last executing test programs:

11m36.795143876s ago: executing program 3 (id=31):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x4)

11m34.516712642s ago: executing program 3 (id=34):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@generic={0x0}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a}, 0x28)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bind$tipc(0xffffffffffffffff, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r3, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file2\x00', 0x2, &(0x7f0000000700)={[{@discard}, {@noquota}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@mblk_io_submit}, {@debug}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@bsdgroups}, {@init_itable_val={'init_itable', 0x3d, 0xfff}}], [{@context={'context', 0x3d, 'staff_u'}}, {@obj_role={'obj_role', 0x3d, '\x00f=\xd8'}}]}, 0xfa, 0x477, &(0x7f00000000c0)="$eJzs3M9vFFUcAPDvTH/w21bEHyBIFY3EHy0tP+TgRaMJB01M9IDxVNtCKgs1tCZCiFYPeDQk3o3/hfGkF6NeNPGqd0NCDBdQL2tmZwaWZbfd0m0X2M8nme57M6/73ndm3u6bebsbQM8ayf4kEVsj4o+IGMqztxYYyR+uX70w9c/VC1NJVKtv/53Uyl27emGqLFr+35Y8U60W+Q1N6r34XsRkpTJztsiPLZz+cGz+3PkXZ09Pnpw5OXNm4ujRQwf3DB6ZONyROLO4ru36ZG73zmPvXnpz6vil939O0sjjjoY4OmUk37tNPdPpyrpsW1066a/fsvfXm+lmZwLd1BcR2eEaqPX/oeiLTTe2DcXrn3e1ccCaqlar1SVelRerwH0siW63AOiO8o0+u/4tl3UaetwVrrySXwBlcV8vlnxLf6R5Yu9Aw/Xt1g7WPxIRxxf//TpbYo3uQwAA1Ps+G/+80Gz8l8YjeWIw+/NAMYcyHBEPRsT2iHgoInZExMMRtbKPRsRjK6y/cYbk9vFPevmOg2tDNv57uZjbunX8l5ZFhvuK3LZa/APJidnKzIFin+yPgQ0nZpOZ8SXq+OG1379sta1+/JctWf3lWLBox+X+hht005MLk6uJud6VzyJ29TeLP4lyGieJiJ0RsesO65h9rr/ltuXjX0Lrp21b9ZuIZ/PjvxgN8ZeSlvOT4y8dmTg8tjEqMwfGyrPidr/8dvGtVvWvKv4OyI7/5qbn/434h5ONEfPnzp+qzdfOr+jps64TF//8ouU1TRF/1r3aOf+PbSvO/8HkndqKwWLDx5MLC2fHIwaTN25fP3Hz2cp8WT6Lf/++5v1/e9zcE49HxO6I2BMRT2QXhUXbn4yIpyJi3xI74adXn/5gmfibHP/1mSvN4p9e7vhH/fFfeaLv1I/fLR//xohodfwP1VL7izXtvP6128DV7DsAAAC4V+SfgU/S0RvpNB0dzT/DvyM2p5W5+YXnT8x9dGY6n/cejoG0vNM1VHc/dLy4N1zmJxryB4v7xl/1barlR6fmKtPdDh563JYW/T/zV1+3WwesuQ7MowH3KP0fepf+D70p0f+hp+n/0Lua9f9PW5Ye/XZNGwOsK+//0Lva6P+L+UPrUQFwb/L+D71L/4ee1PK78emqvvK/7on/it8zvFvac/8nIr0rmnH/J/rb/jGLFSSqQ3n/z9ZsaFqm269MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnfF/AAAA//8Qi+Nc")
close(0xffffffffffffffff)

11m33.37221364s ago: executing program 3 (id=36):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800002, 0xe)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="280000002100050125bd7000000000000200000000", @ANYRES32], 0x28}}, 0x0)
r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
r5 = fsmount(r4, 0x0, 0x80)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x12, 0x4, &(0x7f0000000340)=ANY=[@ANYRESHEX=r3], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock_addr=0xe, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
close(r4)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000040)={r6, r5, 0x20, 0x0, @val=@tcx}, 0x1c)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x6}]})
socket$inet6_tcp(0xa, 0x1, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
socket(0x80000000000000a, 0x2, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet6(0xa, 0x3, 0x100)

11m32.074909586s ago: executing program 3 (id=37):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x404c004)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0x180c8, &(0x7f00000006c0)=ANY=[@ANYBLOB="6e66732c646f74732c636865636b3d7374726963742c646f74732c6572726f72733d72656d6f756e742d726f2c00fc403bb14281bbfb9b8213bd6284536d64789a24dd73b98b3e33cb47fed8a736464bb62e9e891aa832722dfc28bfa4489b3a127a503e72326b737d0f67c97be6f37ef46154dec39ef8718946ffc8cd4d735a0b101c1722477bbe2f923577ea51f7116f17c3ddf5c497fba2d0bb3272d123b31e9461d4e2d65a42e1174fa269de92e463fc1ca202650fe2628e15341e45dce6c0de2367bdb50cc5b2b462e1d45fc3265f1a88561ab6afb1b73a3b340b5c73055fc6e601843a59f3cdeb36991cfa985453287d4c9d2d6e21adddc57a607369c682e821b20dc0efd51d12f386f3f8e53c05e696e50c7c3f79b1b0bd7e5cfaf3f63d8949c8dd2fd94aa0f259a4cb9412c30c45f9d4d63d267d2a43f03a47fa56b3"], 0x1, 0x242, &(0x7f0000000300)="$eJzs3bFqFFEUBuBjskmWNKYWiwEbq0WtbBeJIA4IK1No5UC0SUSYNKPVPIbP4CP5GKnSjZhZsklcbczm7s58Hyz3wM/Cuc3eLc6d+fDw8/HRl9NP7c/vMR5nMYpo2jbiILZiOzr35uvWRb0bVzUBAGya2aycpu6B1aqqabkTEXt/JMWPJA0BAAAAAAAAAADw35bN/8e5+X8A6DPz//1XVdNyf/7/7Trz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA65217v/3HJ3V/AMDtc/4DwPA4/wFgeJz/ADA8b9+9fz3N88NZlo0jzpq6qItu7fKXr/LDJ9mFg8W3zuq62L7Mn3Z5dj3fif15/mxpvhuPH3X57+zFm/xGvhdHq98+AAAAAAAAAAAAAAAAAAAArIVJdmnp/f7J5G95V115PsCN+/ujeDC6s20AAAAAAAAAAAAAAAAAAADARjv9+u24PDn5WCl6U8TztWjjrouItWijL0XqXyYAAAAAAAAAAAAAAAAAABiexaXf1J0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQDqL9/+vroiIpu2k3i4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQY78CAAD//139ms4=")
lgetxattr(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x0, 0x0)
syz_clone(0x41200111, 0x0, 0x0, 0x0, 0x0, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x183042, 0x15)

11m31.292760876s ago: executing program 3 (id=39):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300", 0xffffffff}, 0x48, 0xffffffffffffffff)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff)

11m30.23763977s ago: executing program 3 (id=42):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r0 = openat$binderfs_ctrl(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
connect$unix(r2, &(0x7f0000000200)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0x2000000000000308, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1cbb}, 0x94)
capset(0x0, &(0x7f0000000180)={0xced, 0x7, 0x4, 0x30, 0x200, 0x5})
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
sendfile(r4, r4, 0x0, 0x1)

11m28.854152701s ago: executing program 32 (id=42):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
r0 = openat$binderfs_ctrl(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$BTRFS_IOC_SYNC(r0, 0x9408, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
connect$unix(r2, &(0x7f0000000200)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0x2000000000000308, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x7, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1cbb}, 0x94)
capset(0x0, &(0x7f0000000180)={0xced, 0x7, 0x4, 0x30, 0x200, 0x5})
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r4 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
sendfile(r4, r4, 0x0, 0x1)

16.754742077s ago: executing program 1 (id=1593):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001030000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, &(0x7f0000000000)={0x40, 0x7, 0x2, {0x2, 0x10}}, 0x0}, 0x0)

14.757843286s ago: executing program 0 (id=1595):
r0 = syz_open_procfs(0x0, 0x0)
read$FUSE(r0, &(0x7f00000025c0)={0x2020}, 0x2020)
preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000000)=""/85, 0x55}], 0x1, 0x80000000, 0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
socket(0xa, 0x3, 0x3a)
socket$inet6(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000440)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r4, 0x84, 0x81, 0x0, 0x0)

13.459548391s ago: executing program 0 (id=1599):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
r0 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYRESHEX=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de13577133898fe1184f05568ab3"], 0x20}}, 0xc000)
r2 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

11.05887251s ago: executing program 4 (id=1601):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\', @ANYRES16, @ANYBLOB="0100000000000000000014000000080002"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x800000, &(0x7f0000000180)=ANY=[@ANYBLOB='utf8=1,iocharset=cp1255,uni_xlate=0,check=strict,utf8=0,uni_xlate=0,utf8=0,codepage=850,check=relaxed,shortname=winnt\x00\x00hortname=lower,shortname=win95,shortname=win95,nonumtail=0,shortname=mixed,uni_xlate=1,allow_utime=00000000000000000000777,\x00'], 0xff, 0x371, &(0x7f0000000280)="$eJzs3T1oZNUXAPAz8yYzycL/n3SiIIx2gsbNdtqYIFlYTKMy+FGIg5tVmcQiwWBSbBILF0vBUis7BS0sxFIERewsbF1BVhcL3W7BxSszbz7efCSbrEQJ/n7FzN37znnn3veGmbePmZsXF6N1cSou3bhxLaanS1FZfHwxbpZiLrLo2Ytx1Ql9AMDpcDOl+D3ljphSOuEhAQAnrPP5/3JE1GMu73nzq8Pik09/ADj1uv//nzksZvqgDfUTGRIAcMLG7v/fP7S5WomoRqX3z0rhWwEAwGn19HPPP7G0EvFUvT4dsX5lq7HViEcH25cuxauxFqtxNmbjVkR+odB+KHUez19YWT5br9fL8fNcNCKi3E1s5FcKS1knvxYLMRtz3fz2pUbqtLPzn64sL9Q7ImJvt1M/1ktbjak4063/w5lYHVx49HbSeYq4sLJ8rt7dQWO9l78bsT+4b9Ee/3zMxncv9XeTUu8bjCvLlxd6gx7kbzVqcbF/FA68AwIAAAAAAAAAAAAAAAAAAAAAAHdkvt43118/J7Wf85Vy5ucnbO+sj5Pnd9cH2s/XB0q1FCn99sZDjbezGFofaHR9ni0LCQIAAAAAAAAAAAAAAAAAAEDf5nY1mmtrqxub2zutYmN3Y3O7HBHtnte++fjLmRiPuU2jkpeoRfRL1Ltld1rNlPWCUxYxnp61i/d6PvysP+JiTK0/i4nDqA1vKg/F/O++n94bBN+b9fb85yAmi8kTzArDeGyk6Pr/8yEd50D1G+eKPbXx6ldTSoWet4rpl18Y32GUIirHP3E7rXLnvG9Pd4/vUExqN76+9srdvaPf/CLlHnhw9pmr735wvdVca1eOzhmsbmzeSq1mqRd8rMMyU6xeirxRKr4SKs3rDx+Yvj/c08y+//XZe9759mjVU7Hn9fbreSQmy6fzyWh6NW+0hzk6nUH6VHcSa6tTE178t2vcwTm96/3PP0rpx1+OXGKgPPa2UfrbbzwAAAAAAAAAAAAAAAAAAMCYwm/Fu7o/9p06LOuRJ09+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwzxn8/f9CY38vRnr6jb2xnn7jj90JWbXVjSvVf3uSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD85/0VAAD//zYMU/U=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
write$UHID_DESTROY(r3, &(0x7f0000000000), 0x4)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f00000005c0))
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
stat(&(0x7f0000000100)='./bus\x00', &(0x7f0000000640))
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$binfmt_script(r1, 0x0, 0xb)
splice(r0, 0x0, r5, 0x0, 0x80, 0x0)

11.019441992s ago: executing program 0 (id=1602):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
syz_init_net_socket$netrom(0x6, 0x5, 0x0)

11.009170523s ago: executing program 1 (id=1603):
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
sched_setscheduler(0x0, 0x1, 0x0)
io_uring_setup(0x30aa, &(0x7f00000007c0)={0x0, 0x760, 0x80, 0x1, 0x14c})
socket$alg(0x26, 0x5, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0)
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0)

8.218645181s ago: executing program 0 (id=1605):
io_cancel(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000000300), 0x0, 0x2090)
sendto$inet(r3, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
shutdown(r3, 0x1)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x328, 0xa8, 0x1e8, 0xfeffffff, 0x290, 0xa8, 0x290, 0x290, 0xffffffff, 0x290, 0x290, 0x5, 0x0, {[{{@ip={@broadcast, @remote, 0x0, 0x0, 'dummy0\x00', 'geneve0\x00'}, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @port, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1e8}}, {{@ip={@rand_addr=0x64010100, @multicast1, 0x0, 0xffffffff, 'veth1_to_bond\x00', 'ip_vti0\x00', {0xff}, {0xff}, 0x89, 0x1, 0xa}, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @icmp_id=0x67, @gre_key=0x4}}}}, {{@ip={@private, @local, 0x0, 0x0, 'veth1_virt_wifi\x00', 'pim6reg0\x00'}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @local, @loopback, @icmp_id=0x67, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x388)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c636865636b3d72656c617865642c646d61736b3d30303030303030303030303030303030303030303036322c666c7573682c00ed65503ccec9beef4e3a71579390a78893cf794eabe67967531177a5a8a723cb36529bc238be0bc2df664dee9ab34c2269c61c143e0c11a83b8a7214e0a160bcc29b3c030bf99ccb18520651f6cb1a99bbe9b6f8235a156c38c8cb2a8312538163a9da8fb380c7caa6475b7003c0e3003e88bd4ef6abe8b7c2dad0d8e397576687df8ae41502420d0aba004f5b98e9a286"], 0x1, 0x29b, &(0x7f0000000340)="$eJzs3c9LFG0AB/DHVfHFF8XTy1uXHurUZVDPHZRQkBaKcoMKghHHWnbalZ097EoHO3cJOvYfRMduQfQP+F90k0A8ecqw8dcKXdI08PO5zJf5zjM8zww8c5zNW29eNFaKZCXthMrMQKjMhFDZGQgToRIOrIebb1+9e/3g0eM7s9Xq3P0Y52cXp6ZjjOPXPj95+eH6l86/Dz+OfxoJGxNPN7emv278t3Fl8/vi83oR60VstjoxjUutViddyrO4XC8aSYz38iwtslhvFlm7r1/JW6urvZg2l8dGV9tZUcS02YuNrBc7rdhp92L6LK03Y5IkcWw0cBq19zu7u2Frt3TRs+H8ef+X27FN/Z8Qtte7tW6tPJb9/EJ1bjL+NHw0arvbrQ0e9lNlH/v74TC630+f7A8+LTfKfq+7fbd6YvxIWP7DawcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODySuKhiaOz291ubbDsk1/1ZZpfqM5N7l/Q3w+Fq0PntgwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOJWit9ZI8zxrC78f9h7kXzANQTi7cNE7EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJy//p/YAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFkVvbVGmudZ+6zCt//LGx+rLnqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBaPwIAAP//P3honA==")
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000006c0)=ANY=[], 0xff2e)

7.855211879s ago: executing program 1 (id=1606):
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket(0x10, 0x3, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
getrlimit(0xc, &(0x7f0000000300))
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6)
socket$netlink(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x2)
mount$tmpfs(0x0, &(0x7f0000000040)='.\x00', &(0x7f0000000280), 0x2000001, &(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16])
write(r4, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r6, {0x0, 0xfff3}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x4c840)
sendmsg$nl_route_sched(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x24, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xb}, {0x0, 0xfff3}, {0xd, 0x300}}}, 0x24}, 0x1, 0x0, 0x0, 0x20041090}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', <r8=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0xfffffffffffffe07, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x1, 0x1009, 0x7f}, {0x12, 0x2, 0x1000, 0x401, 0x8001}, 0x40000, 0x4000005, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xfff1, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0xf}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000814}, 0x10)

7.136273905s ago: executing program 4 (id=1607):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_io_uring_setup(0x2af7, &(0x7f0000000380)={0x0, 0x200525e4, 0x10100, 0x2, 0x202e4}, 0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, &(0x7f00000000c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x31a0}})
io_uring_enter(r1, 0x2648, 0x1d5e, 0x2, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r4 = fcntl$dupfd(r3, 0x406, r3)
read$FUSE(r4, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000240)=0x3)
read$dsp(r0, &(0x7f0000000280)=""/79, 0x4f)

6.42541403s ago: executing program 2 (id=1609):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000000), 0x400000000000041, 0x0)
creat(0x0, 0xd7)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080))
close_range(r1, 0xffffffffffffffff, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
socket$inet_mptcp(0x2, 0x1, 0x106)

6.147703344s ago: executing program 2 (id=1610):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
r0 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYRESHEX=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de13577133898fe1184f05568ab3"], 0x20}}, 0xc000)
r2 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

5.975117773s ago: executing program 2 (id=1611):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="1201000059d360205f0501d09288000000010902120001030000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000480)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000140)={0x14, &(0x7f0000000000)={0x40, 0x7, 0x2, {0x2, 0x10}}, 0x0}, 0x0)

