last executing test programs:

3m50.38705346s ago: executing program 1 (id=189):
r0 = io_uring_setup(0x354a, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x32b})
clock_nanosleep(0xfffffff2, 0xca9a3b, &(0x7f0000000000)={0x77359400}, 0xfffffffffffffffe)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)

3m50.140633364s ago: executing program 1 (id=190):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ipvlan1\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c}}]}, 0x4c}}, 0x0)

3m49.939109574s ago: executing program 1 (id=191):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={r0}, 0x4)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001040)={0x3, 0x11, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4002}, [@call={0x85, 0x0, 0x0, 0x53}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6cab2ea5}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000040)="40d174b28bf781c274386d178550", 0x0, 0x1200801, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

3m48.741555091s ago: executing program 1 (id=197):
syz_mount_image$hfsplus(&(0x7f00000001c0), &(0x7f0000000400)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4040, &(0x7f00000002c0)={[{@creator={'creator', 0x3d, "1c4cdc1a"}}, {@type={'type', 0x3d, "e833026f"}}, {@gid}, {@uid}, {}, {@part={'part', 0x3d, 0x2}}, {@creator={'creator', 0x3d, "338be97f"}}, {}, {@part={'part', 0x3d, 0x7}}, {@nobarrier}]}, 0x20, 0x6fe, &(0x7f0000000480)="$eJzs3U9oXHkdAPDvm5lMMl3IztZ2t4rQsMWiW22TDIsVBKuI5LBowcteY5tuQydpSbKSFrGz6qo3PUkPe1iReNiTeBBWPIj1JgiC994LHrwVD468N+9NZvJ3Js0ksfv5wJv3e+/9/nx/33nz5k9aXgCfWHNvx1grkpi79NZ6uv1ko9F8stFYKsoRMR4RpYhKZxXJckTyOOJadJb4dLoz7y7ZbZw3n378wcVHHzU6W5V8yeqX9mq3qb3HCK18iamIKOfrIVV26+/GDv09HKrrpBt3mrALReLguLW3aQ3TfIDXLXDSPYwoj+2wvx5xKiIm8s8BkV8dSkcc3qEb6ioHAAAAJ1N5vwovP4tnsR6TRxMOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvBiSzj0Dk3wpFeWpSPL7/38nr5apVo833H18cZ/j7986okAAAAAAAAAA4PCNbRbPP4tnsR6TxXY7yf7m/3q2cSZ7fCnejdVYiJW4HOsxH2uxFisxEzE22dNndX1+bW1lZnvLX0Xast1uP8xbzkZEfVvL2RHPGQAAAAAAAABebD+KuZg87iAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBXElHurLLlTFGuR6kSERMRUU3rtSL+VJRPgvoB2/35kOMAAACAE6iWryeT/3YK7ST7zv9q9r1/It6N5ViLxViLZizEzey3gM63/tI/Wo3mk43GUrps7/jr/8p6aw8YR9ZjRJTjvV1Gns5qnO22mItvxXfjUkzF9ViJxfh+zMdaLMRU1NJJxHwkUa91fr2oF3H2x1vOu7rWF8r1rbGd37J9LoukFrdiMYvtctyoFr2VshpJnOsZ7Q/ViC0Zei/NTvK13IA5utnzfP0y/10m1355wD5Go57NfKybkek093k2Xtk594XOeXLgkWai1P0N6szmKOnm1pGKnH9vmJyfytdprn/an/PDNuRPaVszMRul/OyLeLU/5/c+9+h0f+Mv/PMv12+Xlu/cvrV6aYRTOiSVHfeOFYWtmWj0ZOK1vc++PBPNNBOtwTMxtnXHxMBzGalqno3OhW2wq+U3s9J8vN5zCt5dTh+/HNMxE1djOr4Ss9HoO8PO9uW10ljqz0n2Wittv77V9gj+wud7Kv1sn8qjsPt4aV5e6clr75Wunh3L91z7RUz3ZOn03mffQd4FKp/JC+kYP+6+45wEfZnIr81FdMUb1C6Z+HX2OWG1uXxn5fb8vQHHu5iv05ft+/3X5t8892SeS3q+nO5euLKc1IrzJT32qW60/fmq5n9x6bQrbTt2tnusHpOxGN+Ou3EzFnZ4pVbzz3Dbe+oce23HY43s2LmeY32fcuJuNLNPIVtMHU1WARjYqTdOVWtPa3+vfVj7Se127a2Jb4xfHf9sNcb+Wvlj+Xel35a+mrwRH8YPY/K4IwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBfB6v0Hd+abzYWVERaqBxwrSvvW2XhpsA6jHrH3WEleqI46G0MXfp7fr/Dwev73xJ7ZqMWIpvP7vWdRfe4hkkhaI35S0mfiUDosbpyW7WmX9231tysRnT2VaLfbD7uHtj6VlVid2O0ZHN+sHPU7883/tPvq1KLnJQO84K6sLd27snr/wZcWl+bfWXhnYXn2anF73FuLzYXpK9njMQcJjMTq/Qfl444BAAAAAAAAAAAAGE7+r//XVkppIRn+f+lU9qlTXVndeeTzRz1VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/U3Nsx1ookZqYvT6fbTzYazXQpyps1KxFRiojkBxHJ44hr0Vmi3tNdsts4bz79+IOLjz5qbPZVKeqX9mo3mFa+xFRElPP1/sZ36GZ7fzd6+msdKLykO8M0YReKxMFx+18AAAD//yBC8a4=")
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
read$FUSE(r0, &(0x7f0000004180)={0x2020}, 0x2020)

3m48.080020485s ago: executing program 1 (id=203):
syz_mount_image$hfs(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x808808, &(0x7f0000000380)=ANY=[@ANYBLOB="636f6465706167653d757466382c66696c655f756d61736b3d30303030303030303030303030303030303030303030332c696f636861727365743d63703737352c71756965742c008f7881d185c35a6a28ef06c5b85628f12a02248de249c2a338d049166371583781680d171f47"], 0x1, 0x2e2, &(0x7f0000000900)="$eJzs3T9v004cx/HPOUmb/lF//rVFSCygQiVYKgoMiCUIZWVnQkCTShVREW2RgIWCGBEPgJ2nwINgAfEEYGLiAXQzuvPZdVLHaaCJ2/J+SQnO+e78NfbF9zUKFoB/1p3m94/Xf9qXkSqqSLolBZLqUlXSGZ2tP9vc2djptFtFHVVcC/syiluaA3XWNtt5TW0718IL7aeqZrNlGI0oim7/cH9EZYeCErnRnyOQJv04dOvrY45rVHal82XHMG7ZA2z2tKfnmisxHADAMeCv/4G/TMy6IqMgkJb9Zf9UXf/3yg7gaN3oHCgqns9nrv9udhcZe3z/c6v28z2Xwtn1QZIlHiaYWs/nCcVnVtcE0wzKKl0swdT6RlUra6/VCvRGDS9TbdG9t+JTNzEg2qWc3LRA/95qujsd742bUfZKQlrf6LQn7UJO/AvDbfHvmc/mq7lvQn1QK53/VSNjD5M7UmHPkQpqNv6r/Xucca1sLfm0v9FoBF1V/ncbOee34A3Yy3p+RpLtM7lBsJtGUBSn2/a8um8rxHu3OqDVQl6rMP3Up9ViV6uKPxNW1p50Cm+ljEayi+a9uWeW9Euf1MzM/wMb37IyI7Poq964mv7MiPdnIr9m+nfT093+cLnQW3NyqP2CN9zdsnd6pJua237x8nGl02lv2YWHOQtPZ7eML6m9lXLrjH6hooI62t0viaxXUXTYnqNRBn/lSDu03x9piR0+eZXtKEtLgnEfplO3YEdKzqrmFxWdkCdnIYqkPqtG9TWF42TbJAfdF0yVHBDGzc67TJz/uZm8n9W5FMm+hQXz9IH/aJTpcTXN4LqngvPufXqoDG6mfwaX2eK1Pjmjy7kuXpYuZQqNCrcY+jhPCdPUNz3g/j8AAAAAAAAAAAAAAAAAAMBJc4Q/J0h+yXhgVcm7CAAAAAAAAAAAAAAAAAAAAADAifdHz//N+z/i3fN/w3E9/7f4yUAADuV3AAAA//+rand4")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.self_freezing\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x3000)
ftruncate(r0, 0xc17a)

3m47.391089075s ago: executing program 1 (id=211):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000880)='m', 0x1}], 0x1}, 0x5)
setsockopt$sock_attach_bpf(r0, 0x1, 0xa, &(0x7f0000000180), 0x4)
recvmsg$unix(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffc1}, 0x40000000)

3m46.839227134s ago: executing program 32 (id=211):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000f80)=[{&(0x7f0000000880)='m', 0x1}], 0x1}, 0x5)
setsockopt$sock_attach_bpf(r0, 0x1, 0xa, &(0x7f0000000180), 0x4)
recvmsg$unix(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffc1}, 0x40000000)

2m38.692998713s ago: executing program 2 (id=620):
r0 = socket$inet6(0xa, 0x2, 0x3a)
sendto$inet6(r0, 0x0, 0x0, 0x2004c080, 0x0, 0x60)
r1 = syz_open_procfs(0x0, &(0x7f0000000300)='net/icmp6\x00')
preadv(r1, &(0x7f00000002c0)=[{&(0x7f00000003c0)=""/253, 0xfd}], 0x1, 0xd0, 0xfffffffd)

2m38.586560197s ago: executing program 2 (id=622):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = io_uring_setup(0x8c3, &(0x7f0000000280)={0x0, 0x58be, 0x2, 0x2, 0xfb})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f00000004c0)=""/243, 0x0, 0x80a0000})
io_uring_enter(r0, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18)

2m37.767020209s ago: executing program 2 (id=624):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x1c, r1, 0xc4fc9e906872338b, 0x0, 0x0, {{0x15}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x4040)

2m37.583190162s ago: executing program 2 (id=626):
r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000c2bd0b20f8061b3039bb0102030109021b0001000000000904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)

2m35.039274033s ago: executing program 2 (id=641):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000005300)=[{0x0, 0x0, &(0x7f0000002d40)=[{&(0x7f0000000240)="9df68c6907f2", 0x6}, {&(0x7f0000000040)='<', 0x1}], 0x2, 0x0, 0x0, 0x4000}], 0x1, 0x1)

2m34.940490078s ago: executing program 2 (id=642):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000000c0)={[{@nossd_spread}, {}, {@flushoncommit}, {@max_inline={'max_inline', 0x3d, [0x25, 0x38]}}, {@nodatasum}, {@discard}, {@datasum}, {@discard_sync}]}, 0x1, 0x50f3, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
sync()
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x28042, 0x102)
ioctl$FICLONERANGE(r0, 0x4020940d, 0x0)

2m19.802479891s ago: executing program 33 (id=642):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000000c0)={[{@nossd_spread}, {}, {@flushoncommit}, {@max_inline={'max_inline', 0x3d, [0x25, 0x38]}}, {@nodatasum}, {@discard}, {@datasum}, {@discard_sync}]}, 0x1, 0x50f3, &(0x7f0000005140)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
sync()
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x28042, 0x102)
ioctl$FICLONERANGE(r0, 0x4020940d, 0x0)

41.41827607s ago: executing program 0 (id=1443):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010025bd7000000000000200000008000300", @ANYRES32=r1, @ANYBLOB="08009f000600000008002600b409"], 0x3c}, 0x1, 0x0, 0x0, 0x4c854}, 0x4040000)

39.23874386s ago: executing program 0 (id=1460):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x9, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x2000002, 0x3a, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

38.913770644s ago: executing program 0 (id=1464):
r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000100)={{0x0, 0x100}, 'syz0\x00'})
ioctl$UI_DEV_CREATE(r0, 0x5501)
ioctl$UI_ABS_SETUP(r0, 0x401c5504, 0x0)

38.638776925s ago: executing program 0 (id=1466):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000044, &(0x7f00000003c0), 0x1, 0x55e, &(0x7f0000001bc0)="$eJzs3d9rW+UbAPDnpM1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdKhv+Af8VAB0NG0QtvKic9abs1adIuWzrz+cDZ3jfnJO95cs7z9n1zTkgAA2s0+6cQ8WJEfJVEHI6IJF83HPnK0dXtlh9en8qWJFZWPv4zaWyX1Zuv1XzewbzyQkT8+kXEycLmdmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sybkxPvvP1Wz2J97fzf33509/0zXx5f/uan+0duJ3E2DuXrNsbxBG5srIzGaP6eFOPsYxuOr/7XizZ3haTfO8CODOV5XoysDzgcQ3nWA/99n0fECjCgEvkPA6o5DmjO7Xs0D35uPHhvdQK0Of7h1c9GYl9jbnRgOXlkZpTNd0d60H7Wxs9/3LmdLdG7zyEAOrpxMyJODw9v7v+SvP/budNdbPN4G/o/eHbuZuOf11uNfwpr459oMf452CJ3d6Jz/hfu96CZtrLx37stx79rF61GhvLa/xpjvmJy8VIlzfq2/0fEiSjuzerjW7RxZvneSrt1G8d/2ZK13xwL5vtxf3jvo8+ZLtfLTxLzRg9uRrzUcvybrB3/pMXxz96P8122cSy980q7dZ3jf7pWfoh4teXxX7+ilWx9fXKscT6MNc+Kzf66dey3du33O/7s+B/YOv6RZOP12tr22/h+3z9pu3WPxB/dn/97kk8a5T35Y9fK9fr8eMSe5MPNj0+sP7dZb26fxX/i+Nb93/r5/8va6+yPiE+7jP/W0R9f3tdN/H06/tPbOv7bL9z74LPv2rXfXf/3RqN0In+km/6vw34VY8dnMwAAAAAAAOxehYg4FEmhtFYuFEql1fs7jsaBQqVaq5+8WF24PB2N78qORLHQvNJ9eMP9EOP5/bDN+sRj9cmIOBIRXw/tb9RLU9XKdL+DBwAAAAAAAAAAAAAAAAAAgF3iYJvv/2d+H+r33gFPnZ/8hsHVMf978UtPwK7k7z8MLvkPg0v+w+CS/zC45D8MLvkPg0v+w+CS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBT58+dy5aV5YfXp7L69NXFhdnq1VPTaW22NLcwVZqqzl8pzVSrM5W0NFWd6/R6lWr1yvhELFwbq6e1+lhtcenCXHXhcv3CpbnyTHohLT6TqAAAAAAAAAAAAAAAAAAAAOD5Ultcmi1XKum8gsKOCsO7YzcUelzod88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOv+DQAA//8Kozfs")
open(0x0, 0x76bc3c, 0x1da)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000180), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}, {@xino_auto}]})

38.083455708s ago: executing program 0 (id=1470):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x81, 0xfffff038}, {0x20, 0x22, 0x0, 0xfffff00c}, {0x6}]}, 0x10)
sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0)

37.731203727s ago: executing program 5 (id=1472):
pipe2$watch_queue(&(0x7f0000001180)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
r1 = add_key(&(0x7f0000000000)='id_resolver\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r1, r0, 0x17)

37.443085686s ago: executing program 5 (id=1476):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000050000000400000001"], 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002500)={{r1}, &(0x7f0000002480), &(0x7f00000024c0)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r1, &(0x7f0000001080)='^', &(0x7f0000000040)=@tcp=r0, 0x2}, 0x20)

37.34913615s ago: executing program 5 (id=1477):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)={0x64, r1, 0x1, 0x20000002, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x14b4}], @key_params=[@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}], @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @key_params=[@NL80211_ATTR_KEY={0x20, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "408922a0bd"}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_IDX={0x5, 0x2, 0x4}]}]]}, 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

37.205234055s ago: executing program 5 (id=1479):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000044, &(0x7f00000003c0), 0x1, 0x55e, &(0x7f0000001bc0)="$eJzs3d9rW+UbAPDnpM1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdKhv+Af8VAB0NG0QtvKic9abs1adIuWzrz+cDZ3jfnJO95cs7z9n1zTkgAA2s0+6cQ8WJEfJVEHI6IJF83HPnK0dXtlh9en8qWJFZWPv4zaWyX1Zuv1XzewbzyQkT8+kXEycLmdmuLS7PlSiWdz+tj9bkrY7XFpVOX5soz6Ux6eWJy8sybkxPvvP1Wz2J97fzf33509/0zXx5f/uan+0duJ3E2DuXrNsbxBG5srIzGaP6eFOPsYxuOr/7XizZ3haTfO8CODOV5XoysDzgcQ3nWA/99n0fECjCgEvkPA6o5DmjO7Xs0D35uPHhvdQK0Of7h1c9GYl9jbnRgOXlkZpTNd0d60H7Wxs9/3LmdLdG7zyEAOrpxMyJODw9v7v+SvP/budNdbPN4G/o/eHbuZuOf11uNfwpr459oMf452CJ3d6Jz/hfu96CZtrLx37stx79rF61GhvLa/xpjvmJy8VIlzfq2/0fEiSjuzerjW7RxZvneSrt1G8d/2ZK13xwL5vtxf3jvo8+ZLtfLTxLzRg9uRrzUcvybrB3/pMXxz96P8122cSy980q7dZ3jf7pWfoh4teXxX7+ilWx9fXKscT6MNc+Kzf66dey3du33O/7s+B/YOv6RZOP12tr22/h+3z9pu3WPxB/dn/97kk8a5T35Y9fK9fr8eMSe5MPNj0+sP7dZb26fxX/i+Nb93/r5/8va6+yPiE+7jP/W0R9f3tdN/H06/tPbOv7bL9z74LPv2rXfXf/3RqN0In+km/6vw34VY8dnMwAAAAAAAOxehYg4FEmhtFYuFEql1fs7jsaBQqVaq5+8WF24PB2N78qORLHQvNJ9eMP9EOP5/bDN+sRj9cmIOBIRXw/tb9RLU9XKdL+DBwAAAAAAAAAAAAAAAAAAgF3iYJvv/2d+H+r33gFPnZ/8hsHVMf978UtPwK7k7z8MLvkPg0v+w+CS/zC45D8MLvkPg0v+w+CS/wAAAAAAAAAAAAAAAAAAAAAAAAAAANBT58+dy5aV5YfXp7L69NXFhdnq1VPTaW22NLcwVZqqzl8pzVSrM5W0NFWd6/R6lWr1yvhELFwbq6e1+lhtcenCXHXhcv3CpbnyTHohLT6TqAAAAAAAAAAAAAAAAAAAAOD5Ultcmi1XKum8gsKOCsO7YzcUelzod88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOv+DQAA//8Kozfs")
open(0x0, 0x76bc3c, 0x1da)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000180), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}, {@xino_auto}]})

36.986969326s ago: executing program 0 (id=1480):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2)

36.32558773s ago: executing program 34 (id=1480):
r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x205, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x2)

36.292672705s ago: executing program 5 (id=1482):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="60000000020601046c0001000000000000000000050005000a000000050001000600000005000400000000000900020073797a300000000014000300686173683a69702c706f72742c697000140007"], 0x60}}, 0x0)
mprotect(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)

35.738189798s ago: executing program 5 (id=1486):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x7c2)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x39, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @broadcast}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x8f56, 0x0, 0x4, {[@md5sig={0x13, 0x12, "2b58ea71e70b7ec40825c97fb62cd171"}]}}}}}}}, 0x0)

34.861408334s ago: executing program 35 (id=1486):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x7c2)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x39, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @broadcast}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0x0, 0x8f56, 0x0, 0x4, {[@md5sig={0x13, 0x12, "2b58ea71e70b7ec40825c97fb62cd171"}]}}}}}}}, 0x0)

15.051688145s ago: executing program 3 (id=1554):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc)

