last executing test programs:

3m43.849845786s ago: executing program 4 (id=1013):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
openat$vcs(0xffffffffffffff9c, 0x0, 0x600180, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269bb, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

3m43.553398337s ago: executing program 4 (id=1014):
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='dctcp', 0x5)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000280)=ANY=[@ANYBLOB, @ANYBLOB="01002dbd7000fddbdf250c000000200001800800030003000000"], 0x48}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x6}, 0x1c)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x200088c4)
ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000880))
madvise(&(0x7f00001c1000/0x3000)=nil, 0x3000, 0x9)
writev(r1, &(0x7f0000000840)=[{0x0}], 0x1)
r2 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={0x0})
read$FUSE(r2, &(0x7f00000079c0)={0x2020}, 0x2020)
write$FUSE_CREATE_OPEN(r2, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x3, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x14}}}, 0xa0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)
syz_clone3(&(0x7f0000000300)={0x100000400, &(0x7f0000000040), 0x0, 0x0, {0x11}, 0x0, 0x0, 0x0, &(0x7f0000000240)=[0x0], 0x1, {r2}}, 0x58)

3m42.752725149s ago: executing program 4 (id=1015):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x900, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYBLOB='\x00'/15], 0x50)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000240)="8f0978d21b640fc79ca50000c0fe470f06430f01c2440f20c0ac0a0000e39d9d0f22c066460f38809bf77f00000f214a0fc73d0d0000003e653666400fc7775f400f01c4", 0x44}], 0x1, 0x10, 0x0, 0x0)

3m41.072318718s ago: executing program 4 (id=1020):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0], 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002bc0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x1, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r3, &(0x7f0000006e80)={0x2020, 0x0, <r4=>0x0}, 0x2082)
write$FUSE_INIT(r3, &(0x7f0000004300)={0x50, 0x0, r4, {0x7, 0x29, 0x3, 0x11913410, 0x800, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0x50)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000003c0)='./file0/file0\x00', 0x8)

3m40.104049314s ago: executing program 4 (id=1023):
io_setup(0xfffffff9, &(0x7f00000003c0))
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x62081, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VIDIOC_S_OUTPUT(r2, 0xc004562f, &(0x7f0000000140))
ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, 0x0)
r3 = syz_clone3(0x0, 0x0)
sched_setattr(r3, &(0x7f00000001c0)={0x38, 0x3, 0x8, 0x8001, 0x0, 0x8, 0x0, 0xffffffff, 0xda11, 0xffffffff}, 0x0)
r4 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$inet_opts(r4, 0x0, 0x5, &(0x7f00000007c0)="dd", 0x1)
openat$dma_heap(0xffffffffffffff9c, 0x0, 0x1, 0x0)
open(&(0x7f0000000280)='.\x00', 0x2000, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$netlink(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000120021030000000000bc61682a00968008001d001d"], 0x1c}], 0x1}, 0x0)
recvmmsg(r5, &(0x7f00000077c0)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000002040)=""/4096, 0x1000}], 0x0, 0x0, 0xfffffe2a}}, {{0x0, 0x0, 0x0}}], 0x400000000000059, 0x2040, 0x0)

3m39.53678841s ago: executing program 4 (id=1024):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f00000000c0)=[0x2a, 0xf0])

3m39.042632394s ago: executing program 32 (id=1024):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f00000000c0)=[0x2a, 0xf0])

12.820176782s ago: executing program 5 (id=1544):
userfaultfd(0x801)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x24008002)
pipe2(&(0x7f0000000000), 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="03c90000cf47d16331aef6ee13ff7f266e13da7be839b35e9ae1a333f2d8fd8e1983903166f4d8f3d5e043b8eb3a4dd0a04b39df97c82009b793cd734558a268aac6cea0ca6aa40899810bc164d8ad6b2ce23bf4b88d9b72991218c6c68e9a992582d217f639c8ad76405b511163edb9ca95e8123830003ab82fc86a517ac2aff77866914ebb9aca4a6e530d80f19ee31eeb1e5b8139b72264f8fceb54ee9980e771c5f11155b69e12e65e6a3699d1b80648dd949081f1a612b7b5950f41554c9b832f7cf9efa4987bd88887917199318d28808204e7638ca5932c066d2a662e600ac0a8f27b86c066f2bceabd1b3af66c12fefa311c5afe0821a14432925187a05476e0a972e85f26a24832c357d70d354ade966e6963234e4956658ac9ece3780485fcb3decb69a029ffbeda1c7b27bb020f4137624286d8a2d22221028b3efd3433e7fd3ba291446947a274a748f45bb347fa49e295cfa305f5dd46b662afde61cfee33ea823d23f46a662146886c6e3c30e660d765f46dcc14914b3e342e44436410fedeb6594f37ac94cd336dea463e0541daadbe70b5b925741db16240afc85f391539569ac14e5dccb9ca5790c33f8a6cdd7abc1cb762972634968ecb9f1dff8b6b6cd6f5f56db31c24ac5b2b1bed2efea1f4e67f686a8abfa41f297a165b9fcb4800230ed07af34727fe6c2cc6daf796cc38e8f03ee4fb786a92fabfbded442086d657dec598edb21ba428d4bb28ac974c38218bcf08ad3b4f6698ae05855769dbe5693eac83a223b76a5f452195795d3d485e5c0a18caf2315c3a21acb4bb661082b1c4fccfff8f0c52c353dedd3b9e575b800cfec557e43527228abf820e16411b45c77e99f308dcc5dcd1c3b8ddb828e6481c1fc6275c3e1ed4a1f0fe6d97db39cb3ad5b08400cc990ed5797e23fcd81ee76eed1caaf2ec709c18b014dfcfac7eb658f1c07a894dca1d8e23ebbc18c7b0acefacd915235a54637d13965681a6a527325d13b4a88a21505860873038bc6ca68e25bed80496e65b53a4817e7dba3cbe31eebb770ab04202486634b7210500238707cd664735c07e539e8ccb09ec82d7fad69c4f31113b4a01089a81d4a1787d69957a2dfcf371f0c357eba5a587f0d09d64588f3fade99726d786085b513e720fd1d889104e1d98bf4fe23d6bd8c408c44fc702880e6c53a733aaafec836a80b9e69d1432225dda63a755bde5103fbba7af46f81b3b0c3457d49e187c7fa53e9410d4ff7dd1c9a954d549b49197f350e8451e850279ba4690a4ff3fa4f91ebfa4dda7d2a60257d70c09ad6520387baf2cd734bf1f993565f7ccf80f29b1414e595de79ec03faf7afbeff3daf0034aeecfe41640366ae3c1d1b9437cb7580b9a94fe71a5ffe7be4f959cc5972e1672c5f5c5d252a63804d1a292aac2582b78ac73ea143095bc1283b210c66ecc5b5b9be4d6649920118d51429328f8a983a89f8f5d6ec383c89f07e91e0726ed40776d72d7499652a84f9d0bb086e9479a6d703907ee17345ed763ae817751515c744d428ac51fb10eba495f9a477809a4c1b447a94a3f6d1a092b109478ca36c3da494552d34f30d74a32958c53ec091e32ca8aaf5c814881d4bb3add2b07f362e9e4ea17b3f8b6e7310fcbea4ea6f2d9f5505b011011b75eb4dbf2455f665027abe2bb73dd37dff9c6aab6e9454bbd7bb887aef12f19f446bcbf257ada0e5144f708ccf350f07b861b813eb4cdab02d74b660d960c737f553f84b2d027da58f02345704583717199f693c913bfc2704cfde1b31270c43f17d51c82b672796fd6e1d09e34659d7e5fd9a1a69dcdde367c074b47beeb88f374740a64d9e9a99f4fabdbfca311174da518f868704e3fe259e6069330b04d2d3804a3428d2e04a483599f5ff47ff8c877601fcae33999575180fb540ff00c55728d0ee8eb6550658c7cbc8be4f87b50a9650a33aa164c6bae4044dfc080cf43a1c80e8a8132f973faefcf2ee23f9c2f3119fa93c0e5875832d4f8b6c2a1c347d480f15ead27ba7fb6e2ba9f2204982023b15b0f9df44ce9bba765c9598810593dd32a520ba72a5bfc375f36f4ea4a55017b1494c392568ef6828c18a1f2cec1442f705687695e42f62734ac2c1b0fed399ccf29b20fccd476afc72217182a73c970029c7679dffaebfc2ab9e8d18f5e757ccde87ac69b2bb0243b2e86d225dd2edad4919977bde1806bd6305eff22f2d63646c3a856a002aaea40d96e4811fe0cf5ad942e087c55551fdccc65835686320aa635ec50872f1c30cd8a732515b4dbfa132f905205f4b2ec64d1b9a9101ee2c3d0a110e40fd40d2c0b19f9a77b43f0b14e283ad1038de31cb21c2857d278933fd4bf106a7a93e16b28d71dfa73fa0695c77c0b1236e4cc7f17837be252d1011edf8ba626315e416b2963e96172b3294ec1f087672b0fc404edb79ca9b8e7a46f69b7a6f8b0488ec6c10f937632cc29bdb6f2c0ca86b978db6ca3cb9aa9b5f253fb5ba52e5b3738468236bd3ed26da1158e14881860f37f586b3b004ff7233a7427ece1c1365bb273aa1ce801c6d61b35a247c38917df23b9f12f7e764dabf9af18885e447a952de7796c3dd27e77325be816eb82ae9026ef5a855ddfb9aaf4a0bfc153f079c95337d2ee3c2ac36e5b4e8c5da765bf5d11edcf01ef11a3748d7ca0b1fd6f8882fbfd3423bd429c8592ec28a98bba845e7fe829ae2b11f5215ce819bf777ab45d73e9afe3cc76840b7d368161ee140efdec81ca1d5716c2ea5b255fabb5a4698864c8d427738837c45f1006cbf1f68bbedbfdf70e5b65b21b1934826c06d4d3da4f08e3ad376cec5aafb2f9eae9a06cab375ef5a44f30a563e5245077d84823b88d71912f458fe17d36e4b2a88260ad121af2e5a43a555ef61ffd242c09d5011b9be422c4c310a834f664c732930c1d329212aa9f063356c85130c965d919180e62afd193224d3792db6a069ff2bc8770bd6294a6884cbfb71301859a26b7572440ee12719e8753831bf73d353a33ea64c57df0bac0cc8938ea28370724439170824d1b55d415eed14f620d3a28bb5009edd12e9322df3573bbd9b0d0ff2cbd2e48c0c297f63c100116097c48c8f4cf0a7c4fb5156723fcb615236b6db175442b2db90c3e426cca9de56f55effdbb981c75c99a8dd084a619882fb216b000cb99eae616f0b5d7a8a2cc675cbd3e0a61b6f602250b040ae57f998471095563334e165f35139ec22aabf8ada15b890e2cf038a4f40d129760e39b166f58cfb4bfee7d4455ce06ad098745e0edac9434e4c61f889cbe6d7cf74da35f1b6d2b4455abf954223d1638ff808508228a3060d390e9ce539d2dcb032ae5d6c5abcd4df4bfb63f9851e45bb961cca2150eb386abd67dab2a12c096aa8df742e41ff7718f9dd77099d9bc87a2a46d8d6ffb903b23b429747c9acb21c0e88067eb6c7fa2507ef0673e6b65a15767cfa4ef9b52adbce41ea3461f77b0e705a2d5cbcf3841bd22414f3ef2402a915705a18113d370d35619fdbbfb4fe6e1581a8520525e863d931aaaed58d06d093905b0d83dd1345f4b8213954102abf8048be627d437f267d4a0a6e6f181891562b61be55f1e646120cfe17d8d2961ad86d1575856fff39791b90ccc6895495cc0f3a1e2604f5b729aec7452b133b9c822bbc74df480670f34cf0335d42b5ad6a7009c49050d97ef8c09eff8716dbb9ce5a5d67ffad2541860017bfe982c0e48390f987f470c7b600fb29be4d3a74251d85ef1cf1fe3b5a146bb9f6fee2369cba1f2be75782b14a422b0820fa00c1250f4d437f24914a94a8564fa079fe803b39c528707dd2906120d53020000b725596b68553f1653aad2fdd23114e4a7ca3402fcdf0b060323a683a03109ffbec9627c803da8a55665e156a335528f113eb730bb28c0480daf8f2b65483d0f3805e1c512b680d8698e63a80b45aa8c7e12ad0f0e072eefc806fde42455bc4d157e402a86218896d5638f8fdadb1fbffaf4fe92f526475612980f0c5a539a9cec3c63e4efa5b893611af45c8003650888dc5b958a18848cffe11e0636f40e3ade10da702b71a69e6941e506ec3f0297349867949246310909ff445005f68910308df1e44f7ef04efbcb6ade53086aeb80b0ca96b94c9e6353c77bc1ce575edd6a1ab76e000d2ca0bc80c09d76d2bf25d90c93d5fcf6c123a9e83a3354b798356aeb2e99721732d52b1ec6c84d79d6f1237186260e7e63f29cfe8050a8fd44d57b52582b45e1fe027792c07ef33a0ac686606dd009ef3839e179190aca20d01db1d2263898a6953feb5d2e8093a4b4a2b18f6cb06a0251d3862672814b5165213c65174fe5dad7673186293e336348fc77a6d545cc07355c07a8b9a98c95d76fa5dc4c19181578a6dc4f2b29b647ab6a09f6756994c8e389c7c165766f154468b380e1e67cb2edbc7f67b6bfad1de690c3f472908b11d1c502ca61b5e869cd2cf8e11e39eceb9d31fca090fd5dd15e1f5a8c4de58531df3fa96d655653a5b99ea449d3865e07401ecb63fb4ac4042c893841c2b70b4a133937ac0dca8d6f442de175f138ab7cf19477c2483caf524fc443b3243d31f15f3f518b2d7964314d7d34754ae417dd9d46a83e443cef18eb673f46f34aeaba592a171bb4710002da17d9d6554208fc384de22bff7e05d2bfb821656e78bfa084be46fe6b0f04a06c6bc80afbd406a918a57d582345b260360cec7168142ef0e0da8ad70ac9703d6206c6da23558374ad8bc1e8fe5cdede25e8ad5d0d0741d85e86566b7b9172f457e36feabb881f14a04d182b6971bb1aa1c37a608ff0eeaba1b6c37c4bdb15696afb0e031ef8b214a7a72892593c910829c820f773135f3441afc90cadeb50f76d4a5bbd713c8b3dc441599dcae659b9ad417affde5d9ee3933f00ea69323fd33e0b9a12b1ee29b2e97c7b1db3fa0a900678c6490a847fdd85fa93bb134e3239638052359774bc22405a0abb698081ce1dce2dfe0c0430b641f00d230013944df65581f6b5f458165b16aad8b92b44bf28b3236cac5239c91fe2351c5f53359d072aa34ffee18ff275afdc0dc7b889da928fdd4e300a52699cb5a4fea8cc42f636b15e449daef52df3586d4b55fd047b04e96734aa2c45bcad8f05dbf3c97daefcd6bad396a6aed71849e484eb0e3526970973db9b268b71e726748aacb5c2203cde2992af74cac612d33cecba7f3e5d66e2a2e449eb00e770af4fe13be6d16877cfa46c108c29d8db1efff5356433fc627741d12605056ec78c02bf143afc9e2161c15ce65a0f8c9f13a6b7a9164f256301ff0ca23dfffb77ec46"], 0x1004)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

