last executing test programs:

55.32719008s ago: executing program 0 (id=117):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180500000000c800000000004b64ffec850000007d000000850000002a00000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
openat(0xffffffffffffff9c, 0x0, 0x101042, 0x40)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r4)
sendmsg$DEVLINK_CMD_RATE_GET(r4, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, r5, 0x303, 0x0, 0x25dfdbfd, {0x3d}}, 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x0)

54.418743795s ago: executing program 0 (id=118):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180), 0xfefc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)

54.297127934s ago: executing program 0 (id=119):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x58, 0x10, 0x401, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_IFNAME={0x14, 0x3, 'ipvlan1\x00'}, @IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6, 0x2, 0x2}, @IFLA_IPVLAN_MODE={0x6, 0x1, 0x2}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x840}, 0x4000044)

54.234427445s ago: executing program 0 (id=120):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@nodioread_nolock}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080))
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000001100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c})
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents(r0, &(0x7f0000000040)=""/61, 0x3d)

54.08128015s ago: executing program 0 (id=121):
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000340)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c000000020000000000000002000084ffffffff0000000003000000000000000000000002000000000000000000000000000002030000000000000000000002"], 0x0, 0x56}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x0, 0x6, 0x4, 0x0, 0x1, 0x4749, '\x00', 0x0, r0, 0x3, 0x2, 0x0, 0xd}, 0x48)

53.837407329s ago: executing program 0 (id=124):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={<r1=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={<r2=>r1, @in={{0x2, 0x4e24, @multicast2}}}, &(0x7f0000000040)=0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r2, 0xfffffffd}, 0xc)

53.710098245s ago: executing program 32 (id=124):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={<r1=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7a, &(0x7f0000000340)={<r2=>r1, @in={{0x2, 0x4e24, @multicast2}}}, &(0x7f0000000040)=0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000000c0)={r2, 0xfffffffd}, 0xc)

4.890298877s ago: executing program 2 (id=633):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000009c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000100)='kfree\x00', r0}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff})
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r2, &(0x7f0000006280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=@newtaction={0x68, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x54, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x2}, 0x2, r4}}]}, {0x4, 0xa}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0x88, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0xffdff7e8, 0x0, 0x3}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x1, 0x0, 0x1, 0x400, 0xfffffffb}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x4008000}, 0x0)

4.741895483s ago: executing program 2 (id=635):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000009c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0, 0x0, 0x9}, 0x18)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$FUSE(r1, &(0x7f0000000180)={0x2020}, 0x143b)

4.640259048s ago: executing program 2 (id=638):
r0 = syz_clone(0x4020000, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r0, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x0, r0, 0x0, 0x0)

4.538025247s ago: executing program 2 (id=640):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="6163746976655f6c6f67733d342c646174615f666c7573682c66617374626f6f742c6a71666d743d76667376312c6e6f696e6c696e655f64656e7472792c7573726a71756f74613d66326673002c00ff371013587045d0d273e856ce75c2b11120ece6d6a76856a2cdd8c835ef14aa3aea583b7f3affd12ff9abc9b21098874a75607f009920ad1a283ce7b8b528e239692ab156e30dd8365f708e6c98cfcd0b30d5304dd70f87da026e2d4e4df1ad07ba72683f43d76541d455d1fa118f0900000009fe28bfded255e7c5806f05b80ec0e186b4f72759eb096a1fe6793e734fe61555f01ff9f23bc11370aa247215e8f1410ea4728bb2a2c2d20bc5e61b0a4c7ddb25da21c75f35f711581d1f5b8db3be07c80000000000000000"], 0x1, 0x54f4, &(0x7f0000005600)="$eJzs3M1rI2UYAPBn2u1+uxbx4G0HFqGFTdj0Y9Fb1V38wC7Fj4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJmZ6tYvhKaNtb8fTJ6ZN2+eed5QCs9MmADOrfn0px+SuBFXImI2Iq5H5PtJueXWivBMRNyMiJnHtqQc/23gYkRcjYgb4+RFzqR865Pbo1ur37/245dfX7pw7dMvvpneqoFpezYietvF/l6viFm7iA/L8fqok8feyqiMxRu9R+VxVsS91maeYa9+OK+ex+V2MT/b3h2MY5LUG+PY7mzl49v94oSDUfswT/6Bh/Wd/LjZ2sxjZ5DlsX1Q1LV/UPxvOxgMizzNMt/7efoYDg9jMd7abxXr2X6Ux0Z/WI4XebNma38cR2UsTxeNrNvM69g8zjf93/Z6p7+7n45aO4NO1k9Xq7XnqrW7ldpO1mwNWyuVeq95dyVdaHfH0yrDVr231s6ydrdVbWS9xXSh3WhUarV04V5rs1Pvp7Vadbl6p7K6WO7dTl9+8HbabaYL4/hip7877HQH6Va2kxafWEyXqsvPL6a3aumb6xvpxhv3769vvPXuvXcevLD+6kvlpD+VlS4s3VlaqtTuVJZqi+do/R+WRU9w/XAsybQLADh79P/ANEyj/9/qTq7/D/3/RJyp/ve89/8nsH44Fv0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC59e3cZ6/kO/PF8bVy/ImIm+Ohp8rjJCJmIuKXvzAbF4/knC3zzP3N/Lk/1PBVEnmG8TkuldvViFgrt5+fPOlvAQAAAP6/Pv/g5sdFt168zE+7IE5TcdFm5vp7E8qXRMTc/HcTyjYzfnl6Qsnyv+8LsT+hbPkFrMsTSlZccrswqWz/yuyRcPmxkBRh5lTLAQAATsXRTuB0uxAAAABO00fTLoDpSOLwVubhveD8l/e/3xC8cuQIAAAAOIOSaRcAAAAAnLi8//+H5/+F5/8BAADA2Vc8/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiVnfvJSR2K4gB8Wuh7vD9GYpy7FWewDJfg0KFhAW6CJeAW3ABrwJlLMGBoS7QGE5PetpF8X9JebkN+nBIm515SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJzsZo/3l89tM3Z7tpJczcAAADAMZtiNS9fTKv5v/r6WX3pop5nEZFHxLHefRS/GpmjOqf44v3FpxqeIsqE/Wf8ro+/EXFdH6/nXX8LAAAAcLrWi+Ws6tar03ToguhTtWiT/79JlJdFRDF9SZSW70+XicLK3/c47hKllQtYk0Rh1ZLbOFXat4waw+TDkFVD3ms5AABAL5qdQL9dCAAAAH26HboAhpHFYSvzsBdc/vP+fUPwT2MGAAAA/EDZ0AUAAAAAnSv7f8//AwAAgNNWPf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALm2K1Xy9WM7a5mx37aS5GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgjf15R4EQCIMw2Lu+M5n7H1YaNDU1qQLh428MBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9uclBUIgCKJgzvjfSd//sJKgZxAhAhoeVdSiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudu7nNY4qDgD4d2Z2trYqxig5RETBg17sdlNbe/WgBA/+CUJItzW69Ueagy1FyMWb5NyL6FFEUOKt/0PPLfRSbz3soYJnZWZnmmkacLV0Zpt8PvD2fWcY5n3fJIR8570EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2eW8vzoqPhWmcVudu3b+2XvS39/WFGzt3lotWxEmbST8dXm0eJEvdJQIAAMDRkdX1fUTczXdXiz5dKOv/vL6mqPl/eH4a1/X8/rq/7uvav2i//3bv5QcDLUzHKW56YWM8OvVoKr0nN8v59sK/XtErn3z57iUrvyDph9svTfLyeSbf3bz5fr8Mj7WRLQDwf5ys+yqofx8q+mGXiQFwZPQahXdd/2cL3eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IbJdjxbx0lELPf24sLt+9fWD+pv7NxZrtvZ69d3mvcsbpFHxIWN8ehUi3OZd5evXP1sbTwebbYfvBYR3Y1eBR/PcE1ElxkKHjdIq+/1ecnn6Qg6/sEEAMChk1etqOvv5rurxblkMeLvHx+u/99sxDFj/X/vk7O3mmM16/9hazOcf4OtS18OLl+5+vbGpbWLo4ujz99ZGb47PH3uzJlzg/JdycAbEwAAAB5PP4no76v/08VH1/9PNOKYsf7/6vvhN82xMvX/gfYW/brOBAAA4Gh78fW//kwOOJ/0+/H12tbW5nD6WR3H5kp5vNJBqv/Zsao16/9sseusAAAAgDZMtpOH1v/PN+KYcf3/uZ9e+aV5zywijlfr/yfXvxifb286c62NPyfueo4AAAB063jVmuv/ebn/P32w5SGNiLfemMbVvwGcqf7PPvj25+ZYzf3/p9ub4lxKl6bPo+yXInpLXWcEAADAYfZM1Ypi/498d/XTX0981Lf/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBt/wQAAP//K8ZAQg==")
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x8000, 0x0, 0x0, 0x0, &(0x7f0000000000))
syz_mount_image$fuse(0x0, &(0x7f0000000240)='./bus\x00', 0x20000, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x200000, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@userxattr}]})
llistxattr(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)

3.663456085s ago: executing program 2 (id=650):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x42003, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x1)
ioctl$KDSIGACCEPT(r0, 0x800455c9, 0x6)

2.571354446s ago: executing program 2 (id=657):
socket(0x1, 0x3, 0x87)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

2.57094127s ago: executing program 1 (id=658):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x1c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xa0}}, 0x0)

2.375883934s ago: executing program 33 (id=657):
socket(0x1, 0x3, 0x87)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2})

2.315985496s ago: executing program 1 (id=661):
r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x180)
ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000000c0)={"0e00", 0x0, 0x6, 0x2, 0x0, 0x1, "f700", '\x00', "0300", "fcffffff", ["5089986400005cacf10000b6", "808effffff6000000200", "0c436d743c97c443084000", "ff81000000008000"]})
ioctl$CEC_TRANSMIT(r0, 0xc0386105, &(0x7f0000000140)={0x4, 0xffffffffffff8000, 0x4, 0x2, 0x7f, 0xa, "d5489c8e68145db0da91c3d32931b17e", 0x5, 0x7, 0x81, 0x8, 0x2, 0x4, 0x3})

2.24727611s ago: executing program 3 (id=662):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="6673796e635f6d6f64653d706f7369782c6e6f696e6c696e655f646174612c6469736361726400aa19fd46b492dc6cf59d696e6c696e655f64656e7472792c00"], 0x1, 0x54f3, &(0x7f000000ab40)="$eJzs3M9rI+UbAPAn7XZ/f/dbRNDbDixCC5uw6XYXvVXdxR/Ypfjj4EnTZBqym2RKk6a1Jw8exYP/iSh48ujf4MGzt8WD4k1QMjPRrSgITRu7/Xxg8sz75s0zz5tD4ZkpCeDMWkx++akS1+JSRMxHxNWI/LxSHrm1IjwfEdcjYu6Jo1LO/zFxPiIuR8S1cfIiZ6V86/Oboxt3fnzz52++u3Duyhdffz+7XQOz9kJE9LaL871eEbN2ER+W841RJ4+91VEZizd6j8pxVsS9dDPPsNeYrGvk8Xa7WJ9t7w7GcavbaI5ju7OVz2/3iwsORu1JnvwDDxs7+biVbuaxM8jy2D4o6to/KP62HQyGRZ5Wme+jPH0Mh5NYzKf7abGf7Ud5bPaH5XyRN2ul++M4KmN5uWhm3VZex+ZRvun/trc6/d39ZJTuDDpZP7lTq79Yq9+t1neyVjpMV6uNXuvuarLU7o6XVYdpo7fWzrJ2N601s95ystRuNqv1erJ0L93sNPpJvV67XbtVvbNcnt1MXnvwXtJtJUvj+EqnvzvsdAfJVraTFJ9YTlZqt19aTm7Uk3fWN5KNt+/fX99494N77z94ef2NV8tFh8t6nK4mSyu3Vlaq9VvVlfryGdr/J2XRU9w/HEll1gUAnD76f2AWTnv/H/r/qThV/e+krLPa/x/D/uFI9P8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGfWDwtfvp6fLBbjK+X8/8qpZ8pxJSLmIuK3vzEf5w/lnC/zLPzD+oW/1PBtJfIM42tcKI/LEbFWHr/+/7i/BQAAAHh6ffXx9c+Kbr14WZx1QZyk4qbN3NUPp5SvEhELi4+nlG1u/PLslJLFcxFxLvanlC2/gXVxSsmKW27nppXtX5k/FC4+ESpFmDvRcgAAgBNxuBM42S4EAACAk/TprAtgNioxeZQ5eRac/+f9nw8ELx0aAQAAAKdQZdYFAAAAAMcu7//9/h8AAAA83Yrf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5n535yUoeiOACfFvoe74+RGOduxRkswyU4dGhYgJtgCbgFN8AacOYSDBjaEq3BxKS3bSTfl7SX25Afp4TJuZcUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuvRcrOaP91cPbXO2u3bS3A0AAABwzKZYzcsX02r+r75+Vl+6qOdZROQRcax3H8WvRuaozim+eH/xqYaniDJh/xm/6+NvRFzXx+t5198CAAAAnK71YjmruvXqNB26IPpULdrk/28S5WURUUxfEqXl+9NlorDy9z2Ou0Rp5QLWJFFYteQ2TpX2LaPGMPkwZNWQ91oOAADQi2Yn0G8XAgAAQJ9uhy6AYWRx2Mo87AWX/7x/3xD805gBAAAAP1A2dAEAAABA58r+3/P/AAAA4LRVz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS5tiNV8vlrO2OdtdO2nuBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Y3/eUSAEwiAM9q7vTOb+h5UGTU1NqkD4+BuDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODN7/7yf2JqnEnmXhtLzyPJ2qmxdWrsnRtHfxhfvwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICL/XlJgRAIgiiYM/530vc/rCToGUSIgIZHFbVoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+KLf/fJ/YmqcSeZOG0vHI8naVWPrqrH3oHH0YLz9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLnft5jaOKAwD+ZmZna6viGmUPEVHwoBe73dbWXj0owYN/ghDSbY1u/dHmYEsRcvEmOfciehQRlHjr/9BzC73UWw57iCAeI/MrmfwAt4TMbJLPB9687w6bed83CSHfeS8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCZfLATJ9mhV8Rxee7R5r2lrH+8p888WHsyn7UsjppM+nh4vf4i6reXCAAAAKdHUtX3IYSn6fpC1se9vP5Pq/dkNf9PLxZxVc/vrfurvqr9s/bnHxuvbg/UK8bJLnp9eTy6sD+VztHNckb8u1XYc/ql//3CTn7n82cvSf4NiT9efWWS5vcz+uHhww+7eXjmqBIHAA7rfNWXQfX3UNYP20wMgFOjUyu8q/o/6bWbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEATJqvh+SqOQgjznZ0483jz3tJB/YO1J/NVu3L//lr9mtkl0hDC9eXx6EKDc5l1t+/c/WJxPB7daj54I4TQ3uhl8OkU7wmhzQwFhw3i8md9VvI5HkHLv5gAADhx0rJldf3TdH0hOxfNhbD18+76/+1aHKas/zc+u/KoPla9/h82NsPZN1i5+fXg9p277y7fXLwxujH68r2Lw/eHl65evnx1kD8rGXhiAgAAwOF0y1av/+O5/ev/52pxmLL+/+bH4Xf1sRL1/4F2Fv3azgQAAOB0e/nNf/6ODjgfdbvh28WVlVvD4rj9+mJxbCHVZ3ambPX6P5lrOysAAACgCZPVaNf6/7VaHKZc/3/hl9d+q18zCSGcLdf/zy99Nb7W3HRmWhP/Ttz2HAEAAGjX2bLV1//TfP9/vL3lIQ4hvPNWEZcfAzhV/Z989P2v9bHq+/8vNTfFmRT3i/uR9/0QOv22MwIAAOAke65sWbH/V7q+8Pnv5z7p2v8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LT/AgAA//8Yl0ni")
open(0x0, 0x14927e, 0x81)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
getdents64(r0, 0x0, 0x0)