4.905897806s ago: executing program 4 (id=1612):
r0 = eventfd2(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
waitid(0x2, 0x0, 0x0, 0x1000000, 0x0)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000600)={@map, 0x1e, 0x0, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, <r5=>0x0}, 0x40)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r6, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r6, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r6, 0x1, 0x8, 0x0, 0x0)
connect$inet6(r6, &(0x7f0000000140)={0xa, 0x4e22, 0x56202329, @empty, 0x4000005}, 0x1c)
sendmmsg$inet6(r6, &(0x7f0000000900)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000000680)}], 0x1}}], 0x1, 0x4000001)
getsockopt$inet6_int(r6, 0x29, 0x2, 0x0, &(0x7f00000000c0))
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000680)={@fallback=r0, r4, 0x10, 0x2018, 0x0, @value, @void, @void, @void, r5}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000002000000851000000600000018020000", @ANYRES32, @ANYBLOB], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x94)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="170e0000000000000000010000600500070000000000080009000000000014001f000000000000000000000000000000000008000a0000000000060002000100000014002000"], 0x5c}}, 0x0)

4.905112196s ago: executing program 0 (id=1613):
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0x80000100008b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
syz_init_net_socket$netrom(0x6, 0x5, 0x0)

4.725392035s ago: executing program 1 (id=1614):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

4.532268885s ago: executing program 1 (id=1615):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\', @ANYRES16, @ANYBLOB="0100000000000000000014000000080002"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r2, 0xaf01, 0x0)
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x800000, &(0x7f0000000180)=ANY=[@ANYBLOB='utf8=1,iocharset=cp1255,uni_xlate=0,check=strict,utf8=0,uni_xlate=0,utf8=0,codepage=850,check=relaxed,shortname=winnt\x00\x00hortname=lower,shortname=win95,shortname=win95,nonumtail=0,shortname=mixed,uni_xlate=1,allow_utime=00000000000000000000777,\x00'], 0xff, 0x371, &(0x7f0000000280)="$eJzs3T1oZNUXAPAz8yYzycL/n3SiIIx2gsbNdtqYIFlYTKMy+FGIg5tVmcQiwWBSbBILF0vBUis7BS0sxFIERewsbF1BVhcL3W7BxSszbz7efCSbrEQJ/n7FzN37znnn3veGmbePmZsXF6N1cSou3bhxLaanS1FZfHwxbpZiLrLo2Ytx1Ql9AMDpcDOl+D3ljphSOuEhAQAnrPP5/3JE1GMu73nzq8Pik09/ADj1uv//nzksZvqgDfUTGRIAcMLG7v/fP7S5WomoRqX3z0rhWwEAwGn19HPPP7G0EvFUvT4dsX5lq7HViEcH25cuxauxFqtxNmbjVkR+odB+KHUez19YWT5br9fL8fNcNCKi3E1s5FcKS1knvxYLMRtz3fz2pUbqtLPzn64sL9Q7ImJvt1M/1ktbjak4063/w5lYHVx49HbSeYq4sLJ8rt7dQWO9l78bsT+4b9Ee/3zMxncv9XeTUu8bjCvLlxd6gx7kbzVqcbF/FA68AwIAAAAAAAAAAAAAAAAAAAAAAHdkvt43118/J7Wf85Vy5ucnbO+sj5Pnd9cH2s/XB0q1FCn99sZDjbezGFofaHR9ni0LCQIAAAAAAAAAAAAAAAAAAEDf5nY1mmtrqxub2zutYmN3Y3O7HBHtnte++fjLmRiPuU2jkpeoRfRL1Ltld1rNlPWCUxYxnp61i/d6PvysP+JiTK0/i4nDqA1vKg/F/O++n94bBN+b9fb85yAmi8kTzArDeGyk6Pr/8yEd50D1G+eKPbXx6ldTSoWet4rpl18Y32GUIirHP3E7rXLnvG9Pd4/vUExqN76+9srdvaPf/CLlHnhw9pmr735wvdVca1eOzhmsbmzeSq1mqRd8rMMyU6xeirxRKr4SKs3rDx+Yvj/c08y+//XZe9759mjVU7Hn9fbreSQmy6fzyWh6NW+0hzk6nUH6VHcSa6tTE178t2vcwTm96/3PP0rpx1+OXGKgPPa2UfrbbzwAAAAAAAAAAAAAAAAAAMCYwm/Fu7o/9p06LOuRJ09+ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwzxn8/f9CY38vRnr6jb2xnn7jj90JWbXVjSvVf3uSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD85/0VAAD//zYMU/U=")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
write$UHID_DESTROY(r3, &(0x7f0000000000), 0x4)
ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f00000005c0))
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r4=>0x0)
stat(&(0x7f0000000100)='./bus\x00', &(0x7f0000000640))
seccomp$SECCOMP_GET_ACTION_AVAIL(0x2, 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r4, 0x1, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
write$binfmt_script(r1, 0x0, 0xb)
splice(r0, 0x0, r5, 0x0, 0x80, 0x0)

3.720237695s ago: executing program 4 (id=1616):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_io_uring_setup(0x23c, 0x0, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')

2.582861282s ago: executing program 4 (id=1617):
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x1c9a82, 0x20)
bind$inet6(r0, 0x0, 0x0)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xbc44)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0x4004, &(0x7f0000000840)={[{@jqfmt_vfsv1}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x6}}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@oldalloc}], [{@euid_gt}, {@dont_appraise}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x34, 0x63, 0x38, 0x66, 0x30, 0x32, 0x63], 0x2d, [0x62, 0x33, 0x36, 0x35], 0x2d, [0x6c, 0x61, 0x31, 0x38], 0x2d, [0x36, 0x35, 0x30, 0x30], 0x2d, [0x62, 0x6, 0x63, 0x30, 0x34, 0x34, 0x34, 0x37]}}}]}, 0x0, 0x260, &(0x7f0000000bc0)="$eJzs3TFoHXUcB/Df3XvPmOQhURdBUEFENBDiJrrERSEgIYgIKkQkuCiJEBPc8pxcHHRWyeQSpFvTjiVL6NJS6JS2GdKl0IYODR3a4ZV7l5Q074WGvJd3pff5wCPvLv97v99x9/3fLccFUFojETEREZWIGI2IWkQkBwe8lX9G9hZXBjdmIprNL+4mrXH5cm5/u+GIaETEhxGxnibxYzViae2b7fubn737x2Ltnf/Wvh7s4S4MHXfgzvbW57v/Tv1+dvKDpctXb08lMRH1J/ar95IO66pJxCunUewZkVSL7oDjmP71zLUs969GxNut/Ncijfzg/bnwwnot3v/nqG3/unPl9X72CvRes1nLroGNJlA6aUTUI0nHIiL/nqZjY/k9/PXKUPrT/MIvoz/ML87NFj1TAb1Sj9j69PzAueFD+b9VyfMfES8W3SNwOrL8fzm9eiP7vlspuhugn7L8j363/F7IP5SO/EN5yT+UxUjbGvmH8pJ/KC/5h/KSfyivQ/kfKLofoH9Odv1vmifgOeD+H8rgo9n5Dk+2H8w/AFAuzYGin0AGilL0/AMAAAAAAAAAAAAAAAAAALRbGdyY2f/0q+bFvyN2PomIaqf6ldb7iPdfQzx0L8mGPZbkmx2lcZz6377ZTffd+7/gp69futnPar+1rbn0Rj/rt1uei2hkbY1Xq+3nX7J3/p3cy0/5f+37Lgt06eOviq3/cLXY+pObERey+We80/yTxmutv53nn3p2/Lqs//ODLn8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvnkUAAD//8l2cMU=")
socket(0x10, 0x803, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
fchmod(0xffffffffffffffff, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000400)=@filter={'filter\x00', 0x2, 0x4, 0x3b8, 0xffffffff, 0xd0, 0xd0, 0xd0, 0xfeffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@remote, @mcast1, [], [0xff000000], 'macsec0\x00', 'bond_slave_0\x00', {}, {}, 0x0, 0x0, 0x2}, 0x2f2, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x6}}}, {{@uncond, 0x0, 0xa8, 0x118}, @common=@unspec=@NFLOG={0x70, 'NFLOG\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, "ddabf53d9b1435965491f6531877000001e770b667f10900000000000000e3121114449fd20ba2be6e45cae72a972f25170163232ed996b4789b9d00"}}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@ah={{0x30}, {[0x4d4, 0x4d6], 0x1, 0x3, 0x3}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x418)
chmod(&(0x7f0000000380)='./file1\x00', 0x122)
truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd)
sendfile(r0, r1, 0x0, 0xe3aa6e6)
futex(&(0x7f0000000000), 0x4, 0x0, &(0x7f0000000080)={0x77359400}, &(0x7f00000000c0)=0x2, 0x0)
syz_mount_image$vfat(&(0x7f0000000500), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0], 0x26, 0x34b, &(0x7f0000000a80)="$eJzs3TtoZNUbAPBv9uYN+0+KPwStRjtBlk3EQquEZYXFFLoy+GocTNZH7riQwYFskdlpFEvFRtDKzkLLrcVCxM7C1hVkVWzcbmEXr8zcm5k7j2hWTOKyv18RPr5zvjnn3HvC3LxOXlmL7c3puHTz5o2Ym6vE1Nq5tbhViaU4FUnkrsaIzmgCALiX3Mqy+D3LldLLk3t/sLAfzRzD3ACAo9F7/3/t9CAxe5KzAQCOwwFf/496ZmL28pFNCwA4QmPv/w8PNY98m3+q/zsBAMC967kXX3p6fSPiYrU6F9F4t1Vr1eLJQfv6pXgj0tiKs7EYdyLyB4X8aaH78akLG+fPVrt+Xopat6JVi2i0W7X8SWE96dXPxkosxlJRn/Xrk279Sq++GhFX273xo1Fp1aZjoRj/h4XYitVYjP+P1Udc2Di/Wi1eoNbYr29HdGJufxHd+Z+Jxfju1bgcaWxGt3Yw/72VavVctlGqr/d+ELJ5EjcEAAAAAAAAAAAAAAAAAAAAAID7wplq31L//Jus0W69c3G0w1L5fJ1WLW8uzgfq5OcDZbP7p/O8l4yeDzR8Pk+rNhWnTnTlAAAAAAAAAAAAAAAAAAAA8N/R3J2Jeppu7TR3r2yXg3Yp89Y3n381H6N93kwGmZjKX26oT5GLUlUS/fKsX54lQ32KIIkYdP7sWn/GeSaZsJaxVcz2FljOVIo51dP09EM/fTw26O6V7T8GmSTGLstwUClGLjU1/pen/qLq4GD1b/pcz7LsoPK9j8arohIxNXbj/o3g6xuvP/BYc/nxXubL4tCHRx5dfP76h5/+ul1Po7g0aTqz07yT/eOxktL+qRTXuRITNtvEoDPIdHaau/Xk+99eePD9b4f6zI9tkiLIypm394O54dtdT9MvRkefyYPuNA+z0ukJm39y8PLt/u69+4u5/Mla/drej78ctqr0ieWgDgAAAAAAAAAAAAAAAAAAOBalvxW/C088e3QzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDjN/j//6WgM5Y5THC7HeNNs1s7zQMHnz/WpQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcB/7MwAA//+xzHAn")

1.274303027s ago: executing program 0 (id=1618):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000000), 0x400000000000041, 0x0)
creat(0x0, 0xd7)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r2 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
r3 = syz_open_dev$dri(&(0x7f00000008c0), 0x1, 0x400)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r4, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r3, 0xc06864ce, &(0x7f0000000340)={r5, 0x0, 0x0, 0x0, 0x1, [<r6=>0x0], [0x0, 0x7], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000080)={r6})
close_range(r1, 0xffffffffffffffff, 0x0)
socket$rxrpc(0x21, 0x2, 0x2)
socket$inet_mptcp(0x2, 0x1, 0x106)

1.184036031s ago: executing program 2 (id=1619):
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40081c4}, 0x44000)
r0 = socket(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0200000004000000020000000c000000001466bfdac3c37dd5273545b9193c412d42832b1bc897a82f6f0b95c99bcf82e5ef1a49736b94ceead334e440a96111d5713c3408ca3de393208cc5dfb2d637ec39407436c4494f"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000980)=ANY=[@ANYRESHEX=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000080)={0x0, 0x2, 0x3, 0x0, 0xad7}, 0x14)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=ANY=[@ANYBLOB="2000000040000701feffffff00000000017c000004004280040001800400028016a31fdf7ce10161d410ff422b8e2fbb5087050c7166e190fcfe13dbf82a57a82fefc92afd799452a689e3a5505df1e8cf0c701ad72839279467c82e3fe76ffc80600202809d4dcd4cc067db037194463cde68290cc1221d89661e517136f46f8a5ac4d4f3c149b0088309c4099b3eff05da02de13577133898fe1184f05568ab349"], 0x20}}, 0xc000)
r2 = socket$alg(0x26, 0x5, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000008c0)=ANY=[], 0xbc}}, 0x0)
bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0)

887.171456ms ago: executing program 1 (id=1620):
r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_io_uring_setup(0x2af7, &(0x7f0000000380)={0x0, 0x200525e4, 0x10100, 0x2, 0x202e4}, &(0x7f0000000140)=<r2=>0x0, 0x0)
syz_io_uring_submit(r2, 0x0, &(0x7f00000000c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x31a0}})
io_uring_enter(r1, 0x2648, 0x1d5e, 0x2, 0x0, 0x0)
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
r4 = fcntl$dupfd(r3, 0x406, r3)
read$FUSE(r4, 0x0, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000240)=0x3)
read$dsp(r0, &(0x7f0000000280)=""/79, 0x4f)

845.162538ms ago: executing program 2 (id=1621):
r0 = openat$kvm(0x0, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, 0x0)

156.483452ms ago: executing program 4 (id=1622):
io_cancel(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, 0x0, 0x0)
sendmmsg$inet(r3, &(0x7f0000000300), 0x0, 0x2090)
sendto$inet(r3, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)
shutdown(r3, 0x1)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x670, 0x5, 0x328, 0xa8, 0x1e8, 0xfeffffff, 0x290, 0xa8, 0x290, 0x290, 0xffffffff, 0x290, 0x290, 0x5, 0x0, {[{{@ip={@broadcast, @remote, 0x0, 0x0, 'dummy0\x00', 'geneve0\x00'}, 0x0, 0x70, 0xa8}, @REDIRECT={0x38, 'REDIRECT\x00', 0x0, {0x1, {0x0, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @port, @gre_key}}}}, {{@uncond, 0x0, 0x70, 0x98, 0x0, {0x0, 0x7}}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0x1e8}}, {{@ip={@rand_addr=0x64010100, @multicast1, 0x0, 0xffffffff, 'veth1_to_bond\x00', 'ip_vti0\x00', {0xff}, {0xff}, 0x89, 0x1, 0xa}, 0x0, 0x70, 0xa8}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x0, @local, @local, @icmp_id=0x67, @gre_key=0x4}}}}, {{@ip={@private, @local, 0x0, 0x0, 'veth1_virt_wifi\x00', 'pim6reg0\x00'}, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x0, @local, @loopback, @icmp_id=0x67, @icmp_id}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x388)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000080)='./file0\x00', 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c636865636b3d72656c617865642c646d61736b3d30303030303030303030303030303030303030303036322c666c7573682c00ed65503ccec9beef4e3a71579390a78893cf794eabe67967531177a5a8a723cb36529bc238be0bc2df664dee9ab34c2269c61c143e0c11a83b8a7214e0a160bcc29b3c030bf99ccb18520651f6cb1a99bbe9b6f8235a156c38c8cb2a8312538163a9da8fb380c7caa6475b7003c0e3003e88bd4ef6abe8b7c2dad0d8e397576687df8ae41502420d0aba004f5b98e9a286"], 0x1, 0x29b, &(0x7f0000000340)="$eJzs3c9LFG0AB/DHVfHFF8XTy1uXHurUZVDPHZRQkBaKcoMKghHHWnbalZ097EoHO3cJOvYfRMduQfQP+F90k0A8ecqw8dcKXdI08PO5zJf5zjM8zww8c5zNW29eNFaKZCXthMrMQKjMhFDZGQgToRIOrIebb1+9e/3g0eM7s9Xq3P0Y52cXp6ZjjOPXPj95+eH6l86/Dz+OfxoJGxNPN7emv278t3Fl8/vi83oR60VstjoxjUutViddyrO4XC8aSYz38iwtslhvFlm7r1/JW6urvZg2l8dGV9tZUcS02YuNrBc7rdhp92L6LK03Y5IkcWw0cBq19zu7u2Frt3TRs+H8ef+X27FN/Z8Qtte7tW6tPJb9/EJ1bjL+NHw0arvbrQ0e9lNlH/v74TC630+f7A8+LTfKfq+7fbd6YvxIWP7DawcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODySuKhiaOz291ubbDsk1/1ZZpfqM5N7l/Q3w+Fq0PntgwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOJWit9ZI8zxrC78f9h7kXzANQTi7cNE7EwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJy//p/YAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcFkVvbVGmudZ+6zCt//LGx+rLnqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBaPwIAAP//P3honA==")
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x41, 0x0)
write$binfmt_aout(r6, &(0x7f00000006c0)=ANY=[], 0xff2e)