10.633160622s ago: executing program 3 (id=1553):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000d5e9bd40eb030200c0ba050000010902115c01000000000904000001b504b1000905"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$evdev(0x0, 0x4, 0x0)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000040)=[0x200, 0x7])

9.520679735s ago: executing program 5 (id=1558):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x1a5})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
r1 = socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x312000, 0x800, 0x0, 0x5}, 0x20)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

8.556479827s ago: executing program 5 (id=1564):
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000100)='dctcp', 0x5)
bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000fddbdf250c0000002000018008000300030000001400020076657468305f766c616e0000000000001400038010"], 0x48}, 0x1, 0x0, 0x0, 0x4801}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r3 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x1, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0xc568}, [@IFLA_VFINFO_LIST={0xc, 0x16, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x4}]}]}, @IFLA_LINKMODE={0x5, 0x11, 0x5}]}, 0x34}}, 0x200088c4)
ioctl$FS_IOC_GETFSLABEL(r2, 0x81009431, &(0x7f0000000880))
shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
madvise(&(0x7f00001c1000/0x3000)=nil, 0x3000, 0x9)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r4 = open(&(0x7f0000000580)='./bus\x00', 0x84242, 0x1df2a23c5997fa5f)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000040)={0x0})
read$FUSE(r4, 0x0, 0x0)
write$FUSE_CREATE_OPEN(r4, &(0x7f0000000180)={0xa0, 0xffffffffffffffda, 0x0, {{0x4, 0x2, 0x5, 0x7, 0x3, 0x3, {0x400000080001, 0xff, 0x20ff, 0x8, 0xe, 0xd615, 0x9, 0x3, 0xfffffffe, 0x8000, 0x0, 0x0, 0x0, 0x5, 0x2000001}}, {0x0, 0x14}}}, 0xa0)
sendfile(r4, r4, &(0x7f0000000080), 0x7f03)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f00000000c0)='reno', 0x4)