2.246819443s ago: executing program 1 (id=663):
syz_mount_image$nilfs2(&(0x7f0000000080), &(0x7f0000000300)='./bus\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x1, 0xad9, &(0x7f0000000340)="$eJzs3d2PVFcBAPAzszvLbqGyVLArxQK2tlXbpSwrfhCFBmIiKY3xpUnjC6G0EhETa/xomhT4B2zTYOKTH/GpL001JvbFEJ58aSIkjUmfqg8+SDA28UFRGMPuObN3DjPc2dmPO8P8fsndM+eee+855+6dO/fznACMrPrC3/n5mVoIF95548jfH/nb1K0xB1tTTC/8HS/EGiGEWoyPZ8v7YGwxvPHhKyc6hbUwt/A3xcMz11rzbgwhnA27wsUwHbZfuPL6u3NPHzt39Pzuy28euLo2tQcAgNHy9YsH5rf95U8PbLkexg+FDa3x6fh8OsY3xeP+Q/HAPx3/10N7vFYYiiay6cbjUJ9qn26sw3TFfBrZdONd8p/I8m90mW5DuHP+Y4VxneoNwyxtx9OhVp9ti9frs7OL5+Rh4bx+ojZ75tTpF16qqKDAqvvXzhDCrsJw+Hx7fNCGgwNQhj6H5gCUYSiHQ+uX1/XmosrrvE5Dc3PVeyCARfn9wtucza8srExraeO95X/tqXrn+WEVrPf2v6z8JyrM/+FLi2GV9R+A/H99zh6H1XO3bk2pXul7tCnG8/sI+fNL3b9/+Z2O9rH5/YhGj+Xsdh9hWO4vdCvn2DqXo1/dyp9vF3erL8cwrYevZOnF70/+Px2W/zHQ2b/z6/+GtRgu/yCt8OrLYhj2oX07aqxkWc3qdj3AgMufm2um+6NR/lxfnr6hJH2yJH2qJP2ekvSNJekwyn77/Z+E12pL5/n5Of1yr4en62z3xvAjyyxPfj1yufnnz/0u10rzz58nhkH2++PPnvzC889d2XL9rQcPhVpr+78Zt/d0ujEdv1sX4wTpemF+Xb317P90ez71LtPdl5Xn3g7TL3ze2j5dbevSckJhP3NbOWba59vcbbod7dNNZ9NNxWEyK29+fHJPNl86/kj71bS+xrP6NrJ6TGTlSPuVLTHMywH9SNtjl+f/Wz9uM6FRe+HU6ZNPxnjaTv841thwa/ze9S02sAp6ff9nJrS//7OpNb5RL+4XNi+Nry3uF96Oy2sfP9fKp338vhhPv3PfGptaGD974runn1/96sNIe+nHL3/7+OnTJ7/nQ98fvrqi2V+toszptKXqVefDwH6oeMcErLk9ry4eBDxx6jvHXzz54skz+/bv3zc3t/+L++b3LBzX7yke3RedraC0wGpa+tGvuiQAAAAAAAAAAABAr3549MiV9y59/v3F9/+X3v9L7/+nJ38X3/9fauuiXhgfOrSOm94D3NIhfWGarIHViWy6Rhw+mpV3a5bPtmy+j8Ww1Y9ffP8/ZZe365rKc382vtElmjUncFt7KRNZGyR5f4GfjOH5GP4qQIVqU51Hx7Csfeu0raf2KQrtUjS1Dzw80v8tbQ2pHZP0/nfHdp0K/+wt61BGVt96vE5YdR2Bzv4xUu1//3Op4pWXxdB9GF/f/H42/NvEsT7L3+x6lN5rDzYAq6Pq/j/Tdc8UnvnD1yZvDWmya0+17y/z9kthOf78Xnt80PufXOv883771jv/quu/3v1/tvq/63n/V2+foU//+fnV94tL2d5r/nn9UzvQW5eX//WYf6rNo6G3/Ju/zPLPbwj16L9Z/vf0mP9t9d/RX/7/i/mn1fbYQ73mv1jiWr29HPl143T/L79unNzI6p/a9rxD/t94uVP9+9wMb8b8YZQNSz+zy5UdR7QO2nvs/7fZ6+//Svv/bRU2263lz2F8LsbTjjg955D3d7Lc45f0fEX6HdiWLb9W8vvWT/+/g9T50qj3//ulGJb1h536/03b43T8yS/EF9Zlijc6rNu7dV8Dw+qDkbr/NxTD5KotK1Rel56HyQEoQ59Dc6yP+Vr9xFVc/mazubYXtEpUmjmVr//CecLOivOvRNXrv0ze/29+DJ/3/5un5/3/5ul5/795+lT8D3VLz/v/zddn3v9vnn5/tty8f+CZkvSPl6Rv75zeOm1/oGT+HSXpnyhJ391KP9g2RUp/sGT+nd3SYw3uK5n/oZL0h0vSP1WS/sgd0h/fFMJjhfRiH9Bp/k+XLP9ul95HGdX6wyjL38/z/YfRke7/dPv+by1JB4bXT9/ae/i533xzevH9/4nW9ZB0H+9QjDfi+dOPYjy/7x0K8Vtpl2L8r1n6oF/vgFGSt5+R/74/WpIODK/0nJfvN4yg2mTn0TEsa7eq23E+w+UzMfxsDB+P4RMxnI3hnhjujeHcOpWPtXH47d8deK22dL6/OUvv9Xny/H2gtnaiQgj7eixPfn1guc+z5+34LddK8+/zdTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDK1Bf+zs/P1EK48M4bR549dmrPrTEHW1NML/wdL8QarflCeDKGYzH8Rfxw48NXThTDmzGshblQC7XW+PDMtVZOG0MIZ8OucDFMh+0Xrrz+7tzTx84dPb/78psHrq7dGgAAAIC73/8DAAD//yj3EhU=")
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x2)
ioctl$TIOCSBRK(r0, 0x5427)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r4, &(0x7f0000000680)={0x2ae, 0x7d, 0x40, {{0x500, 0x16d, 0x0, 0xb000000, {0x2, 0x2, 0x3}, 0x0, 0x0, 0x0, 0x5, 0x1b, '\x04nodev{evo\xb4&g\xa9q\f\xcc\b^>\x86\xd7\xcaG\xc6\x00\x05', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x92, '\xcf\xc2m\xd7\xc5\x00\xf0\xdc4l)Vne\nA\x8aVK\x98\xa8BBJ\x97\x83\x7f[\x85Q\xee\xcb\x06\\\xf7\x1d\xe15\xf0s\xa2GAat\xe2\xa8\x04\x9bX\xd9]{\x99\xa9\xac\x9f;3\x82\x84Io\x9d\xcaf\x1dj\xc2f\xa0\x11\xe0\x84\xf3\xc1\xb0\xbe\x1d\xb4m)\xd6\b:E\xfb\xf8\x9e1\xb5\xe3\xdb\xfd\x0e5\xc7H\xde(\x1f\xe2\xba\x18\xef\x86\x8a\x87\xa9\xa4H`\x8c\x1c\xad\x87\xc8\xe0\x1e\x1c\x92\t\x00\xe6\xf8\xde\xb8\x98\x19[\xbe\xee\xe2\xa9\x94\x00'/146, 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1h\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\b\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x2ae)
syz_create_resource$binfmt(0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x9, 0x1, 0xb8}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf}, 0x80)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000004c0)='cubic', 0x6)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000100)=0x3)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e000000100"/32, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000040000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0xfc}}, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$devlink(0x0, r6)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)

1.299902381s ago: executing program 1 (id=664):
syz_mount_image$nilfs2(&(0x7f0000000480), &(0x7f0000000f00)='./file1\x00', 0x208800, &(0x7f0000003100)=ANY=[], 0x1, 0xeec, &(0x7f0000001e40)="$eJzs3U9sHNUZAPA3a6/txCZeAwUDJaTQikDBDkmkprcgoh4Rl96D8odGMWnU0ANRIKYHRCVEkSJOFQcqLpRKKVKRQJWqqKe2p1a99YR6oVKVSkE9tJESV1m/We8+e7rrsT1r7/5+0rdv37zZ+b7xRs7MePZtAIZWrfl4+PBsFsJ7n1859trJ7NM7yx5prbGv+ZjFXiOEUG/rZ8n2vogLbt24dGKtNgsHm495Pzx/vfXayRDCYtgXroVG+Hh+4auP3n9u/ydvTtz3zsWzr2/R7rek+wEAAIPo6p8W/vbEP/741MzNq3uPhvHW8pXj9WWT8bj/QFyQL6+Fzn7WFu3GkvVGYtSS9UaS9UaTPKMF+erJduoF6411yTfStmyt/QQAAICdKD+vbYSsNtfRr9Xm5pbP++/4Ynosmzt3ZuH0hT4VCgAAAJT278vNm26FEEIIIYQQQggxwLE03e8rEAAAAMCwSecLW2Vxc2fqam2t0Vv+68/W1n49bIKq//3Lv7Pyf/iG3zgAAJQ3qEeT+X7lx9H5PAbpPIIjyevWe/xfS7Yzus46i+YV7Fiebd+3qaj+9Oe6XRXVv973sV+K6k/nw9yuiupP5+ncrorqH6+4jrKK6p+ouI6yiurfVXEdZRXVv7viOsoqqn+y4jrKKqp/quI6yiqq/66K6yirqP49FddRVlH9O+W22qL6GxXXUVZR/TMV11FWUf13V1xHWUX131NxHWUV1X9vxXX0y8OxzX8Oe5Px9vPn9Jxup5zjAQAAwLD7r/n/hBBCiFXRvA9iG9QhxGBHtg1qEEKI4YnL/b4AAQAAAPRd/rmA/APoS1E+PtJlfLR9fGJlhXy83uX1Y13Gx7uMAwAAACH89q3TD7ybrXzOf6Pz4eXzRu0Kn94OJeYxSie6W2/+jc57ttH865i3zPQJAAAAVCb73rXbTx774JWZm1f3Hm07+70dz3fzeUBH4wnrZ7Gf3xcwlfSz/Bz6aGeeWsF66fWBu4q298IGdxQAAACGWH7+3ghZba7tvLsRarW5uZXz8dlQz06fWTh1IPbz72f5w3R9/M7yZyquGwAAAOjdyvn+2uf/+ff4zoaxbO7cmYXTF5b7U63l9Vr7dYHpleVZ+3WBRrL8YMHyQ7Gff3/nD6Z3NZfPnfjhwsnN3nkAAAAYEhdevXj2xYWFUz/yxBNPPGk96fdvJgAAYLN9+eWV+o8PTf1u+fP/K/Pf5Z//3xf7jTi335/jCvl9AvnnAFZ9Xv94Z57povXOd67XSNYbiTGe1D3Rtp3QnG+w83UzRfkandsZK8g3meSbSvKl8xSMJuvn+fYky9P5CfP1ppPl6eSAo0mOLMn/aAAAAIBi86+8fH7+wqsXnz7z8osvnXrp1LlDB49898iRA89855n55n398+139wMAAAA70cpNv/2uBAAAAAAAAAAAAAAAAAAAAIZXFV8n1u99BAAAgGH3r8shhEUhhCgdS+P9r0GILjG2DWoQQgghhFiO5ne7V5+31u/rDwAAAMDwuXXj0on2dpXFbFPztbbWWG5ux7x5O/X0X2fuRL7a9WdHOl6/e1OrYdhV/e9f/p2V/8M3Njf/RP6k599/ySXjo+XyPj7/y9n2/A+O9pg/3f8XyuXfn+R/PPSWf+mDJP/xcvmfSPLv7jH/qv0/Xy7/kzH/bOzvf6zX/J3v/3hs8/3Y1WP+byf7fzL0mj/Z/0aPCRNPxfwAMIwG9QaA/CghP46ejP18f+PhZhhJXrfe4/9asp3RDVfeud38OOj+2M+Pl6aSvLn11j+ZbO+uknWm0rq2q6L6N+t93GpF9dcrrqOsovrHKq6jrKL6xyuuo6yi+icqrqOsovp7PQ/tt6L6d8p15aL6Jyuuo6yi+qcqrqOsovrX+/94vxTVv6fiOsoqqn+64jrKKqq/5GW1yhXVP1NxHWUV1X93xXWUVVT/PRXXUVZR/fdWXEe/PBTbovPh/PxzOo7l/UbSH1/jZzmo1xYAAABgp/mn+f+EEEIIIUpF836ZbVBHf6Ltbrm+1yI2I/6ztKzfdQghti6Wlvp48YG+29pPMwOwXfn9P9y8/8PN+z/cvP/8P/k9/FnSz410GR/tMl7vMj6WjKf/Xse7jN+TbHcpv64Z3dtl/Gtdxvd0Gb+/y/hsl/EHuow/2GX8oS7jAAAADIf7Yuv8EAAAAAbXa7/67O3fPH78xszNq3uPhrFV884fiP3x+Lf1t2I/nfc+V49/8/9J7P8itr+P7d+T9d1/AgAAAFsv/54Yf/8HAACAwZV/T6nzfwAAABhcM7F1/g8AAACD6+7YOv8HAACAAZZNrL04tvl1gUdj2+u8fgDA9vf12D4c272xfSS234htfhzwWGy/WVF9AMDm+fn3f3rk3Wxlvv9DyfituDxvV1lcvlKQ1Tpn8t8V292x/VaP9aTfB9Br/tyeHvNsVf7pDeYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZHrfl4+PBsFsJ7n1859rOxt/9yZ9kjrTX2NR+z2GuEEOqt1+WjK/1fxxVv3bh0or29HdssHAxZyFrLw/PXW5kmQwiLYV+4Fhrh4/mFrz56/7n9n7w5cd87F8++voU/go79AwAAgEH0vwAAAP//cFQjcg==")
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000340)=0x6)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x404c0c0}, 0x2000c000)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r4)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_int(r4, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0xc2)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, 0x0, 0x0)
connect$inet6(r4, &(0x7f0000000240)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
openat(0xffffffffffffff9c, &(0x7f0000000d80)='./file1\x00', 0x143042, 0x0)

1.062831197s ago: executing program 3 (id=665):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x7fffffff8000, 0x40000)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000140)={{0x4, 0x4, 0x4, 0x4, 'syz0\x00', 0x1000}, 0x3, 0x30, 0x4, 0x0, 0x3, 0x1ff, 'syz0\x00', &(0x7f0000000080)=['iso9660\x00', '\\\x00', 'unhide'], 0x10})

346.286706ms ago: executing program 3 (id=666):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)
sendmsg$rds(r0, &(0x7f0000003740)={&(0x7f0000000040)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f00000004c0)=[@rdma_dest={0x18, 0x114, 0x2, {0x1, 0x8}}, @mask_fadd={0x58, 0x114, 0x8, {{0x1, 0x8}, 0x0, 0x0, 0xfff, 0x3, 0x6, 0xc, 0x1, 0x2ca}}], 0x70, 0x90}, 0x0)

311.096622ms ago: executing program 1 (id=667):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="2c0000001600156f00000000000000000a000084"], 0x2c}}, 0x0)

162.453855ms ago: executing program 3 (id=668):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xc, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0xe2, 0x0, 0x0, 0x0, 0x2000000}, [@call={0x85, 0x0, 0x0, 0x2c}, @printk={@ld}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

68.708286ms ago: executing program 1 (id=669):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x58b2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_io_uring_setup(0x489, &(0x7f0000000600)={0x0, 0x3f73, 0x10, 0x0, 0x1a}, &(0x7f00000005c0)=<r3=>0x0, &(0x7f0000000240)=<r4=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r2, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0xffffffffffffff3a, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, 0x0, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r5, 0x0, 0x0, 0x0, 0x262, 0x0, {0x1}})
io_uring_enter(r2, 0x3516, 0xf400, 0x0, 0x0, 0x0)

68.014641ms ago: executing program 3 (id=670):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e23, 0xe9db8df3, @local, 0x2}, 0x1c)
setsockopt$sock_linger(r0, 0x1, 0x3e, &(0x7f0000000180)={0x200000000000001}, 0x8)

