77.775008][ T6953] netlink: 'syz.0.366': attribute type 17 has an invalid length.
[   77.999568][    T9] usb 3-1: USB disconnect, device number 6
[   78.103987][ T6973] openvswitch: netlink: Unexpected mask (mask=c0, allowed=10048)
[   78.221421][ T6975] loop3: detected capacity change from 0 to 40427
[   78.226388][ T6975] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[   78.228696][ T6975] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   78.249963][ T6975] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   78.253234][ T6975] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   78.255557][ T6975] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   78.262894][   T33] audit: type=1800 audit(1755798463.151:11): pid=6975 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.377" name="file1" dev="loop3" ino=10 res=0 errno=0
[   78.278687][ T6577] bio_check_eod: 1 callbacks suppressed
[   78.278705][ T6577] syz-executor: attempt to access beyond end of device
[   78.278705][ T6577] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   78.289426][ T6577] CPU: 0 UID: 0 PID: 6577 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   78.289446][ T6577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   78.289453][ T6577] Call Trace:
[   78.289459][ T6577]  <TASK>
[   78.289464][ T6577]  dump_stack_lvl+0x189/0x250
[   78.289487][ T6577]  ? __pfx_dump_stack_lvl+0x10/0x10
[   78.289502][ T6577]  ? __pfx_queue_work_on+0x10/0x10
[   78.289515][ T6577]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   78.289532][ T6577]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   78.289549][ T6577]  f2fs_handle_critical_error+0x37c/0x540
[   78.289569][ T6577]  f2fs_write_end_io+0x886/0xb60
[   78.289585][ T6577]  __submit_merged_bio+0x27a/0x6a0
[   78.289602][ T6577]  __submit_merged_write_cond+0x255/0x530
[   78.289619][ T6577]  f2fs_write_data_pages+0x261d/0x3000
[   78.289636][ T6577]  ? arch_stack_walk+0xfc/0x150
[   78.289683][ T6577]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   78.289700][ T6577]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   78.289717][ T6577]  ? rcu_is_watching+0x15/0xb0
[   78.289740][ T6577]  ? folios_put_refs+0x559/0x640
[   78.289757][ T6577]  ? __pfx_folios_put_refs+0x10/0x10
[   78.289768][ T6577]  ? rcu_is_watching+0x15/0xb0
[   78.289780][ T6577]  ? lru_add+0xa2f/0xd80
[   78.289792][ T6577]  ? lru_add+0x198/0xd80
[   78.289802][ T6577]  ? do_raw_spin_lock+0x121/0x290
[   78.289820][ T6577]  ? do_raw_spin_unlock+0x4d/0x240
[   78.289835][ T6577]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   78.289852][ T6577]  do_writepages+0x32e/0x550
[   78.289869][ T6577]  ? rcu_is_watching+0x15/0xb0
[   78.289881][ T6577]  ? do_raw_spin_unlock+0x4d/0x240
[   78.289896][ T6577]  filemap_fdatawrite+0x199/0x240
[   78.289912][ T6577]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   78.289935][ T6577]  ? rcu_is_watching+0x15/0xb0
[   78.289948][ T6577]  ? do_raw_spin_unlock+0x4d/0x240
[   78.289963][ T6577]  f2fs_sync_dirty_inodes+0x31f/0x830
[   78.289979][ T6577]  f2fs_write_checkpoint+0x95a/0x1df0
[   78.289996][ T6577]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   78.290017][ T6577]  ? rcu_is_watching+0x15/0xb0
[   78.290028][ T6577]  ? kill_f2fs_super+0x298/0x6c0
[   78.290041][ T6577]  kill_f2fs_super+0x2c3/0x6c0
[   78.290054][ T6577]  ? __pfx_kill_f2fs_super+0x10/0x10
[   78.290065][ T6577]  ? radix_tree_delete_item+0x2b6/0x400
[   78.290083][ T6577]  ? shrinker_free+0x2ce/0x3e0
[   78.290096][ T6577]  deactivate_locked_super+0xbc/0x130
[   78.290119][ T6577]  cleanup_mnt+0x425/0x4c0
[   78.290134][ T6577]  task_work_run+0x1d4/0x260
[   78.290151][ T6577]  ? __pfx_task_work_run+0x10/0x10
[   78.290164][ T6577]  ? __x64_sys_umount+0x122/0x160
[   78.290180][ T6577]  ? __pfx___x64_sys_umount+0x10/0x10
[   78.290196][ T6577]  ? rcu_is_watching+0x15/0xb0
[   78.290209][ T6577]  exit_to_user_mode_loop+0xec/0x110
[   78.290226][ T6577]  do_syscall_64+0x2bd/0x3b0
[   78.290244][ T6577]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.290256][ T6577]  ? exc_page_fault+0x9f/0xf0
[   78.290271][ T6577]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.290282][ T6577] RIP: 0033:0x7f807a58ff17
[   78.290295][ T6577] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   78.290305][ T6577] RSP: 002b:00007ffedd825ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   78.290321][ T6577] RAX: 0000000000000000 RBX: 00007f807a611c05 RCX: 00007f807a58ff17
[   78.290329][ T6577] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffedd825f90
[   78.290336][ T6577] RBP: 00007ffedd825f90 R08: 0000000000000000 R09: 0000000000000000
[   78.290343][ T6577] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffedd827020
[   78.290350][ T6577] R13: 00007f807a611c05 R14: 0000000000013132 R15: 00007ffedd827060
[   78.290362][ T6577]  </TASK>
[   78.290367][ T6577] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[   78.571608][ T6983] lo: Caught tx_queue_len zero misconfig
[   78.832194][ T6993] loop2: detected capacity change from 0 to 40427
[   78.841625][ T7000] loop3: detected capacity change from 0 to 32768
[   78.846456][ T6993] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[   78.850967][ T6993] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   78.908932][ T6993] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   78.912262][ T7000] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[   78.915792][ T6993] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   78.923864][ T7000]   allowing incompatible features above 0.0: (unknown version)
[   78.925554][ T6993] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   78.928709][ T7000]   features: 
[   78.941771][ T7000] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[   78.947706][ T7000] bcachefs (loop3): initializing new filesystem
[   78.957217][ T7000] bcachefs (loop3): going read-write
[   78.961870][ T7000] bcachefs (loop3): marking superblocks
[   78.969267][ T7000] bcachefs (loop3): initializing freespace
[   78.974834][ T7000] bcachefs (loop3): done initializing freespace
[   78.980270][ T7000] bcachefs (loop3): reading snapshots table
[   78.983003][ T7000] bcachefs (loop3): reading snapshots done
[   78.994457][ T7000] bcachefs (loop3): done starting filesystem
[   79.169978][ T7022] loop2: detected capacity change from 0 to 4096
[   79.182384][ T7023] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   79.196086][ T7022] NILFS error (device loop2): nilfs_bmap_lookup_at_level: broken bmap (inode number=6)
[   79.202052][ T7022] Remounting filesystem read-only
[   79.365783][ T7029] sctp: [Deprecated]: syz.2.395 (pid 7029) Use of struct sctp_assoc_value in delayed_ack socket option.
[   79.365783][ T7029] Use struct sctp_sack_info instead
[   79.560223][ T6577] bcachefs (loop3): shutting down
[   79.562106][ T6577] bcachefs (loop3): going read-only
[   79.563861][ T6577] bcachefs (loop3): finished waiting for writes to stop
[   79.568119][ T6577] bcachefs (loop3): flushing journal and stopping allocators, journal seq 7
[   79.588716][ T6577] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 7
[   79.594821][ T6577] bcachefs (loop3): clean shutdown complete, journal seq 8
[   79.598321][ T6577] bcachefs (loop3): marking filesystem clean
[   79.612434][ T6577] bcachefs (loop3): shutdown complete
[   80.452412][ T7077] team0: entered promiscuous mode
[   80.454262][ T7077] team_slave_0: entered promiscuous mode
[   80.456470][ T7077] team_slave_1: entered promiscuous mode
[   80.458717][ T7077] 8021q: adding VLAN 0 to HW filter on device macvlan2
[   80.462815][ T7077] bond0: (slave macvlan2): Enslaving as an active interface with an up link
[   80.481881][ T7079] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   80.485089][ T7079] overlayfs: failed to set xattr on upper
[   80.487287][ T7079] overlayfs: ...falling back to redirect_dir=nofollow.
[   80.506051][ T7079] overlayfs: ...falling back to uuid=null.
[   80.755180][ T7099] loop2: detected capacity change from 0 to 256
[   80.782345][ T7099] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   80.804546][ T7099] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[   80.860998][ T7099] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   81.009973][ T7106] netlink: 8 bytes leftover after parsing attributes in process `syz.0.422'.
[   81.013553][ T7106] netlink: 8 bytes leftover after parsing attributes in process `syz.0.422'.
[   81.033386][ T7104] loop2: detected capacity change from 0 to 40427
[   81.043370][ T7104] F2FS-fs (loop2): Wrong SSA boundary, start(3584) end(4096) blocks(0)
[   81.046396][ T7104] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[   81.049886][ T7104] F2FS-fs (loop2): build fault injection type: 0x6
[   81.053440][ T7104] F2FS-fs (loop2): invalid crc value
[   81.071573][ T7104] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[   81.074775][ T7104] F2FS-fs (loop2): Start checkpoint disabled!
[   81.078347][ T7104] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[   81.081764][ T7104] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[   81.088364][ T7104] syz.2.423: attempt to access beyond end of device
[   81.088364][ T7104] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   81.102936][ T3651] kworker/u10:6: attempt to access beyond end of device
[   81.102936][ T3651] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[   81.108946][ T3651] CPU: 1 UID: 0 PID: 3651 Comm: kworker/u10:6 Not tainted syzkaller #0 PREEMPT(full) 
[   81.108964][ T3651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   81.108972][ T3651] Workqueue: writeback wb_workfn (flush-7:2)
[   81.108992][ T3651] Call Trace:
[   81.108997][ T3651]  <TASK>
[   81.109003][ T3651]  dump_stack_lvl+0x189/0x250
[   81.109021][ T3651]  ? __pfx_dump_stack_lvl+0x10/0x10
[   81.109035][ T3651]  ? __pfx_queue_work_on+0x10/0x10
[   81.109047][ T3651]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   81.109063][ T3651]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   81.109081][ T3651]  f2fs_handle_critical_error+0x37c/0x540
[   81.109100][ T3651]  f2fs_write_end_io+0x886/0xb60
[   81.109118][ T3651]  __submit_merged_bio+0x27a/0x6a0
[   81.109135][ T3651]  __submit_merged_write_cond+0x255/0x530
[   81.109152][ T3651]  f2fs_write_data_pages+0x261d/0x3000
[   81.109178][ T3651]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   81.109200][ T3651]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[   81.109222][ T3651]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[   81.109242][ T3651]  ? trace_f2fs_writepages+0x7f/0x200
[   81.109257][ T3651]  ? f2fs_write_node_pages+0x478/0x6e0
[   81.109273][ T3651]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[   81.109290][ T3651]  ? f2fs_update_inode+0x13d9/0x2620
[   81.109326][ T3651]  ? rcu_qs+0xc4/0x170
[   81.109338][ T3651]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   81.109355][ T3651]  do_writepages+0x32e/0x550
[   81.109375][ T3651]  __writeback_single_inode+0x145/0xff0
[   81.109390][ T3651]  ? do_raw_spin_unlock+0x4d/0x240
[   81.109406][ T3651]  writeback_sb_inodes+0x6c7/0x1010
[   81.109430][ T3651]  ? __pfx_writeback_sb_inodes+0x10/0x10
[   81.109457][ T3651]  ? rcu_is_watching+0x15/0xb0
[   81.109472][ T3651]  wb_writeback+0x43b/0xaf0
[   81.109489][ T3651]  ? queue_io+0x3c1/0x590
[   81.109503][ T3651]  ? __pfx_wb_writeback+0x10/0x10
[   81.109520][ T3651]  ? rcu_is_watching+0x15/0xb0
[   81.109533][ T3651]  wb_workfn+0x409/0xef0
[   81.109548][ T3651]  ? __pfx_wb_workfn+0x10/0x10
[   81.109560][ T3651]  ? rcu_is_watching+0x15/0xb0
[   81.109571][ T3651]  ? rcu_is_watching+0x15/0xb0
[   81.109584][ T3651]  ? process_scheduled_works+0x9ef/0x17b0
[   81.109594][ T3651]  ? rcu_is_watching+0x15/0xb0
[   81.109605][ T3651]  ? lock_acquire+0x5f/0x360
[   81.109623][ T3651]  ? rcu_is_watching+0x15/0xb0
[   81.109660][ T3651]  ? process_scheduled_works+0x9ef/0x17b0
[   81.109670][ T3651]  ? process_scheduled_works+0x9ef/0x17b0
[   81.109682][ T3651]  process_scheduled_works+0xae1/0x17b0
[   81.109702][ T3651]  ? __pfx_process_scheduled_works+0x10/0x10
[   81.109718][ T3651]  worker_thread+0x8a0/0xda0
[   81.109731][ T3651]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   81.109747][ T3651]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   81.109760][ T3651]  ? __kthread_parkme+0x7b/0x200
[   81.109777][ T3651]  kthread+0x711/0x8a0
[   81.109791][ T3651]  ? __pfx_worker_thread+0x10/0x10
[   81.109802][ T3651]  ? __pfx_kthread+0x10/0x10
[   81.109817][ T3651]  ? rcu_is_watching+0x15/0xb0
[   81.109827][ T3651]  ? __pfx_kthread+0x10/0x10
[   81.109840][ T3651]  ret_from_fork+0x3fc/0x770
[   81.109854][ T3651]  ? __pfx_ret_from_fork+0x10/0x10
[   81.109868][ T3651]  ? __switch_to_asm+0x39/0x70
[   81.109883][ T3651]  ? __switch_to_asm+0x33/0x70
[   81.109897][ T3651]  ? __pfx_kthread+0x10/0x10
[   81.109910][ T3651]  ret_from_fork_asm+0x1a/0x30
[   81.109935][ T3651]  </TASK>
[   81.246061][ T3651] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   81.469705][   T24] cfg80211: failed to load regulatory.db
[   81.611760][ T7116] loop3: detected capacity change from 0 to 32768
[   81.653309][ T7116] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[   81.653328][ T7116]   allowing incompatible features above 0.0: (unknown version)
[   81.653335][ T7116]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   81.653954][ T7122] loop2: detected capacity change from 0 to 32768
[   81.659985][ T7116] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[   81.663477][ T7122] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.428 (7122)
[   81.681056][ T7116] bcachefs (loop3): initializing new filesystem
[   81.687238][ T7116] bcachefs (loop3): going read-write
[   81.692465][ T7122] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   81.696724][ T7122] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[   81.701668][ T7122] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   81.708919][ T7116] bcachefs (loop3): marking superblocks
[   81.716176][ T7116] bcachefs (loop3): initializing freespace
[   81.723315][ T7116] bcachefs (loop3): done initializing freespace