14.73333477s ago: executing program 3 (id=1556):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x278, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'bridge0\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'erspan0\x00', 'gre0\x00', {0xff}, {}, 0x0, 0x0, 0x0, 0x4b}, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x2d8)
r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f00000003c0)='X', 0x1, 0xfffffffffffffffe)
r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r1}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}})

14.399686871s ago: executing program 3 (id=1558):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000004c0)={0xffffffffffffff77, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0x24, {[@global=@item_012={0x2, 0x1, 0x9, "0100"}, @global=@item_012={0x2, 0x1, 0x0, "0100"}, @main=@item_4, @local=@item_012={0x2, 0x2, 0x2, "90a0"}, @global=@item_012={0x1, 0x1, 0x8, '8'}, @main=@item_4={0x3, 0x0, 0xb, "c83e2503"}, @local=@item_012={0x0, 0x2, 0x8, "3994"}, @local=@item_4={0x3, 0x2, 0x2, "b09ea549"}, @main=@item_4={0x3, 0x0, 0x8, "ce9abc16"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

11.793197735s ago: executing program 3 (id=1565):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000580)={'wg1\x00', <r2=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100e8ffffff00000000100000002000018008000100", @ANYRES32=r2, @ANYBLOB="14000200776731"], 0x34}}, 0x0)

11.483787561s ago: executing program 3 (id=1566):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@ipv4={'\x00', '\xff\xff', @remote}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x30, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0xfffffffffffffffd}, 0x80000001}}, 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=@updpolicy={0xb4, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5}}, 0xb4}, 0x1, 0x0, 0x0, 0x810}, 0x0)

11.19474186s ago: executing program 3 (id=1567):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000240)='./file1\x00', 0x2200008, &(0x7f0000000280), 0x3, 0x59b, &(0x7f0000000980)="$eJzs3c1qG1cbAOB3ZDn/+eJACF+7KIYsmpJGju3+pFBIuixtaKDdp8JWTLAcBUsOsRtIsmg23ZRQKKWB0gvovsvQG+gtdBNoA6EE0y6yURl5ZCu2ZcuyiB3reWCsc2ZGeufMzDl+RyOhAPrWcPonF/FaRHybRBxrWZaPbOHw0nqLz25PpFMS9frnfyeRZPOa6yfZ4+Gs8v+I+O3riDO5tXGr8wvTxXK5NJvVR2ozN0aq8wtnr80Up0pTpetj4+Pn3x0f++D997bdxnz2+Nblf3/47NHH5785tfj9L0+OP0jiYhzJlrW2YxvutlaGYzjbJ4NxcdWKoz0ItpskO70BdGUg6x+DkY4Bx2JgubcAe92diKgDfSrR/6FPNfOA5rV9j66DXxlPP1q6AFrb/vzSeyNxoHFtdGgxeeHKKL3eHepB/DTGr389fJBOscn7EHderA70IDzQx+7ei4hz+fza8S/Jxr/unWu8ebyx1TEWn93et82wQIcepfnP2+vlP7nl/CfWyX8Or9N3u5G9xtFmfW3+k3vSgzBtpfnfh+vmv8tD19BAVjvayPkGk6vXyqVzEfG/iDgdg/vT+kb3c84vPq63W9aa/6VTGr+ZC2bb8SS//8XnTBZrxe20udXTexGvr+S/SawZ/w80ct3Vxz/dH5c7jHGy9PCNdss2b3+rO503rEP1nyPeXPf4r9zRSja+PznSOB9GmmfFWv/cP/l7u/hba3/vpcf/0MbtH0pa79dWtx7jpwPPS+2WdXv+70u+aJSzZOF5vVirzY5G7Es+bZ0ft9L5YyvPvVWsJTGWzR9dav/pUxuPf+ud/wcj4ssO23//xP22q+6G4z+5peO/9cLjT776sV38zo7/O43S6WxOJ+Nfpxu4nX0HAAAAAAAAu00uIo5Ekissl3O5QmHp8x0n4lCuXKnWzlytzF2fjMZ3ZYdiMNe8032s5fMQo9nnYZv1sVX18Yg4HhHfDRxs1AsTlfLkTjceAAAAAAAAAAAAAAAAAAAAdonDbb7/n/rTL0zB3ucnv6F/bdr/e/FLT8Cu5P8/9C/9H/qX/g/9S/+H/qX/Q//S/6F/6f/Qv/R/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6KnLly6lU33x2e2JtD55c35uunLz7GSpOl2YmZsoTFRmbxSmKpWpcqkwUZnZ7PXKlcqN0bGYuzVSK1VrI9X5hSszlbnrtSvXZopTpSulwZfSKgAAAAAAAAAAAAAAAAAAAHi1VOcXpovlcml2S4U/optnrRRyW4/e7ab2oHAhdiBoDwvJZrvuQnY4ugqRfzmtaJ6wO70z90JhINuXHe1wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANh5/wUAAP//2DAo2Q==")
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f0000000100), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
sync()
rename(&(0x7f0000000080)='./file0/file0\x00', &(0x7f0000000180)='./file1\x00')

4.897571308s ago: executing program 4 (id=1611):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

3.259935071s ago: executing program 4 (id=1617):
r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100024286bd10b00d815522f90102030109021200019ddb10010904"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000c40)={0x14, 0x0, &(0x7f0000000140)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000200)={0x1, 0x6d, 0x1, &(0x7f0000000100)={0x28, "1a9c66bf2f615e427b2644e9533fa16c12f206b28569d8c83a1b9951cf5a1dee93"}})

2.74162367s ago: executing program 7 (id=1619):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x100)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fcntl$setlease(r0, 0x400, 0x0)
fcntl$setlease(r0, 0x400, 0x2)

2.604931216s ago: executing program 7 (id=1620):
r0 = fsopen(&(0x7f0000000000)='bdev\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x8a)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

2.34501136s ago: executing program 6 (id=1621):
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000), 0xc9002, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000500)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$F2FS_IOC_MOVE_RANGE(r0, 0x541b, &(0x7f0000000040)={<r1=>0xffffffffffffffff, 0xfffffffffffffffe, 0x4, 0x8040000000000000})
close_range(r1, 0xffffffffffffffff, 0x0)

2.320356046s ago: executing program 7 (id=1622):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000540)='./bus\x00', 0x3010018, &(0x7f00000003c0), 0x5, 0x4c3, &(0x7f0000000ac0)="$eJzs3U1oXNUeAPD/nXw0L01f8j54r3SV9wp9fZQmTad5pdAH7apQtGArKOjC0EzStJO2NCmYLMQP0IoK7aYbi6ALBekirlQEkS5ERXDRjaAUVBAbSKtVpAshcu/MxLSZpE1Tc2n8/eBwz7kzc89/5uSeueefSxLAH1ZnROyKiIaI2BIR7dX9hWqJJyslfV6pOHEoLUlMTx+4mkQSEXuLE4dqx0qq29XVA7RExIUPI1ob5/Y7MjZ+pK9cLp2otrtHh493j4yNbx4a7hssDZaOFnu2F4vF3h3F3rv2Xn/45fCZd67vef7sle8//ebi2+eT2BVt1cdmv4+7pTM6Zz6T2RqTiP/f7c5y1pJ3ACza+fvPvJR3DADA8kuv8f8aEf/Orv/boyEqF+uHJx+91h7XBuZ7XcfPr1xezjgBAACAOzcd7bEz3QIAAAArViEi2iIpdFXvBWiLQqGrq3IP79+jtVA+NjK6aeDYyaP9kd0r2xFNhYGhcql2r3BHNCVpuyer/9beelO7GBF/iYhT7X/K2l0Hj5X7805+AAAAwArXFnHpkWfe/efqedb/qS/b844SAAAAWIp0/b/mUmv2p7p+ss4HAACAFSld/1979srHYf0PAAAAK1Zt/T/zf7hUVFRUZip5z1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAw1/R0EtMAAADAipZ3/gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHvL3uLEoVpZrj4n9yxXT8xnandEdFTGv1QtlUcaoyXbtkRTRLT+mETjrNclEdGwxL67NkR0xqbPTz/x3VtpierP4RIPyz1i4uu8IyBPzdvyjoA8rXsg7wjI02en8o6APF2cyjsC8rT/QN4RkKd9/8s7AvL08tW8I+CD3RGxpV7+rxBrs20lC3Rz/qchyxAtzSfnIjqj69vZ++bmfwqTS+yGBUztjtgZEaU5+b9C7SkdDdXWmixV2JQMDJVLWyLizxGxMZpWpe2eBfrYu/ZC3UzPi/9Ix//kvlr+Ly1p/7VcYDWOycZVN76uv2+0b6nvm4qppyLWNdYb/2Qm/5vMk/9ddZt9vPfV/uF6+69/lI7/C+8vPP78nqZfjfhP3fM/mXlOWuseHT7ePTI2vnlouG+wNFg6WuzZXiwWe3cUe7uz+aC7NivM9ebTr9f9pv/XwWz+HzP++UnP/9aFxz+b/0fGxo/0lculEyOL7+O5DWfrfoe/cTYd/+YLdzL/NycPZgE2V/c93jc6eqInojm5b+7+rYuPeaWqfR61zysd/43r63//167/KvN/Yc78/7fqtlD5FeK8/vva5br7vzidjn/xIed/ftLx77/F+Z/ccP4vvvLY+v0b6/X9cGTXf+duff5vy4KpHcT1363d7gDlHScAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMz2awAAAP//MEf3BQ==")
chdir(&(0x7f0000000080)='./file0\x00')
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000b80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2e640, 0x0, 0x0, 0x0, &(0x7f00000007c0))
mkdir(&(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4)

1.874426728s ago: executing program 6 (id=1623):
syz_mount_image$msdos(&(0x7f0000000340), &(0x7f0000000300)='./file0\x00', 0x0, &(0x7f0000000900)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c636865636b3d72656c617865642c646d61736b3d30303030303030303030303030303030303030303036322c666c7573682c0071d75fda7a1b5d58e8d51c862c343a987cdc479e6f5f46c633984073553266fc589d9dd06b580e8413ec0686d3fd9afc522ff29fe3e1d3d9519eaa55848162fac84b81e75807dfadd792615cd5a2cb343d6232bb975cfda684c6f5cea20eb46c283e87be36e51c9bfd05eaecfce3a99943e6fe0aab3c4f67fe28b42e8b069743f57cc3d649486fde21814a326e7d487c886378d12e34c0e2426367b607c61a0a8e50384e363c45fe368b1ed0770f3b30737a3ee1106b076410bc7eb205741f9cab8d85cb21d7fdcd7e4b3aaff5224337f67ad2b4be951b2461434377f10cdf0f37b52c00180babc93b14f24ef2456626d0cd4715a4f05d5e37a4130ee5ab71192b1b5f6744519c62f66fe32d56ab75b9cdbdf9b735cb69a7153152ff63a0111be44c77539d6cf5914e96c8bcbd635adcd3aadc6a04b01603030c6e34985c67f686b1ce69"], 0x1, 0x2a0, &(0x7f0000000600)="$eJzs3c9LFG0AB/DHVfF9fVE8vVSXHurUZVDPHZRQkBaKcoMKghHHWnbalZ097EoHO3cJOvYfRMduQfQP+F90k0A8ecqQ8dcKXdI08PO5zJf5zjM8zww8c5zN229fNlaKZCXthMrMQKjMhFDZGQgToRIOrIdb716/f/Pw8ZO7s9Xq3IMY52cXp6ZjjOPXvzx99fHG185/jz6Nfx4JGxPPNremv238v3F188fii3oR60VstjoxjUutViddyrO4XC8aSYz38ywtslhvFlm7r1/JW6urvZg2l8dGV9tZUcS02YuNrBc7rdhp92L6PK03Y5IkcWw0cBq1Dzu7u2Frt3TRs+H8ef+X27FN/Z8Qtte7tW6tPJb9/EJ1bjIOxRjj8NGo7W63NnjYT8VSfz8cRvf76ZP9waflZtnvdXfuVU+MHwnLf3jtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXF5JPDRxdHa7260Nln3yq75M8wvVucn9C/r7oXBt6NyWAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACnUvTWGmmeZ23h98Peg/wLpiEIZxf2N4h/L3Z/AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPPU/xN7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALquit9ZI8zxrn1X4fqW88bHqotcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKf1MwAA//9DfGiJ")
sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000ac0)=ANY=[], 0x28}], 0x1}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)

1.710962669s ago: executing program 7 (id=1624):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r1, &(0x7f0000000080)=ANY=[@ANYBLOB='b 7:', @ANYRESOCT], 0x6)

1.65741331s ago: executing program 6 (id=1625):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4)
sendmmsg$inet6(r0, &(0x7f0000005500)=[{{&(0x7f0000000140)={0xa, 0x4e23, 0x6, @dev={0xfe, 0x80, '\x00', 0x27}, 0x6}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000240)="92a6", 0x2}], 0x1}}], 0x1, 0x240800d0)

1.459716855s ago: executing program 6 (id=1626):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000280)={<r1=>0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x38}, 0x9}]}, &(0x7f0000000040)=0x10)
shutdown(r0, 0x2)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000200)={r1, 0x5}, &(0x7f0000000240)=0x8)

1.327911192s ago: executing program 7 (id=1627):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000200)={<r1=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000280)={r1, 0x2, 0x4}, 0x8)

1.209034111s ago: executing program 7 (id=1628):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000300), 0x382, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0x6)

1.125525737s ago: executing program 6 (id=1629):
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e)
syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade52151923a70b46eacfc1aaaebcf156e549e884bcabc1333f344f31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffffffff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b1b6a1e6ad8d24ad17f649ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d0000000000000000", @ANYRES8, @ANYRESHEX, @ANYRES32, @ANYRES64, @ANYRES64, @ANYBLOB="ac57e0e3f5b780e7846aa6ab4866ef4248d6fc2111d7e28cdc626e81c86fa71fd1a5bc0305b50a4e5dd8f24964d1a58520e4e2cc8c6aa20c9dc6d6a094d1eb4b427e430c9ee73c745e3b3f145b7ed6b59744b0c9ee6e1dfdb888a62a17809113bc75f97cb6328c3809ecee3a021695e6d5db575263f60a500a3c4cf7d14dc45ebf7d6fc877105c9b5e95890f93c1c189103a4d600e2e35bfc700e8eac98857dc8dac899e0ceb85"], 0x1, 0x194, &(0x7f0000000640)="$eJzsmD9P+kAYx7/X8if88ktw1UUTScDB0hY1MjgwO2ii0bhJpBK0iIEOwGZ8Ec6+AmfiwvvQQZ0cxM3Joebawx4oYuI/jM9neO57dw/Hc0+Tb5OCIIg/y831w9VZMhHj+j8SiIr1WzXIUaT8Vvxx5qK0cn6i31+22svZ/vMYANd9//+HALRzKhwxd93eXyfEuA6lq8Py/iYYNKG3oWBDaAsMW0LvSbrC8zVtt2Rb2k7FLnCh82DwYPKQ6a+vc8RQkOpj0n6t0dzP27ZV/UIxrH+dnIIlqT75eXV7owf9gwEFhtAZMKwJvYhotzd+S6T7T4SC89Vvvv/vFuPxITlhjEqpJD5BMHBxFwNGo56fEoE/uacMScmfQpJ/pJ3yYbrWaM6WyvmiVbQOTDOzoM/p+ryZ9ozIj2/4X8zzp3/S+eEBuREWQT3vOFXDj89zsx6FUzVfc9yI538KUtN+1UysyXjvgzE2xYeUChwPrJYgCIIgCIIgCIIgCIIgCOIjTIJ5X0F7yL5YMle97KcAAAD//5Z1cak=")
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x80000, 0x0)

1.009027926s ago: executing program 4 (id=1630):
r0 = syz_io_uring_setup(0x10b, &(0x7f00000000c0)={0x0, 0x0, 0x80, 0x1, 0x1c0}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_LINKAT={0x27, 0x50, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x1})
io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0)

720.115125ms ago: executing program 4 (id=1631):
syz_mount_image$hfsplus(&(0x7f0000000100), &(0x7f0000002900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f0000000c00)=ANY=[], 0x1, 0x6ed, &(0x7f0000000d80)="$eJzs3c1vHGcdB/DvrNeuN0TBaRMaoSBMIhWkiMSJlUK4YBBCOVSoKoeercRprGySKnFRWiFwAcEJiUP/gILkGweExD0oXLgUcenVx0pIXCIOUS+LZnbWu2uv3xK/JPD5RON5nnmeeea3v3nzrrOaAP+3rp5L82GKXD33xoOyvroy215dmX2pbm4nKcuNpNmdpbiTFI+SubK9GJgyMN/go8Urb336ePWzbq1ZT1X/sa3WG2FE3+V6ynQ93vTINcd3uonlOrwcTXKtng+b2OlYQx3LpJ2t53DoOsMa6SzvZvXdnLfAc6Z3dyq6980NppIjSSbr3wNSXx0aBxfhnvpar7CrqxwAAAC8oD65e9gRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIunev5/a63a6C5KplP0nv8/0VtWl59Dczvu+XBf4wAAAAAAAACAg/HVJ3mSBznWq3eK6m/+Z6rKiXzeSb6Q93I/C7mX83mQ+SxlKfdyMcnUwEATD+aXlu5dXFuzNHrNSyPXvHRQrxgAAAAAAAAA/if9Iq3+3/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB5UCRj3Vk1najnmUqjmX5blpN/JJk47Hh3oRi18OHBxwEAAADPZPIp1vnikzzJgxzr1TtF9Z7/S9X75cm8lztZymKW0s5Crtfvoct3/Y3Vldn26srs7XIq68Pjfu/fuwpjoh5hrKqN2vKpqkcrN7JYLTmfa1Uw19PobvtscqoXz0BcAz4sYyq+W9thZM06reXGfrfZpwh7YvijiMYWPVv94JK1jMzUsZVrHu9moKg+qEnWZ2L93tmwseZQbarqMr62pYtprH3yc2Ifcn6knpev59f7mvOdGMzFWiYaqTJxqXf0lefM1plIvv6XP759s33n1s0b988d7kvahbFNlq8/JmYHMvHqC52J5i77z1SZOLlWv5of5sc5l+m8mXtZzE8yn6UspFO3z9fHc/lzautMzQ3V3twukol6v3T32U5ims4PqtJ8zlTrHstiitzN9Szk9erfpVzMt3I5l3NlYA+f3DTu6rVVZ31j/Vnf29N/HRn82W/UhfLq9pv+VW5uq1e82dG5V7rX/jKvxwfy2j3qH6/1Oj5wHswMZOnlXnbGRw7+NNfG5pfrQrmNX25znzhYU3UmyhOod5foRfdKNxPN6l608Tj/fadcL+07nc7N+Xc3GX95Xf21el4eVitf2a53z+hdsYeWu8fLy5msryTDR0fZ9sraVWagrdM/lrttw3fccr2TVVtR9M7UH+VudQBsPFMn6t/hNo50qWp7dV3b6foaXradGmgb+n0rd9PO9f3OHwBP6e9vrxWncmSi9a/WJ62PW79q3Wy9Mfn9l7790umJjP9t/DvNmbHXGqeLP+fj/Kz//h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHh699//4NZ8u71wb3ShsXnTUKGV9Uu2G7ks/LO/pKgf6DOq8636KQXbD/j8FCaTDC2pnnN04GG01oexodD5eXLg+ek9RHB0n9+WhWZ3dx/dpE9dmBta8qeNnT/cPp6xwbWKnZ0X+1ho5GA3OpbRB8BhXZGAg3Jh6fa7F+6//8E3F2/Pv7PwzsKd8cuXr8xcufz67IUbi+2Fme7Pw44S2A/9m/5hRwIAAAAAAAAAAADs1KgvBpw5ut2XRjYUGknWf8fD/ywEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9sTVc2k+TJGLM+dnyvrqymy7nHrlfs9mkkYjKX6aFI+SuXSnTA0MV+QPj9IZsZ2PFq+89enj1c/6YzW7/ZNGPd/c1q1Jlusp00nG6vkzGBrv2jOPV/yn9xrKhH3e6XTmni0+2Bv/DQAA//+vvu19")
open(&(0x7f0000000140)='./file1\x00', 0x66842, 0x21)
link(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x1000)