0s ago: executing program 3 (id=671):
epoll_create1(0x0)
r0 = socket$unix(0x1, 0x1, 0x0)
close(r0)
socket$packet(0x11, 0x3, 0x300)
setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0xffff, 0x4)
r1 = io_uring_setup(0x6001, &(0x7f0000000080)={0x0, 0xeec2, 0x800, 0x2, 0x116})
close_range(r1, r1, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x2, 0x0, 0xfffffffffffffff8, 0x0, 0x1, 0x10}, 0x0, &(0x7f0000000240)={0x1f, 0xc, 0x715, 0x8000000000000000, 0x0, 0x80000000000000, 0x800, 0x20000}, 0x0, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:42518' (ED25519) to the list of known hosts.
syzkaller login: [   64.361956][ T5839] cgroup: Unknown subsys name 'net'
[   64.461790][ T5839] cgroup: Unknown subsys name 'cpuset'
[   64.468298][ T5839] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   66.195412][ T5839] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.170548][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.172585][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   86.528242][ T1272] cfg80211: failed to load regulatory.db
[   96.891750][ T5907] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   96.895687][ T5907] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   96.899125][ T5907] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   96.907742][ T5907] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   96.911456][ T5907] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   96.995097][ T5912] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   96.998613][ T5912] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   97.004394][ T5915] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   97.012858][ T5915] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   97.018380][ T5915] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   97.022635][ T5915] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   97.054469][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   97.058724][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   97.062604][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   97.067290][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   97.309534][ T5906] chnl_net:caif_netlink_parms(): no params data found
[   97.446077][ T5906] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.449590][ T5906] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.452460][ T5906] bridge_slave_0: entered allmulticast mode
[   97.455990][ T5906] bridge_slave_0: entered promiscuous mode
[   97.495175][ T5906] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.498564][ T5906] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.501560][ T5906] bridge_slave_1: entered allmulticast mode
[   97.505453][ T5906] bridge_slave_1: entered promiscuous mode
[   97.542261][ T5910] chnl_net:caif_netlink_parms(): no params data found
[   97.560146][ T5906] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.568749][ T5906] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.587620][ T5911] chnl_net:caif_netlink_parms(): no params data found
[   97.633468][ T5906] team0: Port device team_slave_0 added
[   97.652745][ T5906] team0: Port device team_slave_1 added
[   97.721811][ T5910] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.725275][ T5910] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.728613][ T5910] bridge_slave_0: entered allmulticast mode
[   97.732649][ T5910] bridge_slave_0: entered promiscuous mode
[   97.744743][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_0
[   97.747252][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.755579][ T5906] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   97.761175][ T5910] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.764033][ T5910] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.767242][ T5910] bridge_slave_1: entered allmulticast mode
[   97.771027][ T5910] bridge_slave_1: entered promiscuous mode
[   97.803242][ T5906] batman_adv: batadv0: Adding interface: batadv_slave_1
[   97.805733][ T5906] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   97.817302][ T5906] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   97.850274][ T5910] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.877218][ T5910] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   97.925338][ T5911] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.929264][ T5911] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.931844][ T5911] bridge_slave_0: entered allmulticast mode
[   97.935253][ T5911] bridge_slave_0: entered promiscuous mode
[   97.945222][ T5906] hsr_slave_0: entered promiscuous mode
[   97.948638][ T5906] hsr_slave_1: entered promiscuous mode
[   97.953531][ T5910] team0: Port device team_slave_0 added
[   97.956480][ T5911] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.959640][ T5911] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.962039][ T5911] bridge_slave_1: entered allmulticast mode
[   97.965626][ T5911] bridge_slave_1: entered promiscuous mode
[   97.997198][ T5910] team0: Port device team_slave_1 added
[   98.042562][ T5911] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.046046][ T5910] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.049276][ T5910] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.058140][ T5910] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.074970][ T5911] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.079397][ T5910] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.081916][ T5910] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.090908][ T5910] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.144681][ T5911] team0: Port device team_slave_0 added
[   98.154163][ T5911] team0: Port device team_slave_1 added
[   98.237632][ T5910] hsr_slave_0: entered promiscuous mode
[   98.240647][ T5910] hsr_slave_1: entered promiscuous mode
[   98.243465][ T5910] debugfs: 'hsr0' already exists in 'hsr'
[   98.245813][ T5910] Cannot create hsr debugfs directory
[   98.250406][ T5911] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.252606][ T5911] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.263186][ T5911] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.269455][ T5911] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.272074][ T5911] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.281424][ T5911] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.394027][ T5911] hsr_slave_0: entered promiscuous mode
[   98.397689][ T5911] hsr_slave_1: entered promiscuous mode
[   98.400957][ T5911] debugfs: 'hsr0' already exists in 'hsr'
[   98.403260][ T5911] Cannot create hsr debugfs directory
[   98.507607][ T5906] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   98.536578][ T5906] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   98.556745][ T5906] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   98.584749][ T5906] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   98.720056][ T5910] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   98.743084][ T5910] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   98.771903][ T5910] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   98.778873][ T5910] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   98.821724][ T5911] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   98.828498][ T5911] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   98.846724][ T5911] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   98.858519][ T5911] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   98.911363][ T5906] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.928578][   T54] Bluetooth: hci0: command tx timeout
[   98.962054][ T5906] 8021q: adding VLAN 0 to HW filter on device team0
[   98.976077][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.978924][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.996964][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.999181][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.044565][ T5910] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.068745][ T5911] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.086950][   T54] Bluetooth: hci1: command tx timeout
[   99.095339][ T5911] 8021q: adding VLAN 0 to HW filter on device team0
[   99.098519][   T54] Bluetooth: hci2: command tx timeout
[   99.108419][ T5910] 8021q: adding VLAN 0 to HW filter on device team0
[   99.123851][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.126646][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.133222][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.136140][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.154040][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.156725][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.172589][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.175569][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.306661][ T5906] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.366896][ T5906] veth0_vlan: entered promiscuous mode
[   99.375998][ T5906] veth1_vlan: entered promiscuous mode
[   99.415954][ T5906] veth0_macvtap: entered promiscuous mode
[   99.426680][ T5906] veth1_macvtap: entered promiscuous mode
[   99.443836][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.471454][ T5906] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.503392][ T5921] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.509099][ T5921] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.519031][ T5921] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.531194][ T5921] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.536541][ T5911] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.552825][ T5910] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.618116][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.620883][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.663183][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.668289][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.685333][ T5910] veth0_vlan: entered promiscuous mode
[   99.696469][ T5911] veth0_vlan: entered promiscuous mode
[   99.710895][ T5910] veth1_vlan: entered promiscuous mode
[   99.724204][ T5911] veth1_vlan: entered promiscuous mode
[   99.725507][ T5906] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   99.788757][ T5910] veth0_macvtap: entered promiscuous mode
[   99.792437][ T5911] veth0_macvtap: entered promiscuous mode
[   99.813363][ T5910] veth1_macvtap: entered promiscuous mode
[   99.815889][ T5969] warning: `syz.0.44' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   99.832927][ T5911] veth1_macvtap: entered promiscuous mode
[   99.858191][ T5910] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.891392][ T5910] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.904965][ T5911] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.921466][ T5911] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.932745][ T5695] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.962543][ T5695] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.981104][ T5695] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.989600][ T5695] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.008218][ T5695] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.041400][ T5695] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.045783][ T5695] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.072885][ T5695] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.157325][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.161284][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.186114][   T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.197694][   T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.261189][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.264226][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.313407][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.316416][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.556710][ T5992] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  100.701135][ T5996] Driver unsupported XDP return value 0 on prog  (id 3) dev N/A, expect packet loss!
[  100.793068][ T6004] netlink: 44 bytes leftover after parsing attributes in process `syz.0.61'.
[  100.955304][ T6010] loop1: detected capacity change from 0 to 164
[  101.025478][   T54] Bluetooth: hci0: command tx timeout
[  101.062393][ T6010] rock: directory entry would overflow storage
[  101.072361][ T6010] rock: sig=0x66, size=4, remaining=3
[  101.083509][ T6010] rock: directory entry would overflow storage
[  101.100708][ T6010] rock: sig=0x66, size=4, remaining=3
[  101.168592][ T5907] Bluetooth: hci1: command tx timeout
[  101.170814][   T54] Bluetooth: hci2: command tx timeout
[  101.806465][ T6045] loop2: detected capacity change from 0 to 256
[  101.821934][ T6045] exfat: Deprecated parameter 'utf8'
[  101.842100][ T6045] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x40a90196, utbl_chksum : 0xe619d30d)
[  103.096957][   T54] Bluetooth: hci0: command tx timeout
[  103.247081][ T5907] Bluetooth: hci1: command tx timeout
[  103.249116][   T54] Bluetooth: hci2: command tx timeout
[  103.732665][ T6065] mmap: syz.0.87 (6065) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  103.875367][ T6075] random: crng reseeded on system resumption
[  104.025160][ T6082] netlink: 44 bytes leftover after parsing attributes in process `syz.1.97'.
[  104.277435][  T974] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  104.444298][  T974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.448065][  T974] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.451159][  T974] usb 3-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00
[  104.453971][  T974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.504572][  T974] usb 3-1: config 0 descriptor??
[  104.685671][ T6105] loop0: detected capacity change from 0 to 512
[  104.751652][ T6105] EXT4-fs warning (device loop0): ext4_xattr_inode_get:542: inode #11: comm syz.0.106: ea_inode file size=4 entry size=6
[  104.759580][ T6105] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  104.773048][ T6105] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.106: corrupted inode contents
[  104.780767][ T6105] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #15: comm syz.0.106: mark_inode_dirty error
[  104.785962][ T6105] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #15: comm syz.0.106: corrupted inode contents
[  104.792273][ T6105] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2991: inode #15: comm syz.0.106: mark_inode_dirty error
[  104.803028][ T6105] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2994: inode #15: comm syz.0.106: mark inode dirty (error -117)
[  104.810005][ T6105] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117)
[  104.813690][ T6105] EXT4-fs (loop0): 1 orphan inode deleted
[  104.817940][ T6105] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.861728][ T5906] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.157216][  T974] usb 3-1: USB disconnect, device number 2
[  105.178775][   T54] Bluetooth: hci0: command tx timeout
[  105.327871][ T5907] Bluetooth: hci1: command tx timeout
[  105.331120][   T54] Bluetooth: hci2: command tx timeout
[  105.641385][ T6127] vcan0: tx drop: invalid sa for name 0x0000000000000003
[  106.067105][  T974] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  106.169174][   T51] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  106.388784][   T51] usb 3-1: Using ep0 maxpacket: 32
[  106.438392][  T974] usb 2-1: unable to get BOS descriptor or descriptor too short
[  106.442497][   T51] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  106.449426][  T974] usb 2-1: not running at top speed; connect to a high speed hub
[  106.452412][   T51] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  106.458587][  T974] usb 2-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  106.464164][  T974] usb 2-1: config 1 interface 0 has no altsetting 0
[  106.467391][   T51] usb 3-1: config 0 descriptor??
[  106.471736][  T974] usb 2-1: language id specifier not provided by device, defaulting to English
[  106.484389][  T974] usb 2-1: New USB device found, idVendor=046d, idProduct=c227, bcdDevice= 0.40
[  106.490834][  T974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  106.493766][  T974] usb 2-1: Product: syz
[  106.495309][  T974] usb 2-1: SerialNumber: syz
[  106.680347][   T51] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  106.688196][   T51] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  106.696517][   T51] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  106.700553][   T51] usb 3-1: media controller created
[  106.724653][   T51] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  106.795619][  T974] usbhid 2-1:1.0: can't add hid device: -71
[  106.799250][  T974] usbhid 2-1:1.0: probe with driver usbhid failed with error -71
[  106.811049][  T974] usb 2-1: USB disconnect, device number 2
[  106.894504][   T51] az6027: usb out operation failed. (-71)
[  106.901087][   T51] az6027: usb out operation failed. (-71)
[  106.903089][   T51] stb0899_attach: Driver disabled by Kconfig
[  106.905068][   T51] az6027: no front-end attached
[  106.905068][   T51] 
[  106.908734][   T51] az6027: usb out operation failed. (-71)
[  106.911326][   T51] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  106.918682][   T51] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5
[  106.942343][   T51] dvb-usb: schedule remote query interval to 400 msecs.
[  106.947375][   T51] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  106.953091][   T51] usb 3-1: USB disconnect, device number 3
[  106.979155][ T6147] loop0: detected capacity change from 0 to 512
[  106.994125][ T6147] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  107.018329][ T6147] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  107.021673][   T51] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  107.031540][ T6147] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.120: bad orphan inode 131083
[  107.037818][ T6147] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.054345][ T6147] overlayfs: upper fs needs to support d_type.
[  107.068651][ T6147] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 13: comm syz.0.120: path /: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  107.089682][ T5906] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /34/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  107.310349][ T5906] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.349073][ T5695] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.402892][ T5695] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.485096][ T5695] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.561689][ T6156] loop1: detected capacity change from 0 to 4096
[  107.646145][ T5695] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.954338][ T5907] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  107.958091][ T5907] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  107.961357][ T5907] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  107.965557][ T5907] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  107.975064][ T5907] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  107.985794][ T5695] bridge_slave_1: left allmulticast mode
[  108.031797][ T5695] bridge_slave_1: left promiscuous mode
[  108.035092][ T5695] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.044844][ T5695] bridge_slave_0: left allmulticast mode
[  108.050508][ T5695] bridge_slave_0: left promiscuous mode
[  108.053234][ T5695] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.806903][ T5695] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  108.813250][ T5695] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  108.821092][ T5695] bond0 (unregistering): Released all slaves
[  109.413151][ T6211] loop1: detected capacity change from 0 to 512
[  109.432226][ T6211] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  109.495457][ T6211] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548)
[  109.498744][ T5695] hsr_slave_0: left promiscuous mode
[  109.501478][ T5695] hsr_slave_1: left promiscuous mode
[  109.510572][ T5695] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  109.517505][ T5695] batman_adv: batadv0: Removing interface: batadv_slave_0
[  109.532816][ T5695] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  109.542556][ T5695] batman_adv: batadv0: Removing interface: batadv_slave_1
[  109.570525][ T5695] veth1_macvtap: left promiscuous mode
[  109.572284][ T6216] netlink: 'syz.1.143': attribute type 9 has an invalid length.
[  109.577491][ T5695] veth0_macvtap: left promiscuous mode
[  109.579401][ T6216] netlink: 200108 bytes leftover after parsing attributes in process `syz.1.143'.
[  109.580017][ T5695] veth1_vlan: left promiscuous mode
[  109.583284][ T6216] openvswitch: netlink: Message has 5 unknown bytes.
[  109.585087][ T5695] veth0_vlan: left promiscuous mode
[  109.697002][  T974] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  109.870060][  T974] usb 3-1: Using ep0 maxpacket: 32
[  109.891501][  T974] usb 3-1: config 0 has an invalid interface number: 51 but max is 0