[   81.730409][ T7116] bcachefs (loop3): reading snapshots table
[   81.733492][ T7116] bcachefs (loop3): reading snapshots done
[   81.762591][ T7122] BTRFS info (device loop2): rebuilding free space tree
[   81.765278][ T7116] bcachefs (loop3): done starting filesystem
[   81.789797][ T7122] BTRFS info (device loop2): disabling free space tree
[   81.795009][ T7122] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   81.830344][ T7122] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   81.836897][ T7122] BTRFS info (device loop2): allowing degraded mounts
[   81.839889][ T7122] BTRFS info (device loop2): enabling ssd optimizations
[   81.842843][ T7122] BTRFS info (device loop2): enabling disk space caching
[   81.845840][ T7122] BTRFS info (device loop2): force clearing of disk cache
[   81.848868][ T7122] BTRFS info (device loop2): use zlib compression, level 3
[   81.869111][   T33] audit: type=1800 audit(1755798466.751:12): pid=7116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.426" name="file1" dev="loop3" ino=4098 res=0 errno=0
[   81.922153][ T6577] bcachefs (loop3): shutting down
[   81.924315][ T6577] bcachefs (loop3): going read-only
[   81.926460][ T6577] bcachefs (loop3): finished waiting for writes to stop
[   81.933714][ T6577] bcachefs (loop3): flushing journal and stopping allocators, journal seq 3
[   81.950849][ T7122] BTRFS info (device loop2): balance: start -f -sprofiles=raid0|dup|0x800,usage=47244704239,drange=5..0,vrange=288230376151711744..1,limit=471..128,stripes=0..0
[   81.957312][ T7122] BTRFS info (device loop2): balance: ended with status: 0
[   81.992665][ T6577] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 4
[   81.999006][ T6577] bcachefs (loop3): clean shutdown complete, journal seq 5
[   82.002562][ T6577] bcachefs (loop3): marking filesystem clean
[   82.020441][ T5847] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[   82.032051][ T6577] bcachefs (loop3): shutdown complete
[   82.235430][ T7180] overlayfs: failed to clone upperpath
[   82.277746][   T33] audit: type=1326 audit(1755798467.161:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7183 comm="syz.2.441" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe20238ebe9 code=0x7ffc0000
[   82.285813][   T33] audit: type=1326 audit(1755798467.161:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7183 comm="syz.2.441" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe20238ebe9 code=0x7ffc0000
[   82.294124][   T33] audit: type=1326 audit(1755798467.171:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7183 comm="syz.2.441" exe="/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fe20238ebe9 code=0x7ffc0000
[   82.302503][   T33] audit: type=1326 audit(1755798467.171:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7183 comm="syz.2.441" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe20238ebe9 code=0x7ffc0000
[   82.310042][   T33] audit: type=1326 audit(1755798467.171:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7183 comm="syz.2.441" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe20238ebe9 code=0x7ffc0000
[   82.317697][   T33] audit: type=1326 audit(1755798467.181:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7183 comm="syz.2.441" exe="/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fe20238ebe9 code=0x7ffc0000
[   82.339819][   T33] audit: type=1326 audit(1755798467.181:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7183 comm="syz.2.441" exe="/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fe20238ebe9 code=0x7ffc0000
[   82.478591][ T7190] loop2: detected capacity change from 0 to 32768
[   82.484548][ T7190] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.444 (7190)
[   82.563902][ T7190] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   82.568103][ T7190] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   82.585319][ T7190] BTRFS info (device loop2): rebuilding free space tree
[   82.591612][ T7190] BTRFS info (device loop2): enabling ssd optimizations
[   82.594467][ T7190] BTRFS info (device loop2): turning on async discard
[   82.597117][ T7190] BTRFS info (device loop2): enabling free space tree
[   82.600133][ T7190] BTRFS info (device loop2): force clearing of disk cache
[   82.602981][ T7190] BTRFS info (device loop2): enabling auto defrag
[   82.605603][ T7190] BTRFS info (device loop2): force zlib compression, level 3
[   82.608761][ T7190] BTRFS info (device loop2): max_inline set to 5
[   82.830558][ T5847] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   83.026698][ T7216] loop2: detected capacity change from 0 to 32768
[   83.150683][ T7223] loop2: detected capacity change from 0 to 128
[   83.262215][ T7229] loop3: detected capacity change from 0 to 1024
[   83.278900][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.282783][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.286021][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.289184][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.292739][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.296804][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.303736][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.311124][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.319476][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.323010][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.326084][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.331118][ T7232] loop2: detected capacity change from 0 to 1024
[   83.342262][ T7232] hfsplus: invalid extended attribute record
[   83.345371][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.348461][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.353251][ T7229] hfsplus: request for non-existent node 16777216 in B*Tree
[   83.361205][   T33] audit: type=1800 audit(1755798468.251:20): pid=7229 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.449" name="file1" dev="loop3" ino=20 res=0 errno=0
[   83.370167][ T1017] hfsplus: b-tree write err: -5, ino 8
[   83.472512][ T7248] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[   83.477325][ T7248] bridge0: port 3(macsec1) entered blocking state
[   83.483662][ T7248] bridge0: port 3(macsec1) entered disabled state
[   83.494078][ T7251] loop2: detected capacity change from 0 to 512
[   83.522046][ T7248] macsec1: entered allmulticast mode
[   83.524292][ T7248] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[   83.528507][ T7248] macsec1: entered promiscuous mode
[   83.533560][ T7248] bridge0: port 3(macsec1) entered blocking state
[   83.536162][ T7248] bridge0: port 3(macsec1) entered forwarding state
[   83.573135][ T7253] veth2: entered promiscuous mode
[   83.575393][ T7253] veth2: entered allmulticast mode
[   83.585756][ T7251] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   83.601410][ T7251] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   83.723346][ T7258] loop3: detected capacity change from 0 to 40427
[   83.726188][ T7258] F2FS-fs (loop3): Small segment_count (9 < 1 * 24)
[   83.728380][ T7258] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   83.766539][ T7258] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   83.770830][ T7258] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   83.773121][ T7258] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   83.786688][   T33] audit: type=1800 audit(1755798468.671:21): pid=7258 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.460" name="file1" dev="loop3" ino=10 res=0 errno=0
[   83.806717][ T6577] syz-executor: attempt to access beyond end of device
[   83.806717][ T6577] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   83.811499][ T6577] CPU: 1 UID: 0 PID: 6577 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   83.811509][ T6577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   83.811514][ T6577] Call Trace:
[   83.811516][ T6577]  <TASK>
[   83.811520][ T6577]  dump_stack_lvl+0x189/0x250
[   83.811532][ T6577]  ? __pfx_dump_stack_lvl+0x10/0x10
[   83.811540][ T6577]  ? __pfx_queue_work_on+0x10/0x10
[   83.811548][ T6577]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   83.811557][ T6577]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   83.811568][ T6577]  f2fs_handle_critical_error+0x37c/0x540
[   83.811580][ T6577]  f2fs_write_end_io+0x886/0xb60
[   83.811589][ T6577]  __submit_merged_bio+0x27a/0x6a0
[   83.811621][ T6577]  __submit_merged_write_cond+0x255/0x530
[   83.811634][ T6577]  f2fs_write_data_pages+0x261d/0x3000
[   83.811648][ T6577]  ? arch_stack_walk+0xfc/0x150
[   83.811670][ T6577]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   83.811685][ T6577]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   83.811697][ T6577]  ? rcu_is_watching+0x15/0xb0
[   83.811711][ T6577]  ? folios_put_refs+0x559/0x640
[   83.811720][ T6577]  ? __pfx_folios_put_refs+0x10/0x10
[   83.811727][ T6577]  ? rcu_is_watching+0x15/0xb0
[   83.811733][ T6577]  ? lru_add+0xa2f/0xd80
[   83.811740][ T6577]  ? lru_add+0x198/0xd80
[   83.811747][ T6577]  ? folio_batch_move_lru+0x319/0x3a0
[   83.811755][ T6577]  ? filemap_get_folios_tag+0xed/0x630
[   83.811761][ T6577]  ? rcu_is_watching+0x15/0xb0
[   83.811768][ T6577]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   83.811778][ T6577]  do_writepages+0x32e/0x550
[   83.811787][ T6577]  ? rcu_is_watching+0x15/0xb0
[   83.811794][ T6577]  ? do_raw_spin_unlock+0x4d/0x240
[   83.811804][ T6577]  filemap_fdatawrite+0x199/0x240
[   83.811813][ T6577]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   83.811828][ T6577]  ? rcu_is_watching+0x15/0xb0
[   83.811835][ T6577]  ? do_raw_spin_unlock+0x4d/0x240
[   83.811844][ T6577]  f2fs_sync_dirty_inodes+0x31f/0x830
[   83.811853][ T6577]  f2fs_write_checkpoint+0x95a/0x1df0
[   83.811864][ T6577]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   83.811877][ T6577]  ? rcu_is_watching+0x15/0xb0
[   83.811883][ T6577]  ? kill_f2fs_super+0x298/0x6c0
[   83.811891][ T6577]  kill_f2fs_super+0x2c3/0x6c0
[   83.811899][ T6577]  ? __pfx_kill_f2fs_super+0x10/0x10
[   83.811905][ T6577]  ? radix_tree_delete_item+0x2b6/0x400
[   83.811915][ T6577]  ? shrinker_free+0x2ce/0x3e0
[   83.811924][ T6577]  deactivate_locked_super+0xbc/0x130
[   83.811933][ T6577]  cleanup_mnt+0x425/0x4c0
[   83.811941][ T6577]  task_work_run+0x1d4/0x260
[   83.811951][ T6577]  ? __pfx_task_work_run+0x10/0x10
[   83.811960][ T6577]  ? __x64_sys_umount+0x122/0x160
[   83.811968][ T6577]  ? __pfx___x64_sys_umount+0x10/0x10
[   83.811977][ T6577]  ? rcu_is_watching+0x15/0xb0
[   83.811984][ T6577]  exit_to_user_mode_loop+0xec/0x110
[   83.811994][ T6577]  do_syscall_64+0x2bd/0x3b0
[   83.812004][ T6577]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.812011][ T6577]  ? exc_page_fault+0x9f/0xf0
[   83.812020][ T6577]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   83.812026][ T6577] RIP: 0033:0x7f807a58ff17
[   83.812034][ T6577] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   83.812040][ T6577] RSP: 002b:00007ffedd825ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   83.812048][ T6577] RAX: 0000000000000000 RBX: 00007f807a611c05 RCX: 00007f807a58ff17
[   83.812053][ T6577] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffedd825f90
[   83.812057][ T6577] RBP: 00007ffedd825f90 R08: 0000000000000000 R09: 0000000000000000
[   83.812062][ T6577] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffedd827020
[   83.812066][ T6577] R13: 00007f807a611c05 R14: 00000000000146c7 R15: 00007ffedd827060
[   83.812074][ T6577]  </TASK>
[   83.812077][ T6577] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[   84.267013][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.368580][ T7280] loop2: detected capacity change from 0 to 128
[   84.370293][ T5875] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[   84.383750][ T7280] FAT-fs (loop2): Directory bread(block 414) failed
[   84.398199][ T7280] FAT-fs (loop2): Directory bread(block 415) failed
[   84.402397][ T7280] FAT-fs (loop2): Directory bread(block 416) failed
[   84.405790][ T7280] FAT-fs (loop2): Directory bread(block 417) failed
[   84.408810][ T7280] FAT-fs (loop2): Directory bread(block 418) failed
[   84.413147][ T7280] FAT-fs (loop2): Directory bread(block 419) failed
[   84.415874][ T7280] FAT-fs (loop2): Directory bread(block 420) failed
[   84.418662][ T7280] FAT-fs (loop2): Directory bread(block 421) failed
[   84.424154][ T7280] FAT-fs (loop2): Directory bread(block 414) failed
[   84.426660][ T7280] FAT-fs (loop2): Directory bread(block 415) failed
[   84.430061][ T7280] syz.2.470: attempt to access beyond end of device
[   84.430061][ T7280] loop2: rw=3, sector=478, nr_sectors = 2 limit=128
[   84.435044][ T7280] syz.2.470: attempt to access beyond end of device
[   84.435044][ T7280] loop2: rw=2051, sector=480, nr_sectors = 6 limit=128
[   84.491209][ T7288] loop2: detected capacity change from 0 to 2048
[   84.502978][ T7288] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   84.507991][ T7288] ext4 filesystem being mounted at /120/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.519216][ T7292] netlink: 4 bytes leftover after parsing attributes in process `syz.0.475'.
[   84.526848][ T5875] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   84.531213][   T33] audit: type=1804 audit(1755798469.411:22): pid=7288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.474" name="/newroot/120/file0/file1" dev="loop2" ino=15 res=1 errno=0
[   84.543095][ T5875] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[   84.546834][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.550930][ T5875] usb 4-1: Product: syz
[   84.551310][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   84.552776][ T5875] usb 4-1: Manufacturer: syz
[   84.558174][ T5875] usb 4-1: SerialNumber: syz
[   84.569728][ T5875] usb 4-1: config 0 descriptor??
[   84.794720][ T7313] netlink: 28 bytes leftover after parsing attributes in process `syz.2.482'.
[   84.797542][ T7313] netlink: 28 bytes leftover after parsing attributes in process `syz.2.482'.
[   84.801570][ T7313] netlink: 40 bytes leftover after parsing attributes in process `syz.2.482'.
[   84.827322][ T7316] netlink: 'syz.2.483': attribute type 1 has an invalid length.