0s ago: executing program 2 (id=1623):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
read$FUSE(r3, &(0x7f0000002c00)={0x2020}, 0x2020)

kernel console output (not intermixed with test programs):

device number 3
[  288.329091][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  288.941795][ T7546] loop0: detected capacity change from 0 to 1024
[  288.995359][ T7546] EXT4-fs: Ignoring removed nomblk_io_submit option
[  289.086444][ T7546] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  289.452558][ T7540] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  290.011627][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.295106][ T7560] loop2: detected capacity change from 0 to 256
[  290.365659][ T7560] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  290.376722][ T7560] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  290.453027][ T7560] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xaa2dc89a, utbl_chksum : 0xe619d30d)
[  290.510543][   T28] audit: type=1800 audit(1773860872.454:17): pid=7560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.401" name="file1" dev="loop2" ino=1048628 res=0 errno=0
[  291.421187][ T7568] loop1: detected capacity change from 0 to 1024
[  291.442762][ T7568] EXT4-fs: Ignoring removed nomblk_io_submit option
[  291.499652][ T7568] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  291.777988][ T5819] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  291.827874][ T7578] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  292.137425][ T5819] usb 5-1: Using ep0 maxpacket: 8
[  292.148724][ T5819] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  292.159658][ T5819] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 3
[  292.297766][ T5819] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  292.333265][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.348096][ T5819] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  292.385508][ T5819] usb 5-1: config 0 descriptor??
[  292.622185][ T7585] loop0: detected capacity change from 0 to 1024
[  292.634041][ T7563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  292.662130][ T7585] EXT4-fs: Ignoring removed nomblk_io_submit option
[  292.676396][ T7563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  292.727852][ T7563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  292.746037][ T7585] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  292.797299][ T7563] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  293.159060][ T7592] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  293.836331][ T5819] usb 5-1: USB disconnect, device number 8
[  293.893883][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  293.979286][ T7596] netlink: 44 bytes leftover after parsing attributes in process `syz.1.411'.
[  294.048850][ T7596] bridge0: port 2(bridge_slave_1) entered disabled state
[  294.057165][ T7596] bridge0: port 1(bridge_slave_0) entered disabled state
[  294.473840][ T7606] loop0: detected capacity change from 0 to 16
[  294.506923][ T7606] erofs: (device loop0): mounted with root inode @ nid 36.
[  295.028940][   T28] audit: type=1800 audit(1773860876.984:18): pid=7614 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.416" name="file1" dev="loop0" ino=86 res=0 errno=0
[  295.050728][ T7613] fuse: Bad value for 'fd'
[  295.071652][ T7611] loop4: detected capacity change from 0 to 1024
[  295.080902][ T7611] EXT4-fs: Ignoring removed nomblk_io_submit option
[  295.103631][ T7611] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  295.459754][ T7618] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  295.485662][ T7619] loop2: detected capacity change from 0 to 1024
[  295.523393][ T7619] EXT4-fs: Ignoring removed nomblk_io_submit option
[  295.617139][ T7619] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  295.780107][ T6029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.259750][ T7627] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  297.288189][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.745784][ T7639] loop0: detected capacity change from 0 to 128
[  297.763936][ T7644] fuse: Bad value for 'fd'
[  297.790695][ T7639] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  297.829873][ T7639] ext4 filesystem being mounted at /103/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  297.914456][ T4756] Bluetooth: hci4: Frame reassembly failed (-84)
[  297.939762][ T7649] loop1: detected capacity change from 0 to 16
[  297.972557][ T7649] erofs: (device loop1): mounted with root inode @ nid 36.
[  298.196947][ T5863] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  298.724538][ T5863] usb 5-1: Using ep0 maxpacket: 8
[  298.733631][ T5863] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  298.743727][   T28] audit: type=1800 audit(1773860880.684:19): pid=7652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.429" name="file1" dev="loop1" ino=86 res=0 errno=0
[  298.780822][ T5863] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 3
[  298.790428][ T5863] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  298.804360][ T5863] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  298.827140][ T5863] usb 5-1: config 0 descriptor??
[  298.992530][ T7654] loop2: detected capacity change from 0 to 1024
[  299.017866][ T7654] EXT4-fs: Ignoring removed nomblk_io_submit option
[  299.076470][ T7642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  299.110277][ T7642] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  299.113408][ T7654] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  299.171659][ T7642] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  299.248708][ T7642] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  299.546664][ T5863] usb 5-1: USB disconnect, device number 9
[  299.554742][ T7661] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  299.899719][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.944594][ T5081] Bluetooth: hci4: command 0x1003 tx timeout
[  299.952148][ T5780] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  300.045090][ T5768] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  301.315237][ T7677] fuse: Bad value for 'fd'
[  301.480032][ T7682] loop1: detected capacity change from 0 to 16
[  301.499722][ T7682] erofs: (device loop1): mounted with root inode @ nid 36.
[  302.083354][ T7687] netlink: 44 bytes leftover after parsing attributes in process `syz.2.441'.
[  302.121060][ T7687] bridge0: port 2(bridge_slave_1) entered disabled state
[  302.130069][ T7687] bridge0: port 1(bridge_slave_0) entered disabled state
[  302.353443][   T28] audit: type=1800 audit(1773860884.304:20): pid=7682 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.439" name="file1" dev="loop1" ino=86 res=0 errno=0
[  302.444321][  T969] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  302.816386][  T969] usb 1-1: Using ep0 maxpacket: 8
[  303.035504][  T969] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  303.090952][  T969] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 3
[  303.140837][  T969] usb 1-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  303.211941][  T969] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.144220][  T969] usb 1-1: config 0 descriptor??
[  304.597335][ T7691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.633282][ T7691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.663739][ T7691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.700709][ T7702] netlink: 'syz.4.446': attribute type 6 has an invalid length.
[  304.709430][ T7691] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.740923][ T7702] netlink: 8 bytes leftover after parsing attributes in process `syz.4.446'.
[  304.760811][    T8] usb 1-1: USB disconnect, device number 4
[  304.996987][ T7704] loop2: detected capacity change from 0 to 512
[  307.249623][ T7713] loop2: detected capacity change from 0 to 256
[  307.280669][   T28] audit: type=1326 audit(1773860889.164:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7707 comm="syz.0.449" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f694d99c799 code=0x0
[  307.796067][ T7713] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  307.807238][ T7713] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  307.951324][ T7713] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xaa2dc89a, utbl_chksum : 0xe619d30d)
[  308.068698][   T28] audit: type=1800 audit(1773860889.944:22): pid=7713 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.450" name="file1" dev="loop2" ino=1048630 res=0 errno=0
[  308.287981][ T7719] loop0: detected capacity change from 0 to 16
[  308.358778][ T7719] erofs: (device loop0): mounted with root inode @ nid 36.
[  309.038666][ T7728] loop1: detected capacity change from 0 to 256
[  309.109542][   T28] audit: type=1800 audit(1773860891.064:23): pid=7724 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.452" name="file1" dev="loop0" ino=86 res=0 errno=0
[  309.141419][ T5763] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  309.181281][ T7728] FAT-fs (loop1): Directory bread(block 64) failed
[  309.196852][ T7728] FAT-fs (loop1): Directory bread(block 65) failed
[  309.203884][ T7728] FAT-fs (loop1): Directory bread(block 66) failed
[  309.239391][ T7728] FAT-fs (loop1): Directory bread(block 67) failed
[  309.246541][ T7728] FAT-fs (loop1): Directory bread(block 68) failed
[  309.284308][ T7728] FAT-fs (loop1): Directory bread(block 69) failed
[  309.306861][ T7728] FAT-fs (loop1): Directory bread(block 70) failed
[  309.335495][ T7728] FAT-fs (loop1): Directory bread(block 71) failed
[  309.342351][ T7728] FAT-fs (loop1): Directory bread(block 72) failed
[  309.362117][ T7728] FAT-fs (loop1): Directory bread(block 73) failed
[  310.288174][ T5763] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  310.300399][ T5763] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 32, changing to 7
[  310.420041][ T5763] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  310.430709][ T5763] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.444094][ T5763] usb 3-1: Product: syz
[  310.449596][ T5763] usb 3-1: Manufacturer: syz
[  310.472971][ T5763] usb 3-1: SerialNumber: syz
[  310.562420][ T5763] usb 3-1: config 0 descriptor??
[  310.985167][ T5763] usb 3-1: USB disconnect, device number 6
[  311.570379][ T5772] udevd[5772]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  311.767965][ T7738] loop0: detected capacity change from 0 to 1024
[  311.815357][ T7738] EXT4-fs: Ignoring removed nomblk_io_submit option
[  312.020294][   T28] audit: type=1326 audit(1773860893.974:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7741 comm="syz.2.460" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x0
[  312.100416][ T7738] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  312.882786][    T8] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  312.978518][ T7755] loop2: detected capacity change from 0 to 128
[  313.092931][ T7755] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  313.112257][    T8] usb 5-1: Using ep0 maxpacket: 8
[  313.163326][    T8] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  313.189030][ T7738] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  313.263999][ T7755] ext4 filesystem being mounted at /122/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  313.642217][    T8] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 3
[  313.652967][    T8] usb 5-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  313.662812][    T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  313.673792][    T8] usb 5-1: config 0 descriptor??
[  313.711410][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  313.778750][ T5769] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  313.912353][ T7747] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  313.953172][ T7747] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  313.972465][ T7761] loop2: detected capacity change from 0 to 1024
[  313.995505][ T7747] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  313.998665][ T7761] EXT4-fs: Ignoring removed nomblk_io_submit option
[  314.066324][ T7747] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  314.088765][    T8] usb 5-1: USB disconnect, device number 10
[  314.124840][ T7761] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  314.708365][ T7768] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  315.023057][ T7770] loop1: detected capacity change from 0 to 512
[  315.494778][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  317.130563][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 30 seconds
[  317.143283][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 30 seconds
[  317.155252][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 30 seconds
[  317.167635][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 30 seconds
[  317.186098][ T7778] loop4: detected capacity change from 0 to 256
[  317.223374][ T7778] FAT-fs (loop4): Directory bread(block 64) failed
[  317.240623][ T7778] FAT-fs (loop4): Directory bread(block 65) failed
[  317.262509][ T7778] FAT-fs (loop4): Directory bread(block 66) failed
[  317.317732][ T7778] FAT-fs (loop4): Directory bread(block 67) failed
[  317.373914][ T7778] FAT-fs (loop4): Directory bread(block 68) failed
[  317.407615][ T7778] FAT-fs (loop4): Directory bread(block 69) failed
[  317.455074][ T7778] FAT-fs (loop4): Directory bread(block 70) failed
[  317.461717][ T7778] FAT-fs (loop4): Directory bread(block 71) failed
[  317.554693][ T7778] FAT-fs (loop4): Directory bread(block 72) failed
[  317.561623][ T7778] FAT-fs (loop4): Directory bread(block 73) failed
[  317.709458][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  317.717123][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  317.738430][ T7784] loop1: detected capacity change from 0 to 1024
[  317.746432][ T7784] EXT4-fs: Ignoring removed nomblk_io_submit option
[  317.842821][ T7784] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  317.920092][ T7789] netlink: 44 bytes leftover after parsing attributes in process `syz.0.471'.
[  317.978564][ T7789] bridge0: port 2(bridge_slave_1) entered disabled state
[  317.986587][ T7789] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.283678][   T11] kworker/u4:0: attempt to access beyond end of device
[  318.283678][   T11] loop4: rw=1, sector=1224, nr_sectors = 484 limit=256
[  318.352931][ T7791] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  318.623345][ T7793] loop0: detected capacity change from 0 to 1024
[  318.682291][ T7793] EXT4-fs: Ignoring removed nomblk_io_submit option
[  318.840391][ T7793] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  318.867953][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  319.440236][ T7805] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  319.897633][   T28] audit: type=1326 audit(1773860901.844:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7800 comm="syz.2.469" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x0
[  319.946500][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  320.222362][ T7814] binder: 7813:7814 ioctl c0306201 0 returned -14
[  320.332861][  T969] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  320.550390][  T969] usb 2-1: Using ep0 maxpacket: 8
[  320.597167][  T969] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  320.654317][  T969] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 3
[  320.693387][  T969] usb 2-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[  320.713425][  T969] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  320.744522][  T969] usb 2-1: config 0 descriptor??
[  320.975975][ T7808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  320.998825][ T7808] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  321.028528][ T7808] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  321.225344][ T7808] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  321.471054][ T5819] usb 2-1: USB disconnect, device number 5
[  322.239940][ T7840] loop0: detected capacity change from 0 to 1024
[  322.255436][ T7840] EXT4-fs: Ignoring removed nomblk_io_submit option
[  322.336229][ T7840] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  322.805512][ T7846] netlink: 12 bytes leftover after parsing attributes in process `syz.1.486'.
[  322.867147][ T7849] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  323.284347][   T28] audit: type=1326 audit(1773860905.224:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7844 comm="syz.1.486" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d5bf9c799 code=0x0
[  323.380812][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  324.027373][ T7855] loop0: detected capacity change from 0 to 512
[  327.351776][ T7901] loop0: detected capacity change from 0 to 1024
[  327.516653][ T7901] EXT4-fs: Ignoring removed nomblk_io_submit option
[  327.891341][ T7901] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  328.547757][ T7901] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  328.698877][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.361118][ T7942] loop0: detected capacity change from 0 to 512
[  333.270531][ T7953] loop1: detected capacity change from 0 to 1024
[  333.302179][ T7953] EXT4-fs: Ignoring removed nomblk_io_submit option
[  333.424485][ T7953] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  333.862225][ T7965] tmpfs: Unknown parameter 'ÿÿ'
[  334.205583][ T7967] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  334.654464][ T7953] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  334.829716][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.477799][ T7995] loop2: detected capacity change from 0 to 512
[  337.685419][ T7997] loop4: detected capacity change from 0 to 1024
[  337.712448][ T7997] EXT4-fs: Ignoring removed nomblk_io_submit option
[  337.786720][ T7997] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  337.931413][ T7986] loop1: detected capacity change from 0 to 512
[  337.961196][ T7986] EXT4-fs: Ignoring removed mblk_io_submit option
[  338.090270][ T7986] ext3: Unknown parameter 'context'
[  338.246773][ T8004] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  338.581952][ T6029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.837108][ T8029] loop4: detected capacity change from 0 to 512
[  341.444813][ T8037] loop2: detected capacity change from 0 to 1024
[  341.452485][ T8037] EXT4-fs: Ignoring removed nomblk_io_submit option
[  341.511563][ T8037] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  341.878211][ T8043] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  341.889421][ T8043] cramfs: wrong magic
[  341.947638][ T8035] netlink: 12 bytes leftover after parsing attributes in process `syz.1.537'.
[  342.064797][ T8044] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  342.231543][ T8046] netlink: 44 bytes leftover after parsing attributes in process `syz.0.540'.
[  342.381597][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.549623][ T8052] loop1: detected capacity change from 0 to 256
[  342.640394][ T8052] exFAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  342.651427][ T8052] exFAT-fs (loop1): Medium has reported failures. Some data may be lost.
[  342.713578][ T8052] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xaa2dc89a, utbl_chksum : 0xe619d30d)
[  342.779456][   T28] audit: type=1800 audit(1773860924.714:27): pid=8052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.542" name="file1" dev="loop1" ino=1048634 res=0 errno=0
[  343.500219][ T8058] loop0: detected capacity change from 0 to 256
[  343.666092][ T8058] FAT-fs (loop0): Directory bread(block 64) failed
[  343.692631][ T8058] FAT-fs (loop0): Directory bread(block 65) failed
[  343.712542][ T8058] FAT-fs (loop0): Directory bread(block 66) failed
[  343.753149][ T8058] FAT-fs (loop0): Directory bread(block 67) failed
[  343.803626][ T8058] FAT-fs (loop0): Directory bread(block 68) failed
[  343.851594][ T8058] FAT-fs (loop0): Directory bread(block 69) failed
[  343.880591][ T8058] FAT-fs (loop0): Directory bread(block 70) failed
[  343.921531][ T8058] FAT-fs (loop0): Directory bread(block 71) failed
[  343.950802][ T8064] loop1: detected capacity change from 0 to 512
[  343.989606][ T8058] FAT-fs (loop0): Directory bread(block 72) failed
[  344.031593][ T8058] FAT-fs (loop0): Directory bread(block 73) failed
[  344.187146][ T8067] tmpfs: Unknown parameter 'ÿÿ'
[  344.206248][ T8067] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  344.987008][ T6787] kworker/u4:12: attempt to access beyond end of device
[  344.987008][ T6787] loop0: rw=1, sector=1224, nr_sectors = 292 limit=256