[  109.894618][  T974] usb 3-1: config 0 has no interface number 0
[  109.900879][  T974] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  109.904902][  T974] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.914770][  T974] usb 3-1: Product: syz
[  109.916421][  T974] usb 3-1: Manufacturer: syz
[  109.918587][  T974] usb 3-1: SerialNumber: syz
[  109.925351][  T974] usb 3-1: config 0 descriptor??
[  109.936376][  T974] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  110.047634][ T5907] Bluetooth: hci0: command tx timeout
[  110.135610][ T6228] loop1: detected capacity change from 0 to 1024
[  110.169105][ T5695] team0 (unregistering): Port device team_slave_1 removed
[  110.196083][   T90] hfsplus: b-tree write err: -5, ino 4
[  110.226075][  T974] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  110.270571][  T974] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  110.270755][ T5695] team0 (unregistering): Port device team_slave_0 removed
[  110.575237][    C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71
[  110.579012][  T974] usb 3-1: USB disconnect, device number 4
[  110.607156][  T974] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  110.620380][  T974] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  110.634310][  T974] quatech2 3-1:0.51: device disconnected
[  110.716696][ T6173] chnl_net:caif_netlink_parms(): no params data found
[  110.830468][ T6243] netlink: 36 bytes leftover after parsing attributes in process `syz.1.155'.
[  110.880112][ T6173] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.900874][ T6173] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.903741][ T6173] bridge_slave_0: entered allmulticast mode
[  110.911900][ T6173] bridge_slave_0: entered promiscuous mode
[  110.924192][ T6173] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.937737][ T6173] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.940386][ T6173] bridge_slave_1: entered allmulticast mode
[  110.943711][ T6173] bridge_slave_1: entered promiscuous mode
[  111.031328][ T6173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  111.037474][ T6173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  111.076108][ T6173] team0: Port device team_slave_0 added
[  111.083460][ T6173] team0: Port device team_slave_1 added
[  111.139538][ T6173] batman_adv: batadv0: Adding interface: batadv_slave_0
[  111.141875][ T6173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.176582][ T6173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  111.198802][ T6173] batman_adv: batadv0: Adding interface: batadv_slave_1
[  111.201529][ T6173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  111.240075][ T6173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  111.365985][ T6173] hsr_slave_0: entered promiscuous mode
[  111.385958][ T6173] hsr_slave_1: entered promiscuous mode
[  112.044499][ T6173] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  112.128413][ T5907] Bluetooth: hci0: command tx timeout
[  112.182980][ T6173] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  112.199880][ T6173] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  112.206367][ T6173] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  112.339112][ T6173] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.357685][ T6173] 8021q: adding VLAN 0 to HW filter on device team0
[  112.366361][   T68] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.369149][   T68] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.390244][   T68] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.393144][   T68] bridge0: port 2(bridge_slave_1) entered forwarding state
[  112.435771][ T6173] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  112.542479][ T6306] loop1: detected capacity change from 0 to 1024
[  112.548685][ T6173] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  112.593899][ T6306] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  112.613701][ T6306] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  112.616354][ T6306] EXT4-fs (loop1): orphan cleanup on readonly fs
[  112.632787][ T6306] EXT4-fs error (device loop1): ext4_free_blocks:6696: comm syz.1.173: Freeing blocks not in datazone - block = 0, count = 4096
[  112.639047][ T6306] EXT4-fs (loop1): 1 orphan inode deleted
[  112.641690][ T6306] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  112.691704][ T5910] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  112.780365][ T6173] 8021q: adding VLAN 0 to HW filter on device batadv0
[  112.825084][ T6173] veth0_vlan: entered promiscuous mode
[  112.832496][ T6173] veth1_vlan: entered promiscuous mode
[  112.855273][ T6173] veth0_macvtap: entered promiscuous mode
[  112.860276][ T6173] veth1_macvtap: entered promiscuous mode
[  112.872782][ T6173] batman_adv: batadv0: Interface activated: batadv_slave_0
[  112.883833][ T6173] batman_adv: batadv0: Interface activated: batadv_slave_1
[  112.894591][ T5921] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  112.902573][ T5921] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  112.919187][ T5921] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  112.954327][ T5921] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  112.998041][ T1272] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  113.005090][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.016552][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.061344][ T3038] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  113.065113][ T3038] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  113.147692][ T1272] usb 2-1: Using ep0 maxpacket: 32
[  113.153743][ T1272] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  113.158035][ T1272] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x32, changing to 0x2
[  113.170616][ T1272] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 108, setting to 64
[  113.179846][ T1272] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  113.183594][ T6326] syz.3.178 uses obsolete (PF_INET,SOCK_PACKET)
[  113.191210][ T1272] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  113.195870][ T6326] Bluetooth: MGMT ver 1.23
[  113.196546][ T1272] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.201042][ T1272] usb 2-1: Product: syz
[  113.202608][ T1272] usb 2-1: Manufacturer: syz
[  113.204493][ T1272] usb 2-1: SerialNumber: syz
[  113.214698][ T1272] usb 2-1: config 0 descriptor??
[  113.228120][ T1272] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  113.438524][ T6145] usb 2-1: USB disconnect, device number 3
[  113.441712][ T5695] usb 2-1: Failed to submit usb control message: -71
[  113.467765][ T5695] usb 2-1: unable to send the bmi data to the device: -71
[  113.471535][ T5695] usb 2-1: unable to get target info from device
[  113.474443][ T5695] usb 2-1: could not get target info (-71)
[  113.477560][ T5695] usb 2-1: could not probe fw (-71)
[  113.566476][ T6315] delete_channel: no stack
[  113.964631][ T6336] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  113.970888][ T6336] process 'syz.2.180' launched '/dev/fd/7' with NULL argv: empty string added
[  113.976478][ T6336] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  114.207322][ T5907] Bluetooth: hci0: command tx timeout
[  114.279629][ T6356] netlink: 868 bytes leftover after parsing attributes in process `syz.3.189'.
[  114.471054][ T6370] loop3: detected capacity change from 0 to 512
[  114.516750][ T6370] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  114.547806][ T6370] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  114.552509][ T6370] ext4 filesystem being mounted at /11/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  114.560766][ T6358] loop1: detected capacity change from 0 to 32768
[  114.567251][ T6358] =======================================================
[  114.567251][ T6358] WARNING: The mand mount option has been deprecated and
[  114.567251][ T6358]          and is ignored by this kernel. Remove the mand
[  114.567251][ T6358]          option from the mount to silence this warning.
[  114.567251][ T6358] =======================================================
[  114.594246][ T6173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.611653][ T6358] (syz.1.190,6358,0):ocfs2_verify_heartbeat:839 ERROR: Heartbeat has to be started to mount a read-write clustered device.
[  114.625647][ T6358] (syz.1.190,6358,1):ocfs2_fill_super:1177 ERROR: status = -22
[  114.923148][   T33] audit: type=1326 audit(1758564014.621:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.1.204" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbc638ec29 code=0x7ffc0000
[  114.944329][   T33] audit: type=1326 audit(1758564014.621:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.1.204" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbc638ec29 code=0x7ffc0000
[  114.954298][   T33] audit: type=1326 audit(1758564014.621:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.1.204" exe="/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7fdbc638ec29 code=0x7ffc0000
[  114.965927][   T33] audit: type=1326 audit(1758564014.621:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.1.204" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbc638ec29 code=0x7ffc0000
[  114.984911][   T33] audit: type=1326 audit(1758564014.621:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.1.204" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbc638ec29 code=0x7ffc0000
[  114.996963][   T33] audit: type=1326 audit(1758564014.621:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.1.204" exe="/syz-executor" sig=0 arch=c000003e syscall=265 compat=0 ip=0x7fdbc638ec29 code=0x7ffc0000
[  115.028771][   T33] audit: type=1326 audit(1758564014.621:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.1.204" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbc638ec29 code=0x7ffc0000
[  115.052963][   T33] audit: type=1326 audit(1758564014.621:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6390 comm="syz.1.204" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbc638ec29 code=0x7ffc0000
[  115.199908][ T6410] loop3: detected capacity change from 0 to 512
[  115.209424][ T6410] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  115.220839][ T6410] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.212: corrupted in-inode xattr: e_value size too large
[  115.228503][ T6410] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.212: couldn't read orphan inode 15 (err -117)
[  115.236245][ T6410] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  115.816285][ T6422] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.212: corrupted in-inode xattr: e_value size too large
[  115.896624][ T1272] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  116.046909][ T1272] usb 2-1: Using ep0 maxpacket: 8
[  116.058706][ T1272] usb 2-1: config index 0 descriptor too short (expected 6427, got 27)
[  116.061886][ T1272] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  116.070658][ T1272] usb 2-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4
[  116.074180][ T1272] usb 2-1: New USB device strings: Mfr=31, Product=1, SerialNumber=0
[  116.077421][ T1272] usb 2-1: Product: syz
[  116.086002][ T1272] usb 2-1: Manufacturer: syz
[  116.097997][ T1272] usb 2-1: config 0 descriptor??
[  116.119394][ T6173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  116.287080][ T5907] Bluetooth: hci0: command tx timeout
[  116.314958][ T1272] usb 2-1: USB disconnect, device number 4
[  117.076149][ T5953] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  117.316972][ T5953] usb 4-1: Using ep0 maxpacket: 8
[  117.359995][ T5953] usb 4-1: config 252 has an invalid interface number: 104 but max is 0
[  117.367269][ T5953] usb 4-1: config 252 has no interface number 0
[  117.866493][ T5953] usb 4-1: config 252 interface 104 has no altsetting 0
[  117.875235][ T5953] usb 4-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice= b.c7
[  117.892930][ T5953] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.896036][ T5953] usb 4-1: Product: syz
[  117.902718][ T5953] usb 4-1: Manufacturer: syz
[  117.904692][ T5953] usb 4-1: SerialNumber: syz
[  117.922025][ T5953] gspca_main: spca501-2.14.0 probing 0497:c001
[  117.939325][ T6444] team_slave_0: entered promiscuous mode
[  117.941932][ T6444] team_slave_1: entered promiscuous mode
[  117.948165][ T6444] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  117.961231][ T6444] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  117.975519][ T6444] netlink: 132 bytes leftover after parsing attributes in process `syz.2.224'.
[  118.127168][ T5953] gspca_spca501: reg write: error -71
[  118.132364][ T5953] spca501 4-1:252.104: Reg write failed for 0x02,0x07,0x05
[  118.136363][ T6449] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  118.137624][ T5953] spca501 4-1:252.104: probe with driver spca501 failed with error -22
[  118.146492][ T5953] usb 4-1: USB disconnect, device number 2
[  118.497133][ T5314] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  118.647062][ T5314] usb 2-1: Using ep0 maxpacket: 16
[  118.663894][ T5314] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  118.668474][ T5314] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  118.672233][ T5314] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  118.691251][ T5314] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  118.694755][ T5314] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.700269][ T5314] usb 2-1: Product: syz
[  118.702422][ T5314] usb 2-1: Manufacturer: syz
[  118.714760][ T5314] usb 2-1: SerialNumber: syz
[  118.943552][ T6481] loop2: detected capacity change from 0 to 1024
[  118.963968][ T6481] EXT4-fs: Ignoring removed i_version option
[  118.966415][ T6481] EXT4-fs: Ignoring removed nobh option
[  118.999988][ T6481] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  119.026364][ T6481] EXT4-fs warning (device loop2): ext4_rename_delete:3731: inode #12: comm syz.2.241: Deleting old file: nlink 2, error=-2
[  119.070453][ T5911] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  119.146188][ T5314] usb 2-1: 2:1 : format type 0 is detected, processed as PCM
[  119.151271][ T6208] tipc: Subscription rejected, illegal request
[  119.332328][ T6498] sctp: [Deprecated]: syz.2.245 (pid 6498) Use of struct sctp_assoc_value in delayed_ack socket option.
[  119.332328][ T6498] Use struct sctp_sack_info instead
[  119.609666][ T6500] loop3: detected capacity change from 0 to 128
[  119.778574][ T6500] syz.3.246: attempt to access beyond end of device
[  119.778574][ T6500] loop3: rw=2049, sector=145, nr_sectors = 8 limit=128
[  119.784074][ T6500] syz.3.246: attempt to access beyond end of device
[  119.784074][ T6500] loop3: rw=2049, sector=161, nr_sectors = 8 limit=128
[  119.790069][ T6500] syz.3.246: attempt to access beyond end of device
[  119.790069][ T6500] loop3: rw=2049, sector=177, nr_sectors = 8 limit=128
[  119.795625][ T6500] syz.3.246: attempt to access beyond end of device
[  119.795625][ T6500] loop3: rw=2049, sector=193, nr_sectors = 8 limit=128
[  119.803852][ T6500] syz.3.246: attempt to access beyond end of device
[  119.803852][ T6500] loop3: rw=2049, sector=209, nr_sectors = 8 limit=128
[  119.810713][ T6500] syz.3.246: attempt to access beyond end of device
[  119.810713][ T6500] loop3: rw=2049, sector=225, nr_sectors = 8 limit=128
[  119.816120][ T6500] syz.3.246: attempt to access beyond end of device
[  119.816120][ T6500] loop3: rw=2049, sector=241, nr_sectors = 8 limit=128
[  119.823545][ T6500] syz.3.246: attempt to access beyond end of device
[  119.823545][ T6500] loop3: rw=2049, sector=257, nr_sectors = 8 limit=128
[  119.829818][ T6500] syz.3.246: attempt to access beyond end of device
[  119.829818][ T6500] loop3: rw=2049, sector=273, nr_sectors = 8 limit=128
[  119.835302][ T6500] syz.3.246: attempt to access beyond end of device
[  119.835302][ T6500] loop3: rw=2049, sector=289, nr_sectors = 8 limit=128
[  120.063555][ T5314] usb 2-1: 2:1: cannot set freq 9338507 to ep 0x82
[  120.094460][ T5314] usb 2-1: USB disconnect, device number 5
[  120.136024][ T6084] udevd[6084]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  120.203727][ T6505] loop2: detected capacity change from 0 to 1024
[  120.275892][   T68] hfsplus: b-tree write err: -5, ino 4
[  120.713920][ T6529] block nbd1: Attempted send on invalid socket
[  120.716536][ T6529] I/O error, dev nbd1, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  120.732245][ T6529] block nbd1: Attempted send on invalid socket
[  120.734677][ T6529] I/O error, dev nbd1, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  120.747526][ T6529] Mount JFS Failure: -5
[  121.090376][ T6533] loop1: detected capacity change from 0 to 32768
[  121.129283][ T6531] loop2: detected capacity change from 0 to 32768
[  121.133588][ T6531] XFS: ikeep mount option is deprecated.
[  121.135844][ T6531] XFS: ikeep mount option is deprecated.
[  121.144584][ T6531] XFS: noikeep mount option is deprecated.
[  121.196657][ T6531] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  121.201698][ T6533] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  121.289188][ T6531] XFS (loop2): Ending clean mount
[  121.294786][ T6533] XFS (loop1): Ending clean mount
[  121.534319][ T6533] XFS (loop1): Quotacheck needed: Please wait.
[  121.641879][ T5911] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  121.699818][ T6533] XFS (loop1): Quotacheck: Done.
[  121.791167][ T5910] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  122.110286][ T6568] loop3: detected capacity change from 0 to 512
[  122.143352][ T6568] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  122.153144][ T6568] ext4 filesystem being mounted at /32/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  122.172927][ T6568] EXT4-fs warning (device loop3): ext4_group_add:1716: Can't resize non-sparse filesystem further
[  122.201401][ T6173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  122.317486][ T6145] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  122.340832][ T6583] netlink: 4 bytes leftover after parsing attributes in process `syz.1.273'.
[  122.483087][ T6145] usb 3-1: Using ep0 maxpacket: 16
[  122.500586][ T6145] usb 3-1: config 254 has an invalid interface number: 235 but max is 0
[  122.503949][ T6145] usb 3-1: config 254 has an invalid descriptor of length 0, skipping remainder of the config
[  122.513080][ T6145] usb 3-1: config 254 has no interface number 0
[  122.515663][ T6145] usb 3-1: config 254 interface 235 altsetting 2 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  122.524463][ T6145] usb 3-1: config 254 interface 235 altsetting 2 endpoint 0x6 has invalid wMaxPacketSize 0
[  122.528996][ T6145] usb 3-1: config 254 interface 235 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  122.534417][ T6145] usb 3-1: config 254 interface 235 has no altsetting 0
[  122.558740][ T6145] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1
[  122.562399][ T6145] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.566106][   T33] audit: type=1326 audit(1758564022.261:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6592 comm="syz.3.277" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x0
[  122.578521][ T6145] usb 3-1: Product: syz
[  122.582096][ T6145] usb 3-1: Manufacturer: syz
[  122.584047][ T6145] usb 3-1: SerialNumber: syz
[  122.657930][ T1272] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  122.807011][ T6145] usbtest 3-1:254.235: couldn't get endpoints, -71
[  122.809817][ T6145] usbtest 3-1:254.235: probe with driver usbtest failed with error -71
[  122.821845][ T6145] usb 3-1: USB disconnect, device number 5
[  122.823799][ T6604] loop3: detected capacity change from 0 to 256
[  122.829689][ T1272] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  122.837142][ T6604] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x2e76b09e, utbl_chksum : 0xe619d30d)
[  122.839168][ T1272] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.849474][ T1272] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40
[  122.855587][ T1272] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  122.861715][ T1272] usb 2-1: config 0 descriptor??
[  122.868461][ T1272] usb 2-1: Found UVC 0.00 device <unnamed> (10c4:ea90)
[  122.878145][ T1272] usb 2-1: No valid video chain found.
[  123.084151][ T1272] usb 2-1: USB disconnect, device number 6
[  123.241634][ T6609] loop3: detected capacity change from 0 to 32768
[  123.596960][   T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  123.635432][ T6619] loop1: detected capacity change from 0 to 256
[  123.670133][ T6619] FAT-fs (loop1): Directory bread(block 64) failed
[  123.675417][ T6619] FAT-fs (loop1): Directory bread(block 65) failed
[  123.684789][ T6619] FAT-fs (loop1): Directory bread(block 66) failed
[  123.688958][ T6619] FAT-fs (loop1): Directory bread(block 67) failed
[  123.692441][ T6619] FAT-fs (loop1): Directory bread(block 68) failed
[  123.695205][ T6619] FAT-fs (loop1): Directory bread(block 69) failed
[  123.700909][ T6619] FAT-fs (loop1): Directory bread(block 70) failed
[  123.703410][ T6619] FAT-fs (loop1): Directory bread(block 71) failed
[  123.706106][ T6619] FAT-fs (loop1): Directory bread(block 72) failed