[   84.837450][ T7316] 8021q: adding VLAN 0 to HW filter on device bond1
[   84.848935][ T7316] bond1: (slave bridge1): making interface the new active one
[   84.853119][ T7316] bond1: (slave bridge1): Enslaving as an active interface with an up link
[   84.861975][ T7316] bond1: (slave vlan2): the slave hw address is in use by the bond; couldn't find a slave with a free hw address to give it (this should not have happened)
[   84.875030][ T5875] usb 4-1: bad CDC descriptors
[   84.876954][ T5875] usb 4-1: unsupported MDLM descriptors
[   85.171844][ T5875] usb 4-1: USB disconnect, device number 3
[   85.328181][ T7328] loop2: detected capacity change from 0 to 512
[   85.333979][ T7328] EXT4-fs (loop2): Test dummy encryption mode enabled
[   85.338982][ T7328] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   85.352167][ T7328] EXT4-fs (loop2): 1 truncate cleaned up
[   85.356509][ T7328] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   85.414460][ T7328] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[   85.440320][ T7328] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[   85.461508][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   85.574096][ T7342] loop2: detected capacity change from 0 to 32768
[   85.591515][ T7332] loop3: detected capacity change from 0 to 40427
[   85.601673][ T7332] F2FS-fs (loop3): Image doesn't support compression
[   85.604667][ T7332] F2FS-fs (loop3): build fault injection rate: 690
[   85.607817][ T7342] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   85.608311][ T7332] F2FS-fs (loop3): invalid crc value
[   85.629029][ T7342] XFS (loop2): Ending clean mount
[   85.673962][ T7332] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   85.678098][ T7332] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   85.684913][ T5847] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   85.906041][ T7364] loop3: detected capacity change from 0 to 256
[   85.910869][ T7364] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   85.915404][ T7364] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[   85.922074][ T7364] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[   85.933906][   T33] audit: type=1326 audit(1755798470.821:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7358 comm="syz.0.495" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x0
[   85.971032][ T7366] loop2: detected capacity change from 0 to 1024
[   85.991627][ T7366] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   85.998811][ T7366] ext4 filesystem being mounted at /132/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.031808][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[   86.233856][ T7372] loop2: detected capacity change from 0 to 32768
[   86.281674][ T7372] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[   86.281690][ T7372]   allowing incompatible features above 0.0: (unknown version)
[   86.281697][ T7372]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   86.298224][ T7372] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[   86.301947][ T7372] bcachefs (loop2): initializing new filesystem
[   86.309283][ T7372] bcachefs (loop2): going read-write
[   86.312672][ T7372] bcachefs (loop2): marking superblocks
[   86.317433][ T7372] bcachefs (loop2): initializing freespace
[   86.322150][ T7372] bcachefs (loop2): done initializing freespace
[   86.326349][ T7372] bcachefs (loop2): reading snapshots table
[   86.328733][ T7372] bcachefs (loop2): reading snapshots done
[   86.336723][ T7372] bcachefs (loop2): done starting filesystem
[   86.662996][ T7386] netlink: 8 bytes leftover after parsing attributes in process `syz.0.498'.
[   86.721666][   T33] audit: type=1326 audit(1755798471.611:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.499" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[   86.761144][   T33] audit: type=1326 audit(1755798471.621:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.499" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[   86.798626][   T33] audit: type=1326 audit(1755798471.621:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.499" exe="/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[   86.811949][   T33] audit: type=1326 audit(1755798471.621:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.499" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[   86.814532][ T7390] netlink: 8 bytes leftover after parsing attributes in process `syz.0.500'.
[   86.820796][   T33] audit: type=1326 audit(1755798471.621:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.0.499" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[   86.860862][ T7390] netlink: 'syz.0.500': attribute type 5 has an invalid length.
[   86.870983][ T7390] netlink: 20 bytes leftover after parsing attributes in process `syz.0.500'.
[   86.888246][ T7390] geneve2: entered promiscuous mode
[   86.896227][ T7390] geneve2: entered allmulticast mode
[   86.907973][   T12] netdevsim netdevsim0 : set [1, 1] type 2 family 0 port 256 - 0
[   86.915418][   T12] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0
[   86.943230][   T12] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0
[   86.946931][   T12] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0
[   87.026308][ T7398] openvswitch: netlink: IP tunnel attribute has 20 unknown bytes.
[   87.029721][ T7398] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   87.071335][ T7401] tipc: Started in network mode
[   87.073502][ T7401] tipc: Node identity ac14140f, cluster identity 4711
[   87.076513][ T7401] tipc: New replicast peer: 255.255.255.255
[   87.091217][ T7401] tipc: Enabled bearer <udp:syz2>, priority 10
[   87.215458][ T5847] bcachefs (loop2): shutting down
[   87.217384][ T5847] bcachefs (loop2): going read-only
[   87.219027][ T5847] bcachefs (loop2): finished waiting for writes to stop
[   87.222929][ T5847] bcachefs (loop2): flushing journal and stopping allocators, journal seq 5
[   87.233845][ T5847] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 5
[   87.240258][ T5847] bcachefs (loop2): clean shutdown complete, journal seq 6
[   87.243338][ T5847] bcachefs (loop2): marking filesystem clean
[   87.255718][ T5847] bcachefs (loop2): shutdown complete
[   87.511301][ T7432] netlink: 68 bytes leftover after parsing attributes in process `syz.3.516'.
[   87.518897][ T7432] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.522969][ T7432] batadv_slave_0: entered promiscuous mode
[   87.834717][ T7439] loop3: detected capacity change from 0 to 164
[   87.838097][ T7439] rock: corrupted directory entry. extent=32, offset=131072, size=237
[   87.864398][ T7441] loop3: detected capacity change from 0 to 1024
[   88.217511][ T5313] tipc: Node number set to 2886997007
[   88.267269][ T7451] loop3: detected capacity change from 0 to 32768
[   88.270839][ T7451] BTRFS warning: excessive commit interval 2147483647, use with care
[   88.274843][ T7451] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.525 (7451)
[   88.284921][ T7451] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   88.291162][ T7451] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[   88.294729][ T7451] BTRFS warning (device loop3): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   88.328454][ T7451] BTRFS info (device loop3): rebuilding free space tree
[   88.333800][ T7451] BTRFS info (device loop3): disabling free space tree
[   88.336265][ T7451] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   88.340602][ T7451] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   88.347185][ T7451] BTRFS info (device loop3): setting nodatasum
[   88.351813][ T7451] BTRFS info (device loop3): enabling ssd optimizations
[   88.354287][ T7451] BTRFS info (device loop3): turning off barriers
[   88.357236][ T7451] BTRFS info (device loop3): turning on flush-on-commit
[   88.360047][ T7451] BTRFS info (device loop3): enabling disk space caching
[   88.362426][ T7451] BTRFS info (device loop3): force clearing of disk cache
[   88.364970][ T7451] BTRFS info (device loop3): doing ref verification
[   88.367760][ T7451] BTRFS info (device loop3): max_inline set to 0
[   88.502656][ T6577] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   88.586701][ T7476] loop2: detected capacity change from 0 to 32768
[   88.617332][ T7476] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   88.646726][ T7476] XFS (loop2): Ending clean mount
[   88.664346][ T5847] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   88.761404][ T7492] loop3: detected capacity change from 0 to 164
[   88.774273][ T7492] ISOFS: primary root directory is empty. Disabling Rock Ridge and switching to Joliet.
[   88.788032][ T7495] netlink: 4 bytes leftover after parsing attributes in process `syz.0.531'.
[   88.962525][ T7496] loop2: detected capacity change from 0 to 32768
[   88.966324][ T7496] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.532 (7496)
[   88.976310][ T7496] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   88.980031][ T7496] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[   89.294668][ T7496] BTRFS info (device loop2): enabling ssd optimizations
[   89.297253][ T7496] BTRFS info (device loop2): enabling free space tree
[   89.300034][ T7496] BTRFS info (device loop2): use lzo compression, level 0
[   89.310651][   T33] audit: type=1800 audit(1755798474.201:29): pid=7496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.532" name="file1" dev="loop2" ino=260 res=0 errno=0
[   89.317470][   T33] audit: type=1800 audit(1755798474.201:30): pid=7496 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.532" name="file1" dev="loop2" ino=260 res=0 errno=0
[   89.708738][ T5847] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   89.983390][ T7559] overlayfs: missing 'workdir'
[   89.991305][ T7541] loop3: detected capacity change from 0 to 32768
[   90.014942][ T7541] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   90.047114][ T7541] XFS (loop3): Ending clean mount
[   90.061940][   T33] audit: type=1800 audit(1755798474.951:31): pid=7541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.543" name="bus" dev="loop3" ino=9289 res=0 errno=0
[   90.082862][ T6577] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   90.099472][ T5875] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[   90.193910][ T7573] loop3: detected capacity change from 0 to 256
[   90.206103][ T7573] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[   90.255612][ T5875] usb 3-1: Using ep0 maxpacket: 32
[   90.267893][ T5875] usb 3-1: New USB device found, idVendor=04e2, idProduct=1403, bcdDevice=1c.b2
[   90.272239][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.275607][ T5875] usb 3-1: Product: syz
[   90.277427][ T5875] usb 3-1: Manufacturer: syz
[   90.284065][ T5875] usb 3-1: SerialNumber: syz
[   90.290531][ T5875] usb 3-1: config 0 descriptor??
[   90.294766][ T5875] xr_serial 3-1:0.0: invalid descriptor buffer length
[   90.734493][ T5313] usb 3-1: USB disconnect, device number 7
[   91.717292][ T7607] loop3: detected capacity change from 0 to 40427
[   91.728563][ T7607] F2FS-fs (loop3): invalid crc value
[   91.744041][ T7607] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   91.747732][ T7607] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   92.167687][ T7625] loop3: detected capacity change from 0 to 32768
[   92.170936][ T7625] btrfs: Deprecated parameter 'usebackuproot'
[   92.173202][ T7625] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[   92.178395][ T7625] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.572 (7625)
[   92.207563][ T7625] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   92.211896][ T7625] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[   92.272228][ T7625] BTRFS info (device loop3): rebuilding free space tree
[   92.277251][ T7625] BTRFS info (device loop3): enabling ssd optimizations
[   92.281799][ T7625] BTRFS info (device loop3): using spread ssd allocation scheme
[   92.284381][ T7625] BTRFS info (device loop3): enabling free space tree
[   92.286711][ T7625] BTRFS info (device loop3): force clearing of disk cache
[   92.289222][ T7625] BTRFS info (device loop3): enabling auto defrag
[   92.292977][ T7625] BTRFS info (device loop3): doing ref verification
[   92.295698][ T7625] BTRFS info (device loop3): trying to use backup root at mount time
[   92.298883][ T7625] BTRFS info (device loop3): max_inline set to 4096
[   92.322406][ T7643] 9pnet_fd: Insufficient options for proto=fd
[   92.361979][ T7625] BTRFS info (device loop3): space_info DATA+METADATA (sub-group id 0) has 159744 free, is not full
[   92.366425][ T7625] BTRFS info (device loop3): space_info total=3276800, used=53248, pinned=20480, reserved=1236992, may_use=1806336, readonly=0 zone_unusable=0
[   92.374936][ T7625] BTRFS info (device loop3): global_block_rsv: size 1441792 reserved 1441792
[   92.378407][ T7625] BTRFS info (device loop3): trans_block_rsv: size 0 reserved 0
[   92.382164][ T7625] BTRFS info (device loop3): chunk_block_rsv: size 0 reserved 0
[   92.385277][ T7625] BTRFS info (device loop3): delayed_block_rsv: size 0 reserved 0
[   92.388474][ T7625] BTRFS info (device loop3): delayed_refs_rsv: size 196608 reserved 65536
[   92.425898][ T7652] dvmrp0: entered allmulticast mode
[   92.489362][  T880] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[   92.651135][  T880] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   92.655446][  T880] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[   92.660596][  T880] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[   92.664580][  T880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[   92.668050][  T880] usb 3-1: SerialNumber: syz
[   92.812548][ T6577] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   92.882820][  T880] usb 3-1: 0:2 : does not exist
[   92.893182][  T880] usb 3-1: USB disconnect, device number 8
[   92.903441][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   93.486746][ T7678] loop3: detected capacity change from 0 to 4096
[   93.641946][ T7681] loop2: detected capacity change from 0 to 40427
[   93.645238][ T7681] F2FS-fs (loop2): build fault injection rate: 19
[   93.647910][ T7681] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[   93.651546][ T7681] F2FS-fs (loop2): invalid crc value
[   93.658824][ T7681] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[   93.673370][ T7681] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[   93.678175][ T7681] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   93.682166][ T7681] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   93.688242][ T7681] F2FS-fs (loop2): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[   93.702125][ T5847] syz-executor: attempt to access beyond end of device
[   93.702125][ T5847] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   93.709457][ T5847] CPU: 0 UID: 0 PID: 5847 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   93.709471][ T5847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   93.709476][ T5847] Call Trace:
[   93.709479][ T5847]  <TASK>
[   93.709482][ T5847]  dump_stack_lvl+0x189/0x250
[   93.709534][ T5847]  ? __pfx_dump_stack_lvl+0x10/0x10
[   93.709542][ T5847]  ? __pfx_queue_work_on+0x10/0x10
[   93.709550][ T5847]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   93.709559][ T5847]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   93.709569][ T5847]  f2fs_handle_critical_error+0x37c/0x540
[   93.709581][ T5847]  f2fs_write_end_io+0x886/0xb60
[   93.709590][ T5847]  __submit_merged_bio+0x27a/0x6a0
[   93.709599][ T5847]  __submit_merged_write_cond+0x255/0x530
[   93.709609][ T5847]  f2fs_write_data_pages+0x261d/0x3000
[   93.709619][ T5847]  ? rcu_is_watching+0x15/0xb0
[   93.709630][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.709646][ T5847]  ? __mod_zone_page_state+0xd7/0x140
[   93.709657][ T5847]  ? folios_put_refs+0x560/0x640
[   93.709666][ T5847]  ? __pfx_folios_put_refs+0x10/0x10
[   93.709673][ T5847]  ? rcu_is_watching+0x15/0xb0
[   93.709679][ T5847]  ? lru_add+0xa2f/0xd80
[   93.709685][ T5847]  ? lru_add+0x198/0xd80
[   93.709692][ T5847]  ? do_raw_spin_lock+0x121/0x290
[   93.709701][ T5847]  ? do_raw_spin_unlock+0x4d/0x240
[   93.709709][ T5847]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   93.709720][ T5847]  do_writepages+0x32e/0x550
[   93.709729][ T5847]  ? rcu_is_watching+0x15/0xb0
[   93.709736][ T5847]  ? do_raw_spin_unlock+0x4d/0x240
[   93.709744][ T5847]  filemap_fdatawrite+0x199/0x240
[   93.709754][ T5847]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   93.709768][ T5847]  ? rcu_is_watching+0x15/0xb0
[   93.709788][ T5847]  ? do_raw_spin_unlock+0x4d/0x240
[   93.709796][ T5847]  f2fs_sync_dirty_inodes+0x31f/0x830
[   93.709804][ T5847]  f2fs_write_checkpoint+0x95a/0x1df0
[   93.709814][ T5847]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   93.709826][ T5847]  ? kill_f2fs_super+0x298/0x6c0
[   93.709834][ T5847]  kill_f2fs_super+0x2c3/0x6c0
[   93.709841][ T5847]  ? __pfx_kill_f2fs_super+0x10/0x10
[   93.709847][ T5847]  ? radix_tree_delete_item+0x2b6/0x400
[   93.709857][ T5847]  ? shrinker_free+0x2ce/0x3e0
[   93.709864][ T5847]  deactivate_locked_super+0xbc/0x130
[   93.709873][ T5847]  cleanup_mnt+0x425/0x4c0
[   93.709881][ T5847]  task_work_run+0x1d4/0x260
[   93.709890][ T5847]  ? __pfx_task_work_run+0x10/0x10
[   93.709898][ T5847]  ? __x64_sys_umount+0x122/0x160
[   93.709907][ T5847]  ? __pfx___x64_sys_umount+0x10/0x10
[   93.709916][ T5847]  ? rcu_is_watching+0x15/0xb0
[   93.709923][ T5847]  exit_to_user_mode_loop+0xec/0x110
[   93.709932][ T5847]  do_syscall_64+0x2bd/0x3b0
[   93.709943][ T5847]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.709949][ T5847]  ? exc_page_fault+0x9f/0xf0
[   93.709958][ T5847]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.709965][ T5847] RIP: 0033:0x7fe20238ff17
[   93.709972][ T5847] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   93.709979][ T5847] RSP: 002b:00007ffd193af278 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   93.709988][ T5847] RAX: 0000000000000000 RBX: 00007fe202411c05 RCX: 00007fe20238ff17
[   93.709993][ T5847] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd193af330
[   93.709997][ T5847] RBP: 00007ffd193af330 R08: 0000000000000000 R09: 0000000000000000
[   93.710008][ T5847] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd193b03c0
[   93.710013][ T5847] R13: 00007fe202411c05 R14: 0000000000016d76 R15: 00007ffd193b0400
[   93.710020][ T5847]  </TASK>
[   93.710660][ T5847] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   93.849907][ T7689] loop3: detected capacity change from 0 to 128
[   93.868035][ T7689] FAT-fs (loop3): bogus number of reserved sectors
[   93.874096][ T7689] FAT-fs (loop3): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[   93.879417][ T7689] FAT-fs (loop3): Can't find a valid FAT filesystem
[   94.040419][ T7698] loop3: detected capacity change from 0 to 256
[   94.056733][ T7698] exfat: Deprecated parameter 'namecase'
[   94.060346][ T7698] exfat: Deprecated parameter 'namecase'
[   94.064395][ T7698] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[   95.046371][ T7716] loop3: detected capacity change from 0 to 4096
[   95.067304][ T7716] ntfs3(loop3): Mark volume as dirty due to NTFS errors
[   95.085838][ T7722] netlink: 'syz.2.605': attribute type 11 has an invalid length.