6.907269639s ago: executing program 3 (id=1568):
userfaultfd(0x801)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x24008002)
pipe2(&(0x7f0000000000), 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="03c90000cf47d16331aef6ee13ff7f266e13da7be839b35e9ae1a333f2d8fd8e1983903166f4d8f3d5e043b8eb3a4dd0a04b39df97c82009b793cd734558a268aac6cea0ca6aa40899810bc164d8ad6b2ce23bf4b88d9b72991218c6c68e9a992582d217f639c8ad76405b511163edb9ca95e8123830003ab82fc86a517ac2aff77866914ebb9aca4a6e530d80f19ee31eeb1e5b8139b72264f8fceb54ee9980e771c5f11155b69e12e65e6a3699d1b80648dd949081f1a612b7b5950f41554c9b832f7cf9efa4987bd88887917199318d28808204e7638ca5932c066d2a662e600ac0a8f27b86c066f2bceabd1b3af66c12fefa311c5afe0821a14432925187a05476e0a972e85f26a24832c357d70d354ade966e6963234e4956658ac9ece3780485fcb3decb69a029ffbeda1c7b27bb020f4137624286d8a2d22221028b3efd3433e7fd3ba291446947a274a748f45bb347fa49e295cfa305f5dd46b662afde61cfee33ea823d23f46a662146886c6e3c30e660d765f46dcc14914b3e342e44436410fedeb6594f37ac94cd336dea463e0541daadbe70b5b925741db16240afc85f391539569ac14e5dccb9ca5790c33f8a6cdd7abc1cb762972634968ecb9f1dff8b6b6cd6f5f56db31c24ac5b2b1bed2efea1f4e67f686a8abfa41f297a165b9fcb4800230ed07af34727fe6c2cc6daf796cc38e8f03ee4fb786a92fabfbded442086d657dec598edb21ba428d4bb28ac974c38218bcf08ad3b4f6698ae05855769dbe5693eac83a223b76a5f452195795d3d485e5c0a18caf2315c3a21acb4bb661082b1c4fccfff8f0c52c353dedd3b9e575b800cfec557e43527228abf820e16411b45c77e99f308dcc5dcd1c3b8ddb828e6481c1fc6275c3e1ed4a1f0fe6d97db39cb3ad5b08400cc990ed5797e23fcd81ee76eed1caaf2ec709c18b014dfcfac7eb658f1c07a894dca1d8e23ebbc18c7b0acefacd915235a54637d13965681a6a527325d13b4a88a21505860873038bc6ca68e25bed80496e65b53a4817e7dba3cbe31eebb770ab04202486634b7210500238707cd664735c07e539e8ccb09ec82d7fad69c4f31113b4a01089a81d4a1787d69957a2dfcf371f0c357eba5a587f0d09d64588f3fade99726d786085b513e720fd1d889104e1d98bf4fe23d6bd8c408c44fc702880e6c53a733aaafec836a80b9e69d1432225dda63a755bde5103fbba7af46f81b3b0c3457d49e187c7fa53e9410d4ff7dd1c9a954d549b49197f350e8451e850279ba4690a4ff3fa4f91ebfa4dda7d2a60257d70c09ad6520387baf2cd734bf1f993565f7ccf80f29b1414e595de79ec03faf7afbeff3daf0034aeecfe41640366ae3c1d1b9437cb7580b9a94fe71a5ffe7be4f959cc5972e1672c5f5c5d252a63804d1a292aac2582b78ac73ea143095bc1283b210c66ecc5b5b9be4d6649920118d51429328f8a983a89f8f5d6ec383c89f07e91e0726ed40776d72d7499652a84f9d0bb086e9479a6d703907ee17345ed763ae817751515c744d428ac51fb10eba495f9a477809a4c1b447a94a3f6d1a092b109478ca36c3da494552d34f30d74a32958c53ec091e32ca8aaf5c814881d4bb3add2b07f362e9e4ea17b3f8b6e7310fcbea4ea6f2d9f5505b011011b75eb4dbf2455f665027abe2bb73dd37dff9c6aab6e9454bbd7bb887aef12f19f446bcbf257ada0e5144f708ccf350f07b861b813eb4cdab02d74b660d960c737f553f84b2d027da58f02345704583717199f693c913bfc2704cfde1b31270c43f17d51c82b672796fd6e1d09e34659d7e5fd9a1a69dcdde367c074b47beeb88f374740a64d9e9a99f4fabdbfca311174da518f868704e3fe259e6069330b04d2d3804a3428d2e04a483599f5ff47ff8c877601fcae33999575180fb540ff00c55728d0ee8eb6550658c7cbc8be4f87b50a9650a33aa164c6bae4044dfc080cf43a1c80e8a8132f973faefcf2ee23f9c2f3119fa93c0e5875832d4f8b6c2a1c347d480f15ead27ba7fb6e2ba9f2204982023b15b0f9df44ce9bba765c9598810593dd32a520ba72a5bfc375f36f4ea4a55017b1494c392568ef6828c18a1f2cec1442f705687695e42f62734ac2c1b0fed399ccf29b20fccd476afc72217182a73c970029c7679dffaebfc2ab9e8d18f5e757ccde87ac69b2bb0243b2e86d225dd2edad4919977bde1806bd6305eff22f2d63646c3a856a002aaea40d96e4811fe0cf5ad942e087c55551fdccc65835686320aa635ec50872f1c30cd8a732515b4dbfa132f905205f4b2ec64d1b9a9101ee2c3d0a110e40fd40d2c0b19f9a77b43f0b14e283ad1038de31cb21c2857d278933fd4bf106a7a93e16b28d71dfa73fa0695c77c0b1236e4cc7f17837be252d1011edf8ba626315e416b2963e96172b3294ec1f087672b0fc404edb79ca9b8e7a46f69b7a6f8b0488ec6c10f937632cc29bdb6f2c0ca86b978db6ca3cb9aa9b5f253fb5ba52e5b3738468236bd3ed26da1158e14881860f37f586b3b004ff7233a7427ece1c1365bb273aa1ce801c6d61b35a247c38917df23b9f12f7e764dabf9af18885e447a952de7796c3dd27e77325be816eb82ae9026ef5a855ddfb9aaf4a0bfc153f079c95337d2ee3c2ac36e5b4e8c5da765bf5d11edcf01ef11a3748d7ca0b1fd6f8882fbfd3423bd429c8592ec28a98bba845e7fe829ae2b11f5215ce819bf777ab45d73e9afe3cc76840b7d368161ee140efdec81ca1d5716c2ea5b255fabb5a4698864c8d427738837c45f1006cbf1f68bbedbfdf70e5b65b21b1934826c06d4d3da4f08e3ad376cec5aafb2f9eae9a06cab375ef5a44f30a563e5245077d84823b88d71912f458fe17d36e4b2a88260ad121af2e5a43a555ef61ffd242c09d5011b9be422c4c310a834f664c732930c1d329212aa9f063356c85130c965d919180e62afd193224d3792db6a069ff2bc8770bd6294a6884cbfb71301859a26b7572440ee12719e8753831bf73d353a33ea64c57df0bac0cc8938ea28370724439170824d1b55d415eed14f620d3a28bb5009edd12e9322df3573bbd9b0d0ff2cbd2e48c0c297f63c100116097c48c8f4cf0a7c4fb5156723fcb615236b6db175442b2db90c3e426cca9de56f55effdbb981c75c99a8dd084a619882fb216b000cb99eae616f0b5d7a8a2cc675cbd3e0a61b6f602250b040ae57f998471095563334e165f35139ec22aabf8ada15b890e2cf038a4f40d129760e39b166f58cfb4bfee7d4455ce06ad098745e0edac9434e4c61f889cbe6d7cf74da35f1b6d2b4455abf954223d1638ff808508228a3060d390e9ce539d2dcb032ae5d6c5abcd4df4bfb63f9851e45bb961cca2150eb386abd67dab2a12c096aa8df742e41ff7718f9dd77099d9bc87a2a46d8d6ffb903b23b429747c9acb21c0e88067eb6c7fa2507ef0673e6b65a15767cfa4ef9b52adbce41ea3461f77b0e705a2d5cbcf3841bd22414f3ef2402a915705a18113d370d35619fdbbfb4fe6e1581a8520525e863d931aaaed58d06d093905b0d83dd1345f4b8213954102abf8048be627d437f267d4a0a6e6f181891562b61be55f1e646120cfe17d8d2961ad86d1575856fff39791b90ccc6895495cc0f3a1e2604f5b729aec7452b133b9c822bbc74df480670f34cf0335d42b5ad6a7009c49050d97ef8c09eff8716dbb9ce5a5d67ffad2541860017bfe982c0e48390f987f470c7b600fb29be4d3a74251d85ef1cf1fe3b5a146bb9f6fee2369cba1f2be75782b14a422b0820fa00c1250f4d437f24914a94a8564fa079fe803b39c528707dd2906120d53020000b725596b68553f1653aad2fdd23114e4a7ca3402fcdf0b060323a683a03109ffbec9627c803da8a55665e156a335528f113eb730bb28c0480daf8f2b65483d0f3805e1c512b680d8698e63a80b45aa8c7e12ad0f0e072eefc806fde42455bc4d157e402a86218896d5638f8fdadb1fbffaf4fe92f526475612980f0c5a539a9cec3c63e4efa5b893611af45c8003650888dc5b958a18848cffe11e0636f40e3ade10da702b71a69e6941e506ec3f0297349867949246310909ff445005f68910308df1e44f7ef04efbcb6ade53086aeb80b0ca96b94c9e6353c77bc1ce575edd6a1ab76e000d2ca0bc80c09d76d2bf25d90c93d5fcf6c123a9e83a3354b798356aeb2e99721732d52b1ec6c84d79d6f1237186260e7e63f29cfe8050a8fd44d57b52582b45e1fe027792c07ef33a0ac686606dd009ef3839e179190aca20d01db1d2263898a6953feb5d2e8093a4b4a2b18f6cb06a0251d3862672814b5165213c65174fe5dad7673186293e336348fc77a6d545cc07355c07a8b9a98c95d76fa5dc4c19181578a6dc4f2b29b647ab6a09f6756994c8e389c7c165766f154468b380e1e67cb2edbc7f67b6bfad1de690c3f472908b11d1c502ca61b5e869cd2cf8e11e39eceb9d31fca090fd5dd15e1f5a8c4de58531df3fa96d655653a5b99ea449d3865e07401ecb63fb4ac4042c893841c2b70b4a133937ac0dca8d6f442de175f138ab7cf19477c2483caf524fc443b3243d31f15f3f518b2d7964314d7d34754ae417dd9d46a83e443cef18eb673f46f34aeaba592a171bb4710002da17d9d6554208fc384de22bff7e05d2bfb821656e78bfa084be46fe6b0f04a06c6bc80afbd406a918a57d582345b260360cec7168142ef0e0da8ad70ac9703d6206c6da23558374ad8bc1e8fe5cdede25e8ad5d0d0741d85e86566b7b9172f457e36feabb881f14a04d182b6971bb1aa1c37a608ff0eeaba1b6c37c4bdb15696afb0e031ef8b214a7a72892593c910829c820f773135f3441afc90cadeb50f76d4a5bbd713c8b3dc441599dcae659b9ad417affde5d9ee3933f00ea69323fd33e0b9a12b1ee29b2e97c7b1db3fa0a900678c6490a847fdd85fa93bb134e3239638052359774bc22405a0abb698081ce1dce2dfe0c0430b641f00d230013944df65581f6b5f458165b16aad8b92b44bf28b3236cac5239c91fe2351c5f53359d072aa34ffee18ff275afdc0dc7b889da928fdd4e300a52699cb5a4fea8cc42f636b15e449daef52df3586d4b55fd047b04e96734aa2c45bcad8f05dbf3c97daefcd6bad396a6aed71849e484eb0e3526970973db9b268b71e726748aacb5c2203cde2992af74cac612d33cecba7f3e5d66e2a2e449eb00e770af4fe13be6d16877cfa46c108c29d8db1efff5356433fc627741d12605056ec78c02bf143afc9e2161c15ce65a0f8c9f13a6b7a9164f256301ff0ca23dfffb77ec46"], 0x1004)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)