[  123.708759][ T6619] FAT-fs (loop1): Directory bread(block 73) failed
[  123.775661][   T24] usb 3-1: Using ep0 maxpacket: 16
[  123.785633][   T24] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  123.802825][   T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.814376][   T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  123.858538][   T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  123.862105][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.865280][   T24] usb 3-1: Product: syz
[  123.887410][   T24] usb 3-1: Manufacturer: syz
[  123.889309][   T24] usb 3-1: SerialNumber: syz
[  124.163350][ T6639] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  124.166944][ T6639] IPv6: NLM_F_CREATE should be set when creating new route
[  124.169824][ T6639] IPv6: NLM_F_CREATE should be set when creating new route
[  124.172831][ T6639] IPv6: NLM_F_CREATE should be set when creating new route
[  124.258845][ T6644] netlink: 28 bytes leftover after parsing attributes in process `syz.3.293'.
[  124.349251][   T24] usb 3-1: 0:2 : does not exist
[  124.352040][ T6649] loop3: detected capacity change from 0 to 256
[  124.568696][ T6661] loop1: detected capacity change from 0 to 22
[  124.571591][ T6661] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  124.579061][ T6661] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  124.808300][  T974] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  124.841380][ T6663] loop1: detected capacity change from 0 to 32768
[  124.848484][ T6663] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.301 (6663)
[  124.867615][ T6663] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  124.871487][ T6663] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  124.935417][ T6663] BTRFS info (device loop1): rebuilding free space tree
[  124.966238][   T24] usb 3-1: 1:0: failed to get current value for ch 0 (-22)
[  124.969352][  T974] usb 4-1: Using ep0 maxpacket: 16
[  124.974544][ T6663] BTRFS info (device loop1): disabling free space tree
[  124.978312][ T6663] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  124.978811][  T974] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  124.982295][ T6663] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  124.989970][ T6663] BTRFS info (device loop1): enabling ssd optimizations
[  124.990003][ T6663] BTRFS info (device loop1): force clearing of disk cache
[  124.990025][ T6663] BTRFS info (device loop1): enabling auto defrag
[  124.990036][ T6663] BTRFS info (device loop1): doing ref verification
[  124.990049][ T6663] BTRFS info (device loop1): max_inline set to 4096
[  125.033028][   T24] usb 3-1: USB disconnect, device number 6
[  125.044424][  T974] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  125.049004][  T974] usb 4-1: config 0 interface 0 has no altsetting 0
[  125.070266][  T974] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  125.073209][  T974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  125.101747][ T5910] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  125.107569][  T974] usb 4-1: config 0 descriptor??
[  125.119321][ T6506] udevd[6506]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  125.328464][ T6681] loop1: detected capacity change from 0 to 512
[  125.363429][ T6681] EXT4-fs error (device loop1): ext4_quota_enable:7128: inode #4: comm syz.1.302: iget: bad i_size value: 5910974510929920
[  125.370224][ T6681] EXT4-fs error (device loop1): ext4_quota_enable:7131: comm syz.1.302: Bad quota inode: 4, type: 1
[  125.374088][ T6681] EXT4-fs warning (device loop1): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  125.380860][ T6681] EXT4-fs (loop1): mount failed
[  125.524780][  T974] hid (null): nested delimiters
[  125.530762][  T974] hid (null): nested delimiters
[  125.532668][  T974] hid (null): nested delimiters
[  125.553728][  T974] hid (null): report_id 24797 is invalid
[  125.556302][  T974] hid (null): bogus close delimiter
[  125.676401][ T6693] cgroup: name respecified
[  125.751494][ T5953] usb 4-1: USB disconnect, device number 3
[  125.766419][ T6696] loop2: detected capacity change from 0 to 1024
[  126.448902][ T6698] hfsplus: xattr search failed
[  128.008934][ T6715] program syz.1.313 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  128.253398][ T6730] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  128.379363][ T6738] loop2: detected capacity change from 0 to 8
[  128.404638][ T6738] SQUASHFS error: lzo decompression failed, data probably corrupt
[  128.415033][ T6738] SQUASHFS error: Failed to read block 0x28d: -5
[  128.423922][ T6738] SQUASHFS error: Unable to read metadata cache entry [28b]
[  128.437076][ T6738] SQUASHFS error: Unable to read inode 0x11f
[  129.443956][ T6766] loop2: detected capacity change from 0 to 32768
[  129.460730][ T6766] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  129.533268][   T33] audit: type=1800 audit(1758564029.201:11): pid=6766 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.335" name="file2" dev="loop2" ino=17060 res=0 errno=0
[  129.645644][ T6771] netlink: 28 bytes leftover after parsing attributes in process `syz.3.336'.
[  129.654799][ T6771] netlink: 28 bytes leftover after parsing attributes in process `syz.3.336'.
[  129.663909][ T6771] erspan0: entered promiscuous mode
[  129.667316][ T6771] gretap0: entered promiscuous mode
[  129.678307][ T5911] ocfs2: Unmounting device (7,2) on (node local)
[  129.819931][ T6776] loop3: detected capacity change from 0 to 4096
[  129.842481][ T6776] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0022]
[  129.848810][ T6776] System zones: 0-5
[  129.860110][ T6776] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.894011][ T6776] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.339: bg 0: block 304: padding at end of block bitmap is not set
[  129.913116][ T6776] fs-verity (loop3, inode 15): ext4_end_enable_verity() failed with err -117
[  129.960506][ T6173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.406985][ T5907] Bluetooth: hci1: command 0x0c1a tx timeout
[  131.427602][ T6762] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  131.692636][ T6802] loop2: detected capacity change from 0 to 128
[  131.703683][ T6802] FAT-fs (loop2): Directory bread(block 162) failed
[  131.706431][ T6802] FAT-fs (loop2): Directory bread(block 163) failed
[  131.709707][ T6802] FAT-fs (loop2): Directory bread(block 164) failed
[  131.712468][ T6802] FAT-fs (loop2): Directory bread(block 165) failed
[  131.715084][ T6802] FAT-fs (loop2): Directory bread(block 166) failed
[  131.720218][ T6802] FAT-fs (loop2): Directory bread(block 167) failed
[  131.722773][ T6802] FAT-fs (loop2): Directory bread(block 168) failed
[  131.725361][ T6802] FAT-fs (loop2): Directory bread(block 169) failed
[  131.856067][ T6762] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  131.862656][ T6762] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  131.865359][ T6762] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  131.867644][ T6762] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  131.871265][ T6762] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  131.874749][ T6762] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  131.876741][ T6762] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  131.880415][ T6762] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  132.146922][ T5314] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  132.298803][ T5314] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  132.302808][ T5314] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  132.311020][ T5314] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  132.315452][ T5314] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  132.319520][ T5314] usb 4-1: SerialNumber: syz
[  132.332699][ T5314] usb 4-1: bad CDC descriptors
[  132.338591][ T5314] usb-storage 4-1:1.0: USB Mass Storage device detected
[  132.348495][ T5314] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  132.541093][ T5314] usb 4-1: USB disconnect, device number 4
[  132.611100][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.613709][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  133.322250][ T1272] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  133.487474][   T54] Bluetooth: hci1: command 0x0c1a tx timeout
[  133.497205][ T1272] usb 2-1: Using ep0 maxpacket: 16
[  133.503302][ T1272] usb 2-1: config 0 has an invalid interface number: 131 but max is 0
[  133.506606][ T1272] usb 2-1: config 0 has no interface number 0
[  133.515911][ T1272] usb 2-1: config 0 interface 131 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81
[  133.525604][ T1272] usb 2-1: New USB device found, idVendor=0856, idProduct=ac29, bcdDevice=b6.9e
[  133.538098][ T1272] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  133.545253][ T1272] usb 2-1: config 0 descriptor??
[  133.607683][ T6858] loop2: detected capacity change from 0 to 256
[  133.634290][ T6856] loop3: detected capacity change from 0 to 4096
[  133.634417][ T6858] FAT-fs (loop2): Directory bread(block 64) failed
[  133.639886][ T6858] FAT-fs (loop2): Directory bread(block 65) failed
[  133.642596][ T6858] FAT-fs (loop2): Directory bread(block 66) failed
[  133.645509][ T6858] FAT-fs (loop2): Directory bread(block 67) failed
[  133.653984][ T6858] FAT-fs (loop2): Directory bread(block 68) failed
[  133.656708][ T6858] FAT-fs (loop2): Directory bread(block 69) failed
[  133.665711][ T6858] FAT-fs (loop2): Directory bread(block 70) failed
[  133.682222][ T6858] FAT-fs (loop2): Directory bread(block 71) failed
[  133.692871][ T6858] FAT-fs (loop2): Directory bread(block 72) failed
[  133.697934][ T6858] FAT-fs (loop2): Directory bread(block 73) failed
[  133.726502][ T6859] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  133.746433][   T33] audit: type=1800 audit(1758564033.441:12): pid=6856 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.372" name="file1" dev="loop3" ino=15 res=0 errno=0
[  133.786982][ T1272] mos7840 2-1:0.131: missing endpoints
[  133.799900][ T1272] usb 2-1: USB disconnect, device number 7
[  133.887408][   T54] Bluetooth: hci0: command 0x0405 tx timeout
[  133.890047][   T54] Bluetooth: hci2: command 0x0c1a tx timeout
[  134.105986][ T6871] tmpfs: Bad value for 'mpol'
[  134.283592][ T6883] loop2: detected capacity change from 0 to 128
[  134.318397][ T6885] loop3: detected capacity change from 0 to 2048
[  134.347668][ T6885] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  134.350069][   T33] audit: type=1800 audit(1758564034.051:13): pid=6883 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.385" name="file1" dev="loop2" ino=1048621 res=0 errno=0
[  134.351756][ T6885] NILFS (loop3): mounting unchecked fs
[  134.393255][ T6114] udevd[6114]: incorrect nilfs2 checksum on /dev/loop3
[  134.421989][ T6114] udevd[6114]: incorrect nilfs2 checksum on /dev/loop3
[  134.424858][ T6885] NILFS (loop3): recovery complete
[  134.449705][ T6888] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  135.263936][ T6909] loop3: detected capacity change from 0 to 764
[  135.295904][ T6911] loop1: detected capacity change from 0 to 8
[  135.304159][ T6911] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  135.332268][ T6911] cramfs: Error -3 while decompressing!
[  135.335688][ T6911] cramfs: ffffffff99bf66a8(1306)->ffff888032ccb000(4096)
[  135.341287][ T6911] cramfs: bad data blocksize 3221485966
[  135.344307][ T6911] cramfs: Error -3 while decompressing!
[  135.351430][ T6911] cramfs: ffffffff99bf66a8(1306)->ffff888032ccb000(4096)
[  135.360639][ T6912] Symlink component flag not implemented
[  135.370914][   T33] audit: type=1800 audit(1758564035.071:14): pid=6911 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.395" name="file2" dev="loop1" ino=348 res=0 errno=0
[  135.374291][ T6912] Symlink component flag not implemented (116)
[  135.567354][ T5907] Bluetooth: hci1: command 0x0c1a tx timeout
[  135.919088][   T33] audit: type=1326 audit(1758564035.611:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6915 comm="syz.1.397" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdbc638ec29 code=0x0
[  135.974390][ T5907] Bluetooth: hci2: command 0x0c1a tx timeout
[  135.977142][ T5907] Bluetooth: hci0: command 0x0405 tx timeout
[  136.640985][ T6922] loop3: detected capacity change from 0 to 128
[  136.656463][ T6922] zonefs: Unexpected value for 'explicit-open'
[  136.826314][ T6930] capability: warning: `syz.3.403' uses 32-bit capabilities (legacy support in use)
[  136.867032][ T6929] ubi31: attaching mtd0
[  136.868969][ T6929] ubi31 error: ubi_attach_mtd_dev: bad VID header (536940548) or data offsets (536940612)
[  137.125648][ T6942] loop2: detected capacity change from 0 to 16384
[  137.223986][ T6957] loop1: detected capacity change from 0 to 256
[  137.352020][ T6942] bcachefs (loop2): starting version 1.13: inode_has_child_snapshots opts=errors=continue,metadata_checksum=none,data_checksum=xxhash,erasure_code,grpquota,prjquota,norecovery,reconstruct_alloc,version_upgrade=none,nocow
[  137.352036][ T6942]   features: new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  137.377275][ T6942] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  137.383353][ T6942] bcachefs (loop2): invalid journal entry, version=1.13: inode_has_child_snapshots type=clock in superblock: bad size, fixing
[  137.390703][ T6942] bcachefs (loop2): recovering from clean shutdown, journal seq 18
[  137.394121][ T6942] bcachefs (loop2): dropping and reconstructing all alloc info
[  137.424926][ T6942] bcachefs (loop2): accounting_read... done
[  137.431540][ T6942] bcachefs (loop2): alloc_read... done
[  137.433658][ T6942] bcachefs (loop2): snapshots_read... done
[  137.436381][ T6942] bcachefs (loop2): Fixed errors, running fsck a second time to verify fs is clean
[  137.446978][ T6942] bcachefs (loop2): reading quotas
[  137.452405][ T6942] bcachefs (loop2): quotas done
[  137.461156][ T6966] loop3: detected capacity change from 0 to 512
[  137.466638][ T6942] bcachefs (loop2): done starting filesystem
[  137.487122][ T6966] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.415: casefold flag without casefold feature
[  137.502902][ T6966] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.415: couldn't read orphan inode 15 (err -117)
[  137.508068][ T6966] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  137.520038][   T33] audit: type=1800 audit(1758564037.221:16): pid=6966 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.415" name="file1" dev="loop3" ino=18 res=0 errno=0
[  137.639277][ T5911] bcachefs (loop2): shutting down
[  137.716633][ T5911] bcachefs (loop2): shutdown complete
[  137.875475][ T6173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.047372][ T5907] Bluetooth: hci0: command 0x0405 tx timeout
[  138.051241][ T5907] Bluetooth: hci2: command 0x0c1a tx timeout
[  138.290657][ T6981] hsr0: entered promiscuous mode
[  138.293277][ T6981] macsec1: entered promiscuous mode
[  138.455527][ T6985] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  138.934195][ T6992] loop3: detected capacity change from 0 to 32768
[  138.953443][ T6992] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[  138.964747][ T6992] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  138.996121][ T6992] XFS (loop3): Ending clean mount
[  139.019867][ T6173] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  139.372095][ T7019] Can't find a SQUASHFS superblock on nullb0
[  139.565621][ T7033] loop2: detected capacity change from 0 to 256
[  139.584634][ T7033] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  139.606733][ T7035] tmpfs: Bad value for 'mpol'
[  139.728547][  T974] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  139.774136][  T974] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  140.100428][ T7054] netlink: 60 bytes leftover after parsing attributes in process `syz.1.451'.
[  140.232281][ T7062] loop1: detected capacity change from 0 to 1024
[  140.479194][   T36] hfsplus: b-tree write err: -5, ino 4
[  141.573412][   T33] audit: type=1326 audit(1758564041.271:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7082 comm="syz.3.465" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7ffc0000
[  141.589719][   T33] audit: type=1326 audit(1758564041.271:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7082 comm="syz.3.465" exe="/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f206e790b7a code=0x7ffc0000
[  141.603090][   T33] audit: type=1326 audit(1758564041.271:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7082 comm="syz.3.465" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f206e78d590 code=0x7ffc0000
[  141.610154][ T7086] loop1: detected capacity change from 0 to 256
[  141.614254][ T7083] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  141.614299][ T7083] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  141.618784][ T7083] vhci_hcd vhci_hcd.0: Device attached
[  141.622404][   T33] audit: type=1326 audit(1758564041.281:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7082 comm="syz.3.465" exe="/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f206e78d6df code=0x7ffc0000
[  141.657008][   T33] audit: type=1326 audit(1758564041.351:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7082 comm="syz.3.465" exe="/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f206e78d88a code=0x7ffc0000
[  141.675770][ T7084] vhci_hcd: connection closed
[  141.678861][   T33] audit: type=1326 audit(1758564041.351:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7082 comm="syz.3.465" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7ffc0000
[  141.691151][ T6208] vhci_hcd: stop threads
[  141.698678][ T6208] vhci_hcd: release socket
[  141.705088][   T33] audit: type=1326 audit(1758564041.351:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7082 comm="syz.3.465" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7ffc0000
[  141.711624][ T6208] vhci_hcd: disconnect device
[  142.341020][ T7099] capability: warning: `syz.1.473' uses deprecated v2 capabilities in a way that may be insecure
[  142.488448][ T7105] loop3: detected capacity change from 0 to 4096
[  142.545195][ T7108] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  142.565527][   T33] audit: type=1800 audit(1758564042.261:24): pid=7105 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.472" name="file1" dev="loop3" ino=15 res=0 errno=0
[  142.931031][ T7110] loop2: detected capacity change from 0 to 1024
[  143.181523][ T7115] loop3: detected capacity change from 0 to 2048
[  143.201775][ T7115] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=66359, location=66359
[  143.220814][ T7115] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  143.230840][ T7118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.480'.
[  143.451584][ T7124] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  143.628496][ T7131] loop3: detected capacity change from 0 to 64
[  143.769006][ T7133] netlink: 'syz.3.487': attribute type 7 has an invalid length.
[  143.771440][ T7133] netlink: 'syz.3.487': attribute type 3 has an invalid length.
[  143.774280][ T7133] netlink: 224 bytes leftover after parsing attributes in process `syz.3.487'.
[  143.934391][ T7137] netlink: 20 bytes leftover after parsing attributes in process `syz.3.489'.
[  143.941586][ T7137] netlink: 4 bytes leftover after parsing attributes in process `syz.3.489'.
[  143.977987][ T7129] loop2: detected capacity change from 0 to 32768
[  144.002079][ T7129] ocfs2: Slot 0 on device (7,2) was already allocated to this node!
[  144.043695][ T7129] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  144.203050][ T5911] ocfs2: Unmounting device (7,2) on (node local)
[  144.406189][ T7149] netlink: 8 bytes leftover after parsing attributes in process `syz.2.492'.
[  144.474699][ T7155] loop2: detected capacity change from 0 to 2048
[  144.502402][ T7155] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  144.798465][ T7176] loop2: detected capacity change from 0 to 64
[  144.927942][ T7182] bridge0: entered promiscuous mode
[  144.930841][ T7182] team0: entered promiscuous mode
[  144.933445][ T7182] team0: left promiscuous mode
[  144.935919][ T7182] bridge0: left promiscuous mode
[  145.037692][  T974] usb 2-1: new low-speed USB device number 8 using dummy_hcd
[  145.189754][  T974] usb 2-1: unable to get BOS descriptor or descriptor too short
[  145.195205][  T974] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.202393][  T974] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  145.207605][  T974] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.211598][  T974] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  145.216441][  T974] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  145.222190][  T974] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  145.229629][  T974] usb 2-1: string descriptor 0 read error: -22
[  145.232463][  T974] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  145.235877][  T974] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  145.274504][ T7188] loop2: detected capacity change from 0 to 32768