[   95.089172][ T7722] netlink: 244 bytes leftover after parsing attributes in process `syz.2.605'.
[   95.100570][ T7716] ntfs3(loop3): Failed to load $Extend (-22).
[   95.103649][ T7716] ntfs3(loop3): Failed to initialize $Extend.
[   95.452298][ T7745] block device autoloading is deprecated and will be removed.
[   95.549933][ T7747] netlink: 2028 bytes leftover after parsing attributes in process `syz.0.613'.
[   95.553026][ T7747] netlink: 20 bytes leftover after parsing attributes in process `syz.0.613'.
[   95.639132][ T7744] loop3: detected capacity change from 0 to 32768
[   95.642341][ T7744] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.615 (7744)
[   95.650016][ T7744] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   95.654130][ T7744] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[   95.664912][ T7744] BTRFS info (device loop3): enabling ssd optimizations
[   95.667852][ T7744] BTRFS info (device loop3): turning on async discard
[   95.670797][ T7744] BTRFS info (device loop3): enabling free space tree
[   95.692727][ T6577] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   95.751773][ T7765] loop3: detected capacity change from 0 to 4096
[   96.029379][ T5875] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   96.142022][ T7771] loop2: detected capacity change from 0 to 256
[   96.148442][ T7771] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   96.155695][ T7771] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[   96.162577][ T7771] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[   96.185249][ T5875] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[   96.196272][ T5875] usb 4-1: config 0 has no interface number 0
[   96.216466][ T5875] usb 4-1: New USB device found, idVendor=0c45, idProduct=627c, bcdDevice=d7.f7
[   96.228545][ T5875] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   96.240807][ T5875] usb 4-1: Product: syz
[   96.243281][ T5875] usb 4-1: Manufacturer: syz
[   96.245260][ T5875] usb 4-1: SerialNumber: syz
[   96.254231][ T5875] usb 4-1: config 0 descriptor??
[   96.262272][ T5875] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:627c
[   96.344674][ T7786] loop2: detected capacity change from 0 to 16
[   96.350538][ T7786] erofs (device loop2): mounted with root inode @ nid 36.
[   96.467109][ T5875] gspca_sn9c20x: Write register 1000 failed -71
[   96.470747][ T5875] gspca_sn9c20x: Device initialization failed
[   96.473442][ T5875] gspca_sn9c20x 4-1:0.55: probe with driver gspca_sn9c20x failed with error -71
[   96.481091][ T5875] usb 4-1: USB disconnect, device number 4
[   97.391066][ T7804] netlink: 52 bytes leftover after parsing attributes in process `syz.3.635'.
[   97.395122][ T7804] netlink: 8 bytes leftover after parsing attributes in process `syz.3.635'.
[   98.125354][ T7825] overlayfs: failed to clone upperpath
[   98.127666][ T7830] netlink: 84 bytes leftover after parsing attributes in process `syz.2.645'.
[   98.131641][ T7830] netlink: 84 bytes leftover after parsing attributes in process `syz.2.645'.
[   98.529484][  T880] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[   98.683421][  T880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[   98.688342][  T880] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[   98.693516][  T880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[   98.706367][  T880] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[   98.712620][  T880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   98.715976][ T7872] loop3: detected capacity change from 0 to 1024
[   98.719750][  T880] usb 3-1: Product: syz
[   98.721229][  T880] usb 3-1: Manufacturer: syz
[   98.723042][  T880] usb 3-1: SerialNumber: syz
[   98.730610][  T880] usb 3-1: config 0 descriptor??
[   98.737220][ T7842] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   98.741295][ T7842] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   98.746080][  T880] usb 3-1: ucan: probing device on interface #0
[   99.029480][   T10] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[   99.199541][   T10] usb 4-1: Using ep0 maxpacket: 16
[   99.204533][   T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   99.208865][   T10] usb 4-1: config 0 has no interfaces?
[   99.214818][   T10] usb 4-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[   99.218623][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.224671][   T10] usb 4-1: Product: syz
[   99.226416][   T10] usb 4-1: Manufacturer: syz
[   99.228335][   T10] usb 4-1: SerialNumber: syz
[   99.232350][   T10] usb 4-1: config 0 descriptor??
[   99.352549][  T880] ucan 3-1:0.0 can0: registered device
[   99.448238][   T10] usb 4-1: USB disconnect, device number 5
[   99.552707][  T880] ucan 3-1:0.0 can0: firmware string: unknown
[   99.560848][  T880] usb 3-1: USB disconnect, device number 9
[  100.130841][ T7895] tipc: Trying to set illegal importance in message
[  100.146026][ T7897] loop3: detected capacity change from 0 to 128
[  100.170131][ T7897] EXT4-fs (loop3): Test dummy encryption mode enabled
[  100.190203][ T7897] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  100.196250][ T7897] ext4 filesystem being mounted at /106/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  100.217875][ T7897] EXT4-fs (loop3): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  100.233164][ T6577] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  100.256630][ T7893] loop2: detected capacity change from 0 to 32768
[  100.263244][ T7893] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  100.275981][ T7893] XFS (loop2): Ending clean mount
[  100.292338][ T5847] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  100.503555][ T7917] loop2: detected capacity change from 0 to 32768
[  100.674366][ T7925] loop2: detected capacity change from 0 to 16
[  100.713677][ T7925] erofs (device loop2): mounted with root inode @ nid 36.
[  100.896336][ T7929] loop2: detected capacity change from 0 to 32768
[  101.217906][ T7951] netlink: 60 bytes leftover after parsing attributes in process `syz.2.688'.
[  101.577466][ T7965] warning: `syz.0.701' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  101.967718][ T7985] loop3: detected capacity change from 0 to 32768
[  101.976109][ T7985] XFS: noikeep mount option is deprecated.
[  101.995036][ T7997] loop2: detected capacity change from 0 to 16
[  101.998310][ T7997] erofs (device loop2): mounted with root inode @ nid 36.
[  102.003460][ T7985] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  102.054083][ T7985] XFS (loop3): Ending clean mount
[  102.057415][ T7985] XFS (loop3): Quotacheck needed: Please wait.
[  102.064900][ T7985] XFS (loop3): Quotacheck: Done.
[  102.071528][   T33] audit: type=1800 audit(1755798486.961:32): pid=7985 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.710" name="file1" dev="loop3" ino=9286 res=0 errno=0
[  102.099058][ T6577] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  102.374455][ T8026] loop3: detected capacity change from 0 to 512
[  102.393491][ T8026] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.398816][ T8026] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  102.431750][   T33] audit: type=1800 audit(1755798487.321:33): pid=8023 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.724" name="file1" dev="loop3" ino=15 res=0 errno=0
[  102.485478][ T6577] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.529396][   T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  102.557659][ T8032] loop3: detected capacity change from 0 to 1024
[  102.571525][ T8032] EXT4-fs (loop3): orphan cleanup on readonly fs
[  102.578733][ T8032] EXT4-fs (loop3): 1 truncate cleaned up
[  102.583587][ T8032] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  102.599056][ T6577] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.647721][ T8037] netlink: 'syz.3.729': attribute type 1 has an invalid length.
[  102.712949][   T10] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  102.716767][   T10] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  102.721576][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  102.725572][   T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  102.735829][   T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  102.743733][   T10] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  102.747447][   T10] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  102.751327][   T10] usb 3-1: Product: syz
[  102.753443][   T10] usb 3-1: Manufacturer: syz
[  102.759106][   T10] cdc_wdm 3-1:1.0: skipping garbage
[  102.761917][   T10] cdc_wdm 3-1:1.0: skipping garbage
[  102.765721][   T10] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  102.768221][   T10] cdc_wdm 3-1:1.0: Unknown control protocol
[  102.964014][    C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes
[  103.070043][   T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  103.219452][   T10] usb 4-1: Using ep0 maxpacket: 32
[  103.222642][   T10] usb 4-1: config 0 has an invalid interface number: 146 but max is 0
[  103.225383][   T10] usb 4-1: config 0 has no interface number 0
[  103.227530][   T10] usb 4-1: config 0 interface 146 has no altsetting 0
[  103.232400][   T10] usb 4-1: New USB device found, idVendor=2c42, idProduct=1636, bcdDevice=8d.92
[  103.235941][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.238699][   T10] usb 4-1: Product: syz
[  103.240843][   T10] usb 4-1: Manufacturer: syz
[  103.242446][   T10] usb 4-1: SerialNumber: syz
[  103.244893][   T10] usb 4-1: config 0 descriptor??
[  103.252613][   T10] f81232 4-1:0.146: f81534a converter detected
[  103.455842][   T10] usb 4-1: f81534a converter now attached to ttyUSB0
[  103.662324][   T10] usb 4-1: USB disconnect, device number 6
[  103.666175][   T10] f81534a ttyUSB0: f81534a converter now disconnected from ttyUSB0
[  103.671341][   T10] f81232 4-1:0.146: device disconnected
[  105.162314][ T8098] loop3: detected capacity change from 0 to 2048
[  105.168739][ T8098] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  105.181085][ T8098] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  105.185081][ T8098] UDF-fs: Scanning with blocksize 512 failed
[  105.188908][ T8098] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  105.193329][ T8098] UDF-fs: Scanning with blocksize 1024 failed
[  105.197239][ T8098] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  105.202257][ T8098] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  105.205531][ T8098] UDF-fs: Scanning with blocksize 2048 failed
[  105.208503][ T8098] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  105.213679][ T8098] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[  105.218272][ T8098] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  105.222115][ T8098] UDF-fs: Scanning with blocksize 4096 failed
[  105.224909][ T8098] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1)
[  105.323208][   T10] usb 3-1: USB disconnect, device number 10
[  105.365019][ T8110] loop2: detected capacity change from 0 to 1024
[  105.432267][ T8110] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.446008][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.635899][ T8137] netlink: 12 bytes leftover after parsing attributes in process `syz.0.776'.
[  106.039875][ T8107] loop3: detected capacity change from 0 to 262144
[  106.043682][ T8107] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.763 (8107)
[  106.050652][ T8107] BTRFS info (device loop3): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  106.054539][ T8107] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  106.125421][ T8107] BTRFS info (device loop3): enabling ssd optimizations
[  106.128333][ T8107] BTRFS info (device loop3): enabling free space tree
[  106.156741][ T6577] BTRFS info (device loop3): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  106.213705][ T8168] openvswitch: netlink: VXLAN extension message has 1 unknown bytes.
[  106.369113][ T8176] loop3: detected capacity change from 0 to 512
[  106.378127][ T8176] EXT4-fs: Ignoring removed mblk_io_submit option
[  106.390197][ T8176] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  106.403687][ T8176] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.786: bad orphan inode 131083
[  106.408725][ T8176] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  106.421258][ T8176] overlayfs: upper fs needs to support d_type.