6.772472261s ago: executing program 5 (id=1570):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={<r0=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000040)={0x802}, 0x10)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f00000004c0)={r4, 0x0, 0x0, 0x0, 0x0, [<r5=>0x0], [0xfffffffc, 0x7, 0x3]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0xb5})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r2, 0xc00c642d, &(0x7f0000000440))
close_range(r0, 0xffffffffffffffff, 0x0)

5.605938462s ago: executing program 5 (id=1574):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r3=>0x0})
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=r3, @ANYBLOB="05"], 0x6c}, 0x1, 0x0, 0x0, 0x10004000}, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000830404000000fedbdf2500007400", @ANYRES32, @ANYBLOB="0008000007500500580012800b0001006272696467650000480002800500"], 0x78}, 0x1, 0x0, 0x0, 0x800}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x0, 0x0, 0x0}, 0x94)
sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x9}, 0x0)

5.063974353s ago: executing program 5 (id=1577):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket(0x40000000015, 0x5, 0x0)
connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10)
bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57)
recvmmsg(r2, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0)
sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x48}, 0x1, 0x0, 0x0, 0x50}, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
socket$inet(0xa, 0x1, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)

3.548677846s ago: executing program 3 (id=1581):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000080)={0x2})
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x488})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, 0x0)

2.503913209s ago: executing program 0 (id=1587):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={<r0=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8921, &(0x7f0000000040)={'veth1_vlan\x00', @remote})

2.320333815s ago: executing program 3 (id=1588):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
splice(r1, 0x0, r0, 0x0, 0xf3a, 0x8)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r2 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1600000004"], 0x50)
io_uring_enter(r2, 0x2219, 0x7721, 0x16, 0x0, 0x0)

2.278154998s ago: executing program 0 (id=1590):
r0 = syz_clone(0x800000, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f00000010c0)='.\x00', &(0x7f0000000000)='proc\x00', 0x80, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000040)='ns\x00')
readlinkat(r2, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000440)=""/163, 0xa3)

2.031648548s ago: executing program 1 (id=1592):
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0xa, 0x300)
r0 = socket$inet6(0xa, 0x2, 0x3a)
sendto$inet6(r0, &(0x7f0000000000)="800037bbfa9ba1ce", 0x8, 0x4000, &(0x7f0000001100)={0xa, 0x0, 0x0, @loopback}, 0x1c)

1.945239514s ago: executing program 0 (id=1594):
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x4000)
setresuid(r0, r0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f00000004c0)='.\x00', &(0x7f0000005280)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x6000)
setuid(r1)

1.809898662s ago: executing program 0 (id=1595):
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f00000020c0), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x6000}})
lgetxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@known='system.advise\x00', 0x0, 0x0)
syz_fuse_handle_req(r0, 0x0, 0x0, &(0x7f00000041c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r2 = getpgid(0x0)
r3 = syz_pidfd_open(r2, 0x0)
r4 = pidfd_getfd(r3, r3, 0x0)
setns(r4, 0x66020000)
umount2(&(0x7f0000000040)='.\x00', 0x2)
close_range(r1, 0xffffffffffffffff, 0x0)

1.72927572s ago: executing program 1 (id=1597):
r0 = syz_open_dev$loop(&(0x7f0000000140), 0x75f, 0xe382)
r1 = memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc90\xb9voI\xa5/\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\x81\x00V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93\x9c5\xcf\t\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\x94\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\x00'/557, 0x1)
pwritev(r1, &(0x7f0000000040)=[{&(0x7f00000001c0)='9', 0x1}], 0x1, 0x980, 0x8000)
sendfile(r0, r1, 0x0, 0x24002de8)

1.598884675s ago: executing program 1 (id=1598):
r0 = syz_open_procfs(0x0, &(0x7f0000000200)='net/fib_triestat\x00')
read$FUSE(r0, &(0x7f0000002380)={0x2020}, 0x2020)

1.46882203s ago: executing program 0 (id=1600):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
sendto$inet(r0, &(0x7f0000000300)="ab", 0x1, 0x0, &(0x7f0000000380)={0x2, 0x4e22, @local}, 0x10)
sendmsg$inet_sctp(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)='\x00', 0x1}], 0x1, &(0x7f0000000400)=ANY=[@ANYBLOB="20000000000000008400000002000000040041000000000000000000", @ANYRES32=0x0, @ANYBLOB="30000000000000008400000001000000ff0f47000400000006000100ff000000000200c6"], 0x50, 0x4048800}, 0x0)

1.37483373s ago: executing program 1 (id=1601):
mkdir(&(0x7f0000000000)='./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r0 = memfd_secret(0x0)
mknodat(r0, 0x0, 0x100, 0x4931)
openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f000000a980), 0x0, 0x8c0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
setns(r2, 0x24020000)
r3 = syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
mount(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x33bc422, 0x0)

1.28816607s ago: executing program 3 (id=1602):
listen(0xffffffffffffffff, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1.214300231s ago: executing program 2 (id=1603):
pipe(&(0x7f0000000440)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
vmsplice(r0, &(0x7f00000018c0)=[{&(0x7f0000001500)='\v', 0x1}], 0x1, 0x6)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000007, 0x31, 0xffffffffffffffff, 0xd0fbb000)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x72, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

1.092870164s ago: executing program 3 (id=1604):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
mremap(&(0x7f0000064000/0x3000)=nil, 0x3000, 0x600000, 0x3, &(0x7f0000a00000/0x600000)=nil)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66)

1.011081504s ago: executing program 2 (id=1605):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x51}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newqdisc={0x4c, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x7, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x6, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x3, 0xc, 0x1, 0x4}}, @TCA_GRED_DPS={0x0, 0x3, {0x6, 0x4, 0x1, 0x2}}]}}]}, 0x4c}}, 0x24040004)

818.346289ms ago: executing program 1 (id=1606):
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@arp={0x806, @ether_ipv4={0x1, 0x800, 0x6, 0x4, 0x1, @local, @initdev={0xac, 0x1e, 0x11, 0x0}, @random="ed3b2b8908e7", @loopback}}}}, 0x0)

713.469419ms ago: executing program 0 (id=1607):
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f00000002c0))
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f00006b4000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
madvise(&(0x7f0000000000/0x400000)=nil, 0x40001e, 0x15)

713.27202ms ago: executing program 2 (id=1608):
r0 = syz_open_dev$sg(&(0x7f0000001580), 0xcbc0, 0x0)
ioctl$SG_GET_NUM_WAITING(r0, 0x227d, &(0x7f00000015c0))

436.550226ms ago: executing program 2 (id=1609):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000003c0)=0x7fffffff, 0x4)

376.773314ms ago: executing program 1 (id=1610):
syz_clone(0xd104200, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$VHOST_VDPA_GET_VRING_GROUP(0xffffffffffffffff, 0xc008af7b, &(0x7f00000000c0)={0x0, 0x6})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)

203.391005ms ago: executing program 2 (id=1611):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="9feb01001800000000000000140000001400000003000000010000000100000604000000ffffffff01000000005f007a50340e59f09c16bd7ab7f99787b50d10f9b3dc68fe7639ca8784af240600f5cb"], 0x0, 0x2f, 0x0, 0x0, 0xfff}, 0x28)
process_vm_writev(0x0, &(0x7f0000000200)=[{&(0x7f0000000080)=""/212, 0xf6}, {&(0x7f0000000840)=""/4098}], 0x10000000000001dc, &(0x7f0000000400), 0x10000000000000ba, 0x0)