[  345.110076][ T8076] loop4: detected capacity change from 0 to 512
[  345.224442][ T8076] EXT4-fs: Ignoring removed mblk_io_submit option
[  345.355253][ T8076] ext3: Unknown parameter 'context'
[  345.844450][   T23] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  346.105557][   T23] usb 3-1: Using ep0 maxpacket: 16
[  346.144922][   T23] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  346.191165][   T23] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  346.251706][   T23] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  346.297840][   T23] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 1, skipping
[  346.351764][   T23] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  346.390347][   T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  346.422677][   T23] usb 3-1: Product: syz
[  346.441436][   T23] usb 3-1: Manufacturer: syz
[  346.462582][   T23] usb 3-1: SerialNumber: syz
[  346.643297][ T8086] loop1: detected capacity change from 0 to 1024
[  346.685540][ T8086] EXT4-fs: Ignoring removed nomblk_io_submit option
[  346.711349][ T8073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  346.734686][ T8073] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  346.784014][   T23] usb 3-1: USB disconnect, device number 7
[  346.815771][ T8086] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  347.097855][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  347.121860][ T8090] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  347.147248][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 60 seconds
[  347.184932][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 60 seconds
[  347.197592][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 60 seconds
[  347.209633][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 60 seconds
[  347.739044][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.068334][ T8112] tmpfs: Unknown parameter 'ÿÿ'
[  350.076408][ T8112] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  350.203657][ T8113] loop2: detected capacity change from 0 to 512
[  351.312324][ T8126] CUSE: zero length info key specified
[  351.644840][ T8128] loop4: detected capacity change from 0 to 256
[  352.501571][ T8128] FAT-fs (loop4): Directory bread(block 64) failed
[  352.509682][ T8128] FAT-fs (loop4): Directory bread(block 65) failed
[  352.519569][ T8128] FAT-fs (loop4): Directory bread(block 66) failed
[  352.939150][ T8128] FAT-fs (loop4): Directory bread(block 67) failed
[  352.951743][ T8128] FAT-fs (loop4): Directory bread(block 68) failed
[  352.960768][ T8128] FAT-fs (loop4): Directory bread(block 69) failed
[  352.978647][ T8128] FAT-fs (loop4): Directory bread(block 70) failed
[  353.138622][ T8128] FAT-fs (loop4): Directory bread(block 71) failed
[  353.274421][ T8128] FAT-fs (loop4): Directory bread(block 72) failed
[  353.314434][ T8128] FAT-fs (loop4): Directory bread(block 73) failed
[  353.940007][ T1095] kworker/u4:6: attempt to access beyond end of device
[  353.940007][ T1095] loop4: rw=1, sector=1224, nr_sectors = 576 limit=256
[  353.964907][ T1095] kworker/u4:6: attempt to access beyond end of device
[  353.964907][ T1095] loop4: rw=1, sector=1864, nr_sectors = 4 limit=256
[  354.037461][ T8151] tmpfs: Unknown parameter 'ÿÿ'
[  354.063894][ T8151] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  358.252006][ T8186] loop2: detected capacity change from 0 to 256
[  358.351324][ T8186] FAT-fs (loop2): Directory bread(block 64) failed
[  358.358466][ T8186] FAT-fs (loop2): Directory bread(block 65) failed
[  358.374898][ T8186] FAT-fs (loop2): Directory bread(block 66) failed
[  358.381609][ T8186] FAT-fs (loop2): Directory bread(block 67) failed
[  358.400124][ T8186] FAT-fs (loop2): Directory bread(block 68) failed
[  358.407011][ T8186] FAT-fs (loop2): Directory bread(block 69) failed
[  358.413871][ T8186] FAT-fs (loop2): Directory bread(block 70) failed
[  358.423339][ T8186] FAT-fs (loop2): Directory bread(block 71) failed
[  358.432420][ T8186] FAT-fs (loop2): Directory bread(block 72) failed
[  358.439474][ T8186] FAT-fs (loop2): Directory bread(block 73) failed
[  359.952680][ T5860] kworker/u4:10: attempt to access beyond end of device
[  359.952680][ T5860] loop2: rw=1, sector=1224, nr_sectors = 608 limit=256
[  359.990623][ T5860] kworker/u4:10: attempt to access beyond end of device
[  359.990623][ T5860] loop2: rw=1, sector=1864, nr_sectors = 2048 limit=256
[  360.047449][ T5860] kworker/u4:10: attempt to access beyond end of device
[  360.047449][ T5860] loop2: rw=1, sector=3912, nr_sectors = 576 limit=256
[  360.084972][ T5860] kworker/u4:10: attempt to access beyond end of device
[  360.084972][ T5860] loop2: rw=1, sector=4488, nr_sectors = 4 limit=256
[  360.108564][ T5860] Buffer I/O error on dev loop2, logical block 1122, lost async page write
[  360.363289][ T8200] binder: 8199:8200 ioctl c0306201 0 returned -14
[  361.459542][ T8215] netlink: 168 bytes leftover after parsing attributes in process `syz.1.590'.
[  361.859912][ T8213] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  362.445762][ T8231] binder: 8230:8231 ioctl c0306201 0 returned -14
[  362.955683][ T8240] loop4: detected capacity change from 0 to 512
[  368.332553][ T8280] loop2: detected capacity change from 0 to 512
[  371.937900][ T8301] random: crng reseeded on system resumption
[  373.752004][ T8328] loop2: detected capacity change from 0 to 16
[  374.067324][ T8328] erofs: (device loop2): mounted with root inode @ nid 36.
[  376.374320][   T28] audit: type=1800 audit(1773860957.994:28): pid=8335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.626" name="file1" dev="loop2" ino=86 res=0 errno=0
[  377.070350][ T8345] loop4: detected capacity change from 0 to 512
[  377.226793][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 90 seconds
[  377.238558][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 90 seconds
[  377.250059][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 90 seconds
[  377.261296][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 90 seconds
[  379.773172][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  379.780743][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  380.193989][ T8366] loop1: detected capacity change from 0 to 16
[  380.217807][ T8366] erofs: (device loop1): mounted with root inode @ nid 36.
[  380.721258][   T28] audit: type=1800 audit(1773860962.674:29): pid=8372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.636" name="file1" dev="loop1" ino=86 res=0 errno=0
[  381.871346][ T8386] loop1: detected capacity change from 0 to 512
[  383.948269][ T8401] fuse: Bad value for 'fd'
[  384.251937][ T8408] loop4: detected capacity change from 0 to 16
[  384.275399][ T8408] erofs: (device loop4): mounted with root inode @ nid 36.
[  385.016516][   T28] audit: type=1800 audit(1773860966.854:30): pid=8416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.650" name="file1" dev="loop4" ino=86 res=0 errno=0
[  385.820065][ T8421] loop2: detected capacity change from 0 to 512
[  389.115077][ T8431] loop2: detected capacity change from 0 to 256
[  389.708212][ T8431] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  389.719265][ T8431] exFAT-fs (loop2): Medium has reported failures. Some data may be lost.
[  389.807891][ T8431] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xaa2dc89a, utbl_chksum : 0xe619d30d)
[  389.834078][   T28] audit: type=1800 audit(1773860971.364:31): pid=8429 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.656" name="file1" dev="loop2" ino=1048638 res=0 errno=0
[  390.916240][ T8449] loop2: detected capacity change from 0 to 16
[  390.925086][ T8449] erofs: (device loop2): mounted with root inode @ nid 36.
[  391.312336][ T8453] fuse: Bad value for 'fd'
[  391.462619][   T28] audit: type=1800 audit(1773860972.889:32): pid=8456 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.663" name="file1" dev="loop2" ino=86 res=0 errno=0
[  391.512420][ T8457] ALSA: mixer_oss: invalid OSS volume ''
[  391.842632][ T8460] loop4: detected capacity change from 0 to 512
[  393.072499][ T8472] loop1: detected capacity change from 0 to 1024
[  393.086867][ T8472] EXT4-fs: Ignoring removed nomblk_io_submit option
[  393.231254][ T8472] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  393.364469][ T8479] netlink: 'syz.0.670': attribute type 10 has an invalid length.
[  393.378139][ T8479] syz_tun: entered promiscuous mode
[  393.441329][ T8479] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  393.656891][ T8483] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  394.274776][ T8487] fuse: Bad value for 'fd'
[  394.344087][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  397.266265][ T8512] tmpfs: Unknown parameter 'ÿÿ'
[  397.289637][ T8512] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  398.375411][ T8520] loop2: detected capacity change from 0 to 1024
[  398.433223][ T8520] EXT4-fs: Ignoring removed nomblk_io_submit option
[  398.568597][ T8520] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  399.060853][ T8535] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  399.309877][ T8540] netlink: 168 bytes leftover after parsing attributes in process `syz.0.687'.
[  399.589068][ T8546] loop1: detected capacity change from 0 to 16
[  399.615036][ T8546] erofs: (device loop1): mounted with root inode @ nid 36.
[  400.116923][   T28] audit: type=1800 audit(1773860980.994:33): pid=8550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.689" name="file1" dev="loop1" ino=86 res=0 errno=0
[  400.189520][ T8540] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  400.600741][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  400.831454][ T8557] process 'syz.2.691' launched './file1' with NULL argv: empty string added
[  402.837463][ T8583] loop0: detected capacity change from 0 to 1024
[  402.855054][ T8583] EXT4-fs: Ignoring removed nomblk_io_submit option
[  402.924028][ T8583] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  402.974517][ T8589] syz.1.700 uses obsolete (PF_INET,SOCK_PACKET)
[  403.586951][ T8595] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  406.019280][ T8611] loop2: detected capacity change from 0 to 256
[  406.028088][ T8611] exfat: Deprecated parameter 'utf8'
[  406.034642][ T8611] exfat: Deprecated parameter 'namecase'
[  406.042011][ T8611] exfat: Deprecated parameter 'namecase'
[  407.991460][ T8611] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001fe89, chksum : 0xbf24f927, utbl_chksum : 0xe619d30d)
[  408.955334][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 120 seconds
[  408.967779][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 120 seconds
[  408.980124][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 120 seconds
[  408.991510][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 120 seconds
[  409.094262][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  409.169051][ T8613] loop2: detected capacity change from 0 to 16
[  409.201049][ T8613] erofs: (device loop2): mounted with root inode @ nid 36.
[  409.694417][   T28] audit: type=1800 audit(1773860989.949:34): pid=8622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.708" name="file1" dev="loop2" ino=86 res=0 errno=0
[  410.215679][ T8634] loop1: detected capacity change from 0 to 512
[  411.960460][ T8642] loop1: detected capacity change from 0 to 1024
[  411.977950][ T8642] EXT4-fs: Ignoring removed nomblk_io_submit option
[  412.045805][ T8642] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  412.438573][ T8650] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  412.866976][ T8653] binder: 8652:8653 ioctl c0306201 0 returned -14
[  414.560576][ T8666] netlink: 12 bytes leftover after parsing attributes in process `syz.2.722'.
[  414.574536][   T28] audit: type=1326 audit(1773860994.506:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8664 comm="syz.2.722" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x0
[  416.590134][ T8676] loop0: detected capacity change from 0 to 512
[  416.794047][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.850519][ T8687] loop0: detected capacity change from 0 to 1024
[  417.932026][ T8687] EXT4-fs: Ignoring removed nomblk_io_submit option
[  417.995751][ T8687] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  418.749255][ T8702] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  419.186342][ T8707] netlink: 12 bytes leftover after parsing attributes in process `syz.4.732'.
[  419.464893][   T28] audit: type=1326 audit(1773860998.849:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8704 comm="syz.4.732" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1618b9c799 code=0x0
[  420.875415][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.147219][ T8722] loop4: detected capacity change from 0 to 512
[  423.800152][ T8741] loop1: detected capacity change from 0 to 1024
[  423.814338][ T8741] EXT4-fs: Ignoring removed nomblk_io_submit option
[  423.942968][ T8744] loop2: detected capacity change from 0 to 128
[  423.962988][ T8741] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  424.055010][ T8744] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  424.356039][ T8744] ext4 filesystem being mounted at /196/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  424.460790][ T8756] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  424.477218][   T11] Bluetooth: hci4: Frame reassembly failed (-84)
[  426.648731][ T5780] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  426.649227][ T5081] Bluetooth: hci4: command 0x1003 tx timeout
[  426.671459][ T8764] loop4: detected capacity change from 0 to 512
[  426.992120][ T5769] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  427.461537][ T8770] loop2: detected capacity change from 0 to 512
[  427.468974][ T8770] EXT4-fs: Ignoring removed mblk_io_submit option
[  427.475968][ T8770] ext3: Unknown parameter 'context'
[  427.493771][   T23] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  427.558314][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  427.594457][ T5786] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  427.717398][   T23] usb 5-1: Using ep0 maxpacket: 16
[  427.942907][   T23] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  427.989521][   T23] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  428.196785][   T23] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  428.208177][   T23] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 1, skipping
[  428.239293][   T23] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  428.250027][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  428.267743][   T23] usb 5-1: Product: syz
[  428.272467][   T23] usb 5-1: Manufacturer: syz
[  428.284037][   T23] usb 5-1: SerialNumber: syz
[  428.779632][ T8767] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  428.829218][ T8767] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  428.921817][   T23] usb 5-1: USB disconnect, device number 11
[  430.496926][ T8788] loop1: detected capacity change from 0 to 512
[  430.865972][ T8796] loop1: detected capacity change from 0 to 1024
[  430.887243][ T8796] EXT4-fs: Ignoring removed nomblk_io_submit option
[  431.061178][ T8796] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  431.553363][ T8807] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  432.107353][ T8808] netlink: 168 bytes leftover after parsing attributes in process `syz.2.760'.
[  432.146111][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  432.764722][ T8817] loop1: detected capacity change from 0 to 512
[  433.518476][ T8808] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  433.576894][ T8819] netlink: 20 bytes leftover after parsing attributes in process `syz.0.763'.
[  436.195162][ T8830] loop2: detected capacity change from 0 to 512
[  436.492601][ T6371] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  437.006054][ T6371] usb 2-1: Using ep0 maxpacket: 16
[  437.092044][ T6371] usb 2-1: config 1 has an invalid interface number: 97 but max is 1
[  437.336939][ T6371] usb 2-1: config 1 has an invalid descriptor of length 160, skipping remainder of the config
[  437.499211][ T8840] loop2: detected capacity change from 0 to 256
[  437.533889][ T6371] usb 2-1: config 1 has no interface number 1
[  437.552036][ T6371] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  437.670035][ T6371] usb 2-1: config 1 interface 97 altsetting 33 has 0 endpoint descriptors, different from the interface descriptor's value: 14
[  437.685130][ T6371] usb 2-1: config 1 interface 97 has no altsetting 0
[  437.707645][ T6371] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  437.762464][ T6371] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.771165][ T6371] usb 2-1: Product: syz
[  437.812530][ T6371] usb 2-1: Manufacturer: ш
[  437.819085][ T8840] FAT-fs (loop2): Directory bread(block 64) failed
[  437.823478][ T6371] usb 2-1: SerialNumber: syz
[  437.832348][ T8840] FAT-fs (loop2): Directory bread(block 65) failed
[  437.839543][ T8840] FAT-fs (loop2): Directory bread(block 66) failed
[  437.846224][ T8840] FAT-fs (loop2): Directory bread(block 67) failed
[  437.923376][ T8840] FAT-fs (loop2): Directory bread(block 68) failed
[  437.948848][ T8840] FAT-fs (loop2): Directory bread(block 69) failed
[  437.973305][ T8840] FAT-fs (loop2): Directory bread(block 70) failed
[  437.983501][ T8840] FAT-fs (loop2): Directory bread(block 71) failed
[  438.004801][ T8840] FAT-fs (loop2): Directory bread(block 72) failed
[  438.012096][ T8840] FAT-fs (loop2): Directory bread(block 73) failed
[  438.940867][ T6371] cdc_ncm 2-1:1.0: invalid descriptor buffer length
[  438.948044][ T6371] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found
[  439.924532][ T6371] cdc_ncm 2-1:1.0: bind() failure
[  439.957499][ T6371] usb 2-1: USB disconnect, device number 6
[  440.068316][ T8853] netlink: 168 bytes leftover after parsing attributes in process `syz.4.772'.
[  440.179567][ T7003] kworker/u4:13: attempt to access beyond end of device
[  440.179567][ T7003] loop2: rw=1, sector=1224, nr_sectors = 608 limit=256
[  440.205781][ T7003] kworker/u4:13: attempt to access beyond end of device
[  440.205781][ T7003] loop2: rw=1, sector=1864, nr_sectors = 468 limit=256
[  440.611093][ T8861] loop2: detected capacity change from 0 to 1024
[  440.651928][ T8861] EXT4-fs: Ignoring removed nomblk_io_submit option
[  440.705853][ T8864] loop1: detected capacity change from 0 to 16
[  440.729254][ T8864] erofs: (device loop1): mounted with root inode @ nid 36.
[  440.774376][ T8861] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  440.945705][ T8853] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  441.132924][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 150 seconds
[  441.143976][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 150 seconds
[  441.155507][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 150 seconds
[  441.169013][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 150 seconds
[  441.417849][ T8871] loop4: detected capacity change from 0 to 512
[  442.214827][   T28] audit: type=1800 audit(1773861020.344:37): pid=8882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.776" name="file1" dev="loop1" ino=86 res=0 errno=0
[  443.325325][ T8889] tmpfs: Unknown parameter 'ÿÿ'
[  443.350536][ T8889] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  444.326881][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  444.521594][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  444.528248][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  444.739887][ T8901] netlink: 'syz.2.786': attribute type 10 has an invalid length.
[  444.786442][ T8901] syz_tun: entered promiscuous mode
[  444.841914][ T8901] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  444.868407][   T28] audit: type=1326 audit(1773861022.852:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8897 comm="syz.0.785" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f694d99c799 code=0x0
[  444.907780][ T8902] netlink: 12 bytes leftover after parsing attributes in process `syz.0.785'.
[  445.258928][ T8907] loop2: detected capacity change from 0 to 512
[  447.096036][ T8925] loop1: detected capacity change from 0 to 1024
[  447.115531][ T8925] EXT4-fs: Ignoring removed nomblk_io_submit option
[  447.201521][ T8925] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  447.613480][ T8935] loop0: detected capacity change from 0 to 16
[  447.643432][ T8935] erofs: (device loop0): mounted with root inode @ nid 36.