[  106.433065][ T8176] EXT4-fs error (device loop3): ext4_lookup:1787: inode #14: comm syz.3.786: invalid fast symlink length 39
[  106.449937][ T6577] EXT4-fs error (device loop3): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /141/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  106.654769][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.683641][ T6724] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.712979][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.744956][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.802811][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): left allmulticast mode
[  106.806894][   T12] bridge0: port 3(macsec1) entered disabled state
[  106.810411][   T12] macsec1 (unregistering): left allmulticast mode
[  106.813189][   T12] macsec1 (unregistering): left promiscuous mode
[  106.816009][   T12] bridge0: port 3(macsec1) entered disabled state
[  106.821241][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.844590][ T5236] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  106.847748][ T5236] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  106.851083][ T5236] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  106.854596][ T5236] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  106.858872][ T5236] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  106.892103][   T12] bridge_slave_1: left allmulticast mode
[  106.894317][   T12] bridge_slave_1: left promiscuous mode
[  106.896466][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.900188][   T12] bridge_slave_0: left allmulticast mode
[  106.902126][   T12] bridge_slave_0: left promiscuous mode
[  106.904070][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.005314][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  107.010533][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  107.014849][   T12] bond0 (unregistering): Released all slaves
[  107.082072][   T12] tipc: Disabling bearer <udp:syz2>
[  107.086182][   T12] tipc: Left network mode
[  107.143339][ T8183] chnl_net:caif_netlink_parms(): no params data found
[  107.215507][ T8183] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.218079][ T8183] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.221475][ T8183] bridge_slave_0: entered allmulticast mode
[  107.224909][ T8183] bridge_slave_0: entered promiscuous mode
[  107.232413][ T8183] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.236448][ T8183] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.240806][ T8183] bridge_slave_1: entered allmulticast mode
[  107.248399][ T8183] bridge_slave_1: entered promiscuous mode
[  107.270201][   T12] hsr_slave_0: left promiscuous mode
[  107.275314][   T12] hsr_slave_1: left promiscuous mode
[  107.277665][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.288360][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  107.295921][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  107.302170][   T12] veth1_macvtap: left promiscuous mode
[  107.304321][   T12] veth0_macvtap: left promiscuous mode
[  107.306315][   T12] veth1_vlan: left promiscuous mode
[  107.308160][   T12] veth0_vlan: left promiscuous mode
[  107.363280][ T8217] loop2: detected capacity change from 0 to 512
[  107.376569][ T8217] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.800: casefold flag without casefold feature
[  107.383807][ T8217] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.800: couldn't read orphan inode 15 (err -117)
[  107.393236][ T8217] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.417120][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.572904][   T12] team0 (unregistering): Port device team_slave_1 removed
[  107.583403][   T12] team0 (unregistering): Port device team_slave_0 removed
[  107.650735][ T8183] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.656062][ T8183] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.717118][ T8232] loop2: detected capacity change from 0 to 16
[  107.725525][ T8232] erofs (device loop2): mounted with root inode @ nid 36.
[  107.734494][ T8232] erofs (device loop2): inline data across blocks @ nid 36
[  107.737597][ T8232] syz.2.806: attempt to access beyond end of device
[  107.737597][ T8232] loop2: rw=524288, sector=34359738360, nr_sectors = 1976 limit=16
[  107.776051][ T8183] team0: Port device team_slave_0 added
[  107.792184][ T8183] team0: Port device team_slave_1 added
[  107.872217][ T8183] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.908491][ T8183] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.980596][ T8183] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.042312][ T8183] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.045281][ T8183] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.055985][ T8183] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.095921][ T8183] hsr_slave_0: entered promiscuous mode
[  108.098837][ T8183] hsr_slave_1: entered promiscuous mode
[  108.109263][ T8183] debugfs: 'hsr0' already exists in 'hsr'
[  108.113044][ T8183] Cannot create hsr debugfs directory
[  108.241091][ T8183] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  108.252273][ T8183] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  108.265335][ T8183] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  108.272761][ T8183] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  108.278673][ T8250] loop2: detected capacity change from 0 to 512
[  108.288118][ T8250] EXT4-fs: Ignoring removed bh option
[  108.307452][ T8250] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  108.325810][ T8250] EXT4-fs (loop2): 1 truncate cleaned up
[  108.333840][ T8250] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  108.349226][ T8183] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.365520][ T8183] 8021q: adding VLAN 0 to HW filter on device team0
[  108.372505][ T1094] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.375428][ T1094] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.386678][ T1094] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.389685][ T1094] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.761091][   T33] audit: type=1800 audit(1755798493.641:34): pid=8263 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.811" name="bus" dev="loop2" ino=18 res=0 errno=0
[  108.777315][ T8183] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.913403][ T8183] veth0_vlan: entered promiscuous mode
[  108.917840][ T8183] veth1_vlan: entered promiscuous mode
[  108.920161][ T5236] Bluetooth: hci2: command tx timeout
[  109.046261][ T8183] veth0_macvtap: entered promiscuous mode
[  109.067325][ T8183] veth1_macvtap: entered promiscuous mode
[  109.144715][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  109.152666][ T8183] batman_adv: batadv0: Interface activated: batadv_slave_0
[  109.173489][ T8183] batman_adv: batadv0: Interface activated: batadv_slave_1
[  109.184499][   T12] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  109.188214][   T12] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  109.203024][   T12] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  109.206978][   T12] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  109.238085][ T1091] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.244770][ T1091] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.257090][ T1097] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  109.261957][ T1097] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  109.453702][   T24] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  109.581487][ T8301] syz.4.816: attempt to access beyond end of device
[  109.581487][ T8301] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0
[  109.587228][ T8301] EXT4-fs (nbd4): unable to read superblock
[  109.682597][ T8300] No control pipe specified
[  109.741510][   T24] usb 3-1: config 0 has an invalid interface number: 69 but max is 0
[  109.745181][   T24] usb 3-1: config 0 has no interface number 0
[  109.747513][   T24] usb 3-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  109.751787][   T24] usb 3-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  109.758574][   T24] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  109.764647][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.771015][   T24] usb 3-1: Product: syz
[  109.772955][   T24] usb 3-1: Manufacturer: syz
[  109.774908][   T24] usb 3-1: SerialNumber: syz
[  109.778749][   T24] usb 3-1: config 0 descriptor??
[  109.781846][ T8290] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  109.785245][   T24] cyberjack 3-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  109.789826][   T24] usb 3-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  109.988310][    C1] cyberjack ttyUSB0: cyberjack_read_int_callback - failed resubmitting read urb, error -22
[  110.197516][   T24] usb 3-1: USB disconnect, device number 11
[  110.210502][   T24] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  110.218715][   T24] cyberjack 3-1:0.69: device disconnected
[  110.282500][ T8316] pimreg: entered allmulticast mode
[  110.321608][ T8320] netlink: 'syz.4.823': attribute type 1 has an invalid length.
[  110.325097][ T8320] netlink: 184 bytes leftover after parsing attributes in process `syz.4.823'.
[  110.484391][ T8330] netlink: 132 bytes leftover after parsing attributes in process `syz.4.829'.
[  110.727790][ T8352] loop2: detected capacity change from 0 to 1024
[  110.732606][ T8352] EXT4-fs: Ignoring removed bh option
[  110.735267][ T8352] EXT4-fs (loop2): unable to read superblock
[  110.769247][ T8332] loop4: detected capacity change from 0 to 65536
[  110.800007][ T8356] 8021q: adding VLAN 0 to HW filter on device bond2
[  110.811225][ T8332] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  110.834575][ T8332] XFS (loop4): Ending clean mount
[  110.838814][ T8332] XFS (loop4): Quotacheck needed: Please wait.
[  110.843227][ T1091] XFS (loop4): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_cntbt block 0x6 
[  110.847221][ T1097] XFS (loop4): Metadata CRC error detected at xfs_agi_read_verify+0x12f/0x1f0, xfs_agi block 0x8002 
[  110.852298][ T1091] XFS (loop4): Unmount and run xfs_repair
[  110.854647][ T1091] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  110.858923][ T1097] XFS (loop4): Unmount and run xfs_repair
[  110.866758][ T1097] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  110.869808][ T1091] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  110.869914][ T1097] 00000000: 58 41 47 49 00 00 00 01 00 00 00 01 00 00 40 00  XAGI..........@.
[  110.873039][ T1091] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10  ................
[  110.876462][ T1097] 00000010: 00 00 00 00 00 00 00 04 00 00 00 01 00 00 00 00  ................
[  110.876471][ T1097] 00000020: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  110.876479][ T1097] 00000030: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  110.876488][ T1097] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  110.876496][ T1097] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  110.876503][ T1097] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  110.876511][ T1097] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  110.895242][ T1091] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  110.902271][ T1097] XFS (loop4): metadata I/O error in "xfs_read_agi+0x272/0x5b0" at daddr 0x8002 len 1 error 74
[  110.909689][ T1091] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03  .....J..........
[  110.925263][ T1091] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00  ...9..?.........
[  110.928962][ T1091] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00  ...........?....
[  110.933459][ T1091] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  110.937358][ T1091] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  110.941789][ T1091] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x6 len 2 error 74
[  110.947948][ T8332] XFS (loop4): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  110.967668][ T8332] XFS (loop4): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xe0, xfs_cntbt block 0x6 
[  110.972252][ T8332] XFS (loop4): Unmount and run xfs_repair
[  110.974576][ T8332] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  110.977499][ T8332] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff  AB3C............
[  110.989742][ T8332] 00000010: 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 10  ................
[  110.989804][ T5236] Bluetooth: hci2: command tx timeout
[  110.993375][ T8332] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  111.008107][ T8332] 00000030: 00 00 00 00 b2 4a d0 a1 00 00 00 0d 00 00 00 03  .....J..........
[  111.011557][ T8332] 00000040: 00 00 00 39 00 00 3f c7 00 00 00 00 00 00 00 00  ...9..?.........
[  111.014715][ T8332] 00000050: 00 00 00 00 00 00 00 00 00 00 00 3f 00 00 00 00  ...........?....
[  111.017657][ T8332] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  111.029498][ T8332] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  111.032610][ T8332] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x6 len 2 error 74
[  111.036748][ T8332] XFS (loop4): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[  111.044654][ T8371] loop2: detected capacity change from 0 to 40427
[  111.049442][ T8332] XFS (loop4): Please unmount the filesystem and rectify the problem(s)
[  111.050170][ T8371] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  111.059429][ T8371] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  111.062406][ T8371] F2FS-fs (loop2): build fault injection rate: 18446
[  111.065353][ T8371] F2FS-fs (loop2): invalid crc value
[  111.067772][ T8183] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  111.122062][ T8371] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  111.126169][ T8371] F2FS-fs (loop2): Start checkpoint disabled!
[  111.140035][ T8371] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  111.151908][ T8371] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  111.191086][ T1017] kworker/u10:4: attempt to access beyond end of device
[  111.191086][ T1017] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  111.195859][ T1017] CPU: 1 UID: 0 PID: 1017 Comm: kworker/u10:4 Not tainted syzkaller #0 PREEMPT(full) 
[  111.195870][ T1017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  111.195876][ T1017] Workqueue: writeback wb_workfn (flush-7:2)
[  111.195890][ T1017] Call Trace:
[  111.195893][ T1017]  <TASK>
[  111.195897][ T1017]  dump_stack_lvl+0x189/0x250
[  111.195908][ T1017]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.195916][ T1017]  ? __pfx_queue_work_on+0x10/0x10
[  111.195924][ T1017]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  111.195933][ T1017]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  111.195944][ T1017]  f2fs_handle_critical_error+0x37c/0x540
[  111.195957][ T1017]  f2fs_write_end_io+0x886/0xb60
[  111.195986][ T1017]  __submit_merged_bio+0x27a/0x6a0
[  111.195997][ T1017]  __submit_merged_write_cond+0x255/0x530
[  111.196007][ T1017]  f2fs_write_data_pages+0x261d/0x3000
[  111.196023][ T1017]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  111.196035][ T1017]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  111.196048][ T1017]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  111.196060][ T1017]  ? trace_f2fs_writepages+0x7f/0x200
[  111.196069][ T1017]  ? f2fs_write_node_pages+0x478/0x6e0
[  111.196077][ T1017]  ? xa_load+0x60/0x210
[  111.196088][ T1017]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  111.196096][ T1017]  ? do_raw_spin_lock+0x121/0x290
[  111.196106][ T1017]  ? lock_release+0x4b/0x3e0
[  111.196116][ T1017]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  111.196126][ T1017]  do_writepages+0x32e/0x550
[  111.196136][ T1017]  ? unwind_next_frame+0xa5/0x2390
[  111.196146][ T1017]  __writeback_single_inode+0x145/0xff0
[  111.196155][ T1017]  ? do_raw_spin_unlock+0x4d/0x240
[  111.196164][ T1017]  writeback_sb_inodes+0x6c7/0x1010
[  111.196175][ T1017]  ? fprop_reflect_period_percpu+0x6b/0x330
[  111.196185][ T1017]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  111.196201][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.196210][ T1017]  wb_writeback+0x43b/0xaf0
[  111.196219][ T1017]  ? queue_io+0x3c1/0x590
[  111.196228][ T1017]  ? __pfx_wb_writeback+0x10/0x10
[  111.196237][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.196245][ T1017]  wb_workfn+0x409/0xef0
[  111.196254][ T1017]  ? __pfx_wb_workfn+0x10/0x10
[  111.196261][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.196267][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.196275][ T1017]  ? process_scheduled_works+0x9ef/0x17b0
[  111.196299][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.196306][ T1017]  ? lock_acquire+0x5f/0x360
[  111.196316][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.196322][ T1017]  ? process_scheduled_works+0x9ef/0x17b0
[  111.196349][ T1017]  ? process_scheduled_works+0x9ef/0x17b0
[  111.196356][ T1017]  process_scheduled_works+0xae1/0x17b0
[  111.196368][ T1017]  ? __pfx_process_scheduled_works+0x10/0x10
[  111.196377][ T1017]  worker_thread+0x8a0/0xda0
[  111.196389][ T1017]  kthread+0x711/0x8a0
[  111.196397][ T1017]  ? __pfx_worker_thread+0x10/0x10
[  111.196404][ T1017]  ? __pfx_kthread+0x10/0x10
[  111.196412][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.196419][ T1017]  ? __pfx_kthread+0x10/0x10
[  111.196427][ T1017]  ret_from_fork+0x3fc/0x770
[  111.196435][ T1017]  ? __pfx_ret_from_fork+0x10/0x10
[  111.196443][ T1017]  ? __switch_to_asm+0x39/0x70
[  111.196453][ T1017]  ? __switch_to_asm+0x33/0x70
[  111.196463][ T1017]  ? __pfx_kthread+0x10/0x10
[  111.196471][ T1017]  ret_from_fork_asm+0x1a/0x30
[  111.196483][ T1017]  </TASK>
[  111.197407][ T1017] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  111.202067][ T8386] loop4: detected capacity change from 0 to 512
[  111.207997][ T1017] CPU: 1 UID: 0 PID: 1017 Comm: kworker/u10:4 Not tainted syzkaller #0 PREEMPT(full) 
[  111.208008][ T1017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  111.208013][ T1017] Workqueue: writeback wb_workfn (flush-7:2)
[  111.208027][ T1017] Call Trace:
[  111.208029][ T1017]  <TASK>
[  111.208033][ T1017]  dump_stack_lvl+0x189/0x250
[  111.208043][ T1017]  ? __pfx_dump_stack_lvl+0x10/0x10
[  111.208051][ T1017]  ? __pfx_queue_work_on+0x10/0x10
[  111.208059][ T1017]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  111.208068][ T1017]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  111.208079][ T1017]  f2fs_handle_critical_error+0x37c/0x540
[  111.208095][ T1017]  f2fs_write_end_io+0x886/0xb60
[  111.208111][ T1017]  __submit_merged_bio+0x27a/0x6a0
[  111.208127][ T1017]  __submit_merged_write_cond+0x255/0x530
[  111.208143][ T1017]  f2fs_write_data_pages+0x261d/0x3000
[  111.208163][ T1017]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  111.208175][ T1017]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  111.208188][ T1017]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  111.208202][ T1017]  ? trace_f2fs_writepages+0x7f/0x200
[  111.208216][ T1017]  ? f2fs_write_node_pages+0x478/0x6e0
[  111.208228][ T1017]  ? xa_load+0x60/0x210
[  111.208245][ T1017]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  111.208258][ T1017]  ? do_raw_spin_lock+0x121/0x290
[  111.208268][ T1017]  ? lock_release+0x4b/0x3e0
[  111.208284][ T1017]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  111.208300][ T1017]  do_writepages+0x32e/0x550
[  111.208314][ T1017]  ? unwind_next_frame+0xa5/0x2390
[  111.208361][ T1017]  __writeback_single_inode+0x145/0xff0
[  111.208378][ T1017]  ? do_raw_spin_unlock+0x4d/0x240
[  111.208391][ T1017]  writeback_sb_inodes+0x6c7/0x1010
[  111.208409][ T1017]  ? fprop_reflect_period_percpu+0x6b/0x330
[  111.208426][ T1017]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  111.208451][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.208466][ T1017]  wb_writeback+0x43b/0xaf0
[  111.208481][ T1017]  ? queue_io+0x3c1/0x590
[  111.208490][ T1017]  ? __pfx_wb_writeback+0x10/0x10
[  111.208500][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.208509][ T1017]  wb_workfn+0x409/0xef0
[  111.208524][ T1017]  ? __pfx_wb_workfn+0x10/0x10
[  111.208535][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.208546][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.208557][ T1017]  ? process_scheduled_works+0x9ef/0x17b0
[  111.208567][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.208577][ T1017]  ? lock_acquire+0x5f/0x360
[  111.208592][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.208601][ T1017]  ? process_scheduled_works+0x9ef/0x17b0
[  111.208610][ T1017]  ? process_scheduled_works+0x9ef/0x17b0
[  111.208627][ T1017]  process_scheduled_works+0xae1/0x17b0
[  111.208647][ T1017]  ? __pfx_process_scheduled_works+0x10/0x10
[  111.208663][ T1017]  worker_thread+0x8a0/0xda0
[  111.208682][ T1017]  kthread+0x711/0x8a0
[  111.208695][ T1017]  ? __pfx_worker_thread+0x10/0x10
[  111.208704][ T1017]  ? __pfx_kthread+0x10/0x10
[  111.208717][ T1017]  ? rcu_is_watching+0x15/0xb0
[  111.208728][ T1017]  ? __pfx_kthread+0x10/0x10
[  111.208741][ T1017]  ret_from_fork+0x3fc/0x770
[  111.208753][ T1017]  ? __pfx_ret_from_fork+0x10/0x10
[  111.208767][ T1017]  ? __switch_to_asm+0x39/0x70
[  111.208781][ T1017]  ? __switch_to_asm+0x33/0x70
[  111.208794][ T1017]  ? __pfx_kthread+0x10/0x10
[  111.208807][ T1017]  ret_from_fork_asm+0x1a/0x30
[  111.208824][ T1017]  </TASK>
[  111.208829][ T1017] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  111.267960][ T8386] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  111.344702][ T8392] netlink: 12 bytes leftover after parsing attributes in process `syz.0.853'.