642.295842ms ago: executing program 6 (id=1632):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20a00, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_mount_image$udf(&(0x7f0000000240), &(0x7f0000000c80)='./file0\x00', 0x800000, &(0x7f00000000c0)=ANY=[@ANYBLOB='lastblock=00000000000000000226,adinicb,gid=forget,nostrict,unhide,uid=', @ANYRESDEC=r1, @ANYBLOB="2c73686f727461642c7569643d69676e6f72652c73686f727461642c766f6c756d653d30303030303030303030303030303030303030362c001829935912ddb19b617db523a6bb7c0d782285ef952b9282ba93ba5ef9353deee866199e1a1a16f9b8980aa11304cc9667f126de9a575a9cb3c29169cb6e8bd4820f0d3882914f9f4dd2ac97c7c5181676dc89c5fd4f9c455fcdbd2eef48adb33cdc1f9e9a7f3a2bcb07fb13cffd272aa79076e8039f7ab310e76e7400"/192, @ANYRES64], 0x4, 0xc24, &(0x7f0000000d00)="$eJzs3V9oXOl5B+D3myOtJW/TzG42zh/nYmAD2Xqzi2R51yregBwrIgvGa1ZWLhYKGluyO6w0kiW5eEMJLiSUkLa45CKXNWwCvauvWggNuFfbEgKiV6UXxW03Zns3CaQtvViVM/ONNNLalrK2JXn9PMb+nTnznpnvzOrVnDN7zpwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACK+/o2TQ8Npr0cBAOymM5NvDo14/weAJ8o5+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGwvRRHfjRTv/qCVptu3OwZON5pXrk6NT9x9scEUKSpRtOvLvwPDR0eOvfLq8dFu3n/5h+0L8cbkuZO1Uwvzi0uzy8uzM7WpZuPCwszsjh/hQZff6kj7BajNv31l5uLF5drRl0c23X21eufA04eqJ0YPj7zVrZ0an5iY7Knp6//Yz/4R6eE9FJ8gT0UR34wU7730QapHRCUevBe2+d3xqA1GX9l/7ZWYGp9or8hco95cKe9MlVzVF1HtWWis2yO70IsPZCziWvnfqRzwkXL1JhfrS/Xzc7O1s/WllcZKY6GZKp3RlutTjUqMpojFiGgVez149pv+KOJYpLjz61Y6HxFFtw9ePDP55tDI9g/QtwuDvMfTVouI1XgMehb2qQNRxF9Gih9OD8WF3Ffttnk/4itlvhZxucxbKa7n26n8BTEa8SvvJ/BY64sifhEpFlIrzXR7v71defpbtdebFxd6arvblY/9/sFusm3CPjYQRZxvb/G30sf/sAsAAAAAAAAAAAAA2B1F/DRS3Jx/IS1G7zmljeal2rn6+bnOUcHdY/9ream1tbW1aupkLedQzrGcZ3NO51zMeS3n9Zw3ct7MeSvnas7bOVs5o5KfP2ct51DOsZxnc07nXMx5Lef1nDdy3sx5K+dqzts5WznDeU8AAAAAAAAAAAAAAAAAAAA8ZINRxESkuPHuH7WvKx3t69J/+sTomfHneq8Z/7ltHqesfTkifho7uyZvf77WeKqUfx7+egHbG4givpOv//cnez0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgX6hEEd+NFD/6TStFioixiOno5O1ir0cHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQGUhGnIsV/fWOgfXs1Ir4YER+ulX8i/ndtq70eMQAAAAAAAAAAAAAAAAAAAHwCpSIuR4ofv9dK1Yi4Wr1z4OlD1ROjh0feKqKIVJb01r8xee5k7dTC/OLS7PLy7Extqtm4sDAzu9OnGzjdaF65OjU+8UhWZluDj3j8gwOnFhbfWWpc+sOVu95/cODk+eWVpfqFu98dg9EXMdQ750h7wFPjE+1BzzXqzfaiqXKPAfZF1Ha6MgAAAAAAAAAAAAAAAAAAAOwbB1MR45Hi+Z8dS93zxvs65/x/qnOrWK/9yR9vfBfA3Jbs6v3+gJ1Mp50O9Ej7xPva1PjExGTP7L7+j5aWY0qpiM9GisN///n2+fApDt713Piy7s8ixej/Hct11cNl3dimqoEjU+MTtTMLzZdOzs0tXKiv1M/PzdYmF+sXdvzFAQAAAAAAAAAAAAAAAAAAAHAfB1MRfx4pjr2+mrrXnc/n//d1bvWc//9aRPey8wNpc65rn9v/u+1z+zvTnz4x+vrR5+81/1Gc/1+OKaUiPowUz/zV59vX0++e/z+0pbas+3Gk+MX3vpTrKk+VdcPd1ek84sXG3OxQWftipPj+2W5ttGtfzbWf2agdLmv/IVI8+weba4/n2uc2ao+WtXcixcSZu9d+dqN2pKwdjBRf/dNat/ZgWfv1XHtoo/blCwtzMzt9eXkylf3/b5Hiy8PfTN2f+Xv2f8/3f1zbkus+0vP3n35Y/V/tmXct9/Va7v/hbfr/cqT4i+tfynWd3jua73+m/e9G/38/UvzepzbXvpJrn92oHd7pasFeKvv/nyLF6u1/Wf+Zz/2fO2ujQ3v7/4t9m7O7XbBX/f9Mz7xqHtfIb/lawJNm+Z1vv12fm5tdMmHChIn1ib3+zQQ8auX2/39Hiq9dLlJ3PzZv//9O59bG/v//fGdj+//Elly3R9v/z/bMO5H3Wvr7IgZW5hf7PxcxsPzOt19qzNcvzV6abY6MjB7//WPDR48P9z/V3bnfmNrxawePu7L/344UP/mbf17/HHvz/v/dP/87uCXX7VH/f6Z3nTbt1+z4pYAnTtn/fx0p/vXGB+v/v+l+n/91P+d74fnNOdgt2qP+f65nXi3/M9oz74Ui4uROnwsAAAAAAAAAAB4TB1MRP4sUf9v6x/Vr3m8+/ie+3K3tPf7vXvbD9f8BgPsr3/8nI8XPD341db9DZifH/89syXV7dPzvoZ55M7t0XvOOX2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiYUhRxIFK8+4NWul2UtzsGTjeaV65OjU/cfbHBFCkqUbTry78Dw0dHjr3y6vHRbt5/+YftC/HG5LmTtVML84tLs8vLszO1qWbjwsLM7I4f4UGX3+pI+wWozb99ZebixeXa0ZdHNt19tXrnwNOHqidGD4+81a2dGp+YmOyp6ev/2M/+EenhPRSfIE9FET+PFO+99EH69yKiEg/eC9v87njUBqOv7L/2SkyNT7RXZK5Rb66Ud6ZKruqLqPYsNNbtkV3oxQcyFnEtIirlgI+Uqze5WF+qn5+brZ2tL600VhoLzVTpjLZcn2pUYjRFLEZEq9jrwbPf9EcRfxcp7vy6lf6jiCi6ffDimck3h0a2f4C+XRjkPZ62WkSsxmPQs7BPHYginosUP5weiv8sOn3Vbpv3I75S5msRl8u8leJ6vp3KXxCjEb/yfgKPtb4o4mykWEit9H6Re7+9XXn6W7XXmxcXemq725WP/f7BbrJtwj42EEX8sr3F30q/9H4OAAAAAAAAAAAAAPtcEV+LFDfnX0jt80PXzyltNC/VztXPz3UO6+8e+1/LS62tra1VUydrOYdyjuU8m3M652LOazmv57yR82bOWzlXc97O2coZlfz8OWs5h3KO5TybczrnYs5rOa/nvJHzZs5bOVdz3s7ZyhmOkwYAAAAAAAAAAAAAAAAA4BGpRBHfixQ/+k0rrRWd68tORydvO88VPtH+PwAA//9mFkcG")
ioctl$KVM_CAP_X86_USER_SPACE_MSR(r1, 0x4068aea3, &(0x7f0000000300)={0xbc, 0x0, 0x8000000})

341.59308ms ago: executing program 4 (id=1633):
capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x43, 0x0, &(0x7f0000000640)="b44c806748f06309624431ed337301000000010000009c1fd05dacf5bb80c9b7ee0fae7a6a53200386ce51def6a4effb86e8e2ad7cb4645c2b9c0614907d40080cd6f4", 0x0, 0x407, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x2}, 0x50)
r0 = syz_open_dev$sg(&(0x7f0000000140), 0x6f5e, 0x0)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000040)=0x85)

0s ago: executing program 4 (id=1634):
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0e000083821cee00", @ANYRES32=0x1], 0x50)
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000200)='./file0\x00', 0xa00010, &(0x7f0000000840)=ANY=[@ANYBLOB='nodecompose,decompose,nobarrier,gid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6e6c733d69736f383835392d310000000072726965722c00bcd0f0b5c4e2957974ff5d7ea3c3dcee087e4983684e8a4c4e4e87b134e30ce77162b12885b964b3506ff3eae0f3599447b17861d19be78079e5dd7bdc7f1eb36e31ac14de48349767164f5f6431bbdeaef96a4f2bce64b5cfa76ce3a2c4302374bc5535d7e2eb8dfb2e5d58a37b7e37836597c21f51bcdf6df4cad825cfd9ef5ee9e89e04b15cd3cea9e152d67b9a7eedc5dfe6d85a3ce7c342da8cc969b552197cb8bcc4a1009f38f4a85b7c742101ba5bc03115feca2b994c699812"], 0x6, 0x635, &(0x7f0000000c80)="$eJzs3c1rHOcdB/DvrFZryQVHSezELYGKGNJSUVsvKK16iVtK0SGUkB56FrYcC6+VIClFCaWo79BTD/kD0oNuPRV6N6Tn9parjoFCLznppjKzs9LaWil6s1ZqPx/z7PM888w888xvZ2Zndi0mwP+t+Yk0n6TI/MTb62V9a3OmvbU5c6Vubicpy42k2clSLCfFZ8nddFK+Xk6s5y8OWs8nS3Pvfv7l1hedWrNO1fyNw5Y7mo06ZTzJUJ0/o/Wn4/Q33CmU/dzr398xFLtbWAbsVjdwMGg7+2wcZ/FTHrfARVB0Pjf3GUuuJhmprwNSnx0a5zu6s3essxwAAABcUi9sZzvruTbocQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBlUj//v6hTo1seT9F9/n+rnpa6fKk9GfQAAAAAAAAAAOAMfHM721nPtW59p6h+83+9qlyvXr+WD7OaxazkdtazkLWsZSVTScZ6OmqtL6ytrUwdYcnpvktOn8/2AgAAAAAAAMD/qN9kfu/3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGKShOi86xaJO17vlsTSaSUaStMr5NpJ/dcuXRNFv4pPzHwcAAACcysgJlnlhO9tZz7Vufaeo7vlfqe6XR/JhlrOWpaylncXcr++hy7v+xtbmTHtrc+Zxmfb3+8P/HGsYVY+7X0P0W/PNao7RPMhSNeV27lWDuZ9GtWTpZnc8/cf163JMxVu1I47sfp2XK/vzQd8iDMRYFZHh3YhM1mMro/Hi4ZH4yneneeiaptLY/ebn+nOI+dU6L7fnDxcz5o1UkZju2fteOTwSybf+/tefP2wvP3r4YHXi4mzSCT27T8z0ROLVSx2J5jHnn6wicWO3Pp+f5GeZyHjeyUqW8ossZC2L2anbF+r9uXwdOzxSd5+qvfNVI2nV70vnLHqUMY3nx1VpIa9Xy17LUoq8n/tZzJvVv+lM5XuZzWzmet7hGweOu9q26qhvHO+ov/XtujCa5I91Pmidj9Qyri/2xLX3nDtWtfVO2YvSS2d/bmx+oy6U6/htnV8Mz0ZiqicSLx8eib9Ux8Zqe/nRysOFDw7of+OZ+ht1Xu5xv79QnxLl/vJSRuozydN7R9n28u5Z5ul4tepfXDptjX1tN6q2ougeqT898Eht1ddw+3uartpe7ds2U7Xd7Gl76nor76e9ez0EwAV29TtXW6P/Hv3n6Kejvxt9OPr2yI+ufP/Ka60M/2P4B83JoTcarxV/y6f51d79PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHKrH338aKHdXlzpX2gc3HS2haJ+kM95rEth0IXuQwRP3eHdC7E5l7owlKRfU/0WneThosClcGft8Qd3Vj/6+LtLjxfeW3xvcXl4dnZucm72zZk7D5bai5Od10GPEnge9j70+7cXF+oBmwAAAAAAAAAAAECO9vc2O/X//zvxXxoMehsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAy21+Is0nKTI1eXuyrG9tzrTL1C3vzdlM0mgkxS+T4rPkbjopYz3dFW8dsJ5Plube/fzLrS/2+mpW85ed1vkpbNQp40mG6vys+rt36v6K3S0sA3arGzgYtP8GAAD//+IHAOM=")
setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000000)=ANY=[@ANYBLOB='osx.:'], 0x0, 0x0, 0x0)
listxattr(&(0x7f0000000180)='./file0\x00', 0x0, 0x0)

kernel console output (not intermixed with test programs):