0s ago: executing program 2 (id=1612):
creat(&(0x7f0000010280)='./file0\x00', 0x182)
mount(&(0x7f00000001c0), &(0x7f0000000440)='./file0\x00', &(0x7f0000000340)='9p\x00', 0x0, 0x0)

kernel console output (not intermixed with test programs):

ct=0, SerialNumber=0
[  718.333696][ T5923] usb 1-1: config 0 descriptor??
[  718.427763][ T5923] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 28 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  718.510957][ T5923] usb 1-1: USB disconnect, device number 28
[  718.550597][ T5923] usblp0: removed
[  719.063821][T11264] fuse: Bad value for 'fd'
[  719.099124][T11264] batman_adv: batadv0: Local translation table size (96) exceeds maximum packet size (-320); Ignoring new local tt entry: 16:30:00:00:00:85
[  719.646609][T11273] fuse: Bad value for 'fd'
[  719.667447][T11273] batman_adv: batadv0: Local translation table size (96) exceeds maximum packet size (-320); Ignoring new local tt entry: 16:30:00:00:00:85
[  720.206516][T11279] loop5: detected capacity change from 0 to 7
[  720.211440][ T5923] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  720.246197][ T5201] Dev loop5: unable to read RDB block 7
[  720.260475][ T5201]  loop5: unable to read partition table
[  720.284587][ T5201] loop5: partition table beyond EOD, truncated
[  720.312848][T11279] Dev loop5: unable to read RDB block 7
[  720.318954][T11279]  loop5: unable to read partition table
[  720.331067][T11279] loop5: partition table beyond EOD, truncated
[  720.355987][T11279] loop_reread_partitions: partition scan of loop5 (þ被xü—ŸÑà– ) failed (rc=-5)
[  720.402517][ T5201] Dev loop5: unable to read RDB block 7
[  720.416632][ T5923] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  720.447508][ T5201]  loop5: unable to read partition table
[  720.450557][ T5923] usb 2-1: config 0 has no interfaces?
[  720.485358][ T5923] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  720.486722][ T5201] loop5: partition table beyond EOD, 
[  720.509935][ T5923] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  720.512251][ T5201] truncated
[  720.550668][ T5923] usb 2-1: config 0 descriptor??
[  720.854517][   T24] usb 2-1: USB disconnect, device number 29
[  723.513135][T11322] netdevsim netdevsim3: Direct firmware load for /
[  723.513135][T11322]  failed with error -2
[  723.572549][T11322] netdevsim netdevsim3: Falling back to sysfs fallback for: /
[  723.572549][T11322] 
[  723.872399][T11327] fuse: Bad value for 'fd'
[  723.980928][ T5842] Bluetooth: hci1: command 0x0406 tx timeout
[  724.617936][T11333] batman_adv: batadv0: Adding interface: dummy0
[  724.648607][T11333] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  724.786584][T11333] batman_adv: batadv0: Interface activated: dummy0
[  724.897300][T11336] batadv0: mtu less than device minimum
[  724.919085][T11336] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  724.930516][T11336] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  724.942388][T11336] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  724.954398][T11336] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  724.965955][T11336] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  724.977482][T11336] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  724.989095][T11336] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  725.000970][T11336] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  725.012640][T11336] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  725.621571][T11342] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1341'.
[  725.681484][T11342] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1341'.
[  726.150442][T11348] loop5: detected capacity change from 0 to 7
[  726.172025][T11348] Dev loop5: unable to read RDB block 7
[  726.178775][T11348]  loop5: AHDI p1 p2 p3
[  727.511174][T11348] loop5: partition table partially beyond EOD, truncated
[  727.577838][T11348] loop5: p1 start 1601398130 is beyond EOD, truncated
[  727.606387][T11348] loop5: p2 start 1702059890 is beyond EOD, truncated
[  728.491271][ T5923] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  728.673951][ T5923] usb 3-1: Using ep0 maxpacket: 16
[  728.693283][ T5923] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b
[  728.729172][ T5923] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  728.780931][ T5923] usb 3-1: Product: syz
[  728.799954][ T5923] usb 3-1: SerialNumber: syz
[  728.815573][T11374] netdevsim netdevsim3: Direct firmware load for /
[  728.815573][T11374]  failed with error -2
[  728.845326][ T5923] usb 3-1: config 0 descriptor??
[  728.891075][T11374] netdevsim netdevsim3: Falling back to sysfs fallback for: /
[  728.891075][T11374] 
[  728.960677][ T5923] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  729.037935][ T5923] dvb_usb_af9015 3-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  729.089475][ T5923] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  729.123380][ T5923] dvb_usb_af9035 3-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  729.166720][T11382] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1354'.
[  729.284849][T11382] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1354'.
[  729.484820][T11382] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1354'.
[  729.663583][ T5995] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  729.880942][ T5995] usb 6-1: Using ep0 maxpacket: 32
[  729.898720][ T5995] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  729.923103][ T5995] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  729.973775][ T5995] usb 6-1: config 0 descriptor??
[  730.227115][ T5995] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  730.246577][ T5995] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  731.330560][ T5995] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  731.338527][ T5995] usb 6-1: media controller created
[  731.764312][ T5995] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  731.939443][ T5995] DVB: Unable to find symbol dib7000p_attach()
[  731.977391][ T5995] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  732.150196][ T5995] rc_core: IR keymap rc-dib0700-rc5 not found
[  732.172314][ T5995] Registered IR keymap rc-empty
[  732.200576][ T5995] dvb-usb: could not initialize remote control.
[  732.267611][ T5995] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  732.487629][ T5995] usb 6-1: USB disconnect, device number 10
[  732.516629][T11408] syz.1.1361 uses obsolete (PF_INET,SOCK_PACKET)
[  732.666469][ T5995] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  732.879488][  T803] usb 3-1: USB disconnect, device number 21
[  733.316240][T11419] netdevsim netdevsim5: Direct firmware load for /
[  733.316240][T11419]  failed with error -2
[  733.413902][T11419] netdevsim netdevsim5: Falling back to sysfs fallback for: /
[  733.413902][T11419] 
[  733.914988][T11429] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1366'.
[  734.161793][T11429] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1366'.
[  734.219026][T11429] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1366'.
[  734.382316][ T5923] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  735.880882][ T5923] usb 4-1: Using ep0 maxpacket: 32
[  735.905883][ T5923] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  735.931194][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  735.982605][ T5923] usb 4-1: config 0 descriptor??
[  736.226868][ T5923] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  736.429248][T11444] loop1: detected capacity change from 0 to 40427
[  736.448794][T11444] F2FS-fs (loop1): invalid crc value
[  736.459315][ T5923] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  736.519106][ T5923] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  736.529691][ T5923] usb 4-1: media controller created
[  736.559650][ T5923] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  736.583612][T11444] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  736.602657][T11444] F2FS-fs (loop1): Start checkpoint disabled!
[  736.613617][T11444] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  736.621413][T11444] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  736.738715][   T30] audit: type=1800 audit(1773532947.471:187): pid=11449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1370" name="bus" dev="loop1" ino=10 res=0 errno=0
[  736.909264][T11449] bio_check_eod: 182 callbacks suppressed
[  736.909297][T11449] syz.1.1370: attempt to access beyond end of device
[  736.909297][T11449] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  736.934241][T11449] syz.1.1370: attempt to access beyond end of device
[  736.934241][T11449] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  736.951212][T11449] syz.1.1370: attempt to access beyond end of device
[  736.951212][T11449] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  736.968836][T11449] syz.1.1370: attempt to access beyond end of device
[  736.968836][T11449] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  736.999645][T11449] syz.1.1370: attempt to access beyond end of device
[  736.999645][T11449] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  737.396787][   T12] kworker/u8:0: attempt to access beyond end of device
[  737.396787][   T12] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  737.411435][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  737.411471][   T12] Tainted: [L]=SOFTLOCKUP
[  737.411480][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  737.411494][   T12] Workqueue: writeback wb_workfn (flush-7:1)
[  737.411529][   T12] Call Trace:
[  737.411538][   T12]  <TASK>
[  737.411548][   T12]  dump_stack_lvl+0xe8/0x150
[  737.411583][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  737.411621][   T12]  f2fs_write_end_io+0x1274/0x1740
[  737.411698][   T12]  __submit_merged_bio+0x256/0x700
[  737.411735][   T12]  __submit_merged_write_cond+0x3c9/0x4e0
[  737.411773][   T12]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  737.411830][   T12]  f2fs_write_data_pages+0x287e/0x34f0
[  737.411906][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  737.411955][   T12]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  737.412027][   T12]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  737.412076][   T12]  ? __lock_acquire+0x6b5/0x2cf0