[  111.347087][ T8386] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  111.348710][ T8392] netem: invalid attributes len -15
[  111.464095][ T8392] netem: change failed
[  111.465702][ T8183] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  111.541536][ T8400] loop2: detected capacity change from 0 to 256
[  111.544294][ T8400] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  111.547774][ T8400] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  111.571112][ T8400] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  111.573683][ T8400] UDF-fs: Scanning with blocksize 512 failed
[  111.578677][ T8400] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  111.583366][ T8400] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  111.592875][   T33] audit: type=1800 audit(1755798496.481:35): pid=8400 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.856" name="file1" dev="loop2" ino=57 res=0 errno=0
[  111.879491][ T5875] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  112.029577][ T5875] usb 3-1: Using ep0 maxpacket: 16
[  112.033152][ T5875] usb 3-1: config 254 has an invalid interface number: 235 but max is 0
[  112.036589][ T5875] usb 3-1: config 254 has no interface number 0
[  112.039245][ T5875] usb 3-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32
[  112.043427][ T5875] usb 3-1: config 254 interface 235 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  112.047933][ T5875] usb 3-1: config 254 interface 235 has no altsetting 0
[  112.052750][ T5875] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1
[  112.056316][ T5875] usb 3-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3
[  112.059759][ T5875] usb 3-1: Product: syz
[  112.061502][ T5875] usb 3-1: Manufacturer: syz
[  112.063394][ T5875] usb 3-1: SerialNumber: syz
[  112.066880][ T8411] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  112.274510][   T33] audit: type=1326 audit(1755798497.161:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8422 comm="syz.0.867" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[  112.275934][ T5875] usbtest 3-1:254.235: couldn't get endpoints, -71
[  112.287602][ T5875] usbtest 3-1:254.235: probe with driver usbtest failed with error -71
[  112.295530][ T5875] usb 3-1: USB disconnect, device number 12
[  112.298448][   T33] audit: type=1326 audit(1755798497.171:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8422 comm="syz.0.867" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[  112.315064][   T33] audit: type=1326 audit(1755798497.171:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8422 comm="syz.0.867" exe="/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[  112.325859][   T33] audit: type=1326 audit(1755798497.171:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8422 comm="syz.0.867" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[  112.336987][   T33] audit: type=1326 audit(1755798497.171:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8422 comm="syz.0.867" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[  112.536165][ T8445] netlink: 'syz.0.878': attribute type 12 has an invalid length.
[  112.708160][ T8466] ref_ctr going negative. vaddr: 0x200000ffc002, curr val: -29824, delta: 1
[  112.709462][   T33] audit: type=1804 audit(1755798497.591:41): pid=8466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.888" name="file0" dev="tmpfs" ino=2199 res=1 errno=0
[  112.712487][ T8466] ref_ctr increment failed for inode: 0x897 offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888110a76b80
[  113.043352][ T8473] netlink: 'syz.2.891': attribute type 10 has an invalid length.
[  113.079641][ T5236] Bluetooth: hci2: command tx timeout
[  113.162583][ T8475] binder: 8474:8475 ioctl 4018620d 0 returned -22
[  113.512925][ T8503] loop4: detected capacity change from 0 to 1024
[  113.516522][ T8503] EXT4-fs: inline encryption not supported
[  113.543545][ T8503] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.564949][ T8183] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  113.951509][ T8514] netlink: 32 bytes leftover after parsing attributes in process `syz.2.909'.
[  114.002220][ T8520] vxcan1 speed is unknown, defaulting to 1000
[  114.005165][ T8520] vxcan1 speed is unknown, defaulting to 1000
[  114.007943][ T8520] vxcan1 speed is unknown, defaulting to 1000
[  114.021277][ T8522] netlink: 4 bytes leftover after parsing attributes in process `syz.0.912'.
[  114.033501][   T12] netdevsim netdevsim0 : set [0, 0] type 1 family 0 port 8472 - 0
[  114.036954][ T8522] netlink: 4 bytes leftover after parsing attributes in process `syz.0.912'.
[  114.040725][   T12] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  114.050171][   T12] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  114.056873][   T12] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  114.102742][ T8520] infiniband syz2: set active
[  114.104883][ T5313] vxcan1 speed is unknown, defaulting to 1000
[  114.107569][ T8520] infiniband syz2: added vxcan1
[  114.130347][ T8520] RDS/IB: syz2: added
[  114.132004][ T8520] smc: adding ib device syz2 with port count 1
[  114.134438][ T8520] smc:    ib device syz2 port 1 has pnetid 
[  114.137544][   T10] vxcan1 speed is unknown, defaulting to 1000
[  114.141271][ T8520] vxcan1 speed is unknown, defaulting to 1000
[  114.247509][ T8520] vxcan1 speed is unknown, defaulting to 1000
[  114.330996][ T8520] vxcan1 speed is unknown, defaulting to 1000
[  114.520567][ T5313] IPVS: starting estimator thread 0...
[  114.619484][ T8535] IPVS: using max 80 ests per chain, 192000 per kthread
[  114.930143][ T8545] loop2: detected capacity change from 0 to 32768
[  114.934562][ T8545] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.921 (8545)
[  114.942712][ T8545] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  114.947675][ T8545] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  114.961742][ T8545] BTRFS info (device loop2): rebuilding free space tree
[  114.968099][ T8545] BTRFS info (device loop2): disabling free space tree
[  114.972197][ T8545] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  114.976316][ T8545] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  114.995903][ T8545] BTRFS info (device loop2): enabling ssd optimizations
[  115.022178][ T8545] BTRFS info (device loop2): turning on sync discard
[  115.024873][ T8545] BTRFS info (device loop2): force clearing of disk cache
[  115.038024][ T8545] BTRFS info (device loop2): enabling auto defrag
[  115.041188][ T8545] BTRFS info (device loop2): doing ref verification
[  115.044002][ T8545] BTRFS info (device loop2): max_inline set to 0
[  115.159629][ T5236] Bluetooth: hci2: command tx timeout
[  115.176946][ T5847] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  115.478110][ T8588] loop2: detected capacity change from 0 to 512
[  115.533015][ T8588] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  115.538242][ T8588] ext4 filesystem being mounted at /229/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  115.561062][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  115.705047][ T8592] loop2: detected capacity change from 0 to 32768
[  115.709600][ T8592] (syz.2.933,8592,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  115.719565][ T8592] (syz.2.933,8592,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  115.739922][ T8592] JBD2: Ignoring recovery information on journal
[  115.760441][ T8592] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  115.794960][ T5847] ocfs2: Unmounting device (7,2) on (node local)
[  116.307597][ T8603] loop4: detected capacity change from 0 to 32768
[  116.313602][ T8603] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.936 (8603)
[  116.321559][ T8603] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  116.325680][ T8603] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  116.343085][ T8603] BTRFS info (device loop4): enabling ssd optimizations
[  116.349043][ T8603] BTRFS info (device loop4): enabling free space tree
[  116.364471][ T8603] BTRFS info (device loop4): balance: start -sdrange=1..8,vrange=4..3
[  116.367940][ T8603] BTRFS info (device loop4): balance: ended with status: 0
[  116.397666][ T8183] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  116.705559][ T8624] loop4: detected capacity change from 0 to 32768
[  116.711972][ T8624] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.937 (8624)
[  116.718471][ T8624] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  116.722782][ T8624] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  116.828018][ T8624] BTRFS info (device loop4): enabling ssd optimizations
[  116.831186][ T8624] BTRFS info (device loop4): enabling free space tree
[  116.920804][ T8183] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  117.032260][ T8658] loop2: detected capacity change from 0 to 1764
[  117.405586][ T8672] netlink: 8 bytes leftover after parsing attributes in process `syz.4.952'.
[  117.432008][ T8674] netlink: 8 bytes leftover after parsing attributes in process `syz.4.953'.
[  118.319799][    T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  118.356086][ T8631] Set syz1 is full, maxelem 65536 reached
[  118.376646][ T8690] netlink: 32 bytes leftover after parsing attributes in process `syz.0.960'.
[  118.479480][    T9] usb 3-1: Using ep0 maxpacket: 16
[  118.483306][    T9] usb 3-1: config index 0 descriptor too short (expected 16456, got 72)
[  118.487122][    T9] usb 3-1: config 226 has an invalid descriptor of length 0, skipping remainder of the config
[  118.491876][    T9] usb 3-1: config 226 has 0 interfaces, different from the descriptor's value: 2
[  118.496820][    T9] usb 3-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  118.501033][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.511112][    T9] usb 3-1: Product: syz
[  118.513037][    T9] usb 3-1: Manufacturer: syz
[  118.520593][    T9] usb 3-1: SerialNumber: syz
[  118.659734][ T8710] vxcan1 speed is unknown, defaulting to 1000
[  118.941286][    T9] usb 3-1: USB disconnect, device number 13
[  119.013726][ T8716] loop4: detected capacity change from 0 to 32768
[  119.017042][ T8716] btrfs: Deprecated parameter 'usebackuproot'
[  119.020557][ T8716] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  119.024968][ T8716] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.972 (8716)
[  119.033203][ T8716] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  119.037390][ T8716] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  119.059558][ T8716] BTRFS error (device loop4): ignorebadroots must be used with ro mount option
[  119.063315][ T8716] BTRFS error (device loop4): open_ctree failed: -22
[  119.517426][ T8743] netlink: set zone limit has 4 unknown bytes
[  119.528497][ T8743] netlink: del zone limit has 4 unknown bytes
[  119.806597][ T8778] netlink: 32 bytes leftover after parsing attributes in process `syz.0.998'.
[  119.921500][    T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  119.959782][   T10] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  120.052423][ T8799] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1002'.
[  120.078387][ T8801] Invalid source name
[  120.080346][ T8801] UBIFS error (pid: 8801): cannot open "./file0", error -22
[  120.089482][    T9] usb 5-1: Using ep0 maxpacket: 16
[  120.097054][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  120.101894][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  120.105875][    T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  120.112388][   T10] usb 3-1: Using ep0 maxpacket: 32
[  120.116972][    T9] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  120.121059][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.124439][   T10] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[  120.127800][   T10] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  120.132453][   T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[  120.136578][    T9] usb 5-1: config 0 descriptor??
[  120.139833][   T10] usb 3-1: config 1 has no interface number 0
[  120.144360][   T10] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  120.150576][   T10] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  120.155845][   T10] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  120.160348][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  120.173593][   T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[  120.375936][   T10] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached
[  120.545780][    T9] microsoft 0003:045E:07DA.0003: ignoring exceeding usage max
[  120.552295][    T9] microsoft 0003:045E:07DA.0003: unsupported Resolution Multiplier 0
[  120.746564][    T9] microsoft 0003:045E:07DA.0003: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  120.751582][    T9] microsoft 0003:045E:07DA.0003: no inputs found
[  120.754347][    T9] microsoft 0003:045E:07DA.0003: could not initialize ff, continuing anyway
[  120.760607][    T9] usb 5-1: USB disconnect, device number 2
[  120.798005][ T5875] usb 3-1: USB disconnect, device number 14
[  120.803644][ T5875] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[  121.333347][ T8818] loop4: detected capacity change from 0 to 256
[  121.340965][ T8818] FAT-fs (loop4): Directory bread(block 1285) failed
[  121.347159][ T8818] FAT-fs (loop4): Directory bread(block 1285) failed
[  121.476153][ T8829] netlink: 'syz.2.1012': attribute type 10 has an invalid length.