.
[  229.878900][ T8559] BTRFS info (device loop5): disabling free space tree
[  229.909345][ T8600] ext4 filesystem being mounted at /250/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  229.940424][ T8559] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  230.025055][ T8559] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  230.220734][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  230.491754][ T8616] loop0: detected capacity change from 0 to 512
[  230.526408][ T8205] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  230.563683][ T8616] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  230.898651][ T5772] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.527608][ T5807] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  231.737327][ T5807] usb 5-1: Using ep0 maxpacket: 32
[  231.756199][ T5807] usb 5-1: config index 0 descriptor too short (expected 156, got 27)
[  231.775195][ T5807] usb 5-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  231.797334][ T5807] usb 5-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  231.827581][ T5807] usb 5-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  231.857785][ T5807] usb 5-1: config 0 interface 0 has no altsetting 0
[  231.870475][ T5807] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  231.917452][ T5807] usb 5-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  231.947474][ T5807] usb 5-1: Product: syz
[  231.951816][ T5807] usb 5-1: Manufacturer: syz
[  231.956455][ T5807] usb 5-1: SerialNumber: syz
[  231.988881][ T5807] usb 5-1: config 0 descriptor??
[  232.010301][ T8632] loop0: detected capacity change from 0 to 32768
[  232.022297][ T5807] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  232.061857][ T5807] ldusb 5-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  232.152702][ T8632] JBD2: Ignoring recovery information on journal
[  232.264941][ T8632] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  232.407678][ T8636] loop3: detected capacity change from 0 to 32768
[  232.502825][ T8636] JBD2: Ignoring recovery information on journal
[  232.645636][ T8644] ldusb 5-1:0.0: Write buffer overflow, 2147479232 bytes dropped
[  232.656637][ T8636] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  232.765023][ T8636] (syz.3.927,8636,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #4097: rec_len is smaller than minimal - offset=255, inode=0, rec_len=0, name_len=0
[  232.822147][ T8632] syz.0.923 (8632) used greatest stack depth: 18768 bytes left
[  232.881623][ T8641] loop5: detected capacity change from 0 to 32768
[  232.895801][ T5807] usb 5-1: USB disconnect, device number 14
[  232.924976][ T5807] ldusb 5-1:0.0: LD USB Device #0 now disconnected
[  232.936537][ T5772] ocfs2: Unmounting device (7,0) on (node local)
[  233.008851][ T5779] ocfs2: Unmounting device (7,3) on (node local)
[  233.038627][ T8641] XFS (loop5): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  233.303312][ T8657] loop3: detected capacity change from 0 to 1024
[  233.436494][ T8641] XFS (loop5): Starting recovery (logdev: internal)
[  233.560261][ T8641] XFS (loop5): Ending recovery (logdev: internal)
[  233.587737][ T1079] hfsplus: b-tree write err: -5, ino 25
[  233.607568][ T1079] hfsplus: b-tree write err: -5, ino 4
[  233.634382][ T1079] hfsplus: b-tree write err: -5, ino 2
[  233.870820][ T8659] loop4: detected capacity change from 0 to 4096
[  233.905849][ T8205] XFS (loop5): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  233.941201][ T8659] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512).
[  234.081771][ T8659] ntfs3: loop4: Failed to initialize $Extend/$ObjId.
[  234.251246][ T8656] loop0: detected capacity change from 0 to 32768
[  234.357442][ T8656] XFS (loop0): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  234.460360][ T8656] XFS (loop0): Ending clean mount
[  234.627161][ T5772] XFS (loop0): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  234.757966][ T8679] tap0: tun_chr_ioctl cmd 1074025677
[  234.763516][ T8679] tap0: linktype set to 774
[  234.854876][ T8681] loop3: detected capacity change from 0 to 136
[  234.999727][ T8676] loop5: detected capacity change from 0 to 8192
[  235.074602][ T5777] I/O error, dev loop5, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  235.201483][ T8685] loop4: detected capacity change from 0 to 128
[  235.207567][ T5924] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  235.238683][ T8685] EXT4-fs: Ignoring removed nobh option
[  235.358354][ T8685] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  235.407432][ T8685] ext4 filesystem being mounted at /181/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  235.427638][ T5924] usb 1-1: Using ep0 maxpacket: 8
[  235.439867][ T5924] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  235.467297][ T5924] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  235.519317][ T5924] pvrusb2: Hardware description: Terratec Grabster AV400
[  235.526467][ T5924] pvrusb2: **********
[  235.568268][ T5924] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  235.584941][ T5924] pvrusb2: Important functionality might not be entirely working.
[  235.596787][ T5924] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  235.641339][ T5924] pvrusb2: **********
[  235.663397][ T6434] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  235.707840][ T2321] pvrusb2: Invalid write control endpoint
[  235.885710][ T2321] pvrusb2: Invalid write control endpoint
[  235.899084][ T2321] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  235.953962][ T2321] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  235.974329][ T2321] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  235.985023][ T2321] pvrusb2: Device being rendered inoperable
[  236.000610][ T8683] pvrusb2: Attempted to execute control transfer when device not ok
[  236.014564][ T2321] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  236.029485][ T2176] usb 1-1: USB disconnect, device number 17
[  236.046397][ T2321] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b)
[  236.065733][ T2321] pvrusb2: Attached sub-driver cx25840
[  236.073457][ T2321] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  236.084053][ T2321] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  236.383424][ T8689] loop3: detected capacity change from 0 to 32768
[  236.455628][ T8689] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  236.643367][ T8689] XFS (loop3): Ending clean mount
[  236.701730][ T8689] XFS (loop3): Quotacheck needed: Please wait.
[  236.820713][ T5807] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  236.852555][ T8689] XFS (loop3): Quotacheck: Done.
[  237.031884][ T5807] usb 5-1: Using ep0 maxpacket: 16
[  237.046431][ T5807] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  237.069172][ T5807] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  237.094774][ T5807] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  237.127467][ T5807] usb 5-1: New USB device found, idVendor=09da, idProduct=000a, bcdDevice= 0.00
[  237.147077][ T5779] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  237.148277][ T5807] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.177963][ T5807] usb 5-1: config 0 descriptor??
[  237.387400][  T968] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  237.589114][ T8721] loop5: detected capacity change from 0 to 32768
[  237.596188][  T968] usb 1-1: config index 0 descriptor too short (expected 23569, got 27)
[  237.626140][  T968] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  237.636602][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.654906][ T8721] XFS (loop5): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  237.655062][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.674052][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.682080][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.689887][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.697163][  T968] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  237.707441][  T968] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  237.716256][  T968] usb 1-1: Manufacturer: syz
[  237.722332][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.729733][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.738164][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.745644][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.754172][  T968] usb 1-1: config 0 descriptor??
[  237.759283][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.766665][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.773883][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.784028][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.791547][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.798677][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.808136][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.827474][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.834714][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.841812][ T5807] a4tech 0003:09DA:000A.0003: unknown main item tag 0x0
[  237.848997][ T5807] a4tech 0003:09DA:000A.0003: collection stack underflow
[  237.856096][ T5807] a4tech 0003:09DA:000A.0003: item 0 0 0 12 parsing failed
[  237.864184][ T5807] a4tech 0003:09DA:000A.0003: parse failed
[  237.870240][ T5807] a4tech: probe of 0003:09DA:000A.0003 failed with error -22
[  237.882790][ T5807] usb 5-1: USB disconnect, device number 15
[  237.920018][ T8721] XFS (loop5): Ending clean mount
[  237.961741][ T8721] XFS (loop5): Quotacheck needed: Please wait.
[  238.027479][  T968] rc_core: IR keymap rc-hauppauge not found
[  238.033478][  T968] Registered IR keymap rc-empty
[  238.052474][ T8721] XFS (loop5): Quotacheck: Done.
[  238.060052][  T968] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[  238.079929][  T968] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input12
[  238.112070][    C0] igorplugusb 1-1:0.0: Error: urb status = -32
[  238.146926][   T27] audit: type=1800 audit(1772805573.642:46): pid=8721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.951" name="file1" dev="loop5" ino=6150 res=0 errno=0
[  238.235149][ T2176] usb 1-1: USB disconnect, device number 18
[  238.387012][ T8205] XFS (loop5): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  239.039488][ T8741] loop0: detected capacity change from 0 to 1024
[  239.165315][ T8740] loop5: detected capacity change from 0 to 8192
[  239.884599][ T8737] loop4: detected capacity change from 0 to 40427
[  239.916378][ T8737] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x35f7
[  239.947953][ T8737] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x7ffff
[  239.956434][ T8737] F2FS-fs (loop4): Image doesn't support compression
[  240.000909][ T8737] F2FS-fs (loop4): invalid crc value
[  240.024960][ T8737] F2FS-fs (loop4): Found nat_bits in checkpoint
[  240.195984][ T8737] F2FS-fs (loop4): Start checkpoint disabled!
[  240.237838][ T8737] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  240.248511][ T8754] loop0: detected capacity change from 0 to 4096
[  240.341568][ T8758] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  240.367711][ T5807] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  240.449070][ T8737] F2FS-fs (loop4): inject no more block in inc_valid_node_count of f2fs_new_node_page+0x187/0x910
[  240.578025][ T5807] usb 4-1: Using ep0 maxpacket: 16
[  240.603307][ T5807] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  240.628798][ T5807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  240.663967][ T5807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  240.704425][ T5807] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  240.744951][ T5807] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  240.789034][ T5807] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  240.807455][ T5807] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  240.832265][ T1079] kworker/u4:6: attempt to access beyond end of device
[  240.832265][ T1079] loop4: rw=2049, sector=40960, nr_sectors = 24 limit=40427
[  240.847776][ T5807] usb 4-1: Manufacturer: syz
[  240.865450][ T5807] usb 4-1: config 0 descriptor??
[  240.893993][ T1079] F2FS-fs (loop4): Remounting filesystem read-only
[  240.902303][ T1079] F2FS-fs (loop4): Remounting filesystem read-only
[  240.909920][ T1079] F2FS-fs (loop4): Remounting filesystem read-only
[  241.232738][ T8757] loop5: detected capacity change from 0 to 32768
[  241.239687][ T5807] rc_core: IR keymap rc-hauppauge not found
[  241.255888][ T5807] Registered IR keymap rc-empty
[  241.263178][ T8757] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 scanned by syz.5.960 (8757)
[  241.275815][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.317460][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.336152][ T8757] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  241.366869][ T8757] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  241.377581][ T5807] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  241.391354][ T8757] BTRFS info (device loop5): using free space tree
[  241.418088][ T5807] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input13
[  241.452489][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.508003][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.557485][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.607485][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.639384][ T8757] BTRFS info (device loop5): enabling ssd optimizations
[  241.646444][ T8757] BTRFS info (device loop5): auto enabling async discard
[  241.647767][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.676251][ T8760] loop0: detected capacity change from 0 to 32768
[  241.687700][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.757410][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.776866][ T8760] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  241.819852][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.887436][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.937466][ T5807] mceusb 4-1:0.0: Error: mce write submit urb error = -90
[  241.972038][ T8760] XFS (loop0): Ending clean mount
[  241.993671][ T8760] XFS (loop0): Quotacheck needed: Please wait.
[  242.002482][ T5807] mceusb 4-1:0.0: Registered  with mce emulator interface version 1
[  242.023926][ T5807] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  242.033442][ T8205] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  242.052394][ T5807] usb 4-1: USB disconnect, device number 14
[  242.112107][ T8760] XFS (loop0): Quotacheck: Done.
[  242.195282][ T8563] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 9 /dev/loop5 scanned by udevd (8563)
[  242.326477][   T27] audit: type=1800 audit(1772805577.812:47): pid=8760 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.961" name="file1" dev="loop0" ino=6150 res=0 errno=0
[  242.659040][ T5772] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  243.544146][ T8819] loop4: detected capacity change from 0 to 256
[  243.722924][ T8822] netem: change failed
[  243.837356][  T968] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  243.935227][ T8824] loop4: detected capacity change from 0 to 2048
[  243.971053][ T8824] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  244.042938][  T968] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  244.054200][   T27] audit: type=1800 audit(1772805579.562:48): pid=8824 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.978" name="file3" dev="loop4" ino=1347 res=0 errno=0
[  244.086073][  T968] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  244.118022][  T968] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  244.127104][  T968] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  244.151045][  T968] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  244.214290][  T968] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  244.237901][  T968] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  244.265303][  T968] usb 1-1: Product: syz
[  244.290152][  T968] usb 1-1: Manufacturer: syz
[  244.327258][  T968] cdc_wdm 1-1:1.0: skipping garbage
[  244.343367][  T968] cdc_wdm 1-1:1.0: skipping garbage
[  244.362192][  T968] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  244.385322][  T968] cdc_wdm 1-1:1.0: Unknown control protocol
[  244.396692][ T8814] loop5: detected capacity change from 0 to 32768
[  244.728464][ T8836] Bluetooth: MGMT ver 1.22
[  245.285209][  T968] usb 1-1: USB disconnect, device number 19
[  245.484175][ T8856] loop3: detected capacity change from 0 to 256
[  245.947294][  T968] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  246.148774][ T8876] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1001'.
[  246.162150][  T968] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  246.170983][  T968] usb 1-1: config 0 has no interface number 0
[  246.191006][  T968] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  246.201591][  T968] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  246.242063][  T968] usb 1-1: Product: syz
[  246.246332][  T968] usb 1-1: Manufacturer: syz
[  246.264256][  T968] usb 1-1: SerialNumber: syz
[  246.288701][  T968] usb 1-1: config 0 descriptor??
[  246.452961][ T8866] loop3: detected capacity change from 0 to 32768
[  246.482318][ T8866] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.997 (8866)
[  246.517863][  T968] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  246.535789][ T8866] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  246.559385][  T968] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  246.569918][ T8866] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  246.591763][  T968] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  246.600077][ T8866] BTRFS info (device loop3): using free space tree
[  246.607685][  T968] usb 1-1: media controller created
[  246.641964][  T968] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  246.696626][ T8883] loop5: detected capacity change from 0 to 2048
[  246.757506][ T8866] BTRFS info (device loop3): enabling ssd optimizations
[  246.799340][ T8866] BTRFS info (device loop3): auto enabling async discard
[  246.816350][ T8901] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  246.891645][   T27] audit: type=1800 audit(1772805582.392:49): pid=8866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.997" name="file2" dev="loop3" ino=261 res=0 errno=0
[  246.937450][ T5769] usb 5-1: new full-speed USB device number 16 using dummy_hcd
[  247.046609][ T5779] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  247.168961][ T5769] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  247.179083][ T5769] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  247.218695][ T5769] usb 5-1: Product: syz
[  247.226004][ T5769] usb 5-1: Manufacturer: syz
[  247.249110][ T5769] usb 5-1: SerialNumber: syz
[  247.276517][ T5769] usb 5-1: config 0 descriptor??
[  247.529369][ T5769] usb 5-1: USB disconnect, device number 16
[  247.590109][ T8904] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  247.602717][ T8904] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  247.676651][ T8904] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  247.719775][ T8904] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  247.752117][  T968] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[  247.758990][ T8862] usb 1-1: dvb_usb_ec168: I2C read not implemented
[  247.792537][ T8904] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  247.811597][ T8904] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  247.822190][ T8904] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  247.830806][ T8904] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  247.864664][  T968] usb 1-1: USB disconnect, device number 20
[  247.873906][ T8904] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  248.467533][ T2176] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  248.542524][ T8929] dvmrp1: tun_chr_ioctl cmd 1074025677
[  248.550002][ T8929] dvmrp1: linktype set to 264
[  248.669012][ T2176] usb 4-1: Using ep0 maxpacket: 16
[  248.688127][ T2176] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  248.709845][ T2176] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0
[  248.730305][ T2176] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28
[  248.765661][ T2176] usb 4-1: config 0 interface 0 has no altsetting 0
[  248.784455][ T2176] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  248.797046][ T2176] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.816615][ T2176] usb 4-1: config 0 descriptor??
[  249.297803][ T2176] hid (null): unknown global tag 0x50
[  249.314963][ T2176] hid (null): unknown global tag 0xc
[  249.323735][ T2176] hid (null): report_id 0 is invalid
[  249.547039][ T2176] usb 4-1: USB disconnect, device number 15
[  249.559702][ T8947] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1024'.
[  249.587583][ T5084] Bluetooth: hci1: command 0x0406 tx timeout
[  249.607696][ T8947] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1024'.
[  249.727934][ T8951] netlink: 11 bytes leftover after parsing attributes in process `syz.0.1027'.
[  249.737121][ T8951] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1027'.
[  249.748677][ T8951] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1027'.
[  249.759009][ T5084] Bluetooth: hci2: command 0x0406 tx timeout
[  249.827494][ T5084] Bluetooth: hci4: command 0x0c1a tx timeout
[  249.829640][ T5770] Bluetooth: hci0: command 0x0406 tx timeout
[  249.887476][ T5807] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  250.063508][ T6682] kernel write not supported for file /sg0 (pid: 6682 comm: kworker/1:5)
[  250.089550][ T5807] usb 5-1: unable to get BOS descriptor or descriptor too short
[  250.099586][ T5807] usb 5-1: not running at top speed; connect to a high speed hub
[  250.120599][ T5807] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  250.141279][ T5807] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  250.195491][ T5807] usb 5-1: string descriptor 0 read error: -22
[  250.217621][ T5807] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  250.233850][ T5807] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.248535][   T55] block nbd0: Possible stuck request ffff888021e88000: control (read@0,1024B). Runtime 120 seconds
[  250.259456][   T55] block nbd0: Possible stuck request ffff888021e88200: control (read@1024,1024B). Runtime 120 seconds
[  250.270708][   T55] block nbd0: Possible stuck request ffff888021e88400: control (read@2048,1024B). Runtime 120 seconds
[  250.281785][   T55] block nbd0: Possible stuck request ffff888021e88600: control (read@3072,1024B). Runtime 120 seconds
[  250.317956][ T5807] usb 5-1: 0:2 : does not exist
[  250.335030][ T8965] loop0: detected capacity change from 0 to 64
[  251.006989][ T8983] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1041'.
[  251.185984][ T5807] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[  251.212230][ T8988] loop0: detected capacity change from 0 to 128
[  251.257147][ T5807] usb 5-1: 5:0: failed to get current value for ch 1 (-22)
[  251.279616][ T8988] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  251.326580][ T8988] ext4 filesystem being mounted at /273/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  251.380951][ T5807] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5)
[  251.474133][ T5807] usb 5-1: USB disconnect, device number 17
[  251.664261][ T5772] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  251.677351][ T5770] Bluetooth: hci1: command 0x0406 tx timeout
[  251.827567][ T5770] Bluetooth: hci2: command 0x0406 tx timeout
[  251.907439][ T5770] Bluetooth: hci4: command 0x0c1a tx timeout
[  251.913598][ T5770] Bluetooth: hci0: command 0x0406 tx timeout
[  251.950996][ T9003] loop0: detected capacity change from 0 to 128
[  252.176837][ T9005] loop5: detected capacity change from 0 to 4096
[  252.214284][ T9005] ntfs3: loop5: Different NTFS sector size (2048) and media sector size (512).
[  252.536865][ T9011] loop0: detected capacity change from 0 to 1024
[  252.546442][ T9005] ntfs3: Cannot use different iocharset when remounting!
[  252.566871][ T9005] ntfs3: loop5: failed to convert name for inode a.
[  252.711298][ T9011] hfsplus: request for non-existent node 211 in B*Tree
[  252.734271][ T9011] hfsplus: request for non-existent node 211 in B*Tree
[  252.853568][   T34] hfsplus: b-tree write err: -5, ino 8
[  252.890646][ T9019] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1057'.
[  252.902399][ T9019] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1057'.