[  145.279422][ T7188] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.513 (7188)
[  145.294821][ T7188] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  145.300814][ T7188] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  145.326098][ T7188] BTRFS info (device loop2): rebuilding free space tree
[  145.335937][ T7188] BTRFS info (device loop2): setting nodatasum
[  145.339250][ T7188] BTRFS info (device loop2): setting nodatacow
[  145.341873][ T7188] BTRFS info (device loop2): turning off barriers
[  145.344460][ T7188] BTRFS info (device loop2): enabling free space tree
[  145.347775][ T7188] BTRFS info (device loop2): force clearing of disk cache
[  145.439772][ T5911] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  145.459116][ T5953] usb 2-1: USB disconnect, device number 8
[  145.691754][ T7209] loop2: detected capacity change from 0 to 1024
[  145.705674][ T7211] x_tables: ip_tables: DSCP.0 target: invalid size 8 (kernel) != (user) 16
[  145.747664][ T7209] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.842126][ T5911] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.850848][ T7218] delete_channel: no stack
[  145.873683][ T7220] loop2: detected capacity change from 0 to 256
[  145.880135][ T7220] exfat: Deprecated parameter 'namecase'
[  145.882541][ T7220] exfat: Deprecated parameter 'utf8'
[  145.894505][ T7220] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d)
[  145.924300][ T7222] loop3: detected capacity change from 0 to 1024
[  145.988193][ T7226] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  145.991055][ T7226] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  145.997132][ T7226] vhci_hcd vhci_hcd.0: Device attached
[  146.004415][   T26] hfsplus: b-tree write err: -5, ino 4
[  146.090716][ T7227] vhci_hcd: connection closed
[  146.091434][ T5695] vhci_hcd: stop threads
[  146.098371][ T5695] vhci_hcd: release socket
[  146.099786][ T5695] vhci_hcd: disconnect device
[  146.301779][ T7236] loop1: detected capacity change from 0 to 32768
[  146.313930][ T7236] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.525 (7236)
[  146.329420][ T7236] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  146.332623][ T7236] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  146.394865][ T7236] BTRFS info (device loop1): enabling ssd optimizations
[  146.398603][ T7236] BTRFS info (device loop1): enabling free space tree
[  146.439749][ T5910] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  146.529484][ T7269] Invalid ELF header type: 0 != 1
[  146.677150][  T974] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  146.819809][ T7289] netlink: 'syz.2.543': attribute type 2 has an invalid length.
[  146.848479][  T974] usb 4-1: Using ep0 maxpacket: 32
[  146.852080][  T974] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  146.855458][  T974] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  146.861814][  T974] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  146.869005][  T974] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.885170][  T974] usb 4-1: config 0 descriptor??
[  146.953927][ T7298] loop2: detected capacity change from 0 to 128
[  147.016941][ T6145] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  147.177673][ T6145] usb 2-1: Using ep0 maxpacket: 16
[  147.181442][ T6145] usb 2-1: unable to get BOS descriptor or descriptor too short
[  147.185010][ T6145] usb 2-1: config 229 has an invalid interface number: 152 but max is 1
[  147.187698][ T6145] usb 2-1: config 229 has an invalid interface number: 12 but max is 1
[  147.192556][ T6145] usb 2-1: config 229 has no interface number 0
[  147.194822][ T6145] usb 2-1: config 229 has no interface number 1
[  147.197092][ T6145] usb 2-1: config 229 interface 152 has no altsetting 0
[  147.199478][ T6145] usb 2-1: config 229 interface 12 has no altsetting 0
[  147.204718][ T6145] usb 2-1: New USB device found, idVendor=413c, idProduct=81a3, bcdDevice=25.ca
[  147.208337][ T6145] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.210876][ T6145] usb 2-1: Product: syz
[  147.212231][ T6145] usb 2-1: Manufacturer: syz
[  147.213718][ T6145] usb 2-1: SerialNumber: syz
[  147.315305][  T974] savu 0003:1E7D:2D5A.0004: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.3-1/input0
[  147.434762][ T6145] usb 2-1: USB disconnect, device number 9
[  147.572641][ T5314] usb 4-1: USB disconnect, device number 5
[  148.377393][ T5314] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  148.546943][ T5314] usb 4-1: Using ep0 maxpacket: 8
[  148.561205][ T5314] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  148.564494][ T5314] usb 4-1: config 0 has no interface number 0
[  148.571275][ T5314] usb 4-1: config 0 interface 1 has no altsetting 0
[  148.592619][ T5314] usb 4-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f
[  148.596751][ T5314] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.600572][ T5314] usb 4-1: Product: syz
[  148.602659][ T5314] usb 4-1: Manufacturer: syz
[  148.604862][ T5314] usb 4-1: SerialNumber: syz
[  148.637841][ T5314] usb 4-1: config 0 descriptor??
[  148.890900][ T5314] i2c-cp2615 4-1:0.1: probe with driver i2c-cp2615 failed with error -22
[  149.104011][ T5314] usb 4-1: USB disconnect, device number 6
[  149.339521][ T7322] loop2: detected capacity change from 0 to 4096
[  149.366895][ T7322] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  149.372233][ T7322] ntfs3(loop2): Failed to load $Extend (-22).
[  149.374324][ T7322] ntfs3(loop2): Failed to initialize $Extend.
[  149.384668][ T7322] ntfs3(loop2): ino=5, "/" indx_read
[  150.306390][ T7352] netlink: 'syz.3.571': attribute type 1 has an invalid length.
[  150.818093][ T5314] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  150.971118][ T5314] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  150.974649][ T5314] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  150.980055][ T5314] usb 3-1: Product: syz
[  150.981801][ T5314] usb 3-1: Manufacturer: syz
[  150.983609][ T5314] usb 3-1: SerialNumber: syz
[  150.994075][ T5314] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  151.029752][ T5953] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  151.263890][    C0] usb 3-1: ath: unknown panic pattern!
[  151.483004][ T5314] usb 3-1: USB disconnect, device number 7
[  152.047574][ T5953] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive
[  152.064035][ T5953] ath9k_htc: Failed to initialize the device
[  152.069218][ T5314] usb 3-1: ath9k_htc: USB layer deinitialized
[  152.287886][ T7378] loop3: detected capacity change from 0 to 32768
[  152.304089][ T7378] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  152.340439][ T7378] XFS (loop3): Ending clean mount
[  152.377218][ T5314] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  152.397713][ T6173] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  152.494357][ T7398] loop1: detected capacity change from 0 to 512
[  152.513484][ T7398] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  152.521284][ T7398] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=884ee02c, mo2=0102]
[  152.524026][ T7398] EXT4-fs (loop1): orphan cleanup on readonly fs
[  152.536015][ T7398] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.590: invalid indirect mapped block 2185560079 (level 1)
[  152.543651][ T7398] EXT4-fs (loop1): Remounting filesystem read-only
[  152.546373][ T7398] EXT4-fs (loop1): 1 truncate cleaned up
[  152.551577][ T7398] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: writeback.
[  152.563536][ T5314] usb 3-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5
[  152.569192][ T5314] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.575223][ T5910] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  152.577501][ T5314] usb 3-1: Product: syz
[  152.587040][ T5314] usb 3-1: Manufacturer: syz
[  152.589218][ T5314] usb 3-1: SerialNumber: syz
[  152.604833][ T5314] usb 3-1: config 0 descriptor??
[  152.618960][ T5314] gspca_main: sq905c-2.14.0 probing 2770:9052
[  152.847015][  T974] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  153.012414][   T33] audit: type=1326 audit(1758564052.711:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.3.588" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7fc00000
[  153.051510][  T974] usb 2-1: config 0 interface 0 has no altsetting 0
[  153.055104][  T974] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75
[  153.064834][  T974] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  153.114540][  T974] usb 2-1: config 0 descriptor??
[  153.396941][ T5314] gspca_sq905c: sq905c_command: usb_control_msg failed (-71)
[  153.403018][ T5314] sq905c 3-1:0.0: probe with driver sq905c failed with error -71
[  153.414072][ T5314] usb 3-1: USB disconnect, device number 8
[  153.530458][   T33] audit: type=1326 audit(1758564053.191:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.3.588" exe="/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f206e78ec29 code=0x7fc00000
[  153.538884][   T33] audit: type=1326 audit(1758564053.191:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.3.588" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7fc00000
[  153.549730][   T33] audit: type=1326 audit(1758564053.191:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.3.588" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7fc00000
[  153.559646][   T33] audit: type=1326 audit(1758564053.191:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.3.588" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7fc00000
[  153.569863][   T33] audit: type=1326 audit(1758564053.191:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.3.588" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7fc00000
[  153.578740][   T33] audit: type=1326 audit(1758564053.191:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.3.588" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7fc00000
[  153.593631][   T33] audit: type=1326 audit(1758564053.191:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.3.588" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7fc00000
[  153.617088][   T33] audit: type=1326 audit(1758564053.191:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.3.588" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7fc00000
[  153.636084][   T33] audit: type=1326 audit(1758564053.191:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7402 comm="syz.3.588" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f206e78ec29 code=0x7fc00000
[  153.654345][ T7409] netlink: 36 bytes leftover after parsing attributes in process `syz.3.592'.
[  153.665537][ T7409] netlink: 12 bytes leftover after parsing attributes in process `syz.3.592'.
[  153.811232][  T974] video4linux radio48: keene_cmd_set failed (-71)
[  153.813925][  T974] radio-keene 2-1:0.0: V4L2 device registered as radio48
[  153.818502][  T974] usb 2-1: USB disconnect, device number 10
[  153.947115][ T5314] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  154.094771][ T7417] loop2: detected capacity change from 0 to 8192
[  154.097480][ T5314] usb 4-1: Using ep0 maxpacket: 16
[  154.118555][ T5314] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  154.122889][ T5314] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 42, changing to 9
[  154.127581][ T5314] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid maxpacket 50169, setting to 1024
[  154.129994][ T7417] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  154.131689][ T5314] usb 4-1: config 0 interface 0 has no altsetting 0
[  154.140677][ T5314] usb 4-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  154.144109][ T5314] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  154.148898][ T5314] usb 4-1: Product: syz
[  154.150586][ T5314] usb 4-1: Manufacturer: syz
[  154.152467][ T5314] usb 4-1: SerialNumber: syz
[  154.156759][ T5314] usb 4-1: config 0 descriptor??
[  154.389393][ T5314] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input7
[  154.652014][ T5953] usb 4-1: USB disconnect, device number 7
[  154.793613][ T5907] Bluetooth: hci1: unexpected event for opcode 0x080b
[  155.535951][ T7464] atomic_op ffff8881088d7998 conn xmit_atomic 0000000000000000
[  155.802621][ T7474] mkiss: ax0: crc mode is auto.
[  155.939931][ T7480] loop1: detected capacity change from 0 to 1024
[  155.945934][ T7482] loop3: detected capacity change from 0 to 128
[  155.975562][ T7480] bio_check_eod: 89 callbacks suppressed
[  155.975593][ T7480] syz.1.626: attempt to access beyond end of device
[  155.975593][ T7480] loop1: rw=0, sector=393220, nr_sectors = 2 limit=1024
[  155.976043][ T7482] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  156.030835][ T7482] ext4 filesystem being mounted at /168/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  156.132608][ T6173] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  156.235862][ T7494] loop3: detected capacity change from 0 to 8
[  156.260319][ T7494] SQUASHFS error: zlib decompression failed, data probably corrupt
[  156.273133][ T7494] SQUASHFS error: Failed to read block 0x9b: -5
[  156.283053][ T7494] SQUASHFS error: Unable to read metadata cache entry [99]
[  156.288504][ T7494] SQUASHFS error: Unable to read inode 0x127
[  156.364323][ T7496] netlink: 'syz.2.633': attribute type 4 has an invalid length.
[  156.744217][ T7516] loop1: detected capacity change from 0 to 512
[  156.753958][ T7516] EXT4-fs: Ignoring removed oldalloc option
[  156.772751][ T7516] EXT4-fs error (device loop1): ext4_xattr_inode_iget:433: comm syz.1.642: Parent and EA inode have the same ino 15
[  156.783523][ T7516] EXT4-fs (loop1): 1 orphan inode deleted
[  156.796646][ T7516] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.831130][ T7516] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.1.642: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[  156.883034][ T5910] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.987671][ T7523] loop1: detected capacity change from 0 to 512
[  157.035140][ T7523] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.047016][ T7523] ext4 filesystem being mounted at /186/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.110019][ T5910] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.118610][ T7512] loop2: detected capacity change from 0 to 40427
[  157.176566][ T7512] F2FS-fs (loop2): invalid crc value
[  157.278558][ T7534] loop1: detected capacity change from 0 to 4096
[  157.308921][ T7535] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  157.332375][ T7512] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  157.357502][ T7512] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[  157.364269][ T7529] loop3: detected capacity change from 0 to 32768
[  157.380475][ T7529] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.647 (7529)
[  157.430268][ T7529] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  157.434410][ T7529] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  157.500639][ T5911] syz-executor: attempt to access beyond end of device
[  157.500639][ T5911] loop2: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  157.540307][ T5911] syz-executor: attempt to access beyond end of device
[  157.540307][ T5911] loop2: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  157.588244][ T7529] BTRFS info (device loop3): enabling ssd optimizations
[  157.591125][ T7529] BTRFS info (device loop3): enabling free space tree
[  157.684868][ T3038] kworker/u9:4: attempt to access beyond end of device
[  157.684868][ T3038] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  157.709064][ T3038] CPU: 0 UID: 0 PID: 3038 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) 
[  157.709085][ T3038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  157.709093][ T3038] Workqueue: writeback wb_workfn (flush-7:2)
[  157.709116][ T3038] Call Trace:
[  157.709122][ T3038]  <TASK>
[  157.709128][ T3038]  dump_stack_lvl+0x189/0x250
[  157.709156][ T3038]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.709171][ T3038]  ? __pfx_queue_work_on+0x10/0x10
[  157.709184][ T3038]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  157.709204][ T3038]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  157.709232][ T3038]  f2fs_handle_critical_error+0x37c/0x540
[  157.709256][ T3038]  f2fs_write_end_io+0x886/0xb60
[  157.709284][ T3038]  __submit_merged_bio+0x27a/0x6a0
[  157.709307][ T3038]  __submit_merged_write_cond+0x255/0x530
[  157.709329][ T3038]  f2fs_write_data_pages+0x261d/0x3000
[  157.709367][ T3038]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.709414][ T3038]  ? __lock_acquire+0xab9/0xd20
[  157.709471][ T3038]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.709485][ T3038]  do_writepages+0x32e/0x550
[  157.709507][ T3038]  ? reacquire_held_locks+0x127/0x1d0
[  157.709520][ T3038]  ? writeback_sb_inodes+0x384/0x1010
[  157.709543][ T3038]  __writeback_single_inode+0x145/0xff0
[  157.709560][ T3038]  ? do_raw_spin_unlock+0x4d/0x240
[  157.709580][ T3038]  writeback_sb_inodes+0x6c7/0x1010
[  157.709601][ T3038]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  157.709630][ T3038]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  157.709671][ T3038]  ? rcu_is_watching+0x15/0xb0
[  157.709691][ T3038]  wb_writeback+0x43b/0xaf0
[  157.709710][ T3038]  ? queue_io+0x311/0x590
[  157.709728][ T3038]  ? __pfx_wb_writeback+0x10/0x10
[  157.709749][ T3038]  ? _raw_spin_unlock_irq+0x23/0x50
[  157.709769][ T3038]  wb_workfn+0x409/0xef0
[  157.709822][ T3038]  ? __pfx_wb_workfn+0x10/0x10
[  157.709840][ T3038]  ? __lock_acquire+0xab9/0xd20
[  157.709864][ T3038]  ? process_scheduled_works+0x9ef/0x17b0
[  157.709882][ T3038]  ? _raw_spin_unlock_irq+0x23/0x50
[  157.709899][ T3038]  ? process_scheduled_works+0x9ef/0x17b0
[  157.709910][ T3038]  ? process_scheduled_works+0x9ef/0x17b0
[  157.709925][ T3038]  process_scheduled_works+0xae1/0x17b0
[  157.709965][ T3038]  ? __pfx_process_scheduled_works+0x10/0x10
[  157.709991][ T3038]  worker_thread+0x8a0/0xda0
[  157.710007][ T3038]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  157.710028][ T3038]  ? __kthread_parkme+0x7b/0x200
[  157.710049][ T3038]  kthread+0x711/0x8a0
[  157.710067][ T3038]  ? __pfx_worker_thread+0x10/0x10
[  157.710079][ T3038]  ? __pfx_kthread+0x10/0x10
[  157.710097][ T3038]  ? _raw_spin_unlock_irq+0x23/0x50
[  157.710114][ T3038]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.710126][ T3038]  ? __pfx_kthread+0x10/0x10
[  157.710142][ T3038]  ret_from_fork+0x439/0x7d0
[  157.710158][ T3038]  ? __pfx_ret_from_fork+0x10/0x10
[  157.710176][ T3038]  ? __switch_to_asm+0x39/0x70
[  157.710192][ T3038]  ? __switch_to_asm+0x33/0x70
[  157.710206][ T3038]  ? __pfx_kthread+0x10/0x10
[  157.710223][ T3038]  ret_from_fork_asm+0x1a/0x30
[  157.710251][ T3038]  </TASK>
[  157.710258][ T3038] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  157.819689][ T7556] netlink: 504 bytes leftover after parsing attributes in process `syz.1.651'.
[  157.832942][ T3038] CPU: 0 UID: 0 PID: 3038 Comm: kworker/u9:4 Not tainted syzkaller #0 PREEMPT(full) 
[  157.832962][ T3038] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  157.832970][ T3038] Workqueue: writeback wb_workfn (flush-7:2)
[  157.832993][ T3038] Call Trace:
[  157.832998][ T3038]  <TASK>
[  157.833004][ T3038]  dump_stack_lvl+0x189/0x250
[  157.833023][ T3038]  ? __pfx_dump_stack_lvl+0x10/0x10
[  157.833037][ T3038]  ? __pfx_queue_work_on+0x10/0x10
[  157.833048][ T3038]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  157.833067][ T3038]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  157.833095][ T3038]  f2fs_handle_critical_error+0x37c/0x540
[  157.833119][ T3038]  f2fs_write_end_io+0x886/0xb60
[  157.833145][ T3038]  __submit_merged_bio+0x27a/0x6a0
[  157.833169][ T3038]  __submit_merged_write_cond+0x255/0x530
[  157.833190][ T3038]  f2fs_write_data_pages+0x261d/0x3000
[  157.833230][ T3038]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.833280][ T3038]  ? __lock_acquire+0xab9/0xd20
[  157.833336][ T3038]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  157.833348][ T3038]  do_writepages+0x32e/0x550
[  157.833369][ T3038]  ? reacquire_held_locks+0x127/0x1d0
[  157.833379][ T3038]  ? writeback_sb_inodes+0x384/0x1010
[  157.833402][ T3038]  __writeback_single_inode+0x145/0xff0
[  157.833417][ T3038]  ? do_raw_spin_unlock+0x4d/0x240
[  157.833435][ T3038]  writeback_sb_inodes+0x6c7/0x1010
[  157.833457][ T3038]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  157.833491][ T3038]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  157.833544][ T3038]  ? rcu_is_watching+0x15/0xb0
[  157.833566][ T3038]  wb_writeback+0x43b/0xaf0
[  157.833588][ T3038]  ? queue_io+0x311/0x590
[  157.833607][ T3038]  ? __pfx_wb_writeback+0x10/0x10
[  157.833632][ T3038]  ? _raw_spin_unlock_irq+0x23/0x50
[  157.833653][ T3038]  wb_workfn+0x409/0xef0
[  157.833679][ T3038]  ? __pfx_wb_workfn+0x10/0x10
[  157.833696][ T3038]  ? __lock_acquire+0xab9/0xd20
[  157.833724][ T3038]  ? process_scheduled_works+0x9ef/0x17b0
[  157.833742][ T3038]  ? _raw_spin_unlock_irq+0x23/0x50
[  157.833759][ T3038]  ? process_scheduled_works+0x9ef/0x17b0
[  157.833769][ T3038]  ? process_scheduled_works+0x9ef/0x17b0