[  121.485788][ T8829] bridge0: port 2(bridge_slave_1) entered disabled state
[  121.489286][ T8829] bridge0: port 1(bridge_slave_0) entered disabled state
[  121.503296][ T8829] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.506465][ T8829] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.509844][ T8829] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.512499][ T8829] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.519060][ T8829] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  121.712189][ T8839] netlink: 'syz.4.1018': attribute type 5 has an invalid length.
[  121.819859][ T8842] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1019'.
[  121.825870][ T8841] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1019'.
[  122.703907][ T8853] loop4: detected capacity change from 0 to 32768
[  122.735440][ T8853] ERROR: (device loop4): dbAdjCtl: the maximum free buddy is not the old root
[  122.735440][ T8853] 
[  122.744512][ T8853] ERROR: (device loop4): remounting filesystem as read-only
[  122.847907][ T8869] loop4: detected capacity change from 0 to 2048
[  122.874669][ T8869] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  122.880471][ T8869] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  122.905350][ T8183] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.942920][ T8867] loop2: detected capacity change from 0 to 40427
[  122.957468][ T8867] F2FS-fs (loop2): invalid crc value
[  122.993011][ T8867] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  122.998064][ T8867] F2FS-fs (loop2): Start checkpoint disabled!
[  123.019593][ T8867] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  123.632513][ T8888] loop2: detected capacity change from 0 to 40427
[  123.648267][ T8888] F2FS-fs (loop2): invalid crc value
[  123.692907][ T8888] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  123.697003][ T8888] F2FS-fs (loop2): Start checkpoint disabled!
[  123.701250][ T8888] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  123.721033][ T1017] kworker/u10:4: attempt to access beyond end of device
[  123.721033][ T1017] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  123.726704][ T1017] CPU: 1 UID: 0 PID: 1017 Comm: kworker/u10:4 Not tainted syzkaller #0 PREEMPT(full) 
[  123.726723][ T1017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  123.726731][ T1017] Workqueue: writeback wb_workfn (flush-7:2)
[  123.726756][ T1017] Call Trace:
[  123.726761][ T1017]  <TASK>
[  123.726767][ T1017]  dump_stack_lvl+0x189/0x250
[  123.726784][ T1017]  ? __pfx_dump_stack_lvl+0x10/0x10
[  123.726796][ T1017]  ? __pfx_queue_work_on+0x10/0x10
[  123.726808][ T1017]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  123.726825][ T1017]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  123.726842][ T1017]  f2fs_handle_critical_error+0x37c/0x540
[  123.726860][ T1017]  f2fs_write_end_io+0x886/0xb60
[  123.726877][ T1017]  __submit_merged_bio+0x27a/0x6a0
[  123.726893][ T1017]  __submit_merged_write_cond+0x255/0x530
[  123.726911][ T1017]  f2fs_write_data_pages+0x261d/0x3000
[  123.726933][ T1017]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  123.726954][ T1017]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  123.726973][ T1017]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  123.726991][ T1017]  ? trace_f2fs_writepages+0x7f/0x200
[  123.727005][ T1017]  ? f2fs_write_node_pages+0x478/0x6e0
[  123.727017][ T1017]  ? xa_load+0x60/0x210
[  123.727036][ T1017]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  123.727048][ T1017]  ? do_raw_spin_lock+0x121/0x290
[  123.727062][ T1017]  ? rcu_is_watching+0x15/0xb0
[  123.727095][ T1017]  ? set_shrinker_bit+0x7c/0x350
[  123.727110][ T1017]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  123.727127][ T1017]  do_writepages+0x32e/0x550
[  123.727143][ T1017]  ? unwind_next_frame+0xa5/0x2390
[  123.727158][ T1017]  __writeback_single_inode+0x145/0xff0
[  123.727172][ T1017]  ? do_raw_spin_unlock+0x4d/0x240
[  123.727187][ T1017]  writeback_sb_inodes+0x6c7/0x1010
[  123.727230][ T1017]  ? fprop_reflect_period_percpu+0x6b/0x330
[  123.727248][ T1017]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  123.727272][ T1017]  ? rcu_is_watching+0x15/0xb0
[  123.727283][ T1017]  wb_writeback+0x43b/0xaf0
[  123.727297][ T1017]  ? queue_io+0x3c1/0x590
[  123.727312][ T1017]  ? __pfx_wb_writeback+0x10/0x10
[  123.727326][ T1017]  ? rcu_is_watching+0x15/0xb0
[  123.727339][ T1017]  wb_workfn+0x409/0xef0
[  123.727353][ T1017]  ? __pfx_wb_workfn+0x10/0x10
[  123.727363][ T1017]  ? rcu_is_watching+0x15/0xb0
[  123.727372][ T1017]  ? rcu_is_watching+0x15/0xb0
[  123.727383][ T1017]  ? process_scheduled_works+0x9ef/0x17b0
[  123.727394][ T1017]  ? rcu_is_watching+0x15/0xb0
[  123.727405][ T1017]  ? lock_acquire+0x5f/0x360
[  123.727423][ T1017]  ? rcu_is_watching+0x15/0xb0
[  123.727433][ T1017]  ? process_scheduled_works+0x9ef/0x17b0
[  123.727442][ T1017]  ? process_scheduled_works+0x9ef/0x17b0
[  123.727452][ T1017]  process_scheduled_works+0xae1/0x17b0
[  123.727469][ T1017]  ? __pfx_process_scheduled_works+0x10/0x10
[  123.727484][ T1017]  worker_thread+0x8a0/0xda0
[  123.727502][ T1017]  kthread+0x711/0x8a0
[  123.727515][ T1017]  ? __pfx_worker_thread+0x10/0x10
[  123.727526][ T1017]  ? __pfx_kthread+0x10/0x10
[  123.727540][ T1017]  ? rcu_is_watching+0x15/0xb0
[  123.727550][ T1017]  ? __pfx_kthread+0x10/0x10
[  123.727564][ T1017]  ret_from_fork+0x3fc/0x770
[  123.727577][ T1017]  ? __pfx_ret_from_fork+0x10/0x10
[  123.727590][ T1017]  ? __switch_to_asm+0x39/0x70
[  123.727605][ T1017]  ? __switch_to_asm+0x33/0x70
[  123.727623][ T1017]  ? __pfx_kthread+0x10/0x10
[  123.727638][ T1017]  ret_from_fork_asm+0x1a/0x30
[  123.727656][ T1017]  </TASK>
[  123.727747][ T1017] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  123.905493][ T8910] netlink: 'syz.4.1047': attribute type 9 has an invalid length.
[  123.908653][ T8910] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1047'.
[  123.915661][ T8910] hsr0: entered promiscuous mode
[  123.917813][ T8910] macvlan2: entered promiscuous mode
[  123.922234][ T8910] macvlan2: entered allmulticast mode
[  123.924435][ T8910] hsr0: entered allmulticast mode
[  123.926436][ T8910] hsr_slave_0: entered allmulticast mode
[  123.928709][ T8910] hsr_slave_1: entered allmulticast mode
[  124.089023][ T8912] loop4: detected capacity change from 0 to 32768
[  124.133538][ T8912] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  124.133553][ T8912]   allowing incompatible features above 0.0: (unknown version)
[  124.133558][ T8912]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  124.160059][ T8912] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  124.164043][ T8912] bcachefs (loop4): initializing new filesystem
[  124.172745][ T8912] bcachefs (loop4): going read-write
[  124.177020][ T8912] bcachefs (loop4): marking superblocks
[  124.188136][ T8912] bcachefs (loop4): initializing freespace
[  124.193172][ T8912] bcachefs (loop4): done initializing freespace
[  124.199034][ T8912] bcachefs (loop4): reading snapshots table
[  124.201956][ T8912] bcachefs (loop4): reading snapshots done
[  124.211874][ T8912] bcachefs (loop4): done starting filesystem
[  124.286753][ T8183] bcachefs (loop4): shutting down
[  124.290604][ T8183] bcachefs (loop4): going read-only
[  124.292656][ T8183] bcachefs (loop4): finished waiting for writes to stop
[  124.300527][ T8183] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3
[  124.308774][ T8931] loop2: detected capacity change from 0 to 256
[  124.315480][ T8931] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d)
[  124.324603][ T8183] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3
[  124.330460][ T8183] bcachefs (loop4): clean shutdown complete, journal seq 4
[  124.334863][ T8183] bcachefs (loop4): marking filesystem clean
[  124.353434][ T8183] bcachefs (loop4): shutdown complete
[  124.580148][ T8945] loop2: detected capacity change from 0 to 32768
[  124.586385][ T8945] (syz.2.1057,8945,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  124.587839][ T8951] netlink: 'syz.0.1060': attribute type 11 has an invalid length.
[  124.597632][ T8951] netlink: 'syz.0.1060': attribute type 5 has an invalid length.
[  124.612014][ T8945] (syz.2.1057,8945,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  124.623937][ T8945] JBD2: Ignoring recovery information on journal
[  124.640537][ T8945] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  124.704333][ T5847] ocfs2: Unmounting device (7,2) on (node local)
[  125.585748][ T8980] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1071'.
[  125.737481][ T8992] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1077'.
[  125.795921][ T8996] netlink: 'syz.4.1078': attribute type 1 has an invalid length.
[  125.825521][ T8994] 8021q: adding VLAN 0 to HW filter on device bond2
[  125.831421][ T8994] bond1: (slave bond2): making interface the new active one
[  125.834786][ T8994] bond1: (slave bond2): Enslaving as an active interface with an up link
[  125.855300][ T8994] bond1: (slave gretap1): Enslaving as a backup interface with an up link
[  125.982615][ T9014] cgroup: release_agent respecified
[  126.008747][ T9018] trusted_key: syz.4.1086 sent an empty control message without MSG_MORE.
[  126.138614][ T9024] loop2: detected capacity change from 0 to 32768
[  126.162450][ T9024] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  126.186347][ T9024] XFS (loop2): Ending clean mount
[  126.189160][ T9024] XFS (loop2): Quotacheck needed: Please wait.
[  126.196020][ T9024] XFS (loop2): Quotacheck: Done.
[  126.215238][ T5847] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  126.463329][ T9039] loop2: detected capacity change from 0 to 32768
[  126.470359][ T9039] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1090 (9039)
[  126.493787][ T9039] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  126.501587][ T9039] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  126.600192][ T9039] BTRFS info (device loop2 state C): enabling ssd optimizations
[  126.605508][ T9055] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1092'.
[  126.612413][ T9039] BTRFS info (device loop2 state C): using spread ssd allocation scheme
[  126.615918][ T9039] BTRFS info (device loop2 state C): turning off barriers
[  126.619112][ T9055] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1092'.
[  126.629470][ T9039] BTRFS info (device loop2 state C): enabling free space tree
[  126.632753][ T9039] BTRFS info (device loop2 state C): enabling auto defrag
[  126.638286][ T9039] BTRFS info (device loop2 state C): ignoring data csums
[  126.642052][ T9039] BTRFS info (device loop2 state C): force zlib compression, level 3
[  126.662386][ T5847] BTRFS info (device loop2 state C): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  126.871332][ T9062] loop2: detected capacity change from 0 to 32768
[  126.879980][ T9062] XFS: noikeep mount option is deprecated.
[  126.914407][ T9071] loop4: detected capacity change from 0 to 512
[  126.918828][ T9062] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  126.935870][ T9071] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  126.960987][ T9071] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1096: invalid indirect mapped block 4294967295 (level 1)
[  126.971298][ T9071] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm syz.4.1096: invalid indirect mapped block 4294967295 (level 1)
[  126.973040][ T9062] XFS (loop2): Ending clean mount
[  126.980506][ T9071] EXT4-fs (loop4): 2 truncates cleaned up
[  126.983129][ T9071] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.988943][ T9062] XFS (loop2): Quotacheck needed: Please wait.
[  126.996422][ T9062] XFS (loop2): Quotacheck: Done.
[  127.023631][ T5847] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  127.029567][ T8183] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.285378][ T9090] loop4: detected capacity change from 0 to 32768
[  127.869822][ T9090] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  127.869848][ T9090]   allowing incompatible features above 0.0: (unknown version)
[  127.869856][ T9090]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  127.887981][ T9090] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  127.891537][ T9090] bcachefs (loop4): initializing new filesystem
[  127.899726][ T9090] bcachefs (loop4): going read-write
[  127.903766][ T9090] bcachefs (loop4): marking superblocks
[  127.911464][ T9090] bcachefs (loop4): initializing freespace
[  127.916476][ T9090] bcachefs (loop4): done initializing freespace
[  127.923036][ T9090] bcachefs (loop4): reading snapshots table
[  127.925731][ T9090] bcachefs (loop4): reading snapshots done
[  127.936315][ T9090] bcachefs (loop4): done starting filesystem
[  128.022065][ T8183] bcachefs (loop4): shutting down
[  128.024244][ T8183] bcachefs (loop4): going read-only
[  128.027146][ T8183] bcachefs (loop4): finished waiting for writes to stop
[  128.032352][ T8183] bcachefs (loop4): flushing journal and stopping allocators, journal seq 3
[  128.047353][ T8183] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 4
[  128.053824][ T8183] bcachefs (loop4): clean shutdown complete, journal seq 5
[  128.057291][ T8183] bcachefs (loop4): marking filesystem clean
[  128.073358][ T8183] bcachefs (loop4): shutdown complete
[  128.087838][ T9119] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1109'.
[  128.198558][ T9127] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1113'.
[  128.202897][ T9127] veth0_to_bond: entered allmulticast mode
[  128.485386][ T9143] netlink: 'syz.2.1121': attribute type 29 has an invalid length.
[  128.492597][ T9143] netlink: 'syz.2.1121': attribute type 29 has an invalid length.
[  128.496673][ T9143] netlink: 500 bytes leftover after parsing attributes in process `syz.2.1121'.
[  128.769499][   T24] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  128.969445][   T24] usb 3-1: Using ep0 maxpacket: 32
[  128.973813][   T24] usb 3-1: config 0 has an invalid interface number: 78 but max is 0
[  128.977493][   T24] usb 3-1: config 0 has no interface number 0
[  128.980184][   T24] usb 3-1: config 0 interface 78 has no altsetting 0
[  128.986037][   T24] usb 3-1: New USB device found, idVendor=07ca, idProduct=b800, bcdDevice=9b.26
[  128.990097][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  128.993713][   T24] usb 3-1: Product: syz
[  128.995721][   T24] usb 3-1: Manufacturer: syz
[  128.997783][   T24] usb 3-1: SerialNumber: syz
[  129.003693][   T24] usb 3-1: config 0 descriptor??