[  737.412106][   T12]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  737.412122][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  737.412141][   T12]  do_writepages+0x32e/0x550
[  737.412162][   T12]  ? reacquire_held_locks+0x104/0x190
[  737.412175][   T12]  ? writeback_sb_inodes+0x477/0x1a20
[  737.412195][   T12]  __writeback_single_inode+0x133/0x11a0
[  737.412213][   T12]  ? do_raw_spin_unlock+0xf5/0x210
[  737.412233][   T12]  writeback_sb_inodes+0x992/0x1a20
[  737.412261][   T12]  ? __lock_acquire+0x6b5/0x2cf0
[  737.412289][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  737.412304][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  737.412346][   T12]  ? rcu_is_watching+0x15/0xb0
[  737.412366][   T12]  wb_writeback+0x456/0xb70
[  737.412385][   T12]  ? queue_io+0x1e1/0x4a0
[  737.412406][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  737.412420][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  737.412447][   T12]  wb_workfn+0x414/0xf50
[  737.412462][   T12]  ? look_up_lock_class+0x57/0x110
[  737.412487][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  737.412503][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  737.412521][   T12]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  737.412554][   T12]  ? process_one_work+0x8bb/0x1780
[  737.412573][   T12]  process_one_work+0x9ab/0x1780
[  737.412606][   T12]  ? __pfx_process_one_work+0x10/0x10
[  737.412626][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  737.412670][   T12]  worker_thread+0xb49/0x1140
[  737.412705][   T12]  kthread+0x388/0x470
[  737.412720][   T12]  ? __pfx_worker_thread+0x10/0x10
[  737.412731][   T12]  ? __pfx_kthread+0x10/0x10
[  737.412747][   T12]  ret_from_fork+0x51e/0xb90
[  737.412768][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  737.412785][   T12]  ? __switch_to+0xc7d/0x1450
[  737.412804][   T12]  ? __pfx_kthread+0x10/0x10
[  737.412820][   T12]  ret_from_fork_asm+0x1a/0x30
[  737.412845][   T12]  </TASK>
[  737.413107][   T12] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  737.580717][ T5923] DVB: Unable to find symbol dib7000p_attach()
[  737.951603][ T5923] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  738.068039][ T5923] rc_core: IR keymap rc-dib0700-rc5 not found
[  738.080120][ T5923] Registered IR keymap rc-empty
[  738.096029][ T5923] dvb-usb: could not initialize remote control.
[  738.113242][ T5923] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  738.406143][T11459] loop2: detected capacity change from 0 to 40427
[  738.415315][T11459] F2FS-fs (loop2): invalid crc value
[  738.427456][ T5923] usb 4-1: USB disconnect, device number 41
[  738.505031][T11459] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  738.522019][T11459] F2FS-fs (loop2): Start checkpoint disabled!
[  738.532652][T11459] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  738.540349][T11459] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  738.686161][   T30] audit: type=1800 audit(1773532949.371:188): pid=11462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1374" name="bus" dev="loop2" ino=10 res=0 errno=0
[  739.127607][ T5923] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  739.540631][T11465] loop5: detected capacity change from 0 to 40427
[  739.569621][T11465] F2FS-fs (loop5): invalid crc value
[  739.622284][   T12] kworker/u8:0: attempt to access beyond end of device
[  739.622284][   T12] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  739.677128][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  739.677168][   T12] Tainted: [L]=SOFTLOCKUP
[  739.677175][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  739.677188][   T12] Workqueue: writeback wb_workfn (flush-7:2)
[  739.677223][   T12] Call Trace:
[  739.677232][   T12]  <TASK>
[  739.677242][   T12]  dump_stack_lvl+0xe8/0x150
[  739.677277][   T12]  f2fs_handle_critical_error+0x37c/0x540
[  739.677314][   T12]  f2fs_write_end_io+0x1274/0x1740
[  739.677371][   T12]  __submit_merged_bio+0x256/0x700
[  739.677408][   T12]  __submit_merged_write_cond+0x3c9/0x4e0
[  739.677447][   T12]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  739.677504][   T12]  f2fs_write_data_pages+0x287e/0x34f0
[  739.677580][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  739.677608][   T12]  ? cfg80211_inform_single_bss_data+0x13c6/0x1b70
[  739.677695][   T12]  ? __lock_acquire+0x6b5/0x2cf0
[  739.677749][   T12]  ? unwind_next_frame+0xa5/0x23c0
[  739.677815][   T12]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  739.677847][   T12]  do_writepages+0x32e/0x550
[  739.677882][   T12]  ? reacquire_held_locks+0x104/0x190
[  739.677905][   T12]  ? writeback_sb_inodes+0x477/0x1a20
[  739.677939][   T12]  __writeback_single_inode+0x133/0x11a0
[  739.677967][   T12]  ? do_raw_spin_unlock+0xf5/0x210
[  739.677999][   T12]  writeback_sb_inodes+0x992/0x1a20
[  739.678060][   T12]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  739.678082][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  739.678157][   T12]  ? rcu_is_watching+0x15/0xb0
[  739.678193][   T12]  wb_writeback+0x456/0xb70
[  739.678224][   T12]  ? queue_io+0x1e1/0x4a0
[  739.678262][   T12]  ? __pfx_wb_writeback+0x10/0x10
[  739.678287][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  739.678335][   T12]  wb_workfn+0x414/0xf50
[  739.678361][   T12]  ? look_up_lock_class+0x57/0x110
[  739.678405][   T12]  ? __pfx_wb_workfn+0x10/0x10
[  739.678433][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  739.678464][   T12]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  739.678518][   T12]  ? process_one_work+0x8bb/0x1780
[  739.678550][   T12]  process_one_work+0x9ab/0x1780
[  739.678610][   T12]  ? __pfx_process_one_work+0x10/0x10
[  739.678639][   T12]  ? do_raw_spin_lock+0x12b/0x2f0
[  739.678688][   T12]  worker_thread+0xb49/0x1140
[  739.678744][   T12]  kthread+0x388/0x470
[  739.678780][   T12]  ? __pfx_worker_thread+0x10/0x10
[  739.678798][   T12]  ? __pfx_kthread+0x10/0x10
[  739.678826][   T12]  ret_from_fork+0x51e/0xb90
[  739.678862][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  739.678891][   T12]  ? __switch_to+0xc7d/0x1450
[  739.678925][   T12]  ? __pfx_kthread+0x10/0x10
[  739.678953][   T12]  ret_from_fork_asm+0x1a/0x30
[  739.678998][   T12]  </TASK>
[  739.963619][   T12] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  739.967150][T11465] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  739.988133][T11465] F2FS-fs (loop5): Start checkpoint disabled!
[  740.231534][T11465] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  740.263407][T11465] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  740.336453][   T30] audit: type=1800 audit(1773532951.071:189): pid=11479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1376" name="bus" dev="loop5" ino=10 res=0 errno=0
[  740.381091][   T24] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  740.468835][T11479] syz.5.1376: attempt to access beyond end of device
[  740.468835][T11479] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  740.486030][T11479] syz.5.1376: attempt to access beyond end of device
[  740.486030][T11479] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  740.505328][T11479] syz.5.1376: attempt to access beyond end of device
[  740.505328][T11479] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  740.674532][ T5995] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  740.810829][   T24] usb 1-1: Using ep0 maxpacket: 32
[  740.903770][   T24] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  740.926773][ T5995] usb 2-1: config 220 has an invalid descriptor of length 1, skipping remainder of the config
[  740.938137][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  740.947053][ T5995] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 3
[  740.959981][ T5995] usb 2-1: config 220 interface 0 has no altsetting 0
[  740.971284][ T5995] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  740.982488][ T5995] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  741.001303][   T24] usb 1-1: config 0 descriptor??
[  741.006631][ T5995] usb 2-1: Product: syz
[  741.014892][ T5995] usb 2-1: Manufacturer: syz
[  741.041330][ T5995] usb 2-1: SerialNumber: syz
[  741.064190][T11439] CPU: 1 UID: 0 PID: 11439 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  741.064228][T11439] Tainted: [L]=SOFTLOCKUP
[  741.064237][T11439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  741.064250][T11439] Workqueue: writeback wb_workfn (flush-7:5)
[  741.064285][T11439] Call Trace:
[  741.064299][T11439]  <TASK>
[  741.064308][T11439]  dump_stack_lvl+0xe8/0x150
[  741.064343][T11439]  f2fs_handle_critical_error+0x37c/0x540
[  741.064380][T11439]  f2fs_write_end_io+0x1274/0x1740
[  741.064434][T11439]  __submit_merged_bio+0x256/0x700
[  741.064470][T11439]  __submit_merged_write_cond+0x3c9/0x4e0
[  741.064508][T11439]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  741.064556][T11439]  f2fs_write_data_pages+0x287e/0x34f0
[  741.064622][T11439]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  741.064668][T11439]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  741.064729][T11439]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  741.064782][T11439]  ? __lock_acquire+0x6b5/0x2cf0
[  741.064829][T11439]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  741.064856][T11439]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  741.064887][T11439]  do_writepages+0x32e/0x550
[  741.064921][T11439]  ? reacquire_held_locks+0x104/0x190
[  741.064945][T11439]  ? writeback_sb_inodes+0x477/0x1a20
[  741.064979][T11439]  __writeback_single_inode+0x133/0x11a0
[  741.065009][T11439]  ? do_raw_spin_unlock+0xf5/0x210
[  741.065051][T11439]  writeback_sb_inodes+0x992/0x1a20
[  741.065101][T11439]  ? do_raw_spin_unlock+0xf5/0x210
[  741.065135][T11439]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  741.065160][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  741.065231][T11439]  ? rcu_is_watching+0x15/0xb0
[  741.065263][T11439]  wb_writeback+0x456/0xb70
[  741.065291][T11439]  ? queue_io+0x1e1/0x4a0
[  741.065323][T11439]  ? __pfx_wb_writeback+0x10/0x10
[  741.065346][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  741.065391][T11439]  wb_workfn+0x414/0xf50
[  741.065416][T11439]  ? look_up_lock_class+0x57/0x110
[  741.065458][T11439]  ? __pfx_wb_workfn+0x10/0x10