[  157.833815][ T3038]  process_scheduled_works+0xae1/0x17b0
[  157.833851][ T3038]  ? __pfx_process_scheduled_works+0x10/0x10
[  157.833880][ T3038]  worker_thread+0x8a0/0xda0
[  157.833897][ T3038]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  157.833923][ T3038]  ? __kthread_parkme+0x7b/0x200
[  157.833951][ T3038]  kthread+0x711/0x8a0
[  157.833970][ T3038]  ? __pfx_worker_thread+0x10/0x10
[  157.833982][ T3038]  ? __pfx_kthread+0x10/0x10
[  157.833998][ T3038]  ? _raw_spin_unlock_irq+0x23/0x50
[  157.834015][ T3038]  ? lockdep_hardirqs_on+0x9c/0x150
[  157.834026][ T3038]  ? __pfx_kthread+0x10/0x10
[  157.834043][ T3038]  ret_from_fork+0x439/0x7d0
[  157.834059][ T3038]  ? __pfx_ret_from_fork+0x10/0x10
[  157.834077][ T3038]  ? __switch_to_asm+0x39/0x70
[  157.834091][ T3038]  ? __switch_to_asm+0x33/0x70
[  157.834104][ T3038]  ? __pfx_kthread+0x10/0x10
[  157.834119][ T3038]  ret_from_fork_asm+0x1a/0x30
[  157.834149][ T3038]  </TASK>
[  157.834156][ T3038] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  158.049834][ T6173] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  158.559497][ T5695] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.733117][ T5695] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.803109][ T5695] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.853146][ T5907] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  158.856721][ T5907] Bluetooth: hci1: Injecting HCI hardware error event
[  158.863501][   T54] Bluetooth: hci1: hardware error 0x00
[  158.952162][ T5695] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  158.996498][ T7590] loop1: detected capacity change from 0 to 2048
[  159.061416][ T7592] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  159.297166][ T5695] bridge_slave_1: left allmulticast mode
[  159.299317][ T5695] bridge_slave_1: left promiscuous mode
[  159.301357][ T5695] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.413199][ T7596] netlink: 68 bytes leftover after parsing attributes in process `syz.1.663'.
[  159.570759][ T5695] bridge_slave_0: left allmulticast mode
[  159.572474][ T5695] bridge_slave_0: left promiscuous mode
[  159.574268][ T5695] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.630221][ T5915] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  159.636680][ T5915] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  159.641070][ T5915] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  159.646429][ T5915] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  159.650744][ T5915] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  159.802952][ T7591] loop3: detected capacity change from 0 to 40427
[  159.880234][ T7591] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  159.884078][ T7591] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  159.925102][ T7591] F2FS-fs (loop3): Inconsistent error blkaddr:5633, sit bitmap:0
[  159.939692][ T7591] CPU: 1 UID: 0 PID: 7591 Comm: syz.3.662 Not tainted syzkaller #0 PREEMPT(full) 
[  159.939706][ T7591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  159.939711][ T7591] Call Trace:
[  159.939715][ T7591]  <TASK>
[  159.939719][ T7591]  dump_stack_lvl+0x189/0x250
[  159.939740][ T7591]  ? __pfx_dump_stack_lvl+0x10/0x10
[  159.939750][ T7591]  ? __pfx_f2fs_get_dnode_of_data+0x10/0x10
[  159.939765][ T7591]  ? __pfx_f2fs_lookup_read_extent_cache_block+0x10/0x10
[  159.939776][ T7591]  __f2fs_is_valid_blkaddr+0xd84/0x14f0
[  159.939794][ T7591]  f2fs_get_read_data_folio+0x3d2/0x7d0
[  159.939808][ T7591]  ? __pfx_f2fs_get_read_data_folio+0x10/0x10
[  159.939821][ T7591]  ? __filemap_get_folio+0x9a6/0xaf0
[  159.939833][ T7591]  f2fs_find_data_folio+0x195/0x3c0
[  159.939846][ T7591]  f2fs_readdir+0x4b0/0xa60
[  159.939853][ T7591]  ? look_up_lock_class+0x74/0x170
[  159.939887][ T7591]  ? __pfx_f2fs_readdir+0x10/0x10
[  159.939897][ T7591]  ? iterate_dir+0x292/0x570
[  159.939915][ T7591]  ? down_read_killable+0x1d1/0x350
[  159.939927][ T7591]  iterate_dir+0x399/0x570
[  159.939940][ T7591]  __se_sys_getdents64+0xe4/0x260
[  159.939952][ T7591]  ? __pfx___se_sys_getdents64+0x10/0x10
[  159.939961][ T7591]  ? __pfx_filldir64+0x10/0x10
[  159.939972][ T7591]  ? rcu_is_watching+0x15/0xb0
[  159.939983][ T7591]  ? do_syscall_64+0xbe/0x3b0
[  159.939994][ T7591]  do_syscall_64+0xfa/0x3b0
[  159.940001][ T7591]  ? lockdep_hardirqs_on+0x9c/0x150
[  159.940009][ T7591]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.940017][ T7591]  ? exc_page_fault+0x9f/0xf0
[  159.940026][ T7591]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  159.940034][ T7591] RIP: 0033:0x7f206e78ec29
[  159.940042][ T7591] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  159.940049][ T7591] RSP: 002b:00007f206f6f8038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  159.940058][ T7591] RAX: ffffffffffffffda RBX: 00007f206e9d5fa0 RCX: 00007f206e78ec29
[  159.940063][ T7591] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  159.940067][ T7591] RBP: 00007f206e811e41 R08: 0000000000000000 R09: 0000000000000000
[  159.940072][ T7591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  159.940076][ T7591] R13: 00007f206e9d6038 R14: 00007f206e9d5fa0 R15: 00007ffdb0dca818
[  159.940089][ T7591]  </TASK>
[  160.024884][ T7608] loop1: detected capacity change from 0 to 4096
[  160.061631][ T7609] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  160.650585][ T5695] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  160.659916][ T5695] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  160.665197][ T5695] bond0 (unregistering): Released all slaves
[  160.927513][   T54] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  161.352964][ T5695] hsr_slave_0: left promiscuous mode
[  161.357705][ T5695] hsr_slave_1: left promiscuous mode
[  161.360368][ T5695] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  161.368203][ T5695] batman_adv: batadv0: Removing interface: batadv_slave_0
[  161.374669][ T5695] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  161.387828][ T5695] batman_adv: batadv0: Removing interface: batadv_slave_1
[  161.409112][    C1] ==================================================================
[  161.411933][    C1] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  161.414760][    C1] Read of size 2 at addr ffff888030c84142 by task ksoftirqd/1/23
[  161.418348][    C1] 
[  161.419722][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  161.419740][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  161.419748][    C1] Call Trace:
[  161.419756][    C1]  <TASK>
[  161.419762][    C1]  dump_stack_lvl+0x189/0x250
[  161.419782][    C1]  ? __kasan_check_byte+0x12/0x40
[  161.419803][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.419818][    C1]  ? lock_release+0x4b/0x3e0
[  161.419841][    C1]  ? __virt_addr_valid+0x4a5/0x5c0
[  161.419860][    C1]  print_report+0xca/0x240
[  161.419874][    C1]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  161.419888][    C1]  kasan_report+0x118/0x150
[  161.419908][    C1]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  161.419926][    C1]  __xfrm_state_lookup+0x6ad/0x8d0
[  161.419945][    C1]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  161.419963][    C1]  xfrm_input_state_lookup+0x6e9/0xa60
[  161.419983][    C1]  ? xfrm_input_state_lookup+0xcf/0xa60
[  161.419999][    C1]  ? __pfx_xfrm_input_state_lookup+0x10/0x10
[  161.420016][    C1]  ? __asan_memset+0x22/0x50
[  161.420033][    C1]  xfrm_input+0x425c/0x72c0
[  161.420054][    C1]  vti_input+0x219/0x330
[  161.420070][    C1]  ? __pfx_vti_input+0x10/0x10
[  161.420086][    C1]  tunnel4_rcv+0xdd/0x2d0
[  161.420104][    C1]  ? __pfx_tunnel4_rcv+0x10/0x10
[  161.420121][    C1]  ip_protocol_deliver_rcu+0x2e0/0x440
[  161.420138][    C1]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  161.420153][    C1]  ip_local_deliver_finish+0x3bb/0x6f0
[  161.420169][    C1]  NF_HOOK+0x30c/0x3a0
[  161.420183][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  161.420197][    C1]  ? NF_HOOK+0x9a/0x3a0
[  161.420210][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  161.420222][    C1]  ? ip_rcv_finish_core+0xda3/0x1c00
[  161.420237][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  161.420251][    C1]  ? skb_dst+0x4f/0xd0
[  161.420264][    C1]  ? ip_local_deliver+0x12a/0x1b0
[  161.420279][    C1]  NF_HOOK+0x30c/0x3a0
[  161.420293][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  161.420312][    C1]  ? NF_HOOK+0x9a/0x3a0
[  161.420323][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  161.420335][    C1]  ? ip_rcv_core+0x7f7/0xd00
[  161.420350][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  161.420367][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  161.420379][    C1]  __netif_receive_skb+0x143/0x380
[  161.420394][    C1]  ? process_backlog+0x2d5/0x14f0
[  161.420432][    C1]  process_backlog+0x60e/0x14f0
[  161.420452][    C1]  ? __pfx_process_backlog+0x10/0x10
[  161.420466][    C1]  ? rcu_is_watching+0x15/0xb0
[  161.420481][    C1]  __napi_poll+0xc7/0x360
[  161.420493][    C1]  ? net_rx_action+0x46d/0xe30
[  161.420506][    C1]  net_rx_action+0x707/0xe30
[  161.420519][    C1]  ? __lock_acquire+0xab9/0xd20
[  161.420544][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  161.420558][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  161.420575][    C1]  ? __pfx_sched_clock_cpu+0x10/0x10
[  161.420587][    C1]  ? __local_bh_disable_ip+0xf1/0x190
[  161.420606][    C1]  handle_softirqs+0x286/0x870
[  161.420620][    C1]  ? run_ksoftirqd+0x9b/0x100
[  161.420637][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  161.420651][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  161.420665][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  161.420677][    C1]  run_ksoftirqd+0x9b/0x100
[  161.420692][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  161.420709][    C1]  smpboot_thread_fn+0x542/0xa60
[  161.420723][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  161.420739][    C1]  kthread+0x711/0x8a0
[  161.420756][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  161.420769][    C1]  ? __pfx_kthread+0x10/0x10
[  161.420785][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  161.420805][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.420818][    C1]  ? __pfx_kthread+0x10/0x10
[  161.420833][    C1]  ret_from_fork+0x439/0x7d0
[  161.420848][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  161.420864][    C1]  ? __switch_to_asm+0x39/0x70
[  161.420880][    C1]  ? __switch_to_asm+0x33/0x70
[  161.420896][    C1]  ? __pfx_kthread+0x10/0x10
[  161.420912][    C1]  ret_from_fork_asm+0x1a/0x30
[  161.420934][    C1]  </TASK>
[  161.420939][    C1] 
[  161.553999][    C1] Allocated by task 6736:
[  161.555681][    C1]  kasan_save_track+0x3e/0x80
[  161.557554][    C1]  __kasan_slab_alloc+0x6c/0x80
[  161.559491][    C1]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  161.561656][    C1]  xfrm_state_alloc+0x24/0x2f0
[  161.563529][    C1]  __find_acq_core+0x8a7/0x1c00
[  161.565449][    C1]  xfrm_find_acq+0x78/0xa0
[  161.567216][    C1]  xfrm_alloc_userspi+0x6b3/0xc90
[  161.568914][    C1]  xfrm_user_rcv_msg+0x7a3/0xab0
[  161.570419][    C1]  netlink_rcv_skb+0x208/0x470
[  161.571909][    C1]  xfrm_netlink_rcv+0x79/0x90
[  161.573343][    C1]  netlink_unicast+0x82f/0x9e0
[  161.574993][    C1]  netlink_sendmsg+0x805/0xb30
[  161.576660][    C1]  __sock_sendmsg+0x21c/0x270
[  161.578353][    C1]  ____sys_sendmsg+0x505/0x830
[  161.580166][    C1]  ___sys_sendmsg+0x21f/0x2a0
[  161.581991][    C1]  __x64_sys_sendmsg+0x19b/0x260
[  161.583898][    C1]  do_syscall_64+0xfa/0x3b0
[  161.585610][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.587574][    C1] 
[  161.588471][    C1] Freed by task 5953:
[  161.590039][    C1]  kasan_save_track+0x3e/0x80
[  161.591648][    C1]  kasan_save_free_info+0x46/0x50
[  161.593689][    C1]  __kasan_slab_free+0x5b/0x80
[  161.595585][    C1]  kmem_cache_free+0x18f/0x400
[  161.597536][    C1]  xfrm_state_gc_task+0x52d/0x6b0
[  161.599619][    C1]  process_scheduled_works+0xae1/0x17b0
[  161.601862][    C1]  worker_thread+0x8a0/0xda0
[  161.603525][    C1]  kthread+0x711/0x8a0
[  161.604880][    C1]  ret_from_fork+0x439/0x7d0
[  161.606484][    C1]  ret_from_fork_asm+0x1a/0x30
[  161.608123][    C1] 
[  161.609075][    C1] The buggy address belongs to the object at ffff888030c84000
[  161.609075][    C1]  which belongs to the cache xfrm_state of size 928
[  161.614062][    C1] The buggy address is located 322 bytes inside of
[  161.614062][    C1]  freed 928-byte region [ffff888030c84000, ffff888030c843a0)
[  161.618356][    C1] 
[  161.619057][    C1] The buggy address belongs to the physical page:
[  161.621071][    C1] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888030c84000 pfn:0x30c84
[  161.624127][    C1] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  161.626499][    C1] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  161.629179][    C1] page_type: f5(slab)
[  161.630560][    C1] raw: 00fff00000000040 ffff888104aeac80 dead000000000122 0000000000000000
[  161.633234][    C1] raw: ffff888030c84000 00000000800e000d 00000000f5000000 0000000000000000
[  161.636725][    C1] head: 00fff00000000040 ffff888104aeac80 dead000000000122 0000000000000000
[  161.639526][    C1] head: ffff888030c84000 00000000800e000d 00000000f5000000 0000000000000000
[  161.642685][    C1] head: 00fff00000000002 ffffea0000c32101 00000000ffffffff 00000000ffffffff
[  161.645693][    C1] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  161.648211][    C1] page dumped because: kasan: bad access detected
[  161.650306][    C1] page_owner tracks the page as allocated
[  161.652137][    C1] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 6736, tgid 6735 (syz.3.323), ts 128330300072, free_ts 128310146346
[  161.659650][    C1]  post_alloc_hook+0x240/0x2a0
[  161.661601][    C1]  get_page_from_freelist+0x21e4/0x22c0
[  161.663458][    C1]  __alloc_frozen_pages_noprof+0x181/0x370
[  161.665672][    C1]  alloc_pages_mpol+0x232/0x4a0
[  161.667624][    C1]  allocate_slab+0x8a/0x370
[  161.669461][    C1]  ___slab_alloc+0xbeb/0x1420
[  161.671326][    C1]  kmem_cache_alloc_noprof+0x283/0x3c0
[  161.673580][    C1]  xfrm_state_alloc+0x24/0x2f0
[  161.675490][    C1]  __find_acq_core+0x8a7/0x1c00
[  161.677438][    C1]  xfrm_find_acq+0x78/0xa0
[  161.679215][    C1]  xfrm_alloc_userspi+0x6b3/0xc90
[  161.681201][    C1]  xfrm_user_rcv_msg+0x7a3/0xab0
[  161.683152][    C1]  netlink_rcv_skb+0x208/0x470
[  161.684909][    C1]  xfrm_netlink_rcv+0x79/0x90
[  161.686786][    C1]  netlink_unicast+0x82f/0x9e0
[  161.688715][    C1]  netlink_sendmsg+0x805/0xb30
[  161.690604][    C1] page last free pid 6730 tgid 6729 stack trace:
[  161.692986][    C1]  __free_frozen_pages+0xbc4/0xd30
[  161.694957][    C1]  stack_depot_save_flags+0x436/0x860
[  161.696920][    C1]  kasan_save_track+0x4f/0x80
[  161.698736][    C1]  __kasan_kmalloc+0x93/0xb0
[  161.700559][    C1]  __kmalloc_noprof+0x27a/0x4f0
[  161.702372][    C1]  security_prepare_creds+0x52/0x390
[  161.704489][    C1]  prepare_creds+0x497/0x6c0
[  161.706264][    C1]  ovl_setup_cred_for_create+0x20/0x300
[  161.708344][    C1]  ovl_create_or_link+0x1cf/0x1410
[  161.710325][    C1]  ovl_create_object+0x234/0x310
[  161.712235][    C1]  ovl_mkdir+0x2b/0x40
[  161.713812][    C1]  vfs_mkdir+0x306/0x510
[  161.715532][    C1]  do_mkdirat+0x247/0x590
[  161.717175][    C1]  __x64_sys_mkdirat+0x87/0xa0
[  161.719074][    C1]  do_syscall_64+0xfa/0x3b0
[  161.720653][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  161.722711][    C1] 
[  161.723043][ T5695] team_slave_0: left promiscuous mode
[  161.723511][    C1] Memory state around the buggy address:
[  161.723523][    C1]  ffff888030c84000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  161.725712][ T5695] team_slave_1: left promiscuous mode
[  161.727613][    C1]  ffff888030c84080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  161.727621][    C1] >ffff888030c84100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  161.727625][    C1]                                            ^
[  161.727630][    C1]  ffff888030c84180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  161.727635][    C1]  ffff888030c84200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  161.727639][    C1] ==================================================================
[  161.727915][    C1] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  161.727924][    C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) 
[  161.727934][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  161.727940][    C1] Call Trace:
[  161.727944][    C1]  <TASK>
[  161.727949][    C1]  dump_stack_lvl+0x99/0x250
[  161.727963][    C1]  ? __asan_memcpy+0x40/0x70
[  161.727974][    C1]  ? __pfx_dump_stack_lvl+0x10/0x10
[  161.727982][    C1]  ? __pfx__printk+0x10/0x10
[  161.727995][    C1]  vpanic+0x281/0x750
[  161.728004][    C1]  ? __pfx_vpanic+0x10/0x10
[  161.728012][    C1]  ? irqentry_exit+0x74/0x90
[  161.728022][    C1]  panic+0xb9/0xc0
[  161.728030][    C1]  ? __pfx_panic+0x10/0x10
[  161.728038][    C1]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  161.728050][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  161.728062][    C1]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  161.728071][    C1]  check_panic_on_warn+0x89/0xb0
[  161.728083][    C1]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  161.728091][    C1]  end_report+0x78/0x160
[  161.728101][    C1]  kasan_report+0x129/0x150
[  161.728112][    C1]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  161.728121][    C1]  __xfrm_state_lookup+0x6ad/0x8d0
[  161.728132][    C1]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  161.728142][    C1]  xfrm_input_state_lookup+0x6e9/0xa60
[  161.728153][    C1]  ? xfrm_input_state_lookup+0xcf/0xa60
[  161.728162][    C1]  ? __pfx_xfrm_input_state_lookup+0x10/0x10
[  161.728172][    C1]  ? __asan_memset+0x22/0x50
[  161.728180][    C1]  xfrm_input+0x425c/0x72c0
[  161.728198][    C1]  vti_input+0x219/0x330
[  161.728213][    C1]  ? __pfx_vti_input+0x10/0x10
[  161.728223][    C1]  tunnel4_rcv+0xdd/0x2d0
[  161.728232][    C1]  ? __pfx_tunnel4_rcv+0x10/0x10
[  161.728242][    C1]  ip_protocol_deliver_rcu+0x2e0/0x440
[  161.728252][    C1]  ? ip_local_deliver_finish+0x2ae/0x6f0
[  161.728260][    C1]  ip_local_deliver_finish+0x3bb/0x6f0
[  161.728269][    C1]  NF_HOOK+0x30c/0x3a0
[  161.728282][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  161.728290][    C1]  ? NF_HOOK+0x9a/0x3a0
[  161.728297][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  161.728304][    C1]  ? ip_rcv_finish_core+0xda3/0x1c00
[  161.728312][    C1]  ? __pfx_ip_local_deliver_finish+0x10/0x10
[  161.728320][    C1]  ? skb_dst+0x4f/0xd0
[  161.728328][    C1]  ? ip_local_deliver+0x12a/0x1b0
[  161.728335][    C1]  NF_HOOK+0x30c/0x3a0
[  161.728343][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  161.728350][    C1]  ? NF_HOOK+0x9a/0x3a0
[  161.728357][    C1]  ? __pfx_NF_HOOK+0x10/0x10
[  161.728364][    C1]  ? ip_rcv_core+0x7f7/0xd00
[  161.728372][    C1]  ? __pfx_ip_rcv_finish+0x10/0x10
[  161.728411][    C1]  ? __pfx_ip_rcv+0x10/0x10
[  161.728418][    C1]  __netif_receive_skb+0x143/0x380
[  161.728427][    C1]  ? process_backlog+0x2d5/0x14f0
[  161.728435][    C1]  process_backlog+0x60e/0x14f0
[  161.728445][    C1]  ? __pfx_process_backlog+0x10/0x10
[  161.728453][    C1]  ? rcu_is_watching+0x15/0xb0
[  161.728462][    C1]  __napi_poll+0xc7/0x360
[  161.728469][    C1]  ? net_rx_action+0x46d/0xe30
[  161.728479][    C1]  net_rx_action+0x707/0xe30
[  161.728491][    C1]  ? __lock_acquire+0xab9/0xd20
[  161.728516][    C1]  ? __pfx_net_rx_action+0x10/0x10
[  161.728530][    C1]  ? kvm_sched_clock_read+0x11/0x20
[  161.728539][    C1]  ? __pfx_sched_clock_cpu+0x10/0x10
[  161.728546][    C1]  ? __local_bh_disable_ip+0xf1/0x190
[  161.728556][    C1]  handle_softirqs+0x286/0x870
[  161.728565][    C1]  ? run_ksoftirqd+0x9b/0x100
[  161.728574][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  161.728582][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  161.728590][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  161.728596][    C1]  run_ksoftirqd+0x9b/0x100
[  161.728605][    C1]  ? __pfx_run_ksoftirqd+0x10/0x10
[  161.728614][    C1]  smpboot_thread_fn+0x542/0xa60
[  161.728622][    C1]  ? smpboot_thread_fn+0x4d/0xa60
[  161.728630][    C1]  kthread+0x711/0x8a0
[  161.728640][    C1]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  161.728647][    C1]  ? __pfx_kthread+0x10/0x10
[  161.728656][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  161.728666][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  161.728673][    C1]  ? __pfx_kthread+0x10/0x10
[  161.728682][    C1]  ret_from_fork+0x439/0x7d0
[  161.728691][    C1]  ? __pfx_ret_from_fork+0x10/0x10
[  161.728700][    C1]  ? __switch_to_asm+0x39/0x70
[  161.728709][    C1]  ? __switch_to_asm+0x33/0x70
[  161.728718][    C1]  ? __pfx_kthread+0x10/0x10
[  161.728727][    C1]  ret_from_fork_asm+0x1a/0x30
[  161.728739][    C1]  </TASK>
[  161.731311][    C1] Kernel Offset: disabled