[  448.279840][ T8943] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  448.460531][ T8942] loop4: detected capacity change from 0 to 512
[  448.549300][   T28] audit: type=1800 audit(1773861026.277:39): pid=8947 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.796" name="file1" dev="loop0" ino=86 res=0 errno=0
[  450.441865][ T8953] loop0: detected capacity change from 0 to 1024
[  450.468985][ T8953] EXT4-fs: Ignoring removed nomblk_io_submit option
[  450.571068][ T8953] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  451.968199][ T8966] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  451.988197][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  453.450346][ T8978] netlink: 12 bytes leftover after parsing attributes in process `syz.2.804'.
[  453.588171][   T28] audit: type=1326 audit(1773861031.021:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8975 comm="syz.2.804" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x0
[  454.342509][ T8984] loop4: detected capacity change from 0 to 16
[  454.408157][ T8984] erofs: (device loop4): mounted with root inode @ nid 36.
[  454.857662][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  455.234233][   T28] audit: type=1800 audit(1773861032.575:41): pid=8995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.806" name="file1" dev="loop4" ino=86 res=0 errno=0
[  455.731176][ T8999] loop0: detected capacity change from 0 to 512
[  456.184440][ T9002] tmpfs: Unknown parameter 'ÿÿ'
[  456.211133][ T9002] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  458.041154][ T9019] loop4: detected capacity change from 0 to 1024
[  458.064699][ T9019] EXT4-fs: Ignoring removed nomblk_io_submit option
[  458.127211][ T9019] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  459.444496][ T9027] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  459.939237][ T9040] tmpfs: Unknown parameter 'ÿÿ'
[  459.963037][ T9040] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  461.648504][ T6029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  461.726385][ T9049] loop0: detected capacity change from 0 to 512
[  461.956837][ T9055] loop4: detected capacity change from 0 to 16
[  461.995784][ T9055] erofs: (device loop4): mounted with root inode @ nid 36.
[  463.013251][   T28] audit: type=1800 audit(1773861039.837:42): pid=9062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.825" name="file1" dev="loop4" ino=86 res=0 errno=0
[  465.477966][ T9082] tmpfs: Unknown parameter 'ÿÿ'
[  467.079971][ T9085] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  467.723335][ T9091] loop0: detected capacity change from 0 to 1024
[  467.759017][ T9091] EXT4-fs: Ignoring removed nomblk_io_submit option
[  467.866696][ T9091] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  468.089211][ T9099] loop4: detected capacity change from 0 to 512
[  469.195639][ T9091] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  471.538911][ T9126] loop2: detected capacity change from 0 to 16
[  471.551778][ T9126] erofs: (device loop2): mounted with root inode @ nid 36.
[  472.561406][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  473.257663][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 180 seconds
[  473.270682][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 180 seconds
[  473.282806][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 180 seconds
[  473.376365][ T9140] loop0: detected capacity change from 0 to 512
[  473.395237][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 180 seconds
[  474.824281][   T28] audit: type=1800 audit(1773861050.898:43): pid=9150 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.842" name="file1" dev="loop2" ino=86 res=0 errno=0
[  475.223335][ T9154] netlink: 4 bytes leftover after parsing attributes in process `syz.0.850'.
[  477.632917][ T9174] loop4: detected capacity change from 0 to 512
[  479.214505][ T9185] loop1: detected capacity change from 0 to 16
[  479.282228][ T9185] erofs: (device loop1): mounted with root inode @ nid 36.
[  479.869396][ T9197] netlink: 168 bytes leftover after parsing attributes in process `syz.2.864'.
[  481.539612][ T9194] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  482.276364][   T28] audit: type=1800 audit(1773861057.767:44): pid=9209 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.861" name="file1" dev="loop1" ino=86 res=0 errno=0
[  483.761844][ T9219] loop0: detected capacity change from 0 to 512
[  484.717808][ T9233] netlink: 168 bytes leftover after parsing attributes in process `syz.4.875'.
[  485.566012][ T9233] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  486.988835][ T9258] loop0: detected capacity change from 0 to 16
[  487.017306][ T9258] erofs: (device loop0): mounted with root inode @ nid 36.
[  488.464057][   T28] audit: type=1800 audit(1773861063.344:45): pid=9265 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.884" name="file1" dev="loop0" ino=86 res=0 errno=0
[  489.565107][ T9271] loop0: detected capacity change from 0 to 512
[  490.376461][ T9273] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  490.735228][ T9293] loop4: detected capacity change from 0 to 16
[  490.794088][ T9293] erofs: (device loop4): mounted with root inode @ nid 36.
[  492.258071][   T28] audit: type=1800 audit(1773861066.844:46): pid=9301 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.895" name="file1" dev="loop4" ino=86 res=0 errno=0
[  496.120948][ T9330] loop0: detected capacity change from 0 to 16
[  496.166382][ T9330] erofs: (device loop0): mounted with root inode @ nid 36.
[  497.297302][   T28] audit: type=1800 audit(1773861071.925:47): pid=9339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.905" name="file1" dev="loop0" ino=86 res=0 errno=0
[  497.738540][ T9334] loop2: detected capacity change from 0 to 512
[  501.200069][ T9366] loop4: detected capacity change from 0 to 16
[  501.254331][ T9366] erofs: (device loop4): mounted with root inode @ nid 36.
[  503.323714][   T28] audit: type=1800 audit(1773861077.241:48): pid=9380 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.916" name="file1" dev="loop4" ino=86 res=0 errno=0
[  505.618048][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 210 seconds
[  505.630455][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 210 seconds
[  505.642116][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 210 seconds
[  505.654637][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 210 seconds
[  505.805390][ T9413] loop4: detected capacity change from 0 to 512
[  505.887579][ T5763] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  506.645030][ T5763] usb 3-1: Using ep0 maxpacket: 16
[  506.657544][ T5763] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  506.687081][ T5763] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  506.715741][ T5763] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  506.729855][ T5763] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  506.759851][ T5763] usb 3-1: Product: syz
[  506.764879][ T5763] usb 3-1: Manufacturer: syz
[  506.769895][ T5763] usb 3-1: SerialNumber: syz
[  506.859304][ T9424] warning: `syz.0.932' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  506.881368][ T9424] mmap: syz.0.932 (9424) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  507.015957][ T9408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  507.042191][ T9408] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  507.066938][ T5763] usb 3-1: 0:2 : does not exist
[  507.119208][ T5763] usb 3-1: USB disconnect, device number 8
[  507.616051][ T9420] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  509.967472][ T5081] Bluetooth: hci1: command 0x0406 tx timeout
[  510.196691][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  510.204327][ T9454] netlink: 20 bytes leftover after parsing attributes in process `syz.1.943'.
[  510.215859][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  511.012097][ T9459] loop2: detected capacity change from 0 to 512
[  511.744895][ T9457] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  513.005663][ T5821] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  513.124893][ T9483] netlink: 20 bytes leftover after parsing attributes in process `syz.0.953'.
[  513.237690][ T5821] usb 5-1: Using ep0 maxpacket: 16
[  513.281338][ T5821] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  513.292248][ T5821] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  513.449433][ T5821] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  513.459150][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  513.623568][ T5821] usb 5-1: Product: syz
[  513.703094][ T5821] usb 5-1: Manufacturer: syz
[  513.718627][ T5821] usb 5-1: SerialNumber: syz
[  513.985253][ T9471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  514.008476][ T9471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.047058][ T5821] usb 5-1: 0:2 : does not exist
[  514.078282][ T5821] usb 5-1: USB disconnect, device number 12
[  514.156827][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  514.695862][ T9494] loop1: detected capacity change from 0 to 512
[  514.938798][ T9491] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  515.074885][ T9497] loop4: detected capacity change from 0 to 128
[  515.336771][ T9497] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  515.390014][ T9497] ext4 filesystem being mounted at /215/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  516.396144][ T6029] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  516.788401][ T9516] loop1: detected capacity change from 0 to 256
[  518.115059][ T9522] netlink: 20 bytes leftover after parsing attributes in process `syz.2.963'.
[  518.153810][ T9516] FAT-fs (loop1): Directory bread(block 64) failed
[  518.161765][ T9516] FAT-fs (loop1): Directory bread(block 65) failed
[  518.371124][ T9516] FAT-fs (loop1): Directory bread(block 66) failed
[  518.480646][ T9516] FAT-fs (loop1): Directory bread(block 67) failed
[  518.656883][ T9516] FAT-fs (loop1): Directory bread(block 68) failed
[  518.695399][ T9516] FAT-fs (loop1): Directory bread(block 69) failed
[  518.713899][ T9516] FAT-fs (loop1): Directory bread(block 70) failed
[  518.731129][ T9516] FAT-fs (loop1): Directory bread(block 71) failed
[  518.738581][ T9516] FAT-fs (loop1): Directory bread(block 72) failed
[  518.746270][ T9516] FAT-fs (loop1): Directory bread(block 73) failed
[  519.253573][ T4756] kworker/u4:8: attempt to access beyond end of device
[  519.253573][ T4756] loop1: rw=1, sector=1224, nr_sectors = 608 limit=256
[  519.315152][ T4756] kworker/u4:8: attempt to access beyond end of device
[  519.315152][ T4756] loop1: rw=1, sector=1864, nr_sectors = 284 limit=256
[  520.256720][ T9541] loop4: detected capacity change from 0 to 128
[  520.474206][ T9541] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  520.512485][ T9529] loop0: detected capacity change from 0 to 512
[  520.518644][ T9541] ext4 filesystem being mounted at /219/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  520.674902][ T9548] loop1: detected capacity change from 0 to 512
[  520.690698][ T9548] EXT4-fs: Ignoring removed mblk_io_submit option
[  520.698876][ T9548] ext3: Unknown parameter 'context'
[  521.029877][ T7947] Bluetooth: hci4: Frame reassembly failed (-84)
[  521.255947][ T7947] Bluetooth: hci4: Frame reassembly failed (-84)
[  521.660756][ T9550] Bluetooth: MGMT ver 1.22
[  521.666104][ T9550] Bluetooth: hci0: invalid length 0, exp 2 for type 13
[  521.956472][ T9556] netlink: 64 bytes leftover after parsing attributes in process `syz.1.976'.
[  522.290283][ T9561] tmpfs: Unknown parameter 'ÿÿ'
[  522.298580][ T9561] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  522.607578][ T9562] netlink: 20 bytes leftover after parsing attributes in process `syz.1.977'.
[  523.149098][ T9564] loop0: detected capacity change from 0 to 256
[  523.165191][ T5081] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  523.245677][ T6029] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  523.289140][ T9564] FAT-fs (loop0): Directory bread(block 64) failed
[  523.297093][ T9564] FAT-fs (loop0): Directory bread(block 65) failed
[  523.304917][ T9564] FAT-fs (loop0): Directory bread(block 66) failed
[  523.325580][ T9564] FAT-fs (loop0): Directory bread(block 67) failed
[  523.332400][ T9564] FAT-fs (loop0): Directory bread(block 68) failed
[  523.371358][ T9564] FAT-fs (loop0): Directory bread(block 69) failed
[  523.407897][ T9564] FAT-fs (loop0): Directory bread(block 70) failed
[  523.422069][ T9564] FAT-fs (loop0): Directory bread(block 71) failed
[  523.429603][ T9564] FAT-fs (loop0): Directory bread(block 72) failed
[  523.482676][ T9564] FAT-fs (loop0): Directory bread(block 73) failed
[  523.560944][   T23] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  523.797264][ T9574] loop1: detected capacity change from 0 to 512
[  523.811496][ T9574] EXT4-fs: Ignoring removed mblk_io_submit option
[  523.820489][ T9574] ext3: Unknown parameter 'context'
[  524.468792][   T23] usb 3-1: Using ep0 maxpacket: 16
[  524.478065][   T23] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  524.488502][   T23] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  524.497896][   T23] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[  524.550455][   T23] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  524.584114][   T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  524.615904][   T23] usb 3-1: Product: syz
[  524.628964][   T23] usb 3-1: Manufacturer: syz
[  524.633665][   T23] usb 3-1: SerialNumber: syz
[  524.652111][ T8433] kworker/u4:15: attempt to access beyond end of device
[  524.652111][ T8433] loop0: rw=1, sector=1224, nr_sectors = 608 limit=256
[  524.680795][ T8433] kworker/u4:15: attempt to access beyond end of device
[  524.680795][ T8433] loop0: rw=1, sector=1864, nr_sectors = 1580 limit=256
[  524.899053][ T9584] netlink: 52 bytes leftover after parsing attributes in process `syz.1.985'.
[  524.921065][ T9567] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  524.950029][ T9567] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  524.963127][   T23] usb 3-1: 0:2 : does not exist
[  525.044215][   T23] usb 3-1: USB disconnect, device number 9
[  525.134506][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  525.499771][ T9594] tmpfs: Unknown parameter 'ÿÿ'
[  525.509614][ T9594] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  525.994800][ T9595] loop4: detected capacity change from 0 to 512
[  526.146482][ T9600] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size
[  526.338398][ T9603] loop1: detected capacity change from 0 to 128
[  526.435167][ T9603] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  526.470301][ T9603] ext4 filesystem being mounted at /243/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  526.565489][   T42] Bluetooth: hci4: Frame reassembly failed (-84)
[  527.282103][ T9613] loop0: detected capacity change from 0 to 512
[  527.294769][ T9613] EXT4-fs: Ignoring removed mblk_io_submit option
[  527.302302][ T9613] ext3: Unknown parameter 'context'
[  528.001423][ T5786] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  528.328044][ T9616] loop2: detected capacity change from 0 to 256
[  528.346954][ T9619] netlink: 52 bytes leftover after parsing attributes in process `syz.4.994'.
[  528.429703][ T9616] FAT-fs (loop2): Directory bread(block 64) failed
[  528.476195][ T9616] FAT-fs (loop2): Directory bread(block 65) failed
[  528.483045][ T9616] FAT-fs (loop2): Directory bread(block 66) failed
[  528.507776][ T9616] FAT-fs (loop2): Directory bread(block 67) failed
[  528.526762][ T9616] FAT-fs (loop2): Directory bread(block 68) failed
[  528.547454][ T9616] FAT-fs (loop2): Directory bread(block 69) failed
[  528.574291][ T9616] FAT-fs (loop2): Directory bread(block 70) failed
[  528.580934][ T9616] FAT-fs (loop2): Directory bread(block 71) failed
[  528.607517][ T9616] FAT-fs (loop2): Directory bread(block 72) failed
[  528.641345][ T5780] Bluetooth: hci1: command 0x0406 tx timeout
[  528.656724][ T9616] FAT-fs (loop2): Directory bread(block 73) failed
[  528.722146][ T5780] Bluetooth: hci4: command 0x1003 tx timeout
[  528.729566][ T5081] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  529.700797][ T9627] tmpfs: Unknown parameter 'ÿÿ'
[  529.710455][ T9627] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  529.936315][ T5770] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  530.000346][ T5860] kworker/u4:10: attempt to access beyond end of device
[  530.000346][ T5860] loop2: rw=1, sector=1224, nr_sectors = 140 limit=256
[  530.699377][ T9646] loop1: detected capacity change from 0 to 512
[  530.700939][ T9646] EXT4-fs: Ignoring removed mblk_io_submit option
[  530.701109][ T9646] ext3: Unknown parameter 'context'
[  531.794671][ T9659] netlink: 'syz.1.1006': attribute type 4 has an invalid length.
[  532.680239][ T9667] loop0: detected capacity change from 0 to 256
[  532.824727][ T9671] loop2: detected capacity change from 0 to 128
[  533.275756][ T9671] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  533.322835][ T9667] FAT-fs (loop0): Directory bread(block 64) failed
[  533.326977][ T9671] ext4 filesystem being mounted at /262/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  533.378882][ T9667] FAT-fs (loop0): Directory bread(block 65) failed
[  533.386372][ T7003] Bluetooth: hci4: Frame reassembly failed (-84)
[  533.417616][ T9667] FAT-fs (loop0): Directory bread(block 66) failed
[  533.456004][ T9667] FAT-fs (loop0): Directory bread(block 67) failed
[  533.470513][ T9667] FAT-fs (loop0): Directory bread(block 68) failed
[  533.483720][ T9667] FAT-fs (loop0): Directory bread(block 69) failed
[  533.544922][ T9667] FAT-fs (loop0): Directory bread(block 70) failed
[  533.567589][ T9667] FAT-fs (loop0): Directory bread(block 71) failed
[  533.584827][ T9667] FAT-fs (loop0): Directory bread(block 72) failed
[  533.608295][ T9667] FAT-fs (loop0): Directory bread(block 73) failed
[  533.729842][ T9675] tmpfs: Unknown parameter 'ÿÿ'
[  533.738132][ T9675] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  534.068180][ T6666] kworker/u4:11: attempt to access beyond end of device
[  534.068180][ T6666] loop0: rw=1, sector=1224, nr_sectors = 608 limit=256
[  534.083974][ T6666] kworker/u4:11: attempt to access beyond end of device
[  534.083974][ T6666] loop0: rw=1, sector=1864, nr_sectors = 284 limit=256
[  534.678718][ T9685] loop1: detected capacity change from 0 to 512
[  534.686700][ T9685] EXT4-fs: Ignoring removed mblk_io_submit option
[  534.693398][ T9685] ext3: Unknown parameter 'context'
[  535.570617][ T5780] Bluetooth: hci4: command 0x1003 tx timeout
[  535.582629][ T5081] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  535.755029][ T5769] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  535.997048][   T23] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  536.244843][   T23] usb 1-1: Using ep0 maxpacket: 16
[  536.268044][   T23] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  536.317888][   T23] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  536.473030][   T23] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  536.598480][   T23] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  536.724859][   T23] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  536.823901][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  536.935361][   T23] usb 1-1: Product: syz
[  537.004975][   T23] usb 1-1: Manufacturer: syz
[  537.082268][   T23] usb 1-1: SerialNumber: syz
[  537.507291][ T9689] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  537.551302][ T9689] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  538.264652][ T5780] Bluetooth: hci1: command 0x0406 tx timeout
[  538.271240][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 240 seconds
[  538.282307][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 240 seconds
[  538.293865][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 240 seconds
[  538.305583][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 240 seconds
[  538.500159][   T23] usb 1-1: 0:2 : does not exist
[  538.531776][   T23] usb 1-1: USB disconnect, device number 5
[  538.677799][ T9716] loop2: detected capacity change from 0 to 128
[  538.695402][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  538.745493][ T9716] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  538.783028][ T9716] ext4 filesystem being mounted at /267/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  539.101882][   T12] Bluetooth: hci4: Frame reassembly failed (-84)