[  741.065493][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  741.065524][T11439]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  741.065576][T11439]  ? process_one_work+0x8bb/0x1780
[  741.065609][T11439]  process_one_work+0x9ab/0x1780
[  741.065667][T11439]  ? __pfx_process_one_work+0x10/0x10
[  741.065697][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  741.065743][T11439]  worker_thread+0xb49/0x1140
[  741.065774][T11439]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  741.065813][T11439]  kthread+0x388/0x470
[  741.065840][T11439]  ? __pfx_worker_thread+0x10/0x10
[  741.065859][T11439]  ? __pfx_kthread+0x10/0x10
[  741.065887][T11439]  ret_from_fork+0x51e/0xb90
[  741.065922][T11439]  ? __pfx_ret_from_fork+0x10/0x10
[  741.065951][T11439]  ? __switch_to+0xc7d/0x1450
[  741.065983][T11439]  ? __pfx_kthread+0x10/0x10
[  741.066011][T11439]  ret_from_fork_asm+0x1a/0x30
[  741.066060][T11439]  </TASK>
[  741.066367][T11439] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  741.388459][   T24] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  741.399773][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  741.442053][   T24] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  741.464056][   T24] usb 1-1: media controller created
[  741.516954][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  741.597565][ T5995] uvcvideo 2-1:220.0: Found UVC 0.00 device syz (8086:0b07)
[  741.605678][ T5995] uvcvideo 2-1:220.0: No valid video chain found.
[  741.627006][ T5995] usb 2-1: USB disconnect, device number 30
[  741.805661][   T24] DVB: Unable to find symbol dib7000p_attach()
[  741.807824][T11484] netdevsim netdevsim3: Direct firmware load for /
[  741.807824][T11484]  failed with error -2
[  741.840891][   T24] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  741.873378][T11484] netdevsim netdevsim3: Falling back to sysfs fallback for: /
[  741.873378][T11484] 
[  741.961954][   T24] rc_core: IR keymap rc-dib0700-rc5 not found
[  741.968195][   T24] Registered IR keymap rc-empty
[  741.974910][   T24] dvb-usb: could not initialize remote control.
[  741.985299][   T24] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  742.243846][   T24] usb 1-1: USB disconnect, device number 29
[  742.334266][   T24] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  742.559648][T11498] loop1: detected capacity change from 0 to 40427
[  742.579732][T11498] F2FS-fs (loop1): invalid crc value
[  742.656289][T11498] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  742.668716][T11498] F2FS-fs (loop1): Start checkpoint disabled!
[  742.678366][T11498] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  742.688266][T11498] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  742.716948][   T30] audit: type=1800 audit(1773532953.451:190): pid=11498 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1384" name="bus" dev="loop1" ino=10 res=0 errno=0
[  742.744716][T11498] bio_check_eod: 13 callbacks suppressed
[  742.744732][T11498] syz.1.1384: attempt to access beyond end of device
[  742.744732][T11498] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  742.766203][T11498] syz.1.1384: attempt to access beyond end of device
[  742.766203][T11498] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  742.780594][T11498] syz.1.1384: attempt to access beyond end of device
[  742.780594][T11498] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  742.796071][T11498] syz.1.1384: attempt to access beyond end of device
[  742.796071][T11498] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  742.810619][T11498] syz.1.1384: attempt to access beyond end of device
[  742.810619][T11498] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  742.825412][T11498] syz.1.1384: attempt to access beyond end of device
[  742.825412][T11498] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  742.839883][T11498] syz.1.1384: attempt to access beyond end of device
[  742.839883][T11498] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  742.855334][T11498] syz.1.1384: attempt to access beyond end of device
[  742.855334][T11498] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  742.869806][T11498] syz.1.1384: attempt to access beyond end of device
[  742.869806][T11498] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  742.884487][T11498] syz.1.1384: attempt to access beyond end of device
[  742.884487][T11498] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  743.124391][ T5955] CPU: 0 UID: 0 PID: 5955 Comm: kworker/u8:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  743.124433][ T5955] Tainted: [L]=SOFTLOCKUP
[  743.124441][ T5955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  743.124454][ T5955] Workqueue: writeback wb_workfn (flush-7:1)
[  743.124488][ T5955] Call Trace:
[  743.124497][ T5955]  <TASK>
[  743.124506][ T5955]  dump_stack_lvl+0xe8/0x150
[  743.124540][ T5955]  f2fs_handle_critical_error+0x37c/0x540
[  743.124578][ T5955]  f2fs_write_end_io+0x1274/0x1740
[  743.124633][ T5955]  __submit_merged_bio+0x256/0x700
[  743.124669][ T5955]  __submit_merged_write_cond+0x3c9/0x4e0
[  743.124707][ T5955]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  743.124751][ T5955]  f2fs_write_data_pages+0x287e/0x34f0
[  743.124808][ T5955]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  743.124844][ T5955]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  743.124902][ T5955]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  743.124954][ T5955]  ? __lock_acquire+0x6b5/0x2cf0
[  743.125046][ T5955]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  743.125072][ T5955]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  743.125104][ T5955]  do_writepages+0x32e/0x550
[  743.125135][ T5955]  ? reacquire_held_locks+0x104/0x190
[  743.125158][ T5955]  ? writeback_sb_inodes+0x477/0x1a20
[  743.125190][ T5955]  __writeback_single_inode+0x133/0x11a0
[  743.125218][ T5955]  ? do_raw_spin_unlock+0xf5/0x210
[  743.125251][ T5955]  writeback_sb_inodes+0x992/0x1a20
[  743.125309][ T5955]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  743.125333][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  743.125398][ T5955]  ? rcu_is_watching+0x15/0xb0
[  743.125432][ T5955]  wb_writeback+0x456/0xb70
[  743.125463][ T5955]  ? queue_io+0x1e1/0x4a0
[  743.125504][ T5955]  ? __pfx_wb_writeback+0x10/0x10
[  743.125527][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  743.125569][ T5955]  wb_workfn+0x414/0xf50
[  743.125594][ T5955]  ? look_up_lock_class+0x57/0x110
[  743.125635][ T5955]  ? __pfx_wb_workfn+0x10/0x10
[  743.125662][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  743.125691][ T5955]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  743.125739][ T5955]  ? process_one_work+0x8bb/0x1780
[  743.125769][ T5955]  process_one_work+0x9ab/0x1780
[  743.125822][ T5955]  ? __pfx_process_one_work+0x10/0x10
[  743.125848][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  743.125891][ T5955]  worker_thread+0xb49/0x1140
[  743.125940][ T5955]  kthread+0x388/0x470
[  743.125977][ T5955]  ? __pfx_worker_thread+0x10/0x10
[  743.125993][ T5955]  ? __pfx_kthread+0x10/0x10
[  743.126017][ T5955]  ret_from_fork+0x51e/0xb90
[  743.126050][ T5955]  ? __pfx_ret_from_fork+0x10/0x10
[  743.126077][ T5955]  ? __switch_to+0xc7d/0x1450
[  743.126108][ T5955]  ? __pfx_kthread+0x10/0x10
[  743.126134][ T5955]  ret_from_fork_asm+0x1a/0x30
[  743.126172][ T5955]  </TASK>
[  743.126460][ T5955] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  744.558480][T11520] loop1: detected capacity change from 0 to 40427
[  744.592131][T11520] F2FS-fs (loop1): invalid crc value
[  744.648237][T11520] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  744.661257][T11520] F2FS-fs (loop1): Start checkpoint disabled!
[  744.677141][T11520] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  744.694016][T11520] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  744.723253][   T30] audit: type=1800 audit(1773532955.461:191): pid=11520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1391" name="bus" dev="loop1" ino=10 res=0 errno=0
[  744.857881][T11440] CPU: 1 UID: 0 PID: 11440 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  744.857909][T11440] Tainted: [L]=SOFTLOCKUP
[  744.857914][T11440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  744.857922][T11440] Workqueue: writeback wb_workfn (flush-7:1)
[  744.857945][T11440] Call Trace:
[  744.857950][T11440]  <TASK>
[  744.857956][T11440]  dump_stack_lvl+0xe8/0x150
[  744.857983][T11440]  f2fs_handle_critical_error+0x37c/0x540
[  744.858006][T11440]  f2fs_write_end_io+0x1274/0x1740
[  744.858036][T11440]  __submit_merged_bio+0x256/0x700
[  744.858056][T11440]  __submit_merged_write_cond+0x3c9/0x4e0
[  744.858077][T11440]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  744.858106][T11440]  f2fs_write_data_pages+0x287e/0x34f0
[  744.858144][T11440]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  744.858160][T11440]  ? cfg80211_inform_single_bss_data+0x13c6/0x1b70
[  744.858185][T11440]  ? __lock_acquire+0x6b5/0x2cf0
[  744.858219][T11440]  ? unwind_next_frame+0xa5/0x23c0
[  744.858235][T11440]  ? unwind_next_frame+0xa5/0x23c0
[  744.858255][T11440]  ? unwind_next_frame+0xa5/0x23c0
[  744.858267][T11440]  ? ret_from_fork_asm+0x1a/0x30
[  744.858280][T11440]  ? ret_from_fork_asm+0x1a/0x30
[  744.858303][T11440]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  744.858321][T11440]  do_writepages+0x32e/0x550
[  744.858341][T11440]  ? reacquire_held_locks+0x104/0x190
[  744.858354][T11440]  ? writeback_sb_inodes+0x477/0x1a20
[  744.858374][T11440]  __writeback_single_inode+0x133/0x11a0
[  744.858392][T11440]  ? do_raw_spin_unlock+0xf5/0x210
[  744.858422][T11440]  writeback_sb_inodes+0x992/0x1a20
[  744.858458][T11440]  ? unwind_next_frame+0xa5/0x23c0
[  744.858474][T11440]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  744.858488][T11440]  ? do_raw_spin_lock+0x12b/0x2f0
[  744.858526][T11440]  ? rcu_is_watching+0x15/0xb0
[  744.858544][T11440]  wb_writeback+0x456/0xb70
[  744.858562][T11440]  ? queue_io+0x1e1/0x4a0
[  744.858582][T11440]  ? __pfx_wb_writeback+0x10/0x10
[  744.858596][T11440]  ? do_raw_spin_lock+0x12b/0x2f0
[  744.858620][T11440]  wb_workfn+0x414/0xf50
[  744.858635][T11440]  ? look_up_lock_class+0x57/0x110
[  744.858665][T11440]  ? __pfx_wb_workfn+0x10/0x10