[  129.008867][   T24]  (null): radio-mr800 - initialization failed
[  129.011862][   T24] radio-mr800 3-1:0.78: probe with driver radio-mr800 failed with error -8
[  129.016378][   T24] usbhid 3-1:0.78: couldn't find an input interrupt endpoint
[  129.211453][   T10] usb 3-1: USB disconnect, device number 15
[  129.479436][ T5979] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  129.641390][ T5979] usb 5-1: unable to get BOS descriptor or descriptor too short
[  129.645250][ T5979] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  129.648438][ T5979] usb 5-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  129.653352][ T5979] usb 5-1: config 1 interface 0 has no altsetting 1
[  129.657590][ T5979] usb 5-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75
[  129.661285][ T5979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  129.663735][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  129.664171][ T5979] usb 5-1: Product: syz
[  129.667421][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  129.672681][ T5979] usb 5-1: Manufacturer: syz
[  129.674580][ T5979] usb 5-1: SerialNumber: syz
[  129.680471][ T5979] smsusb:smsusb_probe: board id=8, interface number 0
[  129.811273][ T9184] loop2: detected capacity change from 0 to 2048
[  129.832207][ T9186] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  129.859689][ T9186] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  129.863789][ T9186] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4)
[  129.870807][ T9186] Remounting filesystem read-only
[  129.887223][ T5979] smsusb:smsusb_probe: Device initialized with return code -19
[  129.895705][ T9184] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=2)
[  129.936866][ T5847] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer
[  130.005530][   T33] audit: type=1326 audit(1755798514.881:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.0.1137" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[  130.009624][ T9185] pim6reg: entered allmulticast mode
[  130.030422][   T33] audit: type=1326 audit(1755798514.881:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.0.1137" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[  130.054992][   T33] audit: type=1326 audit(1755798514.881:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.0.1137" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[  130.066701][ T9192] loop2: detected capacity change from 0 to 256
[  130.080047][   T33] audit: type=1326 audit(1755798514.881:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.0.1137" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fef76990b07 code=0x7ffc0000
[  130.100389][   T24] usb 5-1: USB disconnect, device number 3
[  130.108836][   T33] audit: type=1326 audit(1755798514.881:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.0.1137" exe="/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fef76990a7c code=0x7ffc0000
[  130.132208][   T33] audit: type=1326 audit(1755798514.881:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.0.1137" exe="/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fef769909b4 code=0x7ffc0000
[  130.141939][   T33] audit: type=1326 audit(1755798514.891:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.0.1137" exe="/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fef769909b4 code=0x7ffc0000
[  130.158797][   T33] audit: type=1326 audit(1755798514.891:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.0.1137" exe="/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fef7698d84a code=0x7ffc0000
[  130.174993][   T33] audit: type=1326 audit(1755798514.891:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.0.1137" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[  130.185103][   T33] audit: type=1326 audit(1755798514.891:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9178 comm="syz.0.1137" exe="/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7fef7698ebe9 code=0x7ffc0000
[  130.615424][ T9212] fuse: Bad value for 'fd'
[  130.771394][ T9236] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  130.858336][ T9245] loop4: detected capacity change from 0 to 1024
[  130.872820][ T9245] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.908406][ T8183] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.643267][ T9296] loop4: detected capacity change from 0 to 32768
[  131.649142][ T9296] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1174 (9296)
[  131.661293][ T9296] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  131.665508][ T9296] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  131.668680][ T9296] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  131.686660][ T9296] BTRFS info (device loop4): rebuilding free space tree
[  131.691940][ T9296] BTRFS info (device loop4): disabling free space tree
[  131.694524][ T9296] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  131.698248][ T9296] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  131.703259][ T9296] BTRFS info (device loop4): enabling ssd optimizations
[  131.705565][ T9296] BTRFS info (device loop4): enabling disk space caching
[  131.707894][ T9296] BTRFS info (device loop4): force clearing of disk cache
[  131.728294][ T8183] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  132.671152][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.674086][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  132.809254][ T9370] loop4: detected capacity change from 0 to 64
[  133.169765][   T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  133.319364][   T24] usb 5-1: Using ep0 maxpacket: 16
[  133.322619][   T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  133.326226][   T24] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  133.332302][   T24] usb 5-1: config 1 has no interface number 1
[  133.332354][ T9395] bpf: Bad value for 'uid'
[  133.334400][   T24] usb 5-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  133.341979][   T24] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  133.349811][   T24] usb 5-1: config 1 interface 2 has no altsetting 0
[  133.357924][   T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  133.366242][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.374134][   T24] usb 5-1: Product: syz
[  133.375660][   T24] usb 5-1: Manufacturer: syz
[  133.378206][   T24] usb 5-1: SerialNumber: syz
[  133.533479][ T9414] loop2: detected capacity change from 0 to 4096
[  133.601250][   T24] usb 5-1: 2:1 : no or invalid class specific endpoint descriptor
[  133.603966][   T24] usb 5-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  133.606760][   T24] usb 5-1: 2:1 : unsupported sample bitwidth 0 in 0 bytes
[  133.612694][   T24] usb 5-1: selecting invalid altsetting 0
[  133.634254][   T24] usb 5-1: USB disconnect, device number 4
[  133.854836][ T9470] netlink: 1010 bytes leftover after parsing attributes in process `syz.0.1212'.
[  133.858240][ T9470] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  134.277927][ T9483] loop4: detected capacity change from 0 to 4096
[  134.287122][ T9483] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  134.296220][ T9483] ntfs3(loop4): Failed to load $Extend (-22).
[  134.300328][ T9483] ntfs3(loop4): Failed to initialize $Extend.
[  134.862833][ T9525] loop2: detected capacity change from 0 to 32768
[  134.870425][ T9525] XFS: noikeep mount option is deprecated.
[  134.889045][ T9525] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  134.921436][ T9525] XFS (loop2): Ending clean mount
[  134.929755][ T9525] XFS (loop2): Quotacheck needed: Please wait.
[  134.938462][ T9525] XFS (loop2): Quotacheck: Done.
[  134.993203][ T5847] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  135.360024][ T9568] loop2: detected capacity change from 0 to 128
[  135.365380][ T9568] adfs: Bad value for 'uid'
[  135.367295][ T9568] adfs: Bad value for 'uid'
[  135.680449][ T9561] loop2: detected capacity change from 0 to 1024
[  135.917343][ T9594] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  136.010450][ T1017] hfsplus: b-tree write err: -5, ino 4
[  136.166930][ T9601] loop2: detected capacity change from 0 to 40427
[  136.174381][ T9601] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  136.177286][ T9601] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  136.177769][ T9604] netlink: 'syz.0.1250': attribute type 4 has an invalid length.
[  136.185455][ T9601] F2FS-fs (loop2): invalid crc value
[  136.191402][ T9604] netlink: 'syz.0.1250': attribute type 4 has an invalid length.
[  136.211975][ T9601] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  136.216617][ T9601] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  136.218997][ T9601] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  136.350137][ T9616] program syz.2.1251 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  136.368257][ T5313] kernel write not supported for file /vcsa1 (pid: 5313 comm: kworker/1:3)
[  136.434187][ T9628] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  136.440960][ T9628] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  136.586588][ T9645] loop2: detected capacity change from 0 to 32768
[  136.595793][ T9645] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  136.622979][ T5847] ocfs2: Unmounting device (7,2) on (node local)
[  136.691376][ T9654] loop2: detected capacity change from 0 to 2048
[  136.698008][ T9654] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  136.703011][ T9654] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  136.706190][ T9654] UDF-fs: Scanning with blocksize 512 failed
[  136.711050][ T9654] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  136.748649][ T9660] loop2: detected capacity change from 0 to 512
[  136.762843][ T9660] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  136.767912][ T9660] ext4 filesystem being mounted at /337/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  136.786688][ T5847] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.839633][   T54] Bluetooth: hci3: command 0x1003 tx timeout
[  136.842237][ T5236] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  136.878319][ T9677] Bluetooth: MGMT ver 1.23
[  136.886455][ T9672] loop2: detected capacity change from 0 to 4096
[  137.092945][ T9706] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1271'.
[  137.161501][ T9703] loop2: detected capacity change from 0 to 32768
[  137.253544][ T9703] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nocow
[  137.253560][ T9703]   allowing incompatible features above 0.0: (unknown version)
[  137.253567][ T9703]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  137.267056][ T9703] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  137.270291][ T9703] bcachefs (loop2): initializing new filesystem
[  137.275878][ T9703] bcachefs (loop2): going read-write
[  137.279948][ T9703] bcachefs (loop2): marking superblocks
[  137.284641][ T9703] bcachefs (loop2): initializing freespace
[  137.287851][ T9703] bcachefs (loop2): done initializing freespace
[  137.290752][ T9703] bcachefs (loop2): reading snapshots table
[  137.292859][ T9703] bcachefs (loop2): reading snapshots done
[  137.300094][ T9703] bcachefs (loop2): done starting filesystem
[  137.778562][ T9731] netlink: 'syz.4.1274': attribute type 2 has an invalid length.
[  137.942430][ T5847] bcachefs (loop2): shutting down
[  137.945035][ T5847] bcachefs (loop2): going read-only
[  137.947745][ T5847] bcachefs (loop2): finished waiting for writes to stop
[  137.962647][ T9734] loop4: detected capacity change from 0 to 32768
[  137.965713][ T9734] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1275 (9734)
[  137.970934][ T5847] bcachefs (loop2): flushing journal and stopping allocators, journal seq 5
[  137.981725][ T9734] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  137.989427][ T9734] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  137.990824][ T5847] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 5
[  138.007761][ T5847] bcachefs (loop2): clean shutdown complete, journal seq 6
[  138.012275][ T5847] bcachefs (loop2): marking filesystem clean
[  138.040576][ T5847] bcachefs (loop2): shutdown complete
[  138.041566][ T9751] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.
[  138.045565][ T9734] BTRFS info (device loop4): rebuilding free space tree
[  138.071340][ T9734] BTRFS info (device loop4): enabling ssd optimizations
[  138.074223][ T9734] BTRFS info (device loop4): turning on sync discard
[  138.087527][ T9734] BTRFS info (device loop4): enabling free space tree
[  138.090659][ T9734] BTRFS info (device loop4): force clearing of disk cache
[  138.093490][ T9734] BTRFS info (device loop4): enabling auto defrag
[  138.096112][ T9734] BTRFS info (device loop4): max_inline set to 0
[  138.147334][ T8183] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  138.308937][ T9776] loop4: detected capacity change from 0 to 1024
[  138.351247][ T9776] hfsplus: invalid btree flag
[  138.353357][ T9776] hfsplus: failed to load extents file
[  138.448542][ T9787] loop4: detected capacity change from 0 to 1024
[  139.005420][ T9820] loop4: detected capacity change from 0 to 512
[  139.015368][ T9820] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  139.022614][ T9820] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c11c, mo2=0102]
[  139.028870][ T9820] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.1294: corrupted in-inode xattr: e_value size too large
[  139.036110][ T9820] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.1294: couldn't read orphan inode 15 (err -117)
[  139.042550][ T9820] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  139.799831][ T5979] usb 3-1: new full-speed USB device number 16 using dummy_hcd
[  139.883723][ T8183] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  139.962454][ T5979] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  139.966171][ T5979] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  139.970615][ T5979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[  139.974288][ T5979] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  139.977569][ T5979] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  139.984092][ T5979] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  139.987208][ T5979] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  139.990169][ T5979] usb 3-1: Product: syz
[  139.991561][ T5979] usb 3-1: Manufacturer: syz
[  139.993180][ T5979] usb 3-1: SerialNumber: syz
[  139.995712][ T5979] usb 3-1: config 0 descriptor??
[  140.201733][ T5979] radio-si470x 3-1:0.0: DeviceID=0x0000 ChipID=0x0000
[  140.204133][ T5979] radio-si470x 3-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[  140.402447][ T5979] radio-si470x 3-1:0.0: software version 0, hardware version 0
[  140.405767][ T5979] radio-si470x 3-1:0.0: This driver is known to work with hardware version 1, but the device has hardware version 0.
[  140.411058][ T5979] radio-si470x 3-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[  140.603402][ T5979] radio-si470x 3-1:0.0: submitting int urb failed (-90)
[  141.005060][ T5979] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71
[  141.007983][ T5979] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -22
[  141.013208][ T5979] usb 3-1: USB disconnect, device number 16
[  170.589547][ T5844] Bluetooth: hci0: command 0x0406 tx timeout
[  170.589564][ T5857] Bluetooth: hci1: command 0x0406 tx timeout
[  194.111180][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  194.114012][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  232.029619][   T54] Bluetooth: hci2: command 0x0406 tx timeout
[  255.551332][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  255.555257][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  316.991082][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  316.993805][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  378.431437][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  378.434008][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  439.871323][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  439.873881][ T1364] ieee802154 phy1 wpan1: encryption failed: -22

VM DIAGNOSIS:
17:53:53  Registers:
info registers vcpu 0

CPU#0
RAX=ee3a230416d6e500 RBX=ffffffff819683b8 RCX=ee3a230416d6e500 RDX=0000000000000001
RSI=ffffffff8be33660 RDI=ffffffff819683b8 RBP=ffffffff8de07eb8 RSP=ffffffff8de07d80
R8 =ffff88804b032f9b R9 =1ffff110096065f3 R10=dffffc0000000000 R11=ffffed10096065f4
R12=ffffffff8fa38330 R13=0000000000000000 R14=0000000000000000 R15=1ffffffff1bd2a20
RIP=ffffffff8b7973f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007ffe73bb3378 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000ff0000000000 000000000000ff00 XMM01=0000ff0000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=0000000000000000 0000000000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=b0cdb5053d564000 RBX=ffffffff819683b8 RCX=b0cdb5053d564000 RDX=0000000000000001
RSI=ffffffff8be33660 RDI=ffffffff819683b8 RBP=ffffc90000177f20 RSP=ffffc90000177de0
R8 =ffff888136632f9b R9 =1ffff11026cc65f3 R10=dffffc0000000000 R11=ffffed1026cc65f4
R12=ffffffff8fa38330 R13=0000000000000001 R14=0000000000000001 R15=1ffff1102001f000
RIP=ffffffff8b7973f3 RFL=00000282 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000556ef1e0a728 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000000 00007fa4a7987d20
XMM02=0809800309800406 800306800407a003 XMM03=0000000000000200 00000a0000160232
XMM04=a010000690030882 a107000012000800 XMM05=0100100007800401 0000000806060168
XMM06=d400080007e00300 100007d003001000 XMM07=07c00302100007b0 0301a01000069003
XMM08=0882a10700001200 0800000000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