[  541.448870][ T5780] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  541.839481][ T5769] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  542.344326][ T5846] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  542.614833][ T5846] usb 5-1: Using ep0 maxpacket: 16
[  542.673321][ T5846] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  542.829716][ T5846] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  542.993125][ T5846] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  543.141683][ T5846] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  543.185229][ T5846] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  543.217930][ T5846] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  543.263057][ T5846] usb 5-1: Product: syz
[  543.285175][ T5846] usb 5-1: Manufacturer: syz
[  543.319323][ T5846] usb 5-1: SerialNumber: syz
[  543.609553][ T9745] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  543.646313][ T9745] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  544.007471][ T5846] usb 5-1: 0:2 : does not exist
[  544.046946][ T5846] usb 5-1: USB disconnect, device number 13
[  544.526843][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  545.611405][ T9777] loop4: detected capacity change from 0 to 128
[  545.666830][ T9777] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  545.692785][ T9777] ext4 filesystem being mounted at /237/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  545.963786][   T23] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  546.952217][   T23] usb 1-1: Using ep0 maxpacket: 32
[  546.980279][   T23] usb 1-1: config 0 has an invalid interface number: 12 but max is 0
[  547.003632][   T23] usb 1-1: config 0 has no interface number 0
[  547.036276][   T23] usb 1-1: config 0 interface 12 has no altsetting 0
[  547.088587][   T23] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  547.101157][   T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.131348][   T23] usb 1-1: Product: syz
[  547.137737][   T23] usb 1-1: Manufacturer: syz
[  547.142686][   T23] usb 1-1: SerialNumber: syz
[  547.152726][   T23] usb 1-1: config 0 descriptor??
[  547.956807][ T5081] Bluetooth: hci4: command 0x1003 tx timeout
[  547.964150][ T5780] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  548.145472][ T6029] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  548.625059][   T23] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  548.632938][   T23] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71
[  548.641175][   T23] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  548.649638][   T23] f81534: probe of 1-1:0.12 failed with error -71
[  548.663688][   T23] usb 1-1: USB disconnect, device number 6
[  549.154031][ T5821] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  549.356614][ T5821] usb 3-1: Using ep0 maxpacket: 16
[  549.375121][ T5821] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  549.420689][ T5821] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  549.454865][ T5821] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  549.490206][ T5821] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  549.538493][ T5821] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  549.561219][ T5821] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  549.586898][ T5821] usb 3-1: Product: syz
[  549.605215][ T5821] usb 3-1: Manufacturer: syz
[  549.610088][ T5821] usb 3-1: SerialNumber: syz
[  550.452678][ T9807] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  550.508621][ T9807] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  550.646275][ T5821] usb 3-1: 0:2 : does not exist
[  550.863244][ T5081] Bluetooth: hci1: command 0x0406 tx timeout
[  551.075926][ T5821] usb 3-1: USB disconnect, device number 10
[  551.384133][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  551.434768][ T9825] loop4: detected capacity change from 0 to 128
[  551.555535][ T9825] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  551.579410][ T9825] ext4 filesystem being mounted at /240/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  551.712301][ T8433] Bluetooth: hci4: Frame reassembly failed (-84)
[  551.719189][ T8433] Bluetooth: hci4: Frame reassembly failed (-84)
[  553.855845][   T51] Bluetooth: hci4: command 0x1003 tx timeout
[  553.919463][ T5081] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  554.108027][ T6029] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  555.714910][   T23] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  555.833144][ T5081] Bluetooth: hci1: command 0x0406 tx timeout
[  555.949993][   T23] usb 5-1: Using ep0 maxpacket: 16
[  555.970865][   T23] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  555.984661][   T23] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  556.010145][   T23] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  556.068643][   T23] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  556.090275][   T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  556.109316][   T23] usb 5-1: Product: syz
[  556.119753][   T23] usb 5-1: Manufacturer: syz
[  556.125024][   T23] usb 5-1: SerialNumber: syz
[  556.630099][ T9860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  556.644570][ T9860] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  558.597738][   T23] usb 5-1: USB disconnect, device number 14
[  558.689785][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  559.444793][ T9893] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1075'.
[  562.489971][ T5081] Bluetooth: hci1: command 0x0406 tx timeout
[  562.757307][    T8] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  562.960149][    T8] usb 5-1: Using ep0 maxpacket: 16
[  562.988464][    T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  563.020585][    T8] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  563.071629][    T8] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  563.121785][    T8] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  563.144169][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.194944][    T8] usb 5-1: Product: syz
[  563.199393][    T8] usb 5-1: Manufacturer: syz
[  563.205318][ T9923] loop1: detected capacity change from 0 to 128
[  563.241283][    T8] usb 5-1: SerialNumber: syz
[  563.263119][ T9923] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  563.280242][ T9923] ext4 filesystem being mounted at /267/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  563.484143][ T5770] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  563.525560][ T9915] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  563.572550][ T9915] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  564.639645][    T8] usb 5-1: USB disconnect, device number 15
[  564.745179][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  568.018259][ T9961] loop0: detected capacity change from 0 to 128
[  568.124977][ T9961] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  568.196788][ T9961] ext4 filesystem being mounted at /273/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  568.324357][    T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  568.510151][ T5768] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  568.537965][    T8] usb 2-1: Using ep0 maxpacket: 16
[  568.553952][    T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  568.604242][    T8] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  568.644754][    T8] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  568.679862][    T8] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  568.698186][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.719859][    T8] usb 2-1: Product: syz
[  568.724109][    T8] usb 2-1: Manufacturer: syz
[  568.746664][    T8] usb 2-1: SerialNumber: syz
[  568.993373][ T9963] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  569.208240][ T9963] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  569.308061][    T8] usb 2-1: USB disconnect, device number 7
[  569.521679][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  570.361554][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 270 seconds
[  570.373555][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 270 seconds
[  570.385343][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 270 seconds
[  570.397496][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 270 seconds
[  571.113601][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  571.528872][ T9989] loop4: detected capacity change from 0 to 128
[  571.843381][ T9989] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  572.050657][ T9989] ext4 filesystem being mounted at /251/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  572.765971][ T6029] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  573.120659][T10012] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1106'.
[  574.493859][T10023] loop0: detected capacity change from 0 to 1024
[  574.515325][T10023] EXT4-fs: Ignoring removed nomblk_io_submit option
[  574.584139][T10023] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  575.677182][ T5081] Bluetooth: hci1: command 0x0406 tx timeout
[  576.431978][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  576.505627][T10028] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  576.529315][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  577.591562][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.246142][T10048] tmpfs: Unknown parameter 'ÿÿ'
[  578.254997][T10048] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  581.328792][T10075] loop0: detected capacity change from 0 to 1024
[  581.344814][T10075] EXT4-fs: Ignoring removed nomblk_io_submit option
[  581.555978][T10075] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  582.351592][T10088] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  583.429182][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  584.623459][T10103] tmpfs: Unknown parameter 'ÿÿ'
[  584.633330][T10103] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  588.110440][T10120] loop0: detected capacity change from 0 to 1024
[  588.127110][T10120] EXT4-fs: Ignoring removed nomblk_io_submit option
[  588.199365][T10120] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  588.728527][T10131] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  589.411282][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.430574][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  590.262760][    T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  590.515825][    T8] usb 2-1: Using ep0 maxpacket: 8
[  590.608720][    T8] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  590.826174][    T8] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  590.934588][    T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  591.043319][    T8] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  591.144359][    T8] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  591.193970][    T8] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  591.219098][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  592.449817][    T8] usb 2-1: usb_control_msg returned -32
[  592.464303][    T8] usbtmc 2-1:16.0: can't read capabilities
[  592.643242][T10164] loop0: detected capacity change from 0 to 1024
[  592.653293][T10164] EXT4-fs: Ignoring removed nomblk_io_submit option
[  592.784024][T10164] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  592.970447][T10171] usbtmc 2-1:16.0: usb_control_msg returned -32
[  593.188377][    T8] usb 2-1: USB disconnect, device number 8
[  593.262189][T10177] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  593.956971][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  594.804837][ T5081] Bluetooth: hci1: command 0x0406 tx timeout
[  600.276867][   T51] Bluetooth: hci1: command 0x0405 tx timeout
[  600.492157][T10223] loop1: detected capacity change from 0 to 1024
[  600.511395][T10223] EXT4-fs: Ignoring removed nomblk_io_submit option
[  600.568359][T10223] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  601.175327][T10234] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  602.215330][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  602.584086][ T5081] Bluetooth: hci1: command 0x0405 tx timeout
[  603.154041][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 300 seconds
[  603.165552][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 300 seconds
[  603.177131][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 300 seconds
[  603.190638][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 300 seconds
[  608.478114][T10278] loop1: detected capacity change from 0 to 1024
[  608.494098][T10278] EXT4-fs: Ignoring removed nomblk_io_submit option
[  608.546032][T10278] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  609.119151][ T5081] Bluetooth: hci1: command 0x0405 tx timeout
[  609.735379][ T5770] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  610.949060][T10294] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  611.399801][   T51] Bluetooth: hci1: command 0x0405 tx timeout
[  614.042911][ T5081] Bluetooth: hci1: command 0x0405 tx timeout
[  614.545979][T10311] tmpfs: Unknown parameter 'ÿÿ'
[  614.551069][T10313] loop4: detected capacity change from 0 to 1024
[  614.585601][T10313] EXT4-fs: Ignoring removed nomblk_io_submit option
[  614.893269][T10311] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  615.398486][T10313] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  615.475340][T10321] loop0: detected capacity change from 0 to 1024
[  615.483410][T10321] EXT4-fs: Ignoring removed nomblk_io_submit option
[  615.566866][T10321] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  616.163093][ T6029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  616.174165][T10325] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  616.799469][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  618.656315][T10342] Bluetooth: hci0: unsupported parameter 255
[  618.717810][T10342] Bluetooth: hci0: invalid length 0, exp 2 for type 0
[  619.225996][T10355] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  620.365252][ T5081] Bluetooth: hci1: command 0x0405 tx timeout
[  620.392326][T10361] loop2: detected capacity change from 0 to 1024
[  620.417830][T10364] loop4: detected capacity change from 0 to 256
[  620.434391][T10361] EXT4-fs: Ignoring removed nomblk_io_submit option
[  620.540008][T10364] FAT-fs (loop4): Directory bread(block 64) failed
[  620.591128][T10361] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  620.613404][T10364] FAT-fs (loop4): Directory bread(block 65) failed
[  620.652656][T10364] FAT-fs (loop4): Directory bread(block 66) failed
[  620.701723][T10364] FAT-fs (loop4): Directory bread(block 67) failed
[  620.724879][T10364] FAT-fs (loop4): Directory bread(block 68) failed
[  620.750036][T10364] FAT-fs (loop4): Directory bread(block 69) failed
[  620.757479][T10364] FAT-fs (loop4): Directory bread(block 70) failed
[  620.816928][T10364] FAT-fs (loop4): Directory bread(block 71) failed
[  620.834647][T10364] FAT-fs (loop4): Directory bread(block 72) failed
[  620.863616][T10364] FAT-fs (loop4): Directory bread(block 73) failed
[  621.720681][ T5769] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  623.346905][T10390] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1204'.
[  623.356753][T10390] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  623.364906][T10390] IPv6: NLM_F_CREATE should be set when creating new route
[  624.645437][T10398] loop0: detected capacity change from 0 to 1024
[  624.661825][T10398] EXT4-fs: Ignoring removed nomblk_io_submit option
[  624.741071][T10398] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  626.904755][T10410] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  627.965524][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  628.528644][T10420] netlink: 80 bytes leftover after parsing attributes in process `syz.0.1215'.
[  629.923037][T10429] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1217'.
[  629.932696][T10429] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  630.987957][T10435] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1219'.
[  631.093716][T10437] loop4: detected capacity change from 0 to 1024
[  631.137776][T10437] EXT4-fs: Ignoring removed nomblk_io_submit option
[  631.200285][T10444] loop1: detected capacity change from 0 to 128
[  631.204014][T10437] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  631.225129][T10444] EXT4-fs: Ignoring removed oldalloc option
[  631.232081][T10444] ext4: Unknown parameter 'euid>00000000000000000000'
[  631.644867][T10448] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  631.827783][ T6029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  631.875170][T10444] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  632.057786][   T28] audit: type=1326 audit(1773861198.034:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10438 comm="syz.2.1213" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x7fc00000
[  632.229586][T10453] loop4: detected capacity change from 0 to 16
[  632.297892][T10453] erofs: (device loop4): mounted with root inode @ nid 36.
[  632.568488][T10457] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1224'.
[  633.042166][   T28] audit: type=1800 audit(1773861198.951:50): pid=10462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1222" name="file1" dev="loop4" ino=86 res=0 errno=0
[  634.858010][    T8] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  635.454017][T10480] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1228'.
[  635.463318][T10480] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  636.647709][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 330 seconds
[  636.659692][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 330 seconds
[  636.671871][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 330 seconds
[  636.684158][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 330 seconds
[  636.914067][    T8] usb 5-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  636.956702][    T8] usb 5-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  637.013439][    T8] usb 5-1: Product: syz
[  637.044388][    T8] usb 5-1: Manufacturer: syz
[  637.088930][    T8] usb 5-1: SerialNumber: syz
[  637.117236][    T8] usb 5-1: config 0 descriptor??
[  637.147846][    T8] ch341 5-1:0.0: ch341-uart converter detected
[  638.413473][T10493] loop0: detected capacity change from 0 to 128
[  638.424338][T10493] EXT4-fs: Ignoring removed oldalloc option
[  638.509828][T10493] ext4: Unknown parameter 'euid>00000000000000000000'
[  638.632892][ T8869] udevd[8869]: incorrect ext4 checksum on /dev/loop0
[  638.726225][    T8] ch341-uart ttyUSB0: failed to read break control: -71
[  638.777539][    T8] ch341-uart: probe of ttyUSB0 failed with error -71
[  638.830906][    T8] usb 5-1: USB disconnect, device number 16
[  638.909535][    T8] ch341 5-1:0.0: device disconnected
[  639.255473][T10497] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  641.546503][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  641.750150][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  644.628046][ T5136] udevd[5136]: worker [5778] /devices/virtual/block/nbd0 timeout; kill it
[  644.685591][ T5136] udevd[5136]: seq 11837 '/devices/virtual/block/nbd0' killed
[  647.367816][T10530] loop2: detected capacity change from 0 to 128
[  647.560867][T10530] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  647.598397][T10530] ext4 filesystem being mounted at /322/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  647.672833][T10540] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1242'.
[  647.683189][T10540] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  647.691118][T10540] IPv6: NLM_F_CREATE should be set when creating new route
[  648.855054][T10546] tipc: Started in network mode
[  648.860210][T10546] tipc: Node identity ac14140f, cluster identity 4711
[  648.868204][T10546] tipc: New replicast peer: 255.255.255.255
[  648.877385][T10546] tipc: Enabled bearer <udp:syz2>, priority 10
[  648.888189][T10546] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1245'.
[  650.064257][    T8] tipc: Node number set to 2886997007
[  650.414649][   T51] Bluetooth: hci4: command 0x1003 tx timeout
[  650.423670][ T5081] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  650.763225][ T5769] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  651.386645][T10568] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1253'.
[  651.395822][T10568] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  651.403137][T10568] IPv6: NLM_F_CREATE should be set when creating new route
[  656.502022][T10612] tmpfs: Unknown parameter 'ÿÿ'