[  252.916134][ T9019] macvlan0: entered allmulticast mode
[  252.927747][ T9019] veth1_vlan: entered allmulticast mode
[  253.194698][ T9028] 8021q: adding VLAN 0 to HW filter on device ipvlan2
[  253.849625][ T9051] input: syz1 as /devices/virtual/input/input14
[  253.997302][ T5770] Bluetooth: hci4: command 0x0c1a tx timeout
[  254.255981][ T9063] loop3: detected capacity change from 0 to 2048
[  254.357682][ T9063] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  254.682878][ T9076] loop3: detected capacity change from 0 to 256
[  254.729200][ T9076] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  254.783546][ T9080] loop5: detected capacity change from 0 to 256
[  254.794248][ T9079] loop4: detected capacity change from 0 to 512
[  254.832125][ T9079] EXT4-fs error (device loop4): ext4_orphan_get:1398: inode #15: comm syz.4.1084: inode has both inline data and extents flags
[  254.849413][ T9079] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.1084: couldn't read orphan inode 15 (err -117)
[  254.867652][ T2176] usb 1-1: new full-speed USB device number 21 using dummy_hcd
[  254.870264][ T9079] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  254.902502][ T9080] FAT-fs (loop5): Directory bread(block 64) failed
[  254.930655][ T9080] FAT-fs (loop5): Directory bread(block 65) failed
[  254.950918][ T9080] FAT-fs (loop5): Directory bread(block 66) failed
[  254.957685][ T9080] FAT-fs (loop5): Directory bread(block 67) failed
[  254.964546][ T9080] FAT-fs (loop5): Directory bread(block 68) failed
[  254.973386][ T9080] FAT-fs (loop5): Directory bread(block 69) failed
[  254.980228][ T9080] FAT-fs (loop5): Directory bread(block 70) failed
[  254.986924][ T9080] FAT-fs (loop5): Directory bread(block 71) failed
[  254.994134][ T9080] FAT-fs (loop5): Directory bread(block 72) failed
[  255.001493][ T9080] FAT-fs (loop5): Directory bread(block 73) failed
[  255.134314][ T6434] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.148733][ T2176] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  255.178864][ T2176] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  255.222054][ T2176] usb 1-1: New USB device found, idVendor=060b, idProduct=700a, bcdDevice= 0.00
[  255.242106][ T2176] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  255.262022][ T2176] usb 1-1: Manufacturer: syz
[  255.281703][ T2176] usb 1-1: config 0 descriptor??
[  255.719354][ T9072] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  255.769346][ T9072] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  255.812172][ T2176] cougar 0003:060B:700A.0005: unknown main item tag 0x0
[  255.846614][ T2176] cougar 0003:060B:700A.0005: unknown main item tag 0x0
[  255.870050][ T2176] cougar 0003:060B:700A.0005: unknown main item tag 0x0
[  255.877149][ T2176] cougar 0003:060B:700A.0005: unknown main item tag 0x0
[  255.914943][ T2176] cougar 0003:060B:700A.0005: unknown main item tag 0x0
[  255.971025][ T2176] cougar 0003:060B:700A.0005: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0
[  255.996184][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  256.003924][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  256.032636][ T2176] usb 1-1: USB disconnect, device number 21
[  256.253560][ T9108] fido_id[9108]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  257.292419][ T9118] loop3: detected capacity change from 0 to 32768
[  257.327998][ T9118] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  257.464584][ T9118] XFS (loop3): Ending clean mount
[  257.485839][ T9118] XFS (loop3): Quotacheck needed: Please wait.
[  257.487702][ T2176] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  257.591365][ T9118] XFS (loop3): Quotacheck: Done.
[  257.713392][ T2176] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  257.746174][ T2176] usb 1-1: config 0 has no interface number 0
[  257.755693][ T2176] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.773672][ T2176] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.787465][ T2176] usb 1-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  257.796791][ T2176] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.821355][ T5779] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  257.838500][ T2176] usb 1-1: config 0 descriptor??
[  258.331490][ T2176] input: HID 04d9:a055 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.1/0003:04D9:A055.0006/input/input15
[  258.552648][ T2176] holtek_kbd 0003:04D9:A055.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.0-1/input1
[  258.586205][ T2176] usb 1-1: USB disconnect, device number 22
[  258.707552][ T6682] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  258.731728][ T9165] fido_id[9165]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  258.907301][ T6682] usb 5-1: Using ep0 maxpacket: 8
[  258.924830][ T6682] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  258.947743][ T6682] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  258.971909][ T6682] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  258.992207][ T6682] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  259.036027][ T6682] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  259.066266][ T6682] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  259.184996][ T9158] loop3: detected capacity change from 0 to 40427
[  259.207439][ T9158] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  259.216073][ T9158] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  259.287438][ T9158] F2FS-fs (loop3): invalid crc value
[  259.316915][ T6682] usb 5-1: GET_CAPABILITIES returned 0
[  259.333070][ T9158] F2FS-fs (loop3): Found nat_bits in checkpoint
[  259.357293][ T6682] usbtmc 5-1:16.0: can't read capabilities
[  259.555628][ T9158] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  259.565072][ T6682] usb 5-1: USB disconnect, device number 18
[  259.573624][ T9158] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  260.080727][ T9178] loop0: detected capacity change from 0 to 40427
[  260.093386][ T9178] F2FS-fs (loop0): heap/no_heap options were deprecated
[  260.107398][ T9178] F2FS-fs (loop0): build fault injection attr: rate: 19, type: 0x7ffff
[  260.119667][ T9178] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x77e8c
[  260.130613][ T9178] F2FS-fs (loop0): invalid crc value
[  260.155338][ T9178] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x21d/0x9b0
[  260.180267][ T6682] kernel read not supported for file /dsp1 (pid: 6682 comm: kworker/1:5)
[  260.191926][ T9178] F2FS-fs (loop0): Found nat_bits in checkpoint
[  260.259844][ T9189] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  260.296417][ T9178] F2FS-fs (loop0): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_submit_page_bio+0x134/0x650
[  260.373758][    C0] F2FS-fs (loop0): inject read IO error in f2fs_read_end_io of blk_update_request+0x597/0xe40
[  260.458637][ T9178] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  260.530864][ T9194] loop4: detected capacity change from 0 to 512
[  260.544489][ T9194] EXT4-fs: Ignoring removed nobh option
[  260.649144][ T9178] F2FS-fs (loop0): inject no more block in inc_valid_node_count of f2fs_new_node_page+0x187/0x910
[  260.679989][ T9194] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1130: invalid indirect mapped block 256 (level 2)
[  260.768844][ T9178] F2FS-fs (loop0): inject dquot initialize in f2fs_dquot_initialize of f2fs_new_inode+0x509/0x1030
[  260.784998][ T9194] EXT4-fs (loop4): Remounting filesystem read-only
[  260.793245][ T9194] EXT4-fs (loop4): 2 truncates cleaned up
[  260.800585][ T9194] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  261.041881][ T5772] syz-executor: attempt to access beyond end of device
[  261.041881][ T5772] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  261.085912][ T5772] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  261.120778][ T6434] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  261.647771][ T9202] loop5: detected capacity change from 0 to 40427
[  261.679052][ T9202] F2FS-fs (loop5): invalid crc value
[  261.720778][ T9202] F2FS-fs (loop5): Found nat_bits in checkpoint
[  261.922049][ T9202] F2FS-fs (loop5): Start checkpoint disabled!
[  261.957794][ T9202] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  262.349631][ T9220] can0: slcan on ttyS3.
[  262.459207][ T9220] can0 (unregistered): slcan off ttyS3.
[  262.465646][ T9220] Falling back ldisc for ttyS3.
[  262.817408][  T968] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  262.941132][ T9237] loop3: detected capacity change from 0 to 256
[  263.014161][  T968] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  263.047749][  T968] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  263.117799][  T968] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  263.167701][  T968] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5
[  263.223498][  T968] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  263.247662][  T968] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  263.277400][  T968] usb 6-1: Manufacturer: syz
[  263.305610][  T968] usb 6-1: config 0 descriptor??
[  263.747991][  T968] rc_core: IR keymap rc-hauppauge not found
[  263.753990][  T968] Registered IR keymap rc-empty
[  263.787471][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  263.853777][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  263.908478][  T968] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0
[  263.952292][  T968] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input16
[  264.019516][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.077353][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.121950][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.168908][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.217353][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.306007][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.349702][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.408043][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.443991][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.497362][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.539729][  T968] mceusb 6-1:0.0: Error: mce write submit urb error = -90
[  264.619282][  T968] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  264.647510][  T968] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  264.701484][  T968] usb 6-1: USB disconnect, device number 7
[  265.275927][ T9284] netlink: 43 bytes leftover after parsing attributes in process `syz.3.1157'.
[  265.840882][ T9266] loop4: detected capacity change from 0 to 40427
[  265.885317][ T9266] F2FS-fs (loop4): invalid crc value
[  265.900688][ T9266] F2FS-fs (loop4): Found nat_bits in checkpoint
[  266.077578][ T9266] F2FS-fs (loop4): Start checkpoint disabled!
[  266.136761][ T9266] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  266.245785][ T9266] F2FS-fs (loop4): Stopped filesystem due to reason: 0
[  266.416031][ T9300] loop5: detected capacity change from 0 to 256
[  266.450453][ T9300] exfat: Deprecated parameter 'utf8'
[  266.455839][ T9300] exfat: Deprecated parameter 'utf8'
[  266.492054][ T9288] loop0: detected capacity change from 0 to 32768
[  266.607911][ T9288] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  266.662391][ T9300] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  266.729824][ T9310] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  266.738773][ T9310] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  266.748548][ T9310] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  266.757715][ T9310] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  266.805801][ T9310] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  266.815182][ T9310] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  266.824271][ T9310] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  266.833348][ T9310] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  266.860981][ T9288] XFS (loop0): Ending clean mount
[  266.911415][ T9288] XFS (loop0): Quotacheck needed: Please wait.
[  267.106550][ T9288] XFS (loop0): Quotacheck: Done.
[  267.123453][ T9292] loop3: detected capacity change from 0 to 40427
[  267.162362][ T9292] F2FS-fs (loop3): invalid crc value
[  267.209394][ T9292] F2FS-fs (loop3): Found nat_bits in checkpoint
[  267.444613][ T5772] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  267.456570][ T9292] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  267.626376][ T9312] f2fs_ckpt-7:3: attempt to access beyond end of device
[  267.626376][ T9312] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  267.698900][ T9312] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  268.578059][ T9335] tap0: tun_chr_ioctl cmd 1074025677
[  268.583621][ T9335] tap0: linktype set to 776
[  268.893329][ T9328] loop0: detected capacity change from 0 to 32768
[  268.968874][ T9328] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  269.089833][ T9328] XFS (loop0): Ending clean mount
[  269.128254][ T9328] XFS (loop0): Quotacheck needed: Please wait.
[  269.254550][ T9328] XFS (loop0): Quotacheck: Done.
[  269.407026][ T5772] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  269.696793][ T9366] loop5: detected capacity change from 0 to 256
[  269.811430][ T9366] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  269.906871][   T27] audit: type=1800 audit(1772805605.402:50): pid=9366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1185" name="file1" dev="loop5" ino=1048645 res=0 errno=0
[  269.985965][ T1079] FAT-fs (loop5): error, corrupted file size (i_pos 196, 16779008)
[  269.997437][   T27] audit: type=1800 audit(1772805605.432:51): pid=9366 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1185" name="file1" dev="loop5" ino=1048645 res=0 errno=0
[  270.018425][ T1079] FAT-fs (loop5): Filesystem has been set read-only
[  270.025164][ T1079] FAT-fs (loop5): error, corrupted file size (i_pos 196, 16779008)
[  270.031005][ T9369] loop4: detected capacity change from 0 to 512
[  270.051800][ T9338] loop3: detected capacity change from 0 to 40427
[  270.073884][ T9338] F2FS-fs (loop3): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  270.088604][ T9338] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  270.106746][ T9369] EXT4-fs error (device loop4): ext4_orphan_get:1398: inode #15: comm syz.4.1187: inode has both inline data and extents flags
[  270.106922][   T34] FAT-fs (loop5): error, corrupted file size (i_pos 196, 16779008)
[  270.128325][   T34] FAT-fs (loop5): error, corrupted file size (i_pos 196, 16779008)
[  270.136622][ T9367] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  270.144568][ T9338] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7
[  270.220825][ T9369] EXT4-fs error (device loop4): ext4_orphan_get:1403: comm syz.4.1187: couldn't read orphan inode 15 (err -117)
[  270.229063][ T9338] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff
[  270.279590][ T9338] F2FS-fs (loop3): Image doesn't support compression
[  270.290871][ T9369] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  270.306540][ T9338] F2FS-fs (loop3): invalid crc value
[  270.341502][ T9338] F2FS-fs (loop3): Found nat_bits in checkpoint
[  270.480025][ T9338] F2FS-fs (loop3): Start checkpoint disabled!
[  270.492405][ T9338] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  270.505019][ T9338] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  270.614728][ T9338] syz.3.1172: attempt to access beyond end of device
[  270.614728][ T9338] loop3: rw=10241, sector=53248, nr_sectors = 8 limit=40427
[  270.654429][ T9338] F2FS-fs (loop3): inject checkpoint error in f2fs_balance_fs of f2fs_write_single_data_page+0x105a/0x1a00
[  270.678642][ T9338] syz.3.1172: attempt to access beyond end of device
[  270.678642][ T9338] loop3: rw=2049, sector=53256, nr_sectors = 8 limit=40427
[  270.743964][ T9338] F2FS-fs (loop3): Stopped filesystem due to reason: 1
[  270.767546][ T9338] syz.3.1172: attempt to access beyond end of device
[  270.767546][ T9338] loop3: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  270.993229][ T6434] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.011139][ T9382] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  271.078251][ T9382] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  271.268710][ T9379] loop0: detected capacity change from 0 to 32768
[  271.314335][ T9379] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  271.424551][ T9379] XFS (loop0): Ending clean mount
[  271.437407][  T968] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  271.549376][ T9379] XFS (loop0): Quotacheck needed: Please wait.
[  271.659673][ T9379] XFS (loop0): Quotacheck: Done.
[  271.664866][  T968] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  271.679314][  T968] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  271.707994][  T968] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01
[  271.717283][  T968] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  271.741298][  T968] usb 5-1: config 0 descriptor??
[  271.838130][ T5808] XFS (loop0): Metadata CRC error detected at xfs_refcountbt_read_verify+0x42/0xd0, xfs_refcountbt block 0x28 
[  271.870584][ T5808] XFS (loop0): Unmount and run xfs_repair
[  271.900612][ T5808] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  271.936451][ T5808] 00000000: 52 ff ff ff 7f 00 00 00 ff ff ff ff ff ff ff ff  R...............
[  271.978467][ T5808] 00000010: 00 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00  .......(........
[  271.992924][ T5808] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  272.003462][ T5808] 00000030: 00 00 00 00 bd e7 de 5d 00 00 00 00 00 00 00 00  .......]........
[  272.025342][ T5808] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  272.053131][ T5808] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  272.074073][ T5808] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  272.111313][ T5808] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  272.159912][ T9379] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x28 len 8 error 74
[  272.184848][  T968] arvo 0003:1E7D:30D4.0007: unknown main item tag 0x0
[  272.204105][  T968] arvo 0003:1E7D:30D4.0007: unknown main item tag 0x0
[  272.232852][  T968] arvo 0003:1E7D:30D4.0007: unknown main item tag 0x0
[  272.249782][  T968] arvo 0003:1E7D:30D4.0007: unknown main item tag 0x0
[  272.257657][ T9379] XFS (loop0): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x183c/0x1e00 (fs/xfs/libxfs/xfs_defer.c:598).  Shutting down filesystem.
[  272.294355][  T968] arvo 0003:1E7D:30D4.0007: unknown main item tag 0x0
[  272.307417][ T9379] XFS (loop0): Please unmount the filesystem and rectify the problem(s)
[  272.343047][  T968] arvo 0003:1E7D:30D4.0007: unknown main item tag 0x0
[  272.362793][  T968] arvo 0003:1E7D:30D4.0007: unknown main item tag 0x0
[  272.397890][  T968] arvo 0003:1E7D:30D4.0007: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.4-1/input0
[  272.647662][ T9406] bond1: entered promiscuous mode
[  272.747764][ T6682] usb 5-1: USB disconnect, device number 19
[  272.938217][ T5772] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  273.418688][ T9414] input: syz1 as /devices/virtual/input/input17
[  273.687381][ T5769] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  273.857587][  T968] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  273.877407][ T5769] usb 6-1: Using ep0 maxpacket: 8
[  273.885261][ T5769] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  273.895432][ T5769] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  273.905277][ T5769] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  273.916809][ T5769] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  273.930796][ T5769] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  273.940977][ T5769] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.068548][  T968] usb 5-1: Using ep0 maxpacket: 16
[  274.095735][  T968] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8
[  274.121976][  T968] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00
[  274.137316][  T968] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  274.149446][  T968] usb 5-1: Product: syz
[  274.153716][  T968] usb 5-1: Manufacturer: syz
[  274.159891][  T968] usb 5-1: SerialNumber: syz
[  274.179191][ T5769] usb 6-1: GET_CAPABILITIES returned 0
[  274.186675][  T968] usb 5-1: config 0 descriptor??
[  274.192372][ T5769] usbtmc 6-1:16.0: can't read capabilities
[  274.207056][  T968] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected
[  274.242694][  T968] usb 5-1: Detected FT232R
[  274.431099][ T5769] usb 6-1: USB disconnect, device number 8
[  274.438829][  T968] ftdi_sio ttyUSB0: Unable to read latency timer: -32
[  274.487515][ T5807] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  274.610349][ T9428] loop0: detected capacity change from 0 to 40427
[  274.619178][ T9428] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  274.627009][ T9428] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  274.656712][ T9428] F2FS-fs (loop0): Found nat_bits in checkpoint
[  274.670568][  T968] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  274.684934][ T5807] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  274.698069][ T5807] usb 4-1: config 0 has no interface number 0
[  274.711805][ T5807] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.750667][ T5807] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  274.774556][ T5807] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  274.794966][ T5807] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.814573][ T5807] usb 4-1: config 0 descriptor??
[  274.869460][ T9428] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  274.876611][ T9428] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  274.901139][ T6682] usb 5-1: USB disconnect, device number 20
[  274.927095][ T6682] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  274.962006][ T6682] ftdi_sio 5-1:0.0: device disconnected
[  275.275736][ T5807] input: HID 04d9:a055 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:04D9:A055.0008/input/input18
[  275.418329][ T5807] holtek_kbd 0003:04D9:A055.0008: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.3-1/input1
[  275.508476][ T5807] usb 4-1: USB disconnect, device number 16
[  275.649502][ T9441] fido_id[9441]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory
[  275.995212][ T9450] loop4: detected capacity change from 0 to 256
[  276.013594][ T9450] exfat: Deprecated parameter 'namecase'
[  276.026691][ T9450] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xee17df4f, utbl_chksum : 0xe619d30d)
[  276.100974][ T9449] can0: slcan on ttyS3.
[  276.381666][ T9447] can0 (unregistered): slcan off ttyS3.
[  276.986904][ T9471] loop3: detected capacity change from 0 to 2048
[  277.020251][ T9471] EXT4-fs: Ignoring removed oldalloc option
[  277.092719][ T9478] Bluetooth: MGMT ver 1.22
[  277.137759][ T9471] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c028, mo2=0002]
[  277.187698][ T9471] System zones: 0-7
[  277.205426][ T9471] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  277.329344][ T9471] EXT4-fs error (device loop3): ext4_find_extent:936: inode #2: comm syz.3.1217: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4)
[  277.417814][ T9471] EXT4-fs (loop3): Remounting filesystem read-only
[  277.425319][ T9485] loop6: detected capacity change from 0 to 8
[  277.452505][ T9485] Dev loop6: unable to read RDB block 8
[  277.463244][ T9485]  loop6: unable to read partition table
[  277.473464][ T9485] loop6: partition table beyond EOD, truncated
[  277.486761][ T9485] loop_reread_partitions: partition scan of loop6 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  277.588729][ T5779] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  277.651002][ T9465] loop0: detected capacity change from 0 to 32768
[  277.707331][ T9465] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  277.775316][ T9496] loop5: detected capacity change from 0 to 64
[  277.824652][ T9496] hfs: unable to locate alternate MDB
[  277.834883][ T9496] hfs: continuing without an alternate MDB
[  277.998276][ T9465] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  278.134942][ T9465] XFS (loop0): Starting recovery (logdev: internal)
[  278.213023][ T9465] XFS (loop0): Ending recovery (logdev: internal)
[  278.297084][ T9512] loop3: detected capacity change from 0 to 1024
[  278.370764][ T9512] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  278.396430][ T9512] ext4 filesystem being mounted at /332/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  278.485208][   T27] audit: type=1800 audit(1772805613.982:52): pid=9512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1226" name="file1" dev="loop3" ino=15 res=0 errno=0