VM DIAGNOSIS:
18:01:01  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=ffff88804b032f98 RCX=ad7ae534bb7a8e00 RDX=ffffc90000007401
RSI=ffffffff8be33f60 RDI=ffffffff8be33f20 RBP=dffffc0000000000 RSP=ffffc90000007358
R8 =ffffc90000007fe0 R9 =0000000000000000 R10=ffffc90000007498 R11=fffff52000000e95
R12=ffffc90000007ff0 R13=ffffc90000000000 R14=ffffffff8dbe2d10 R15=dffffc0000000000
RIP=ffffffff81a671da RFL=00000a06 [-O---P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f08ac9db380 ffffffff 00c00000
GS =0000 ffff8880b8611000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f5d8dd4c0d0 CR3=0000000023e8c000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=ffffffff812b2d85 ffffffff812b2d85
XMM02=ffffffff89592c54 ffffffff812b2d85 XMM03=ffffffff823cb3d4 ffffffff823cb26d
XMM04=ffffffff812b8222 ffffffff812b7fc0 XMM05=ffffffff812b7c00 ffffffff812b7ba4
XMM06=ffffffff812b7b15 ffffffff812b77ab XMM07=ffffffff812b7734 ffffffff812b76d3
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fdbc6412fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000020 RBX=0000000000000020 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900001b68f0
R8 =ffff888107408237 R9 =1ffff11020e81046 R10=dffffc0000000000 R11=ffffffff855006f0
R12=dffffc0000000000 R13=ffffffff99b048c2 R14=ffffffff99df9460 R15=0000000000000000
RIP=ffffffff8550076c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c11000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00002000001eb030 CR3=000000010e6d6000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=6161616161616161 6161616161616161
XMM06=6161616161616161 6161616161616161 XMM07=6161616161616161 6161616161616161
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007fdbc6412fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