[  656.526070][T10612] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  663.453912][T10664] tipc: Started in network mode
[  663.458972][T10664] tipc: Node identity ac14140f, cluster identity 4711
[  663.466408][T10664] tipc: New replicast peer: 255.255.255.255
[  663.474336][T10664] tipc: Enabled bearer <udp:syz2>, priority 10
[  663.482246][T10664] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1280'.
[  663.585542][T10665] tmpfs: Unknown parameter 'ÿÿ'
[  663.649500][T10665] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  665.452378][ T5763] tipc: Node number set to 2886997007
[  667.748975][T10712] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1293'.
[  667.764275][   T28] audit: type=1326 audit(1773861231.451:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10710 comm="syz.0.1293" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f694d99c799 code=0x0
[  667.790522][T10713] loop4: detected capacity change from 0 to 512
[  668.839673][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 360 seconds
[  668.851371][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 360 seconds
[  668.863130][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 360 seconds
[  668.874490][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 360 seconds
[  669.891121][T10730] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1299'.
[  670.489752][T10739] tmpfs: Unknown parameter 'ÿÿ'
[  670.560175][T10739] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  670.923937][T10746] loop0: detected capacity change from 0 to 512
[  671.449927][T10750] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1304'.
[  671.476202][   T28] audit: type=1326 audit(1773861234.913:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10748 comm="syz.1.1304" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d5bf9c799 code=0x0
[  672.368686][T10762] netlink: 80 bytes leftover after parsing attributes in process `syz.1.1309'.
[  673.494752][T10771] loop4: detected capacity change from 0 to 1024
[  673.524944][T10771] EXT4-fs: Ignoring removed nomblk_io_submit option
[  673.658033][T10771] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  674.174587][T10785] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  674.805951][ T6029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  674.975880][T10788] loop2: detected capacity change from 0 to 512
[  675.736361][T10798] tmpfs: Unknown parameter 'ÿÿ'
[  676.169315][T10798] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  677.678628][T10818] loop0: detected capacity change from 0 to 1024
[  677.694944][T10818] EXT4-fs: Ignoring removed nomblk_io_submit option
[  677.871482][T10818] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  678.030404][T10826] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1327'.
[  678.371707][T10832] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  679.076585][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  680.402852][T10854] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1336'.
[  680.414258][T10854] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  681.731562][T10868] tmpfs: Unknown parameter 'ÿÿ'
[  681.756594][T10868] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  684.250852][T10889] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1347'.
[  684.264130][   T28] audit: type=1326 audit(1773861246.892:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10887 comm="syz.0.1347" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f694d99c799 code=0x0
[  684.693558][T10898] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1348'.
[  684.704495][T10898] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  684.712518][T10898] IPv6: NLM_F_CREATE should be set when creating new route
[  685.632762][T10904] tmpfs: Unknown parameter 'ÿÿ'
[  685.658101][T10904] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  687.049870][ T5763] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  687.249123][ T5763] usb 1-1: Using ep0 maxpacket: 8
[  687.263893][ T5763] usb 1-1: config 0 has an invalid descriptor of length 138, skipping remainder of the config
[  687.275459][ T5763] usb 1-1: New USB device found, idVendor=2833, idProduct=0201, bcdDevice=2a.d5
[  687.285259][ T5763] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  687.298859][ T5763] usb 1-1: config 0 descriptor??
[  687.532944][ T5763] usb 1-1: string descriptor 0 read error: -71
[  687.557305][ T5763] usb 1-1: Found UVC 0.00 device <unnamed> (2833:0201)
[  687.572779][ T5763] usb 1-1: No valid video chain found.
[  687.589058][ T5763] usb 1-1: USB disconnect, device number 7
[  688.833134][T10934] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1361'.
[  688.861509][   T28] audit: type=1326 audit(1773861251.187:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.2.1361" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x0
[  688.943993][T10938] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1360'.
[  688.953823][T10938] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  689.103190][T10936] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  690.046444][T10949] tmpfs: Unknown parameter 'ÿÿ'
[  690.069786][T10949] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  691.972587][ T5763] usb 1-1: new full-speed USB device number 8 using dummy_hcd
[  692.275473][ T5763] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  692.528702][ T5763] usb 1-1: config 0 has no interfaces?
[  692.562515][ T5763] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  692.630874][ T5763] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  692.689181][ T5763] usb 1-1: Product: syz
[  692.693709][ T5763] usb 1-1: Manufacturer: syz
[  692.772181][ T5763] usb 1-1: SerialNumber: syz
[  692.823650][ T5763] usb 1-1: config 0 descriptor??
[  692.975168][T10975] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1371'.
[  693.015101][   T28] audit: type=1326 audit(1773861255.061:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10972 comm="syz.1.1371" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d5bf9c799 code=0x0
[  693.853149][ T5763] usb 1-1: USB disconnect, device number 8
[  694.000289][T10978] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  694.625991][T10987] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1373'.
[  694.636618][T10987] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  695.987802][ T5821] kernel read not supported for file /swradio1 (pid: 5821 comm: kworker/0:4)
[  696.225555][ T6371] usb 3-1: new full-speed USB device number 11 using dummy_hcd
[  696.433700][ T6371] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  696.460335][ T6371] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  696.474406][ T6371] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  696.491256][ T6371] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.507969][ T6371] usb 3-1: config 0 descriptor??
[  696.518213][ T6371] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  696.525759][ T6371] dvb-usb: bulk message failed: -22 (3/0)
[  696.550847][ T6371] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  696.562319][ T6371] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  696.576123][ T6371] usb 3-1: media controller created
[  696.585912][ T6371] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  696.613445][ T6371] dvb-usb: bulk message failed: -22 (6/0)
[  696.682959][T11007] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1380'.
[  696.697088][   T28] audit: type=1326 audit(1773861258.524:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11004 comm="syz.4.1380" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1618b9c799 code=0x0
[  696.796915][ T6371] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  696.811761][ T6371] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input6
[  697.605006][ T6371] dvb-usb: schedule remote query interval to 150 msecs.
[  697.626757][ T6371] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  697.649822][ T6371] usb 3-1: USB disconnect, device number 11
[  697.773371][T11010] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  699.422312][T11027] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1385'.
[  699.432103][T11027] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  699.439445][T11027] IPv6: NLM_F_CREATE should be set when creating new route
[  699.563408][ T6371] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  700.980907][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 390 seconds
[  700.992340][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 390 seconds
[  701.004168][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 390 seconds
[  701.015608][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 390 seconds
[  701.697541][T11045] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  701.791103][T11049] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1391'.
[  701.816308][   T28] audit: type=1326 audit(1773861263.315:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11043 comm="syz.2.1391" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x0
[  701.869032][T11047] loop0: detected capacity change from 0 to 1024
[  701.988076][T11047] EXT4-fs: Ignoring removed nomblk_io_submit option
[  702.415960][T11047] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  703.103927][T11060] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  704.181478][T11061] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1395'.
[  704.191102][T11061] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  704.482546][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  706.983563][T11090] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  707.069891][   T28] audit: type=1326 audit(1773861268.228:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11087 comm="syz.0.1404" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f694d99c799 code=0x0
[  707.163498][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  707.170111][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  708.467536][T11103] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1406'.
[  708.477358][T11103] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  709.583049][ T5763] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  709.668472][ T5846] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  709.778773][ T5763] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  709.790795][ T5763] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBE, skipping
[  709.803111][ T5763] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  709.821526][ T5763] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[  709.831626][ T5763] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[  709.843556][ T5763] usb 5-1: Product: syz
[  709.847970][ T5763] usb 5-1: Manufacturer: syz
[  709.853443][ T5763] usb 5-1: SerialNumber: syz
[  709.862200][ T5763] usb 5-1: config 0 descriptor??
[  709.871701][ T5846] usb 2-1: Using ep0 maxpacket: 16
[  709.888895][ T5763] radio-si470x 5-1:0.0: could not find interrupt in endpoint
[  709.897551][ T5846] usb 2-1: config 17 has no interfaces?
[  709.903396][ T5846] usb 2-1: New USB device found, idVendor=04d8, idProduct=00df, bcdDevice= 0.00
[  709.913897][ T5763] radio-si470x: probe of 5-1:0.0 failed with error -5
[  709.921882][ T5763] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  709.930307][ T5846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  710.177692][ T5846] usb 2-1: string descriptor 0 read error: -71
[  710.201336][ T5846] usb 2-1: USB disconnect, device number 9
[  710.341489][   T28] audit: type=1326 audit(1773861271.288:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11120 comm="syz.2.1413" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x0
[  711.357642][T11132] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  712.511361][T11149] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1419'.
[  712.533194][T11149] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  713.309668][    T8] usb 5-1: USB disconnect, device number 17
[  713.416392][T11159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1422'.
[  714.144866][T11159] nbd: socks must be embedded in a SOCK_ITEM attr
[  714.958994][ T5786] udevd[5786]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  715.627066][ T5786] udevd[5786]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  715.648531][   T28] audit: type=1326 audit(1773861275.686:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11164 comm="syz.1.1424" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d5bf9c799 code=0x0
[  715.877718][T11170] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  718.216501][T11190] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1430'.
[  718.226302][T11190] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  718.753707][T11192] loop1: detected capacity change from 0 to 512
[  719.710410][   T28] audit: type=1326 audit(1773861279.991:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11197 comm="syz.4.1434" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1618b9c799 code=0x0
[  720.906008][T11205] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  724.300542][T11226] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1441'.
[  725.885942][T11234] loop2: detected capacity change from 0 to 512
[  726.944249][   T28] audit: type=1326 audit(1773861286.813:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11237 comm="syz.0.1446" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f694d99c799 code=0x0
[  729.293389][ T5846] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  729.998138][T11263] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1452'.
[  730.332475][ T5846] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  730.767493][ T5846] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  730.795110][ T5846] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  730.816437][ T5846] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  730.874090][ T5846] usb 3-1: config 0 descriptor??
[  730.915064][ T5846] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  731.584088][ T5846] dvb-usb: bulk message failed: -22 (3/0)
[  731.600638][ T5846] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  731.601907][ T5846] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  731.602037][ T5846] usb 3-1: media controller created
[  731.605099][ T5846] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  731.619747][ T5846] dvb-usb: bulk message failed: -22 (6/0)
[  731.619928][ T5846] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  731.630893][ T5846] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input7
[  731.635276][ T5846] dvb-usb: schedule remote query interval to 150 msecs.
[  731.635319][ T5846] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  731.638442][ T5846] usb 3-1: USB disconnect, device number 12
[  732.774108][ T5846] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  733.301097][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 420 seconds
[  733.312183][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 420 seconds
[  733.323525][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 420 seconds
[  733.334654][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 420 seconds
[  733.416311][T11289] fuse: Bad value for 'fd'
[  734.075345][   T28] audit: type=1326 audit(1773861293.504:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11286 comm="syz.0.1458" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f694d99c799 code=0x0
[  734.584370][T11276] loop4: detected capacity change from 0 to 512
[  736.423023][T11309] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1462'.
[  737.538290][T11315] tmpfs: Unknown parameter 'ÿÿ'
[  737.547098][T11315] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  738.909187][T11327] fuse: Bad value for 'fd'
[  741.245854][    T8] usb 2-1: new full-speed USB device number 10 using dummy_hcd
[  741.511413][   T28] audit: type=1326 audit(1773861300.457:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11330 comm="syz.0.1468" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f694d99c799 code=0x0
[  742.559039][    T8] usb 2-1: device not accepting address 10, error -71
[  745.976867][T11361] fuse: Bad value for 'fd'
[  747.620036][ T5846] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  747.839033][ T5846] usb 5-1: Using ep0 maxpacket: 32
[  747.863728][ T5846] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  747.894811][ T5846] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  747.959959][ T5846] gspca_main: nw80x-2.14.0 probing 055f:d001
[  748.144030][T11369] tmpfs: Unknown parameter 'ÿÿ'
[  748.237469][T11369] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  748.852386][ T5846] gspca_nw80x: reg_r err -71
[  748.865615][ T5846] nw80x: probe of 5-1:3.0 failed with error -71
[  748.911386][ T5846] usb 5-1: USB disconnect, device number 18
[  749.565110][   T28] audit: type=1326 audit(1773861307.990:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11376 comm="syz.0.1481" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f694d99c799 code=0x0
[  755.437976][T11412] ptrace attach of "./syz-executor exec"[5768] was attempted by "./syz-executor exec"[11412]
[  757.917840][   T28] audit: type=1326 audit(1773861315.823:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11419 comm="syz.4.1492" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1618b9c799 code=0x0
[  764.550353][T11463] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1505'.
[  764.582028][   T28] audit: type=1326 audit(1773861322.055:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11456 comm="syz.4.1505" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1618b9c799 code=0x0
[  765.952118][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 450 seconds
[  765.963357][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 450 seconds
[  765.968901][T11471] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  765.979219][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 450 seconds
[  765.996322][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 450 seconds
[  766.019006][T11472] tmpfs: Unknown parameter 'ÿÿ'
[  766.100697][T11472] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  766.412520][ T5821] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  766.646607][ T5821] usb 5-1: Using ep0 maxpacket: 32
[  766.696779][ T5821] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  766.731895][ T5821] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.771686][T11483] geneve2: entered allmulticast mode
[  766.819858][ T5821] gspca_main: nw80x-2.14.0 probing 055f:d001
[  767.234196][ T5081] Bluetooth: hci3: command 0x0406 tx timeout
[  768.442715][T11491] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1515'.
[  768.712443][   T28] audit: type=1326 audit(1773861325.705:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11486 comm="syz.1.1515" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d5bf9c799 code=0x0
[  768.742707][    C1] vkms_vblank_simulate: vblank timer overrun
[  768.759295][ T5821] gspca_nw80x: reg_w err -71
[  768.772941][ T5821] nw80x: probe of 5-1:3.0 failed with error -71
[  769.346719][ T5821] usb 5-1: USB disconnect, device number 19
[  769.474792][T11503] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  771.486748][T11527] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1527'.
[  771.599985][   T28] audit: type=1326 audit(1773861328.625:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11523 comm="syz.2.1527" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x0
[  772.711012][T11533] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  772.797402][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  772.804527][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  773.150315][ T5846] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  773.400715][ T5846] usb 1-1: Using ep0 maxpacket: 32
[  773.522446][ T5846] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  773.801036][ T5846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  773.893608][ T5846] gspca_main: nw80x-2.14.0 probing 055f:d001
[  774.549683][ T5846] gspca_nw80x: reg_w err -71
[  774.560310][ T5846] nw80x: probe of 1-1:3.0 failed with error -71
[  774.575740][ T5846] usb 1-1: USB disconnect, device number 9
[  775.715945][   T28] audit: type=1326 audit(1773861332.471:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11555 comm="syz.2.1537" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x0
[  775.744397][    C1] vkms_vblank_simulate: vblank timer overrun