[  278.505602][    C1] vkms_vblank_simulate: vblank timer overrun
[  278.639756][  T968] XFS (loop0): Metadata corruption detected at xfs_inobt_verify+0xc5/0x230, xfs_finobt block 0x8 
[  278.669185][ T5779] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  278.697410][  T968] XFS (loop0): Unmount and run xfs_repair
[  278.703312][  T968] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  278.729842][  T968] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff  AB3B............
[  278.768553][  T968] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10  ................
[  278.817218][  T968] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  278.826252][  T968] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02  ......1....N....
[  278.864771][  T968] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  278.917805][  T968] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  278.926768][  T968] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  278.958331][  T968] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  278.986553][ T9522] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x8 len 8 error 117
[  279.113100][ T5770] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  279.113370][ T9534] loop3: detected capacity change from 0 to 256
[  279.126695][ T5770] Bluetooth: hci2: command 0x0406 tx timeout
[  279.167362][ T2176] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  279.190963][ T5772] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  279.347616][ T2176] usb 5-1: Using ep0 maxpacket: 32
[  279.366220][ T2176] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  279.385147][ T2176] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  279.425560][ T2176] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  279.465830][ T2176] usb 5-1: config 1 has no interface number 0
[  279.492725][ T2176] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  279.537311][ T2176] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  279.550527][ T2176] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  279.577370][ T2176] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.610277][ T2176] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found
[  279.824218][ T2176] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now attached
[  280.299356][  T968] usb 5-1: USB disconnect, device number 21
[  280.306583][  T968] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected
[  280.316205][   T55] block nbd0: Possible stuck request ffff888021e88000: control (read@0,1024B). Runtime 150 seconds
[  280.327689][   T55] block nbd0: Possible stuck request ffff888021e88200: control (read@1024,1024B). Runtime 150 seconds
[  280.339455][   T55] block nbd0: Possible stuck request ffff888021e88400: control (read@2048,1024B). Runtime 150 seconds
[  280.351769][   T55] block nbd0: Possible stuck request ffff888021e88600: control (read@3072,1024B). Runtime 150 seconds
[  280.427515][ T5807] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  280.628236][ T5807] usb 6-1: Using ep0 maxpacket: 32
[  280.640414][ T5807] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.667380][ T5807] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  280.697265][ T5807] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  280.716783][ T5807] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.739747][ T5807] usb 6-1: config 0 descriptor??
[  280.754880][ T5807] hub 6-1:0.0: USB hub found
[  280.815000][ T9550] loop3: detected capacity change from 0 to 40427
[  280.846118][ T9550] F2FS-fs (loop3): inline encryption not supported
[  280.883063][ T9550] F2FS-fs (loop3): invalid crc value
[  280.910911][ T9550] F2FS-fs (loop3): Found nat_bits in checkpoint
[  280.993271][ T5807] hub 6-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  281.154280][ T9550] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  281.410776][ T5807] hid-generic 0003:046D:C31C.0009: unknown main item tag 0x0
[  281.465204][ T5807] hid-generic 0003:046D:C31C.0009: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.5-1/input0
[  281.807705][ T5769] usb 6-1: USB disconnect, device number 9
[  282.362349][ T9565] loop4: detected capacity change from 0 to 32768
[  282.478606][ T9565] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  282.499907][ T9589] overlayfs: workdir and upperdir must reside under the same mount
[  282.682514][ T9565] XFS (loop4): Ending clean mount
[  282.729271][ T5769] XFS (loop4): Corruption warning: Metadata has LSN (2:16) ahead of current LSN (1:112). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  282.766811][ T5769] XFS (loop4): Metadata CRC error detected at xfs_inobt_read_verify+0x42/0xd0, xfs_finobt block 0x20 
[  282.790014][ T5769] XFS (loop4): Unmount and run xfs_repair
[  282.802766][ T5769] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  282.827262][ T5769] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff  FIB3............
[  282.846420][ T5769] 00000010: 00 00 00 00 00 00 00 20 00 00 00 02 00 00 00 10  ....... ........
[  282.862940][ T5769] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  282.928996][ T5769] 00000030: 00 00 00 00 ca b4 20 ce 00 00 11 40 00 00 40 37  ...... ....@..@7
[  282.964156][ T5769] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00  ................
[  282.987705][ T5769] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  282.996750][ T5769] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  283.021314][ T5769] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  283.051754][ T9565] XFS (loop4): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x20 len 8 error 74
[  283.074851][ T9565] XFS (loop4): Failed to initialize disk quotas.
[  283.290088][ T6434] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  283.934918][ T9606] loop0: detected capacity change from 0 to 40427
[  283.956582][ T9606] F2FS-fs (loop0): invalid crc value
[  284.213383][ T9606] F2FS-fs (loop0): Start checkpoint disabled!
[  284.241695][ T9606] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  284.542987][ T9606] F2FS-fs (loop0): Stopped filesystem due to reason: 0
[  284.877785][ T9633] Bluetooth: MGMT ver 1.22
[  284.956271][ T9614] loop4: detected capacity change from 0 to 32768
[  285.025373][ T9614] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  285.073050][ T9642] ������: renamed from vlan0 (while UP)
[  285.171591][ T9614] XFS (loop4): Ending clean mount
[  285.225978][ T9614] XFS (loop4): Quotacheck needed: Please wait.
[  285.352034][ T9614] XFS (loop4): Quotacheck: Done.
[  285.611520][ T6434] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  286.173223][ T9669] 9pnet: p9_errstr2errno: server reported unknown error ����
[  286.454670][ T9677] loop3: detected capacity change from 0 to 256
[  286.485274][ T9677] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  286.527566][ T9677] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  286.582852][ T9677] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d)
[  286.742268][ T9684] binder: 9683:9684 ioctl c0306201 200000000080 returned -14
[  287.174612][  T968] IPVS: starting estimator thread 0...
[  287.277725][ T9695] IPVS: using max 19 ests per chain, 45600 per kthread
[  287.544368][ T9678] loop5: detected capacity change from 0 to 32768
[  287.623753][ T9678] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  287.656174][ T9707] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  287.678661][ T9707] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  287.794862][ T9678] XFS (loop5): Ending clean mount
[  287.994317][ T9692] loop4: detected capacity change from 0 to 32768
[  288.088504][ T9692] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  288.096964][ T8205] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  288.147706][    C0] icmp: detected local route for 172.20.20.58 during ICMP sending, src 100.1.1.2
[  288.159050][    C0] icmp: detected local route for 172.20.20.58 during ICMP sending, src 100.1.1.1
[  288.319872][ T9692] XFS (loop4): Ending clean mount
[  288.336738][ T9692] XFS (loop4): Quotacheck needed: Please wait.
[  288.534134][ T9692] XFS (loop4): Quotacheck: Done.
[  288.732537][ T9733] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1301'.
[  288.789220][ T9733] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1301'.
[  289.023594][ T6434] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  289.047682][ T2176] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  289.071583][ T9739] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1304'.
[  289.081371][ T9739] netlink: 36 bytes leftover after parsing attributes in process `syz.5.1304'.
[  289.267641][ T2176] usb 4-1: Using ep0 maxpacket: 8
[  289.279722][ T2176] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  289.328402][ T2176] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  289.347741][ T2176] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  289.364877][ T2176] usb 4-1: Product: syz
[  289.407469][ T2176] usb 4-1: Manufacturer: syz
[  289.412244][ T2176] usb 4-1: SerialNumber: syz
[  289.439584][ T2176] usb 4-1: config 0 descriptor??
[  289.457491][ T2176] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  289.466876][ T2176] usb 4-1: setting power ON
[  289.472656][ T2176] dvb-usb: bulk message failed: -22 (2/0)
[  289.492331][ T2176] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  289.526389][ T2176] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  289.543111][ T2176] usb 4-1: media controller created
[  289.634144][ T2176] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  289.664550][ T9735] dvb-usb: bulk message failed: -22 (3/0)
[  289.684598][ T9735] dvb-usb: bulk message failed: -22 (4/0)
[  289.730059][ T9750] dvb-usb: bulk message failed: -22 (3/0)
[  289.768164][ T2176] usb 4-1: selecting invalid altsetting 6
[  289.774763][ T2176] usb 4-1: digital interface selection failed (-22)
[  289.803384][ T2176] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  289.825983][ T2176] usb 4-1: setting power OFF
[  289.842192][ T9752] loop0: detected capacity change from 0 to 164
[  289.848628][ T2176] dvb-usb: bulk message failed: -22 (2/0)
[  289.848743][ T2176] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  289.848757][ T2176] (NULL device *): no alternate interface
[  289.935286][ T9752] rock: directory entry would overflow storage
[  289.957290][ T9752] rock: sig=0x5252, size=5, remaining=3
[  289.984474][ T2176] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  290.009474][ T2176] usb 4-1: USB disconnect, device number 17
[  290.127493][    T9] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  290.204304][ T9758] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  290.315525][    T9] usb 6-1: Using ep0 maxpacket: 32
[  290.329752][    T9] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  290.348608][    T9] usb 6-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  290.370175][    T9] usb 6-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  290.379141][    T9] usb 6-1: Product: syz
[  290.387544][    T9] usb 6-1: Manufacturer: syz
[  290.392260][    T9] usb 6-1: SerialNumber: syz
[  290.410236][    T9] usb 6-1: config 0 descriptor??
[  290.416045][ T9754] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  290.428665][    T9] hub 6-1:0.0: bad descriptor, ignoring hub
[  290.436940][    T9] hub: probe of 6-1:0.0 failed with error -5
[  290.817633][    T9] usb 6-1: USB disconnect, device number 10
[  291.062857][ T9778] input: syz1 as /devices/virtual/input/input19
[  291.273177][ T9780] loop0: detected capacity change from 0 to 256
[  291.534051][ T9772] loop4: detected capacity change from 0 to 32768
[  291.608177][ T9772] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  291.660479][ T9772] JBD2: Ignoring recovery information on journal
[  291.745152][ T9772] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  292.077879][ T9794] loop5: detected capacity change from 0 to 64
[  292.117246][ T9794] BFS-fs: bfs_fill_super(): loop5 is unclean, continuing
[  292.188996][ T6434] ocfs2: Unmounting device (7,4) on (node local)
[  292.349369][ T9799] loop0: detected capacity change from 0 to 64
[  292.526170][   T27] audit: type=1800 audit(1772805628.022:53): pid=9799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1332" name="file1" dev="loop0" ino=21 res=0 errno=0
[  292.731785][ T9803] kernel profiling enabled (shift: 9)
[  292.990251][ T9811] netlink: 'syz.4.1337': attribute type 1 has an invalid length.
[  293.145969][   T27] audit: type=1326 audit(1772805628.642:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9815 comm="syz.3.1340" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa1d139c799 code=0x0
[  293.893571][ T9820] loop4: detected capacity change from 0 to 40427
[  293.905465][ T9820] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  293.926420][ T9820] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  293.959588][ T9820] F2FS-fs (loop4): invalid crc value
[  293.997593][ T9820] F2FS-fs (loop4): Found nat_bits in checkpoint
[  294.165470][ T9820] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  294.183374][ T9820] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  294.491010][ T9843] loop5: detected capacity change from 0 to 256
[  294.508641][ T9843] exfat: Deprecated parameter 'utf8'
[  294.535387][ T9843] exfat: Deprecated parameter 'utf8'
[  294.567430][ T2176] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  294.609996][ T9843] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  294.767440][ T2176] usb 4-1: Using ep0 maxpacket: 16
[  294.779729][ T2176] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  294.811477][ T2176] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 9
[  294.851727][ T2176] usb 4-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  294.871296][ T2176] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.927122][ T2176] usb 4-1: config 0 descriptor??
[  295.371898][ T2176] kye 0003:0458:5016.000A: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  295.398195][ T2176] kye 0003:0458:5016.000A: unknown main item tag 0x0
[  295.415302][ T2176] kye 0003:0458:5016.000A: unknown main item tag 0x0
[  295.425496][ T2176] kye 0003:0458:5016.000A: unknown main item tag 0x0
[  295.448133][ T2176] kye 0003:0458:5016.000A: unknown main item tag 0x0
[  295.455084][ T2176] kye 0003:0458:5016.000A: unknown main item tag 0x0
[  295.481884][ T2176] kye 0003:0458:5016.000A: unknown main item tag 0x0
[  295.502222][ T2176] kye 0003:0458:5016.000A: item fetching failed at offset 13/41
[  295.518197][ T2176] kye 0003:0458:5016.000A: parse failed
[  295.529048][ T2176] kye: probe of 0003:0458:5016.000A failed with error -22
[  295.653208][ T2176] usb 4-1: USB disconnect, device number 18
[  295.668893][  T968] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  295.891886][  T968] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  295.907363][  T968] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.919469][  T968] usb 5-1: Product: syz
[  295.928360][  T968] usb 5-1: Manufacturer: syz
[  295.940960][  T968] usb 5-1: SerialNumber: syz
[  295.956619][  T968] usb 5-1: config 0 descriptor??
[  295.976281][ T9868] loop7: detected capacity change from 0 to 7
[  295.994378][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.003693][    C1] buffer_io_error: 43 callbacks suppressed
[  296.003708][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.022753][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.032061][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.040460][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.049724][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.059210][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.068461][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.079277][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.088530][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.128411][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.137797][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.146157][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.155493][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.163435][ T8563] ldm_validate_partition_table(): Disk read failed.
[  296.173301][    C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.182631][    C1] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.192214][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.201429][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.213188][    C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  296.222596][    C0] Buffer I/O error on dev loop7, logical block 0, async page read
[  296.231124][ T8563] Dev loop7: unable to read RDB block 0
[  296.237938][ T8563]  loop7: unable to read partition table
[  296.243962][ T8563] loop7: partition table beyond EOD, truncated
[  296.257938][ T9868] ldm_validate_partition_table(): Disk read failed.
[  296.285805][ T9868] Dev loop7: unable to read RDB block 0
[  296.305766][ T9868]  loop7: unable to read partition table
[  296.317477][ T9868] loop7: partition table beyond EOD, truncated
[  296.338359][ T9868] loop_reread_partitions: partition scan of loop7 (���������C�j̖�P=ý?�}X���	���%�֐�ȵ4FLQk݊5) failed (rc=-5)
[  296.454974][  T968] usb 5-1: Firmware: major: 0, minor: 49, hardware type: RZUSB (3)
[  296.575027][ T9874] loop3: detected capacity change from 0 to 256
[  296.618494][ T9874] FAT-fs (loop3): Directory bread(block 1285) failed
[  296.625328][ T9874] FAT-fs (loop3): Directory bread(block 1286) failed
[  296.662297][  T968] usb 5-1: failed to fetch extended address, random address set
[  296.697439][ T9874] FAT-fs (loop3): Directory bread(block 1287) failed
[  296.704503][ T9874] FAT-fs (loop3): Directory bread(block 1288) failed
[  296.816515][ T9874] FAT-fs (loop3): Directory bread(block 1285) failed
[  296.820598][ T9881] ptrace attach of "./syz-executor exec"[8205] was attempted by ""[9881]
[  296.844694][ T9874] FAT-fs (loop3): Directory bread(block 1286) failed
[  296.864560][ T9874] FAT-fs (loop3): Directory bread(block 1287) failed
[  296.877502][  T968] usb 5-1: USB disconnect, device number 22
[  296.910032][ T9874] FAT-fs (loop3): Directory bread(block 1288) failed
[  296.944167][ T9874] FAT-fs (loop3): Directory bread(block 1285) failed
[  297.011768][ T9874] FAT-fs (loop3): Directory bread(block 1286) failed
[  297.070036][ T9883] netlink: 836 bytes leftover after parsing attributes in process `syz.0.1366'.
[  297.335047][ T9890] program syz.3.1370 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  297.610871][ T9896] autofs4:pid:9896:autofs_fill_super: called with bogus options
[  298.322527][ T9887] loop5: detected capacity change from 0 to 40427
[  298.378166][ T9887] F2FS-fs (loop5): invalid crc value
[  298.596989][ T9887] F2FS-fs (loop5): Start checkpoint disabled!
[  298.606449][ T9887] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  298.672338][ T9932] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1385'.
[  298.945992][ T1079] kworker/u4:6: attempt to access beyond end of device
[  298.945992][ T1079] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  298.970728][ T1079] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  299.173315][ T5769] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  299.238815][ T9940] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  299.384246][ T5769] usb 5-1: config 0 has no interfaces?
[  299.391555][ T5769] usb 5-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  299.407633][ T5769] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.478316][ T5769] usb 5-1: config 0 descriptor??
[  299.743992][ T9936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  299.769709][ T9936] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  299.798041][ T5769] usb 5-1: USB disconnect, device number 23
[  299.920375][ T9953] loop5: detected capacity change from 0 to 1764
[  300.318588][ T9961] loop3: detected capacity change from 0 to 4096
[  300.377355][ T5769] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  300.563525][ T9967] loop0: detected capacity change from 0 to 256
[  300.584958][ T5769] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.599491][ T9967] FAT-fs (loop0): bogus number of FAT sectors
[  300.605681][ T9967] FAT-fs (loop0): Can't find a valid FAT filesystem
[  300.636854][ T5769] usb 5-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice= 0.40
[  300.668523][ T5769] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  300.689607][   T27] audit: type=1326 audit(1772805636.192:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.0.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ad79c799 code=0x7ffc0000
[  300.739789][ T5769] usb 5-1: config 0 descriptor??
[  300.828298][   T27] audit: type=1326 audit(1772805636.222:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.0.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ad79c799 code=0x7ffc0000
[  300.886962][ T5770] Bluetooth: hci5: urb ffff8880305cfd00 submission failed (2)
[  300.931447][   T27] audit: type=1326 audit(1772805636.222:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.0.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ad79c799 code=0x7ffc0000
[  300.953751][    C1] vkms_vblank_simulate: vblank timer overrun
[  301.042046][   T27] audit: type=1326 audit(1772805636.222:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.0.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ad79c799 code=0x7ffc0000
[  301.096359][ T5807] usb 5-1: USB disconnect, device number 24
[  301.101824][   T27] audit: type=1326 audit(1772805636.232:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.0.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f62ad79c799 code=0x7ffc0000
[  301.136125][   T27] audit: type=1326 audit(1772805636.232:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.0.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f62ad79c502 code=0x7ffc0000
[  301.163784][   T27] audit: type=1326 audit(1772805636.232:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.0.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ad79c799 code=0x7ffc0000
[  301.186039][    C1] vkms_vblank_simulate: vblank timer overrun
[  301.212407][   T27] audit: type=1326 audit(1772805636.232:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.0.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62ad79c799 code=0x7ffc0000
[  301.279151][ T5769] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  301.317464][   T27] audit: type=1326 audit(1772805636.232:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.0.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f62ad79c799 code=0x7ffc0000
[  301.361413][   T27] audit: type=1326 audit(1772805636.232:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9966 comm="syz.0.1401" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f62ad79c799 code=0x7ffc0000
[  301.387647][ T9978] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1407'.
[  301.411105][ T9978] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1407'.
[  301.438372][ T9980] loop0: detected capacity change from 0 to 2048
[  301.507070][ T9980] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  301.526024][ T5769] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  301.557760][ T5769] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  301.574448][ T5769] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  301.583914][ T5769] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.615746][ T5769] usb 4-1: config 0 descriptor??
[  301.814190][ T9985] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1409'.
[  302.072936][ T5769] hid-steam 0003:28DE:1142.000B: unknown main item tag 0x0
[  302.111868][ T5769] hid-steam 0003:28DE:1142.000B: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0
[  302.240469][ T5769] hid-steam 0003:28DE:1142.000B: Steam wireless receiver connected
[  302.299804][ T5769] hid-steam 0003:28DE:1142.000C: unknown main item tag 0x0
[  302.369347][ T5769] hid-steam 0003:28DE:1142.000C: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0
[  302.425507][ T5769] usb 4-1: USB disconnect, device number 19
[  302.491697][ T5769] hid-steam 0003:28DE:1142.000B: Steam wireless receiver disconnected
[  302.594937][T10002] fido_id[10002]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  303.064928][T10020] loop5: detected capacity change from 0 to 512