[  777.007057][T11568] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  779.369354][T11588] netlink: 'syz.1.1545': attribute type 4 has an invalid length.
[  779.425174][T11590] netlink: 'syz.1.1545': attribute type 4 has an invalid length.
[  780.925690][ T5763] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  781.772356][   T28] audit: type=1326 audit(1773861337.159:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11596 comm="syz.4.1550" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1618b9c799 code=0x0
[  781.795264][    C1] vkms_vblank_simulate: vblank timer overrun
[  782.077210][ T5763] usb 2-1: Using ep0 maxpacket: 32
[  782.108550][ T5763] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  782.120461][ T5763] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  782.145375][ T5763] gspca_main: nw80x-2.14.0 probing 055f:d001
[  782.167502][T11611] loop0: detected capacity change from 0 to 256
[  782.288618][T11611] FAT-fs (loop0): Directory bread(block 64) failed
[  782.323918][T11611] FAT-fs (loop0): Directory bread(block 65) failed
[  782.330760][T11611] FAT-fs (loop0): Directory bread(block 66) failed
[  782.378511][T11611] FAT-fs (loop0): Directory bread(block 67) failed
[  782.408932][T11611] FAT-fs (loop0): Directory bread(block 68) failed
[  782.430115][T11611] FAT-fs (loop0): Directory bread(block 69) failed
[  782.437317][T11611] FAT-fs (loop0): Directory bread(block 70) failed
[  782.474006][T11611] FAT-fs (loop0): Directory bread(block 71) failed
[  782.481659][T11611] FAT-fs (loop0): Directory bread(block 72) failed
[  782.522088][T11611] FAT-fs (loop0): Directory bread(block 73) failed
[  782.588707][ T5763] gspca_nw80x: reg_r err -32
[  782.619403][ T5763] nw80x: probe of 2-1:3.0 failed with error -32
[  782.638087][ T5763] usb 2-1: USB disconnect, device number 12
[  784.304329][ T8433] kworker/u4:15: attempt to access beyond end of device
[  784.304329][ T8433] loop0: rw=1, sector=1224, nr_sectors = 608 limit=256
[  784.390756][ T8433] kworker/u4:15: attempt to access beyond end of device
[  784.390756][ T8433] loop0: rw=1, sector=1864, nr_sectors = 180 limit=256
[  784.481681][T11634] loop1: detected capacity change from 0 to 16
[  784.496706][T11634] erofs: (device loop1): mounted with root inode @ nid 36.
[  784.607028][T11630] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  784.917000][   T28] audit: type=1326 audit(1773861340.781:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11631 comm="syz.2.1562" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fab4d39c799 code=0x0
[  785.214640][   T28] audit: type=1800 audit(1773861341.174:73): pid=11639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1561" name="file1" dev="loop1" ino=86 res=0 errno=0
[  786.739045][T11657] loop0: detected capacity change from 0 to 256
[  786.811331][T11662] fuse: Bad value for 'fd'
[  788.861355][T11657] FAT-fs (loop0): Directory bread(block 64) failed
[  789.003222][T11657] FAT-fs (loop0): Directory bread(block 65) failed
[  789.010958][T11657] FAT-fs (loop0): Directory bread(block 66) failed
[  789.022831][T11657] FAT-fs (loop0): Directory bread(block 67) failed
[  789.031134][T11657] FAT-fs (loop0): Directory bread(block 68) failed
[  789.071954][T11667] loop1: detected capacity change from 0 to 16
[  789.092305][T11667] erofs: (device loop1): mounted with root inode @ nid 36.
[  789.099985][T11657] FAT-fs (loop0): Directory bread(block 69) failed
[  789.106721][T11657] FAT-fs (loop0): Directory bread(block 70) failed
[  789.137741][T11657] FAT-fs (loop0): Directory bread(block 71) failed
[  789.159543][T11657] FAT-fs (loop0): Directory bread(block 72) failed
[  789.397292][T11657] FAT-fs (loop0): Directory bread(block 73) failed
[  789.505444][   T28] audit: type=1800 audit(1773861345.375:74): pid=11674 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1572" name="file1" dev="loop1" ino=86 res=0 errno=0
[  791.459580][ T5821] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  791.802051][T11697] loop4: detected capacity change from 0 to 16
[  791.855348][T11697] erofs: (device loop4): mounted with root inode @ nid 36.
[  791.865470][ T5821] usb 1-1: Using ep0 maxpacket: 32
[  791.874239][ T5821] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  791.888634][ T5821] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  791.960440][T11699] fuse: Bad value for 'fd'
[  791.989114][ T5821] gspca_main: nw80x-2.14.0 probing 055f:d001
[  792.758788][ T5821] gspca_nw80x: reg_w err -110
[  792.800990][ T5821] nw80x: probe of 1-1:3.0 failed with error -110
[  794.122903][   T28] audit: type=1800 audit(1773861349.315:75): pid=11707 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1581" name="file1" dev="loop4" ino=86 res=0 errno=0
[  794.229223][T11709] loop1: detected capacity change from 0 to 256
[  794.290933][ T5821] usb 1-1: USB disconnect, device number 10
[  794.383428][T11709] FAT-fs (loop1): Directory bread(block 64) failed
[  794.441042][T11709] FAT-fs (loop1): Directory bread(block 65) failed
[  794.447866][T11709] FAT-fs (loop1): Directory bread(block 66) failed
[  794.513630][T11709] FAT-fs (loop1): Directory bread(block 67) failed
[  794.525367][T11712] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  794.553888][T11709] FAT-fs (loop1): Directory bread(block 68) failed
[  794.583354][T11709] FAT-fs (loop1): Directory bread(block 69) failed
[  794.613054][T11709] FAT-fs (loop1): Directory bread(block 70) failed
[  794.654566][T11709] FAT-fs (loop1): Directory bread(block 71) failed
[  794.661547][T11709] FAT-fs (loop1): Directory bread(block 72) failed
[  794.690182][T11709] FAT-fs (loop1): Directory bread(block 73) failed
[  795.262882][ T1095] kworker/u4:6: attempt to access beyond end of device
[  795.262882][ T1095] loop1: rw=1, sector=1224, nr_sectors = 608 limit=256
[  795.305781][ T1095] kworker/u4:6: attempt to access beyond end of device
[  795.305781][ T1095] loop1: rw=1, sector=1864, nr_sectors = 1452 limit=256
[  795.542588][T11733] fuse: Bad value for 'fd'
[  796.992723][T11738] tmpfs: Unknown parameter 'ÿÿ'
[  797.002055][T11738] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  797.402463][T11746] Bluetooth: hci0: invalid length 0, exp 2 for type 12
[  797.598473][ T5863] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  798.511711][ T1059] block nbd0: Possible stuck request ffff888021fc8000: control (read@0,1024B). Runtime 480 seconds
[  798.523424][ T1059] block nbd0: Possible stuck request ffff888021fc8200: control (read@1024,1024B). Runtime 480 seconds
[  798.535630][ T1059] block nbd0: Possible stuck request ffff888021fc8400: control (read@2048,1024B). Runtime 480 seconds
[  798.549030][ T1059] block nbd0: Possible stuck request ffff888021fc8600: control (read@3072,1024B). Runtime 480 seconds
[  798.597926][ T5863] usb 2-1: Using ep0 maxpacket: 32
[  798.636770][ T5863] usb 2-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  798.791276][ T5863] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  799.233428][ T5863] gspca_main: nw80x-2.14.0 probing 055f:d001
[  799.950519][ T5863] gspca_nw80x: reg_r err -32
[  800.062267][ T5863] nw80x: probe of 2-1:3.0 failed with error -32
[  800.317677][ T5863] usb 2-1: USB disconnect, device number 13
[  801.071361][T11763] loop4: detected capacity change from 0 to 256
[  801.826393][T11763] FAT-fs (loop4): Directory bread(block 64) failed
[  801.833328][T11763] FAT-fs (loop4): Directory bread(block 65) failed
[  801.973448][T11763] FAT-fs (loop4): Directory bread(block 66) failed
[  801.982207][T11763] FAT-fs (loop4): Directory bread(block 67) failed
[  801.990696][T11763] FAT-fs (loop4): Directory bread(block 68) failed
[  801.999422][T11763] FAT-fs (loop4): Directory bread(block 69) failed
[  802.006797][T11763] FAT-fs (loop4): Directory bread(block 70) failed
[  802.013711][T11763] FAT-fs (loop4): Directory bread(block 71) failed
[  802.020758][T11763] FAT-fs (loop4): Directory bread(block 72) failed
[  802.027713][T11763] FAT-fs (loop4): Directory bread(block 73) failed
[  804.591601][T11786] tmpfs: Unknown parameter 'ÿÿ'
[  804.601846][T11786] sch_tbf: burst 32855 is lower than device lo mtu (11337746) !
[  806.459495][T11802] loop0: detected capacity change from 0 to 512
[  807.413816][   T51] Bluetooth: hci3: command 0x0406 tx timeout
[  808.281211][ T5821] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  808.546392][ T5821] usb 3-1: Using ep0 maxpacket: 32
[  808.569611][ T5821] usb 3-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  808.575097][T11819] loop1: detected capacity change from 0 to 256
[  808.589445][ T5821] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  808.901090][ T5821] gspca_main: nw80x-2.14.0 probing 055f:d001
[  809.208843][ T5821] gspca_nw80x: reg_r err -32
[  809.305142][ T5821] nw80x: probe of 3-1:3.0 failed with error -32
[  809.328352][ T5821] usb 3-1: USB disconnect, device number 13
[  809.468236][T11819] FAT-fs (loop1): Directory bread(block 64) failed
[  809.512774][T11819] FAT-fs (loop1): Directory bread(block 65) failed
[  809.530653][T11819] FAT-fs (loop1): Directory bread(block 66) failed
[  809.535325][T11823] loop4: detected capacity change from 0 to 1024
[  809.537396][T11819] FAT-fs (loop1): Directory bread(block 67) failed
[  809.577353][T11819] FAT-fs (loop1): Directory bread(block 68) failed
[  809.594907][T11823] EXT4-fs: Ignoring removed nomblk_io_submit option
[  809.610015][T11819] FAT-fs (loop1): Directory bread(block 69) failed
[  809.660835][T11819] FAT-fs (loop1): Directory bread(block 70) failed
[  809.669445][T11823] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  810.732927][T11819] FAT-fs (loop1): Directory bread(block 71) failed
[  810.766958][T11819] FAT-fs (loop1): Directory bread(block 72) failed
[  810.799362][T11819] FAT-fs (loop1): Directory bread(block 73) failed
[  811.231715][T11832] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  811.861225][ T6029] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  812.591064][T11848] loop4: detected capacity change from 0 to 512
[  812.661924][   T29] INFO: task udevd:5778 blocked for more than 144 seconds.
[  812.669483][   T29]       Not tainted syzkaller #0
[  813.219048][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  813.248433][   T29] task:udevd           state:D stack:23592 pid:5778  ppid:5136   flags:0x00004006
[  813.269620][   T29] Call Trace:
[  813.273328][   T29]  <TASK>
[  813.283699][   T29]  __schedule+0x1553/0x45a0
[  813.295713][   T29]  ? asan.module_dtor+0x20/0x20
[  813.314313][   T29]  ? mark_lock+0x94/0x320
[  813.325001][   T29]  ? lock_chain_count+0x20/0x20
[  813.344347][   T29]  ? _raw_spin_lock_irq+0xbb/0xf0
[  813.369358][   T29]  ? _raw_spin_lock_irqsave+0x100/0x100
[  813.378790][   T29]  schedule+0xbd/0x170
[  813.383093][   T29]  io_schedule+0x80/0xd0
[  813.388008][   T29]  folio_wait_bit_common+0x714/0xfa0
[  813.393504][   T29]  ? folio_wait_bit+0x30/0x30
[  813.398975][   T29]  ? _compound_head+0x120/0x120
[  813.404693][   T29]  ? filemap_add_folio+0x192/0x3c0
[  813.410510][   T29]  ? __filemap_get_folio+0x704/0xbb0
[  813.416381][   T29]  ? blkdev_writepage+0x30/0x30
[  813.422898][   T29]  do_read_cache_folio+0x1c0/0x7d0
[  813.428372][   T29]  ? blkdev_writepage+0x30/0x30
[  813.437472][   T29]  read_part_sector+0xd2/0x340
[  813.442892][   T29]  adfspart_check_POWERTEC+0x93/0xed0
[  813.449100][   T29]  ? adfspart_check_ADFS+0x620/0x620
[  813.459432][   T29]  ? put_partition+0x370/0x370
[  813.468439][   T29]  ? alloc_pages+0x4dc/0x740
[  813.477657][   T29]  bdev_disk_changed+0x740/0x1420
[  813.483064][   T29]  ? bdev_resize_partition+0xf0/0xf0
[  813.492606][   T29]  ? iput+0x343/0x920
[  813.501724][   T29]  blkdev_get_whole+0x30d/0x390
[  813.508502][   T29]  blkdev_get_by_dev+0x279/0x600
[  813.513808][   T29]  blkdev_open+0x152/0x360
[  813.522458][   T29]  ? blkdev_mmap+0x1b0/0x1b0
[  813.528978][   T29]  do_dentry_open+0x8c6/0x1500
[  813.534111][   T29]  path_openat+0x27f1/0x3230
[  813.544895][   T29]  ? do_sys_openat2+0xda/0x1d0
[  813.551530][   T29]  ? verify_lock_unused+0x140/0x140
[  813.556923][   T29]  ? do_filp_open+0x430/0x430
[  813.565758][   T29]  ? __virt_addr_valid+0x18c/0x540
[  813.571711][   T29]  do_filp_open+0x1f5/0x430
[  813.577488][   T29]  ? vfs_tmpfile+0x490/0x490
[  813.583017][   T29]  ? _raw_spin_unlock+0x28/0x40
[  813.590129][   T29]  ? alloc_fd+0x58f/0x630
[  813.597477][   T29]  do_sys_openat2+0x134/0x1d0
[  813.605885][   T29]  ? do_sys_open+0xe0/0xe0
[  813.610634][   T29]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  813.617151][   T29]  ? lock_chain_count+0x20/0x20
[  813.622353][   T29]  __x64_sys_openat+0x139/0x160
[  813.627474][   T29]  do_syscall_64+0x55/0xa0
[  813.631963][   T29]  ? clear_bhb_loop+0x40/0x90
[  813.636981][   T29]  ? clear_bhb_loop+0x40/0x90
[  813.641758][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  813.647838][   T29] RIP: 0033:0x7f1739ea7407
[  813.652420][   T29] RSP: 002b:00007ffc2178a3c0 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  813.663440][   T29] RAX: ffffffffffffffda RBX: 00007f173a656880 RCX: 00007f1739ea7407
[  813.674521][   T29] RDX: 00000000000a0800 RSI: 0000563d77560f60 RDI: ffffffffffffff9c
[  813.686104][   T29] RBP: 0000563d77547910 R08: 0000000000000000 R09: 0000000000000000
[  813.694898][   T29] R10: 0000000000000000 R11: 0000000000000202 R12: 0000563d7756eb60
[  813.703617][   T29] R13: 0000563d7755f410 R14: 0000000000000000 R15: 0000563d7756eb60
[  813.712318][   T29]  </TASK>
[  813.833795][   T29] 
[  813.833795][   T29] Showing all locks held in the system:
[  813.841833][   T29] 1 lock held by khungtaskd/29:
[  813.846894][   T29]  #0: ffffffff8d132060 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290
[  813.861467][   T29] 2 locks held by getty/5530:
[  813.866602][   T29]  #0: ffff88814cef60a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  813.886035][   T29]  #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390
[  813.897511][   T29] 1 lock held by udevd/5778:
[  813.911584][   T29]  #0: ffff888021cdc4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600
[  813.927293][   T29] 1 lock held by syz-executor/6029:
[  813.935158][   T29]  #0: ffffffff8d137a38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x306/0x880
[  813.952433][   T29] 2 locks held by kworker/0:6/6371:
[  813.958497][   T29]  #0: ffff888017c72538 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  813.971538][   T29]  #1: ffffc900034d7d00 ((work_completion)(&rew->rew_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  813.989979][   T29] 2 locks held by kworker/u4:13/7003:
[  813.995742][   T29]  #0: ffff88801f6cbd38 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  814.015330][   T29]  #1: ffffc9000bc37d00 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  814.034793][   T29] 1 lock held by syz.2.1623/11843:
[  814.061544][   T29] 
[  814.071159][   T29] =============================================
[  814.071159][   T29] 
[  814.087783][   T29] NMI backtrace for cpu 0
[  814.092324][   T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
[  814.099774][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  814.110059][   T29] Call Trace:
[  814.113383][   T29]  <TASK>
[  814.116357][   T29]  dump_stack_lvl+0x18c/0x250
[  814.121390][   T29]  ? show_regs_print_info+0x20/0x20
[  814.126734][   T29]  ? load_image+0x400/0x400
[  814.131357][   T29]  nmi_cpu_backtrace+0x3a6/0x3e0
[  814.136450][   T29]  ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0
[  814.142748][   T29]  ? _printk+0xde/0x130
[  814.146959][   T29]  ? load_image+0x400/0x400
[  814.151960][   T29]  ? load_image+0x400/0x400
[  814.156633][   T29]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  814.163051][   T29]  nmi_trigger_cpumask_backtrace+0x17a/0x2f0
[  814.169212][   T29]  watchdog+0xf3d/0xf80
[  814.173640][   T29]  ? watchdog+0x1e1/0xf80
[  814.178053][   T29]  kthread+0x2fa/0x390
[  814.182353][   T29]  ? hungtask_pm_notify+0x90/0x90
[  814.187525][   T29]  ? kthread_blkcg+0xd0/0xd0
[  814.192178][   T29]  ret_from_fork+0x48/0x80
[  814.196839][   T29]  ? kthread_blkcg+0xd0/0xd0
[  814.201705][   T29]  ret_from_fork_asm+0x11/0x20
[  814.206737][   T29]  </TASK>
[  814.210054][    C0] vkms_vblank_simulate: vblank timer overrun
[  814.217393][   T29] Sending NMI from CPU 0 to CPUs 1:
[  814.223298][    C1] NMI backtrace for cpu 1
[  814.223309][    C1] CPU: 1 PID: 11843 Comm: syz.2.1623 Not tainted syzkaller #0
[  814.223327][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  814.223337][    C1] RIP: 0010:rcu_is_watching+0x10/0xb0
[  814.223365][    C1] Code: 88 13 8d 4c 89 f6 e8 7f ef eb 02 e9 44 ff ff ff 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 41 57 41 56 53 65 ff 05 d8 d3 92 7e <e8> 3b 47 14 09 89 c3 83 f8 08 73 60 49 bf 00 00 00 00 00 fc ff df
[  814.223380][    C1] RSP: 0018:ffffc900048cfb40 EFLAGS: 00000283
[  814.223395][    C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff8168ab56
[  814.223407][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8e8aeee8
[  814.223417][    C1] RBP: ffffc900048cfc70 R08: ffffffff8e8aeeef R09: 1ffffffff1d15ddd
[  814.223429][    C1] R10: dffffc0000000000 R11: fffffbfff1d15dde R12: ffffffff81cb287a
[  814.223442][    C1] R13: dffffc0000000000 R14: 00000000000099b7 R15: 1ffff92000919f78
[  814.223454][    C1] FS:  00007fab4e1df6c0(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000
[  814.223469][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  814.223480][    C1] CR2: 00007fab4e19cff8 CR3: 00000000778ca000 CR4: 00000000003506e0
[  814.223496][    C1] Call Trace:
[  814.223501][    C1]  <TASK>
[  814.223508][    C1]  lock_release+0xb5/0x8c0
[  814.223536][    C1]  ? __might_sleep+0xe0/0xe0
[  814.223557][    C1]  ? read_lock_is_recursive+0x20/0x20
[  814.223577][    C1]  ? __lock_acquire+0x7d40/0x7d40
[  814.223596][    C1]  ? __might_fault+0x22/0x120
[  814.223614][    C1]  ? __might_fault+0xc6/0x120
[  814.223629][    C1]  ? __might_fault+0xaa/0x120
[  814.223646][    C1]  do_recvmmsg+0x3c3/0x870
[  814.223667][    C1]  ? __sys_recvmmsg+0x290/0x290
[  814.223689][    C1]  ? __ia32_sys_get_robust_list+0x110/0x110
[  814.223706][    C1]  ? blkcg_maybe_throttle_current+0x19f/0xa90
[  814.223730][    C1]  ? _raw_spin_unlock_irq+0x23/0x50
[  814.223756][    C1]  __x64_sys_recvmmsg+0x199/0x250
[  814.223776][    C1]  ? do_recvmmsg+0x870/0x870
[  814.223794][    C1]  ? lockdep_hardirqs_on+0x98/0x150
[  814.223815][    C1]  do_syscall_64+0x55/0xa0
[  814.223839][    C1]  ? clear_bhb_loop+0x40/0x90
[  814.223864][    C1]  ? clear_bhb_loop+0x40/0x90
[  814.223884][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  814.223903][    C1] RIP: 0033:0x7fab4d39c799
[  814.223917][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  814.223931][    C1] RSP: 002b:00007fab4e1df028 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  814.223948][    C1] RAX: ffffffffffffffda RBX: 00007fab4d615fa0 RCX: 00007fab4d39c799
[  814.223960][    C1] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000003
[  814.223970][    C1] RBP: 00007fab4d432c99 R08: 0000000000000000 R09: 0000000000000000
[  814.223980][    C1] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  814.223990][    C1] R13: 00007fab4d616038 R14: 00007fab4d615fa0 R15: 00007ffe3ddbe2e8
[  814.224010][    C1]  </TASK>
[  814.570585][   T29] Kernel panic - not syncing: hung_task: blocked tasks
[  814.577676][   T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
[  814.585174][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  814.595513][   T29] Call Trace:
[  814.598847][   T29]  <TASK>
[  814.601833][   T29]  dump_stack_lvl+0x18c/0x250
[  814.606574][   T29]  ? show_regs_print_info+0x20/0x20
[  814.611828][   T29]  ? load_image+0x400/0x400
[  814.616498][   T29]  panic+0x2dc/0x730
[  814.620955][   T29]  ? schedule_preempt_disabled+0x20/0x20
[  814.626828][   T29]  ? bpf_jit_dump+0xd0/0xd0
[  814.631552][   T29]  ? __irq_work_queue_local+0x13a/0x3b0
[  814.637146][   T29]  ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0
[  814.643349][   T29]  watchdog+0xf7c/0xf80
[  814.647592][   T29]  ? watchdog+0x1e1/0xf80
[  814.652151][   T29]  kthread+0x2fa/0x390
[  814.656430][   T29]  ? hungtask_pm_notify+0x90/0x90
[  814.661679][   T29]  ? kthread_blkcg+0xd0/0xd0
[  814.666855][   T29]  ret_from_fork+0x48/0x80
[  814.671864][   T29]  ? kthread_blkcg+0xd0/0xd0
[  814.676851][   T29]  ret_from_fork_asm+0x11/0x20
[  814.681682][   T29]  </TASK>
[  814.685476][   T29] Kernel Offset: disabled
[  814.689911][   T29] Rebooting in 86400 seconds..