[  303.105410][T10020] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  303.167380][T10020] ext4 filesystem being mounted at /172/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  303.205882][T10025] loop3: detected capacity change from 0 to 128
[  303.290382][ T8205] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.288101][T10051] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1436'.
[  304.354624][T10051] bridge0: port 3(vlan2) entered blocking state
[  304.387578][T10051] bridge0: port 3(vlan2) entered disabled state
[  304.402010][T10051] vlan2: entered allmulticast mode
[  304.415193][T10051] gretap0: entered allmulticast mode
[  304.426229][T10051] vlan2: entered promiscuous mode
[  304.436768][T10051] gretap0: entered promiscuous mode
[  304.468157][T10051] bridge0: port 3(vlan2) entered blocking state
[  304.474609][T10051] bridge0: port 3(vlan2) entered forwarding state
[  305.132340][T10046] loop0: detected capacity change from 0 to 131072
[  305.157852][T10046] F2FS-fs (loop0): invalid crc value
[  305.214341][T10046] F2FS-fs (loop0): Found nat_bits in checkpoint
[  305.263484][T10046] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  305.266383][T10063] loop3: detected capacity change from 0 to 256
[  305.719471][T10070] loop3: detected capacity change from 0 to 16
[  305.746784][T10070] erofs: (device loop3): mounted with root inode @ nid 36.
[  305.771099][T10054] loop5: detected capacity change from 0 to 32768
[  307.037261][   T23] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  307.055502][T10096] loop3: detected capacity change from 0 to 1024
[  307.129514][T10096] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  307.145516][T10098] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  307.247448][   T23] usb 5-1: Using ep0 maxpacket: 16
[  307.281159][   T23] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[  307.297231][   T23] usb 5-1: config 1 has no interface number 0
[  307.314108][   T23] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  307.347591][   T23] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  307.368317][   T23] usb 5-1: config 1 interface 105 has no altsetting 0
[  307.392020][   T23] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  307.405226][   T23] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  307.457216][   T23] usb 5-1: Product: syz
[  307.461472][   T23] usb 5-1: Manufacturer: syz
[  307.466124][   T23] usb 5-1: SerialNumber: syz
[  307.495468][T10090] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  307.503806][T10090] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  307.559825][T10106] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1443'.
[  307.917257][   T27] audit: type=1800 audit(1772805643.412:65): pid=10096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1456" name="file1" dev="loop3" ino=15 res=0 errno=0
[  307.936953][    C1] vkms_vblank_simulate: vblank timer overrun
[  307.974964][T10090] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  308.017243][T10090] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  308.104445][T10116] input: syz0 as /devices/virtual/input/input20
[  308.117613][ T5779] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.384369][T10122] loop0: detected capacity change from 0 to 1024
[  308.434151][   T23] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  308.459956][   T23] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  308.472092][T10122] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  308.474574][   T23] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  308.510203][   T23] aqc111 5-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 16:c5:24:44:c3:4f
[  308.524573][T10128] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1467'.
[  308.529111][   T23] usb 5-1: USB disconnect, device number 25
[  308.542388][   T23] aqc111 5-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  308.688381][   T23] aqc111 5-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  308.716720][   T23] aqc111 5-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  308.751877][   T23] aqc111 5-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  308.763392][T10130] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1468'.
[  308.838592][T10132] loop5: detected capacity change from 0 to 1024
[  308.872408][ T5772] EXT4-fs error (device loop0): ext4_lookup:1858: inode #16: comm syz-executor: iget: bad extended attribute block 8
[  308.887771][T10132] EXT4-fs: Ignoring removed i_version option
[  308.893876][T10132] EXT4-fs: inline encryption not supported
[  308.912916][T10132] EXT4-fs (loop5): Test dummy encryption mode enabled
[  308.932783][ T5772] EXT4-fs error (device loop0): ext4_lookup:1858: inode #16: comm syz-executor: iget: bad extended attribute block 8
[  309.000259][T10132] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  309.241932][ T8205] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.527913][  T968] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  309.717642][  T968] usb 4-1: Using ep0 maxpacket: 8
[  309.725496][  T968] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  309.753480][  T968] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  309.765124][ T9426] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.799097][  T968] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.833966][  T968] usb 4-1: config 0 descriptor??
[  309.869180][T10153] loop5: detected capacity change from 0 to 1024
[  309.957036][T10153] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.073923][   T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  310.140348][   T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.150604][  T968] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  310.254754][ T8205] EXT4-fs error (device loop5): ext4_lookup:1858: inode #16: comm syz-executor: iget: bad extended attribute block 8
[  310.298215][ T8205] EXT4-fs error (device loop5): ext4_lookup:1858: inode #16: comm syz-executor: iget: bad extended attribute block 8
[  310.373746][   T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  310.389957][   T55] block nbd0: Possible stuck request ffff888021e88000: control (read@0,1024B). Runtime 180 seconds
[  310.402065][   T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.407662][   T55] block nbd0: Possible stuck request ffff888021e88200: control (read@1024,1024B). Runtime 180 seconds
[  310.424458][   T55] block nbd0: Possible stuck request ffff888021e88400: control (read@2048,1024B). Runtime 180 seconds
[  310.435536][   T55] block nbd0: Possible stuck request ffff888021e88600: control (read@3072,1024B). Runtime 180 seconds
[  310.628399][ T5924] usb 4-1: USB disconnect, device number 20
[  310.671678][   T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  310.708314][   T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  310.985152][   T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  311.001917][   T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  311.094114][ T8205] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  311.218204][T10164] loop4: detected capacity change from 0 to 16
[  311.257652][T10164] erofs: (device loop4): mounted with root inode @ nid 36.
[  311.328121][   T27] audit: type=1800 audit(1772805646.832:66): pid=10164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1485" name="file1" dev="loop4" ino=86 res=0 errno=0
[  311.559664][ T5084] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  311.575581][ T5084] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  311.584491][ T5084] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  311.611636][ T5084] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  311.628971][ T5084] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  311.637879][ T5084] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  312.407349][ T5807] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  312.589797][ T5807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  312.604064][ T5807] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[  312.617794][ T5807] usb 4-1: New USB device strings: Mfr=6, Product=0, SerialNumber=0
[  312.625990][ T5807] usb 4-1: Manufacturer: syz
[  312.639510][ T5807] usb 4-1: config 0 descriptor??
[  313.006678][T10168] chnl_net:caif_netlink_parms(): no params data found
[  313.088167][ T5807] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  313.106488][ T5807] hid-thrustmaster 0003:044F:B65D.000D: unknown main item tag 0x0
[  313.134783][ T5807] hid-thrustmaster 0003:044F:B65D.000D: item fetching failed at offset 2/5
[  313.168940][ T5084] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  313.180017][ T5807] hid-thrustmaster 0003:044F:B65D.000D: parse failed with error -22
[  313.182427][ T5084] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  313.201226][ T5084] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  313.218612][ T5084] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  313.226620][ T5084] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  313.234955][ T5084] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  313.240767][ T5807] hid-thrustmaster: probe of 0003:044F:B65D.000D failed with error -22
[  313.292207][ T5807] usb 4-1: USB disconnect, device number 21
[  313.747713][ T5770] Bluetooth: hci1: command tx timeout
[  313.871395][   T59] hsr_slave_0: left promiscuous mode
[  313.894625][   T59] hsr_slave_1: left promiscuous mode
[  313.910573][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  313.929182][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  313.945656][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  313.954718][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  313.967460][ T5924] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  313.991037][   T59] bridge_slave_1: left allmulticast mode
[  313.996751][   T59] bridge_slave_1: left promiscuous mode
[  314.013563][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  314.026337][   T59] bridge_slave_0: left allmulticast mode
[  314.041834][   T59] bridge_slave_0: left promiscuous mode
[  314.052702][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  314.131209][   T59] veth1_macvtap: left promiscuous mode
[  314.136859][   T59] veth0_macvtap: left promiscuous mode
[  314.157273][ T5924] usb 5-1: Using ep0 maxpacket: 16
[  314.163383][   T59] veth1_vlan: left promiscuous mode
[  314.170448][ T5924] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  314.189394][ T5924] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  314.199247][   T59] veth0_vlan: left promiscuous mode
[  314.205989][ T5924] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.229787][ T5924] usb 5-1: config 0 descriptor??
[  314.692160][ T5924] mcp2221 0003:04D8:00DD.000E: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0
[  315.079370][ T5807] usb 5-1: USB disconnect, device number 26
[  315.357969][ T5770] Bluetooth: hci4: command tx timeout
[  315.376361][   T59] team0 (unregistering): Port device team_slave_1 removed
[  315.449970][   T59] team0 (unregistering): Port device team_slave_0 removed
[  315.515459][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  315.583648][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  315.838153][ T5770] Bluetooth: hci1: command tx timeout
[  316.146166][   T59] bond0 (unregistering): Released all slaves
[  316.275812][T10168] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.283126][T10168] bridge0: port 1(bridge_slave_0) entered disabled state
[  316.304138][T10168] bridge_slave_0: entered allmulticast mode
[  316.315327][T10168] bridge_slave_0: entered promiscuous mode
[  316.332400][T10168] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.346791][T10168] bridge0: port 2(bridge_slave_1) entered disabled state
[  316.364146][T10168] bridge_slave_1: entered allmulticast mode
[  316.373464][T10168] bridge_slave_1: entered promiscuous mode
[  316.609293][T10168] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  316.621666][T10168] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  316.748039][ T5769] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  316.765193][T10168] team0: Port device team_slave_0 added
[  316.796439][T10168] team0: Port device team_slave_1 added
[  316.886690][T10168] batman_adv: batadv0: Adding interface: batadv_slave_0
[  316.914137][T10168] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  316.954164][ T5769] usb 4-1: Using ep0 maxpacket: 32
[  316.971199][ T5769] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0
[  316.989846][T10168] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  316.998818][ T5769] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0
[  317.017376][T10168] batman_adv: batadv0: Adding interface: batadv_slave_1
[  317.047214][ T5769] usb 4-1: config 0 interface 0 has no altsetting 0
[  317.057309][T10168] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  317.088269][ T5769] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  317.111319][ T5769] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  317.137302][ T5769] usb 4-1: Product: syz
[  317.147245][ T5769] usb 4-1: Manufacturer: syz
[  317.162261][ T5769] usb 4-1: SerialNumber: syz
[  317.168538][T10168] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  317.189664][ T5769] usb 4-1: config 0 descriptor??
[  317.263615][T10194] chnl_net:caif_netlink_parms(): no params data found
[  317.363193][   T59] IPVS: stop unused estimator thread 0...
[  317.390494][T10168] hsr_slave_0: entered promiscuous mode
[  317.419644][T10168] hsr_slave_1: entered promiscuous mode
[  317.436060][ T5770] Bluetooth: hci4: command tx timeout
[  317.442553][ T1279] ieee802154 phy0 wpan0: encryption failed: -22
[  317.449745][ T1279] ieee802154 phy1 wpan1: encryption failed: -22
[  317.583943][T10246] loop4: detected capacity change from 0 to 128
[  317.606063][ T5769] gs_usb 4-1:0.0: Configuring for 1 interfaces
[  317.912816][   T59] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.918626][ T5770] Bluetooth: hci1: command tx timeout
[  318.013089][ T5769] gs_usb 4-1:0.0: Disabling termination support for channel 0 (-EPROTO)
[  318.028063][  T968] usb 5-1: new full-speed USB device number 27 using dummy_hcd
[  318.068939][T10194] bridge0: port 1(bridge_slave_0) entered blocking state
[  318.076251][T10194] bridge0: port 1(bridge_slave_0) entered disabled state
[  318.094510][T10194] bridge_slave_0: entered allmulticast mode
[  318.109541][T10194] bridge_slave_0: entered promiscuous mode
[  318.155448][ T5769] usb 4-1: USB disconnect, device number 22
[  318.208339][   T59] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.243228][  T968] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  318.254648][  T968] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  318.265013][T10194] bridge0: port 2(bridge_slave_1) entered blocking state
[  318.268180][  T968] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  318.283546][T10194] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.288437][  T968] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  318.317555][T10194] bridge_slave_1: entered allmulticast mode
[  318.325171][T10194] bridge_slave_1: entered promiscuous mode
[  318.441978][   T59] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.534152][T10194] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  318.590313][   T59] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  318.640953][T10194] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  318.754220][T10194] team0: Port device team_slave_0 added
[  318.764729][T10194] team0: Port device team_slave_1 added
[  318.812153][T10194] batman_adv: batadv0: Adding interface: batadv_slave_0
[  318.819737][T10194] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  318.851591][T10194] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  318.867108][T10194] batman_adv: batadv0: Adding interface: batadv_slave_1
[  318.876428][T10194] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  318.905523][T10194] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  318.967698][ T5807] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  319.129931][T10194] hsr_slave_0: entered promiscuous mode
[  319.136720][T10194] hsr_slave_1: entered promiscuous mode
[  319.144968][T10194] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  319.153797][T10194] Cannot create hsr debugfs directory
[  319.169830][ T5807] usb 4-1: Using ep0 maxpacket: 32
[  319.189243][ T5807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  319.213005][ T5807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  319.269425][ T5807] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d51, bcdDevice= 0.00
[  319.279558][ T5807] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.296161][ T5807] usb 4-1: config 0 descriptor??
[  319.356549][  T968] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  319.396021][  T968] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input21
[  319.427470][  T968] input: failed to attach handler kbd to device input21, error: -5
[  319.517366][ T5770] Bluetooth: hci4: command tx timeout
[  319.539528][  T968] usb 5-1: USB disconnect, device number 27
[  319.685044][T10168] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  319.699488][T10168] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  319.730934][T10168] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  319.771079][ T5807] koneplus 0003:1E7D:2D51.000F: item fetching failed at offset 1/5
[  319.788440][ T5807] koneplus 0003:1E7D:2D51.000F: parse failed
[  319.807256][ T5807] koneplus: probe of 0003:1E7D:2D51.000F failed with error -22
[  319.856097][T10168] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  319.989037][ T5770] Bluetooth: hci1: command tx timeout
[  320.021575][  T968] usb 4-1: USB disconnect, device number 23
[  320.581868][T10168] 8021q: adding VLAN 0 to HW filter on device bond0
[  320.824253][T10168] 8021q: adding VLAN 0 to HW filter on device team0
[  320.853581][T10194] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  321.014734][ T3484] bridge0: port 1(bridge_slave_0) entered blocking state
[  321.022073][ T3484] bridge0: port 1(bridge_slave_0) entered forwarding state
[  321.044986][T10194] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  321.081269][T10194] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  321.122032][T10194] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  321.163377][ T1079] bridge0: port 2(bridge_slave_1) entered blocking state
[  321.170752][ T1079] bridge0: port 2(bridge_slave_1) entered forwarding state
[  321.493536][   T59] hsr_slave_0: left promiscuous mode
[  321.538092][   T59] hsr_slave_1: left promiscuous mode
[  321.574500][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  321.587469][ T5770] Bluetooth: hci4: command tx timeout
[  321.608687][   T59] batman_adv: batadv0: Removing interface: batadv_slave_0
[  321.656333][   T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  321.690310][   T59] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.725430][   T59] bridge_slave_1: left allmulticast mode
[  321.737525][   T59] bridge_slave_1: left promiscuous mode
[  321.743581][   T59] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.818429][   T59] bridge_slave_0: left allmulticast mode
[  321.824207][   T59] bridge_slave_0: left promiscuous mode
[  321.840470][   T59] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.960223][   T59] veth1_macvtap: left promiscuous mode
[  321.965888][   T59] veth0_macvtap: left promiscuous mode
[  321.989604][   T59] veth1_vlan: left allmulticast mode
[  322.007835][   T59] veth1_vlan: left promiscuous mode
[  322.025720][   T59] veth0_vlan: left promiscuous mode
[  322.751316][T10328] loop4: detected capacity change from 0 to 128
[  323.074405][T10332] loop4: detected capacity change from 0 to 256
[  323.642258][T10342] loop3: detected capacity change from 0 to 128
[  324.125225][   T59] team0 (unregistering): Port device team_slave_1 removed
[  324.248672][   T59] team0 (unregistering): Port device team_slave_0 removed
[  324.346130][   T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  324.361860][T10344] loop4: detected capacity change from 0 to 32768
[  324.456708][T10344] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  324.499052][   T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  324.672198][T10344] XFS (loop4): Ending clean mount
[  324.960889][ T6434] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  325.219416][T10355] loop4: detected capacity change from 0 to 1024
[  325.259206][T10355] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  325.333740][T10355] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  325.432198][T10355] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: inode #11: comm syz.4.1530: missing EA_INODE flag
[  325.477275][T10355] EXT4-fs (loop4): Remounting filesystem read-only
[  325.549936][   T59] bond0 (unregistering): Released all slaves
[  325.572387][ T6434] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  325.691754][T10360] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1531'.
[  326.071641][T10194] 8021q: adding VLAN 0 to HW filter on device bond0
[  326.135771][T10194] 8021q: adding VLAN 0 to HW filter on device team0
[  326.200353][T10368] xt_hashlimit: size too large, truncated to 1048576
[  326.233374][   T11] bridge0: port 1(bridge_slave_0) entered blocking state
[  326.240589][   T11] bridge0: port 1(bridge_slave_0) entered forwarding state
[  326.294140][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  326.301378][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  326.631315][T10168] 8021q: adding VLAN 0 to HW filter on device batadv0
[  326.828514][T10381] macvlan0: left promiscuous mode
[  327.193927][T10194] 8021q: adding VLAN 0 to HW filter on device batadv0
[  327.368667][ T5807] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  327.570319][ T5807] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  327.597296][ T5807] usb 4-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4
[  327.627539][ T5807] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  327.641211][T10168] veth0_vlan: entered promiscuous mode
[  327.687492][ T5807] usb 4-1: config 0 descriptor??
[  327.714244][T10168] veth1_vlan: entered promiscuous mode
[  327.742162][ T5807] usb 4-1: bad CDC descriptors
[  327.784862][ T5807] usb 4-1: bad CDC descriptors
[  327.826241][T10168] veth0_macvtap: entered promiscuous mode
[  327.880471][T10168] veth1_macvtap: entered promiscuous mode
[  327.939645][ T5924] usb 4-1: USB disconnect, device number 24
[  327.995117][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.006638][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.018771][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.037933][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.049436][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.067343][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.090305][T10168] batman_adv: batadv0: Interface activated: batadv_slave_0
[  328.160644][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  328.173660][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.186179][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  328.210292][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.221690][T10168] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  328.237385][T10168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.260135][T10168] batman_adv: batadv0: Interface activated: batadv_slave_1
[  328.312658][T10168] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  328.331853][T10168] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  328.356700][T10168] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  328.366128][T10168] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  328.391943][T10194] veth0_vlan: entered promiscuous mode
[  328.474623][T10194] veth1_vlan: entered promiscuous mode
[  328.624435][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.651335][T10194] veth0_macvtap: entered promiscuous mode
[  328.670795][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.716345][T10194] veth1_macvtap: entered promiscuous mode
[  328.784118][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  328.800400][T10194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.817220][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  328.835408][T10194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.866978][T10194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.900662][T10194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.916431][T10194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.937367][T10194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  328.970902][T10194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  328.987216][T10194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.006501][T10194] batman_adv: batadv0: Interface activated: batadv_slave_0
[  329.045899][T10194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.071517][T10194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.087701][T10194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.107334][T10194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.127377][T10194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.154275][T10194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.164381][   T28] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  329.179782][T10194] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  329.199270][T10194] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  329.230240][T10194] batman_adv: batadv0: Interface activated: batadv_slave_1
[  329.275232][T10194] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  329.292714][T10194] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  329.305027][T10194] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  329.326544][T10194] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  329.358444][   T28] usb 4-1: Using ep0 maxpacket: 16
[  329.372753][   T28] usb 4-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  329.399374][   T28] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  329.436102][   T28] usb 4-1: Product: syz
[  329.457569][   T28] usb 4-1: Manufacturer: syz
[  329.463249][   T28] usb 4-1: SerialNumber: syz
[  329.508491][   T28] usb 4-1: config 0 descriptor??
[  329.669869][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  329.695787][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  329.833364][ T3484] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  329.854280][ T6682] usb 4-1: USB disconnect, device number 25
[  329.900417][ T3484] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  330.653440][T10441] loop3: detected capacity change from 0 to 128
[  330.778072][T10444] netlink: 'syz.7.1543': attribute type 1 has an invalid length.
[  330.786013][T10444] nbd: error processing sock list
[  330.819680][T10444] block nbd1: shutting down sockets
[  331.085482][ T5924] kernel write not supported for file /snd/midiC2D0 (pid: 5924 comm: kworker/1:4)
[  331.895480][T10473] loop7: detected capacity change from 0 to 4096
[  331.932991][T10473] ntfs3: loop7: Different NTFS sector size (4096) and media sector size (512).
[  332.127365][T10473] ntfs3: loop7: Mark volume as dirty due to NTFS errors
[  332.157735][T10473] ntfs3: loop7: Failed to initialize $Extend/$ObjId.
[  332.927441][   T28] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  333.125580][   T28] usb 4-1: Using ep0 maxpacket: 16
[  333.138299][   T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  333.161958][   T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  333.194755][   T28] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  333.229323][   T28] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  333.254284][   T28] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.290449][   T28] usb 4-1: config 0 descriptor??
[  333.651348][T10489] loop6: detected capacity change from 0 to 32768
[  333.757764][   T28] microsoft 0003:045E:07DA.0010: unknown main item tag 0x0
[  333.807478][T10489] XFS (loop6): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  333.816967][   T28] microsoft 0003:045E:07DA.0010: ignoring exceeding usage max
[  333.846053][   T28] microsoft 0003:045E:07DA.0010: ignoring exceeding usage max
[  333.965008][   T28] microsoft 0003:045E:07DA.0010: No inputs registered, leaving
[  333.987048][T10489] XFS (loop6): Ending clean mount
[  333.993857][   T28] microsoft 0003:045E:07DA.0010: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0
[  334.017212][   T28] microsoft 0003:045E:07DA.0010: no inputs found
[  334.023655][   T28] microsoft 0003:045E:07DA.0010: could not initialize ff, continuing anyway
[  334.063143][T10489] XFS (loop6): Quotacheck needed: Please wait.
[  334.308094][T10489] XFS (loop6): Quotacheck: Done.
[  334.437240][    T9] usb 4-1: USB disconnect, device number 26
[  334.650265][T10168] XFS (loop6): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  335.529846][T10536] loop6: detected capacity change from 0 to 128
[  335.558315][T10536] FAT-fs (loop6): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  335.594870][T10538] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1566'.
[  335.630743][T10536] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  335.870923][T10541] loop3: detected capacity change from 0 to 1024
[  335.965049][T10541] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  336.809781][T10566] loop4: detected capacity change from 0 to 1024
[  336.839421][T10566] EXT4-fs: Ignoring removed oldalloc option
[  336.845409][T10566] EXT4-fs: inline encryption not supported
[  336.900970][T10566] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  337.025243][T10566] EXT4-fs error (device loop4): ext4_map_blocks:608: inode #3: block 2: comm syz.4.1573: lblock 2 mapped to illegal pblock 2 (length 1)
[  337.075510][T10578] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1576'.
[  337.085026][T10578] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1576'.
[  337.094828][T10578] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1576'.
[  337.110838][T10578] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1576'.
[  337.120957][T10578] netlink: 'syz.7.1576': attribute type 6 has an invalid length.
[  337.129391][T10566] Quota error (device loop4): qtree_write_dquot: dquota write failed
[  337.139539][T10566] EXT4-fs error (device loop4): ext4_map_blocks:608: inode #3: block 48: comm syz.4.1573: lblock 0 mapped to illegal pblock 48 (length 1)
[  337.187708][T10566] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  337.199876][T10566] EXT4-fs error (device loop4): ext4_acquire_dquot:6949: comm syz.4.1573: Failed to acquire dquot type 0
[  337.248504][T10566] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5920: Corrupt filesystem
[  337.290820][T10566] EXT4-fs error (device loop4): ext4_evict_inode:252: inode #11: comm syz.4.1573: mark_inode_dirty error
[  337.346253][T10566] EXT4-fs warning (device loop4): ext4_evict_inode:255: couldn't mark inode dirty (err -117)
[  337.397728][T10566] EXT4-fs (loop4): 1 orphan inode deleted
[  337.411352][T10566] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  337.437203][ T1079] EXT4-fs error (device loop4): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:6: lblock 1 mapped to illegal pblock 1 (length 1)
[  337.492578][ T1079] Quota error (device loop4): remove_tree: Can't read quota data block 1
[  337.509546][ T1079] EXT4-fs error (device loop4): ext4_release_dquot:6985: comm kworker/u4:6: Failed to release dquot type 0
[  337.694192][ T6434] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.713266][ T6434] EXT4-fs error (device loop4): __ext4_get_inode_loc:4489: comm syz-executor: Invalid inode table block 1 in block_group 0
[  337.735508][ T6434] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5920: Corrupt filesystem
[  337.747751][ T6434] EXT4-fs error (device loop4): ext4_quota_off:7233: inode #3: comm syz-executor: mark_inode_dirty error
[  337.765795][T10589] loop7: detected capacity change from 0 to 512
[  337.887820][T10589] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  337.954550][T10589] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  337.987874][T10597] xt_CT: You must specify a L4 protocol and not use inversions on it
[  338.211858][T10194] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.508539][T10612] program syz.6.1587 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  339.016787][T10627] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1592'.
[  340.067487][ T6682] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  340.274401][ T6682] usb 8-1: config 220 has an invalid interface number: 76 but max is 2
[  340.295332][ T6682] usb 8-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  340.312589][ T6682] usb 8-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  340.324414][ T6682] usb 8-1: config 220 has no interface number 2
[  340.331703][ T6682] usb 8-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  340.345425][ T6682] usb 8-1: config 220 interface 0 has no altsetting 0
[  340.352695][ T6682] usb 8-1: config 220 interface 76 has no altsetting 0
[  340.387422][ T6682] usb 8-1: config 220 interface 1 has no altsetting 0
[  340.403927][ T6682] usb 8-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  340.414395][ T6682] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  340.424216][ T6682] usb 8-1: Product: syz
[  340.428833][ T6682] usb 8-1: Manufacturer: syz
[  340.433558][ T6682] usb 8-1: SerialNumber: syz
[  340.470970][   T55] block nbd0: Possible stuck request ffff888021e88000: control (read@0,1024B). Runtime 210 seconds
[  340.482325][   T55] block nbd0: Possible stuck request ffff888021e88200: control (read@1024,1024B). Runtime 210 seconds
[  340.493947][   T55] block nbd0: Possible stuck request ffff888021e88400: control (read@2048,1024B). Runtime 210 seconds
[  340.505121][   T55] block nbd0: Possible stuck request ffff888021e88600: control (read@3072,1024B). Runtime 210 seconds
[  340.697943][ T6682] usb 8-1: Found UVC 7.01 device syz (8086:0b07)
[  340.704438][ T6682] usb 8-1: No valid video chain found.
[  340.730963][ T6682] usb 8-1: selecting invalid altsetting 0
[  340.789665][ T6682] usb 8-1: selecting invalid altsetting 0
[  340.795491][ T6682] usbtest: probe of 8-1:220.1 failed with error -22
[  340.864699][ T6682] usb 8-1: USB disconnect, device number 2
[  341.075650][T10672] loop6: detected capacity change from 0 to 512
[  342.349179][T10684] loop6: detected capacity change from 0 to 40427
[  342.379839][T10684] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  342.411960][T10684] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  342.480571][T10684] F2FS-fs (loop6): Found nat_bits in checkpoint
[  342.710920][T10684] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  342.737861][T10684] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  342.890326][T10684] F2FS-fs (loop6): Stopped filesystem due to reason: 0
[  344.027619][ T5811] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  344.229070][ T5811] usb 5-1: Using ep0 maxpacket: 16
[  344.252039][ T5811] usb 5-1: New USB device found, idVendor=0db0, idProduct=5581, bcdDevice=f9.22
[  344.277229][ T5811] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  344.305782][ T5811] usb 5-1: Product: syz
[  344.316203][ T5811] usb 5-1: Manufacturer: syz
[  344.329947][ T5811] usb 5-1: SerialNumber: syz
[  344.397832][T10724] loop6: detected capacity change from 0 to 32768
[  344.610706][ T5811] usb 5-1: dvb_usb_v2: found a 'MSI Mega Sky 55801 DVB-T USB2.0' in warm state
[  344.659254][ T5811] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  344.707842][ T5811] dvbdev: DVB: registering new adapter (MSI Mega Sky 55801 DVB-T USB2.0)
[  344.724025][T10744] loop7: detected capacity change from 0 to 512
[  344.737232][ T5811] usb 5-1: media controller created
[  344.792694][T10744] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  344.893284][ T5811] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  345.053704][ T5811] zl10353_read_register: readreg error (reg=127, ret==-71)
[  345.143686][T10753] loop6: detected capacity change from 0 to 512
[  345.196817][ T5811] dvb_usb_gl861: probe of 5-1:157.0 failed with error -5
[  345.232694][ T5811] usb 5-1: USB disconnect, device number 28
[  345.251051][T10194] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.890178][T10772] loop6: detected capacity change from 0 to 16
[  345.936508][T10772] erofs: (device loop6): mounted with root inode @ nid 36.
[  345.990068][T10772] syz.6.1629: attempt to access beyond end of device
[  345.990068][T10772] loop6: rw=524288, sector=1056, nr_sectors = 16 limit=16
[  346.038633][   T34] Bluetooth: hci5: Frame reassembly failed (-84)
[  346.072934][T10772] syz.6.1629: attempt to access beyond end of device
[  346.072934][T10772] loop6: rw=524288, sector=16, nr_sectors = 40 limit=16
[  346.101829][T10772] erofs: (device loop6): z_erofs_lz4_decompress_mem: failed to decompress -26 in[46, 4050] out[8192]
[  346.124802][   T27] audit: type=1800 audit(1772805681.622:67): pid=10772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.1629" name="file2" dev="loop6" ino=89 res=0 errno=0
[  346.283136][T10779] loop4: detected capacity change from 0 to 1024
[  346.413832][   T27] audit: type=1800 audit(1772805681.892:68): pid=10779 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1631" name="file1" dev="loop4" ino=2 res=0 errno=0
[  346.434316][    C1] vkms_vblank_simulate: vblank timer overrun
[  346.623903][T10785] loop6: detected capacity change from 0 to 2048
[  346.701068][T10785] UDF-fs: error (device loop6): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  346.724622][T10785] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[  346.757921][T10785] UDF-fs: Scanning with blocksize 512 failed
[  346.764175][T10792] program syz.4.1633 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  346.803973][T10785] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  346.867828][   T29] INFO: task syz.2.642:7858 blocked for more than 143 seconds.
[  346.895328][   T29]       Not tainted syzkaller #0
[  346.908707][   T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  346.951587][   T29] task:syz.2.642       state:D stack:24752 pid:7858  ppid:5776   flags:0x00004006
[  346.973059][   T29] Call Trace:
[  346.976432][   T29]  <TASK>
[  346.981239][   T29]  __schedule+0x1553/0x45a0
[  346.985999][   T29]  ? asan.module_dtor+0x20/0x20
[  346.995567][   T29]  ? __mutex_lock+0x6a4/0xcc0
[  347.000995][   T29]  ? __mutex_trylock_common+0x8a/0x260
[  347.006531][   T29]  ? trace_raw_output_contention_end+0xd0/0xd0
[  347.026328][   T29]  schedule+0xbd/0x170
[  347.036891][   T29]  schedule_preempt_disabled+0x13/0x20
[  347.042934][   T29]  __mutex_lock+0x6a9/0xcc0
[  347.055555][   T29]  ? __mutex_lock+0x4f9/0xcc0
[  347.060726][   T29]  ? sync_bdevs+0x1af/0x330
[  347.065334][   T29]  ? mutex_lock_nested+0x20/0x20
[  347.071142][   T29]  ? _atomic_dec_and_lock+0x93/0x120
[  347.087275][   T29]  ? do_raw_spin_unlock+0x121/0x230
[  347.092829][   T29]  sync_bdevs+0x1af/0x330
[  347.103920][T10796] loop4: detected capacity change from 0 to 1024
[  347.107629][   T29]  ksys_sync+0xc6/0x170
[  347.116344][   T29]  ? sync_filesystem+0x220/0x220
[  347.145114][   T29]  ? syscall_enter_from_user_mode+0x25/0x80
[  347.154118][   T29]  ? lockdep_hardirqs_on+0x98/0x150
[  347.161308][   T29]  __ia32_sys_sync+0xe/0x20
[  347.172723][   T29]  do_syscall_64+0x55/0xa0
[  347.197279][   T29]  ? clear_bhb_loop+0x40/0x90
[  347.202099][   T29]  ? clear_bhb_loop+0x40/0x90
[  347.226415][   T29]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  347.233745][   T29] RIP: 0033:0x7f15b6d9c799
[  347.242704][   T29] RSP: 002b:00007f15b7cf7028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a2
[  347.262634][   T29] RAX: ffffffffffffffda RBX: 00007f15b7015fa0 RCX: 00007f15b6d9c799
[  347.279456][   T29] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  347.307232][   T29] RBP: 00007f15b7015fa0 R08: 0000000000000000 R09: 0000000000000000
[  347.325768][   T29] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  347.345802][   T29] R13: 00007f15b7016038 R14: 00007f15b7015fa0 R15: 00007fffc0d8aee8
[  347.354155][   T29]  </TASK>
[  347.367353][   T29] 
[  347.367353][   T29] Showing all locks held in the system:
[  347.377946][   T29] 3 locks held by kworker/u4:1/12:
[  347.422789][   T29]  #0: ffff888017c71538 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  347.452272][   T29]  #1: ffff8880b8e289c0 (psi_seq){-.-.}-{0:0}, at: __schedule+0x2176/0x45a0
[  347.461338][   T29]  #2: ffffffff974f7b40 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_check_no_obj_freed+0x13a/0x540
[  347.472387][   T29] 1 lock held by khungtaskd/29:
[  347.477361][   T29]  #0: ffffffff8d132060 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290
[  347.497117][   T29] 2 locks held by kworker/u4:2/34:
[  347.510370][   T29] 2 locks held by getty/5527:
[  347.515123][   T29]  #0: ffff888020c500a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  347.528787][   T29]  #1: ffffc900032762f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390
[  347.539113][   T29] 3 locks held by kworker/u5:2/5770:
[  347.544449][   T29]  #0: ffff888023eb9538 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  347.564237][   T29]  #1: ffffc90004627d00 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0
[  347.576792][   T29]  #2: ffff88805b2ece70 (&hdev->req_lock){+.+.}-{3:3}, at: hci_power_on+0x1ad/0x670
[  347.602125][   T29] 1 lock held by udevd/5771:
[  347.606803][   T29]  #0: ffff88814179d4c8 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_get_by_dev+0x121/0x600
[  347.624834][   T29] 1 lock held by syz.2.642/7858:
[  347.629956][   T29]  #0: ffff88814179d4c8 (&disk->open_mutex){+.+.}-{3:3}, at: sync_bdevs+0x1af/0x330
[  347.639841][   T29] 1 lock held by syz.3.1567/10541:
[  347.645006][   T29]  #0: ffff88814179d4c8 (&disk->open_mutex){+.+.}-{3:3}, at: sync_bdevs+0x1af/0x330
[  347.665487][   T29] 2 locks held by syz.7.1628/10768:
[  347.674282][   T29]  #0: ffff88802f9620a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_release+0xb7/0x200
[  347.701453][   T29]  #1: ffff88802f9630a0 (&tty->ldisc_sem/1){+.+.}-{0:0}, at: tty_ldisc_release+0xdb/0x200
[  347.716249][   T29] 1 lock held by syz.6.1632/10782:
[  347.724905][   T29]  #0: ffffffff8d137900 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x580
[  347.735176][   T29] 2 locks held by sed/10802:
[  347.740064][   T29] 
[  347.742450][   T29] =============================================
[  347.742450][   T29] 
[  347.763126][   T29] NMI backtrace for cpu 1
[  347.767543][   T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
[  347.774785][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  347.784906][   T29] Call Trace:
[  347.788231][   T29]  <TASK>
[  347.791205][   T29]  dump_stack_lvl+0x18c/0x250
[  347.796036][   T29]  ? show_regs_print_info+0x20/0x20
[  347.801288][   T29]  ? load_image+0x400/0x400
[  347.805863][   T29]  nmi_cpu_backtrace+0x3a6/0x3e0
[  347.810852][   T29]  ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0
[  347.817090][   T29]  ? _printk+0xde/0x130
[  347.821320][   T29]  ? load_image+0x400/0x400
[  347.825879][   T29]  ? load_image+0x400/0x400
[  347.830431][   T29]  ? arch_trigger_cpumask_backtrace+0x10/0x10
[  347.836574][   T29]  nmi_trigger_cpumask_backtrace+0x17a/0x2f0
[  347.842777][   T29]  watchdog+0xf3d/0xf80
[  347.847014][   T29]  ? watchdog+0x1e1/0xf80
[  347.851407][   T29]  kthread+0x2fa/0x390
[  347.855528][   T29]  ? hungtask_pm_notify+0x90/0x90
[  347.860606][   T29]  ? kthread_blkcg+0xd0/0xd0
[  347.865262][   T29]  ret_from_fork+0x48/0x80
[  347.869730][   T29]  ? kthread_blkcg+0xd0/0xd0
[  347.874374][   T29]  ret_from_fork_asm+0x11/0x20
[  347.879212][   T29]  </TASK>
[  347.882287][    C1] vkms_vblank_simulate: vblank timer overrun
[  347.889731][   T29] Sending NMI from CPU 1 to CPUs 0:
[  347.895904][    C0] NMI backtrace for cpu 0
[  347.895915][    C0] CPU: 0 PID: 10785 Comm: syz.6.1632 Not tainted syzkaller #0
[  347.895932][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  347.895942][    C0] RIP: 0010:__page_table_check_pte_clear+0x5/0x70
[  347.895970][    C0] Code: df e9 5c fc ff ff 49 ff cc e8 f7 e6 9c ff e9 cc fb ff ff 49 ff cf e8 ea e6 9c ff eb da 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 55 <41> 56 53 48 89 f3 49 89 fe e8 cd e6 9c ff 49 81 fe c0 92 21 8d 40
[  347.895985][    C0] RSP: 0018:ffffc900046f7470 EFLAGS: 00000293
[  347.895999][    C0] RAX: ffffffff81c97bb7 RBX: 00007fc1a9b2f000 RCX: ffff88801e695a00
[  347.896012][    C0] RDX: 0000000000000000 RSI: 800000005bbcd007 RDI: ffff88807e364c00
[  347.896024][    C0] RBP: ffffc900046f7670 R08: ffffea0001aa1147 R09: 1ffffd4000354228
[  347.896036][    C0] R10: dffffc0000000000 R11: fffff94000354229 R12: dffffc0000000000
[  347.896049][    C0] R13: 00007fc1a9b2f000 R14: ffffea00016ef340 R15: ffff88806d712978
[  347.896061][    C0] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  347.896075][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  347.896092][    C0] CR2: 0000561aaee6a950 CR3: 000000003147f000 CR4: 00000000003506f0
[  347.896108][    C0] Call Trace:
[  347.896114][    C0]  <TASK>
[  347.896120][    C0]  unmap_page_range+0x1ad9/0x3000
[  347.896165][    C0]  ? copy_page_range+0x3670/0x3670
[  347.896193][    C0]  ? unmap_single_vma+0x1b0/0x2a0
[  347.896220][    C0]  unmap_vmas+0x286/0x3f0
[  347.896248][    C0]  ? unmap_page_range+0x3000/0x3000
[  347.896275][    C0]  ? __lock_acquire+0x7d40/0x7d40
[  347.896304][    C0]  exit_mmap+0x238/0xb90
[  347.896326][    C0]  ? exit_mm_release+0x1a/0x30
[  347.896348][    C0]  ? vm_brk+0x30/0x30
[  347.896368][    C0]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  347.896409][    C0]  ? uprobe_clear_state+0x278/0x290
[  347.896427][    C0]  ? mm_update_next_owner+0x562/0x6c0
[  347.896456][    C0]  __mmput+0x118/0x3c0
[  347.896473][    C0]  exit_mm+0x1f2/0x2c0
[  347.896499][    C0]  ? do_exit+0x2460/0x2460
[  347.896523][    C0]  ? taskstats_exit+0x35e/0x9e0
[  347.896554][    C0]  do_exit+0x8dd/0x2460
[  347.896584][    C0]  ? put_task_struct+0xc0/0xc0
[  347.896611][    C0]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  347.896630][    C0]  ? get_signal+0x1068/0x13f0
[  347.896646][    C0]  ? lock_chain_count+0x20/0x20
[  347.896665][    C0]  ? _raw_spin_lock_irq+0xbb/0xf0
[  347.896685][    C0]  do_group_exit+0x21b/0x2d0
[  347.896713][    C0]  ? lockdep_hardirqs_on+0x98/0x150
[  347.896734][    C0]  get_signal+0x12fc/0x13f0
[  347.896761][    C0]  arch_do_signal_or_restart+0xc2/0x800
[  347.896788][    C0]  ? __ia32_sys_get_robust_list+0x110/0x110
[  347.896807][    C0]  ? get_sigframe_size+0x20/0x20
[  347.896842][    C0]  ? exit_to_user_mode_loop+0x3b/0x110
[  347.896867][    C0]  exit_to_user_mode_loop+0x70/0x110
[  347.896891][    C0]  exit_to_user_mode_prepare+0xee/0x180
[  347.896915][    C0]  syscall_exit_to_user_mode+0x1a/0x50
[  347.896934][    C0]  do_syscall_64+0x61/0xa0
[  347.896957][    C0]  ? clear_bhb_loop+0x40/0x90
[  347.896977][    C0]  ? clear_bhb_loop+0x40/0x90
[  347.896997][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  347.897016][    C0] RIP: 0033:0x7fc1aa19c799
[  347.897028][    C0] Code: Unable to access opcode bytes at 0x7fc1aa19c76f.
[  347.897036][    C0] RSP: 002b:00007fc1ab07e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  347.897052][    C0] RAX: fffffffffffffe00 RBX: 00007fc1aa415fa8 RCX: 00007fc1aa19c799
[  347.897064][    C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc1aa415fa8
[  347.897074][    C0] RBP: 00007fc1aa415fa0 R08: 0000000000000000 R09: 0000000000000000
[  347.897084][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  347.897100][    C0] R13: 00007fc1aa416038 R14: 00007ffe858738d0 R15: 00007ffe858739b8
[  347.897120][    C0]  </TASK>
[  348.286730][ T5770] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  348.295508][   T29] Kernel panic - not syncing: hung_task: blocked tasks
[  348.302412][   T29] CPU: 0 PID: 29 Comm: khungtaskd Not tainted syzkaller #0
[  348.309642][   T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  348.319734][   T29] Call Trace:
[  348.323046][   T29]  <TASK>
[  348.326007][   T29]  dump_stack_lvl+0x18c/0x250
[  348.330753][   T29]  ? show_regs_print_info+0x20/0x20
[  348.335998][   T29]  ? load_image+0x400/0x400
[  348.340570][   T29]  panic+0x2dc/0x730
[  348.344509][   T29]  ? schedule_preempt_disabled+0x20/0x20
[  348.350205][   T29]  ? bpf_jit_dump+0xd0/0xd0
[  348.354756][   T29]  ? __irq_work_queue_local+0x13a/0x3b0
[  348.360363][   T29]  ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0
[  348.366571][   T29]  watchdog+0xf7c/0xf80
[  348.370784][   T29]  ? watchdog+0x1e1/0xf80
[  348.375171][   T29]  kthread+0x2fa/0x390
[  348.379284][   T29]  ? hungtask_pm_notify+0x90/0x90
[  348.384358][   T29]  ? kthread_blkcg+0xd0/0xd0
[  348.388992][   T29]  ret_from_fork+0x48/0x80
[  348.393457][   T29]  ? kthread_blkcg+0xd0/0xd0
[  348.398073][   T29]  ret_from_fork_asm+0x11/0x20
[  348.402885][   T29]  </TASK>
[  348.406514][   T29] Kernel Offset: disabled
[  348.410852][   T29] Rebooting in 86400 seconds..