[  744.858682][T11440]  ? do_raw_spin_unlock+0xf5/0x210
[  744.858699][T11440]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  744.858724][T11440]  ? process_one_work+0x8bb/0x1780
[  744.858747][T11440]  process_one_work+0x9ab/0x1780
[  744.858778][T11440]  ? __pfx_process_one_work+0x10/0x10
[  744.858795][T11440]  ? do_raw_spin_lock+0x12b/0x2f0
[  744.858820][T11440]  worker_thread+0xb49/0x1140
[  744.858838][T11440]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  744.858860][T11440]  kthread+0x388/0x470
[  744.858875][T11440]  ? __pfx_worker_thread+0x10/0x10
[  744.858886][T11440]  ? __pfx_kthread+0x10/0x10
[  744.858904][T11440]  ret_from_fork+0x51e/0xb90
[  744.858923][T11440]  ? __pfx_ret_from_fork+0x10/0x10
[  744.858940][T11440]  ? __switch_to+0xc7d/0x1450
[  744.858959][T11440]  ? __pfx_kthread+0x10/0x10
[  744.858975][T11440]  ret_from_fork_asm+0x1a/0x30
[  744.858997][T11440]  </TASK>
[  744.859012][T11440] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  745.398720][T11524] netdevsim netdevsim3: Direct firmware load for /
[  745.398720][T11524]  failed with error -2
[  745.658720][T11524] netdevsim netdevsim3: Falling back to sysfs fallback for: /
[  745.658720][T11524] 
[  746.120867][ T5895] usb 2-1: new high-speed USB device number 31 using dummy_hcd
[  746.321506][ T5895] usb 2-1: Using ep0 maxpacket: 16
[  746.345473][ T5895] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b
[  746.366874][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  746.390631][ T5895] usb 2-1: Product: syz
[  746.404544][ T5895] usb 2-1: SerialNumber: syz
[  746.450906][ T5928] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  746.463122][ T5895] usb 2-1: config 0 descriptor??
[  746.493927][ T5895] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  746.517381][ T5895] dvb_usb_af9015 2-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  746.560116][ T5895] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  746.577551][ T5895] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  746.633301][ T5928] usb 3-1: config 220 has an invalid descriptor of length 1, skipping remainder of the config
[  746.653859][ T5928] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 3
[  746.685446][ T5928] usb 3-1: config 220 interface 0 has no altsetting 0
[  746.714397][ T5928] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  746.730904][ T5928] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  746.760082][ T5928] usb 3-1: Product: syz
[  746.769809][ T5928] usb 3-1: Manufacturer: syz
[  746.792597][ T5928] usb 3-1: SerialNumber: syz
[  746.813924][T11538] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1395'.
[  746.870073][T11538] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1395'.
[  746.909874][T11538] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1395'.
[  747.043101][ T5928] uvcvideo 3-1:220.0: Found UVC 0.00 device syz (8086:0b07)
[  747.073792][ T5928] uvcvideo 3-1:220.0: No valid video chain found.
[  747.121369][ T5928] usb 3-1: USB disconnect, device number 22
[  747.467478][T11549] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1399'.
[  747.484785][T11549] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1399'.
[  747.508354][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  747.516442][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  749.654769][ T5928] usb 2-1: USB disconnect, device number 31
[  750.483466][ T5928] usb 2-1: new high-speed USB device number 32 using dummy_hcd
[  750.560573][T11579] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1408'.
[  750.593719][T11579] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1408'.
[  750.623142][T11579] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1408'.
[  750.652476][ T5928] usb 2-1: Using ep0 maxpacket: 32
[  750.672827][ T5928] usb 2-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  750.706424][ T5928] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  750.740083][ T5928] usb 2-1: Product: syz
[  750.763362][ T5928] usb 2-1: Manufacturer: syz
[  750.787175][ T5928] usb 2-1: SerialNumber: syz
[  750.827193][ T5928] usb 2-1: config 0 descriptor??
[  750.876596][ T5928] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  750.918635][ T5928] dvb-usb: bulk message failed: -22 (2/0)
[  751.011281][ T5928] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  751.066402][T11569] cxusb: i2c wr: len=80 is too big!
[  751.066402][T11569] 
[  751.078188][ T5928] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  751.130390][ T5928] usb 2-1: media controller created
[  751.279984][ T5928] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  751.296355][ T5923] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  751.407579][ T5928] usb 2-1: selecting invalid altsetting 7
[  751.436819][ T5928] cxusb: set interface failed
[  751.450272][ T5928] dvb-usb: bulk message failed: -22 (1/0)
[  751.482014][ T5923] usb 4-1: Using ep0 maxpacket: 16
[  751.531224][ T5923] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b
[  751.563526][ T5923] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  751.600009][T11590] netdevsim netdevsim0: Direct firmware load for /
[  751.600009][T11590]  failed with error -2
[  751.614380][ T5923] usb 4-1: Product: syz
[  751.633860][ T5923] usb 4-1: SerialNumber: syz
[  751.639021][ T5928] DVB: Unable to find symbol lgdt330x_attach()
[  751.648406][T11590] netdevsim netdevsim0: Falling back to sysfs fallback for: /
[  751.648406][T11590] 
[  751.685459][ T5923] usb 4-1: config 0 descriptor??
[  751.700005][T11592] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1412'.
[  751.711522][ T5928] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  751.736272][T11592] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1412'.
[  751.787035][ T5923] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  751.817461][ T5923] dvb_usb_af9015 4-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  751.850115][ T5923] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  751.922220][ T5923] dvb_usb_af9035 4-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  752.079677][ T5928] rc_core: IR keymap rc-dvico-portable not found
[  752.134225][T11596] loop1: detected capacity change from 0 to 40427
[  752.167791][T11596] F2FS-fs (loop1): invalid crc value
[  752.220723][ T5928] Registered IR keymap rc-empty
[  752.255386][T11596] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  752.270118][ T5928] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0
[  752.290494][T11596] F2FS-fs (loop1): Start checkpoint disabled!
[  752.300658][T11596] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  752.316517][T11596] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  752.340386][   T30] audit: type=1800 audit(1773532963.071:192): pid=11596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1413" name="bus" dev="loop1" ino=10 res=0 errno=0
[  752.376617][T11596] bio_check_eod: 374 callbacks suppressed
[  752.376633][T11596] syz.1.1413: attempt to access beyond end of device
[  752.376633][T11596] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  752.397077][T11596] syz.1.1413: attempt to access beyond end of device
[  752.397077][T11596] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  752.411352][T11596] syz.1.1413: attempt to access beyond end of device
[  752.411352][T11596] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  752.425956][T11596] syz.1.1413: attempt to access beyond end of device
[  752.425956][T11596] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  752.440214][T11596] syz.1.1413: attempt to access beyond end of device
[  752.440214][T11596] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  752.454767][T11596] syz.1.1413: attempt to access beyond end of device
[  752.454767][T11596] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  752.468717][T11596] syz.1.1413: attempt to access beyond end of device
[  752.468717][T11596] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  752.484312][T11596] syz.1.1413: attempt to access beyond end of device
[  752.484312][T11596] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  752.498480][T11596] syz.1.1413: attempt to access beyond end of device
[  752.498480][T11596] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  752.512645][T11596] syz.1.1413: attempt to access beyond end of device
[  752.512645][T11596] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  752.630382][ T5928] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.1/usb2/2-1/rc/rc0/input18
[  752.700106][ T5928] dvb-usb: schedule remote query interval to 100 msecs.
[  752.734525][ T5955] CPU: 1 UID: 0 PID: 5955 Comm: kworker/u8:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  752.734562][ T5955] Tainted: [L]=SOFTLOCKUP
[  752.734570][ T5955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  752.734585][ T5955] Workqueue: writeback wb_workfn (flush-7:1)
[  752.734621][ T5955] Call Trace:
[  752.734630][ T5955]  <TASK>
[  752.734640][ T5955]  dump_stack_lvl+0xe8/0x150
[  752.734684][ T5955]  f2fs_handle_critical_error+0x37c/0x540
[  752.734722][ T5955]  f2fs_write_end_io+0x1274/0x1740
[  752.734781][ T5955]  __submit_merged_bio+0x256/0x700
[  752.734818][ T5955]  __submit_merged_write_cond+0x3c9/0x4e0
[  752.734858][ T5955]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  752.734914][ T5955]  f2fs_write_data_pages+0x287e/0x34f0
[  752.734990][ T5955]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  752.735018][ T5955]  ? cfg80211_inform_single_bss_data+0x13c6/0x1b70
[  752.735062][ T5955]  ? __lock_acquire+0x6b5/0x2cf0
[  752.735136][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  752.735178][ T5955]  ? trace_hrtimer_start+0x82/0x230
[  752.735233][ T5955]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  752.735262][ T5955]  do_writepages+0x32e/0x550
[  752.735296][ T5955]  ? reacquire_held_locks+0x104/0x190
[  752.735318][ T5955]  ? writeback_sb_inodes+0x477/0x1a20
[  752.735352][ T5955]  __writeback_single_inode+0x133/0x11a0
[  752.735381][ T5955]  ? do_raw_spin_unlock+0xf5/0x210
[  752.735414][ T5955]  writeback_sb_inodes+0x992/0x1a20
[  752.735467][ T5955]  ? unwind_next_frame+0xa5/0x23c0
[  752.735505][ T5955]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  752.735530][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  752.735612][ T5955]  ? rcu_is_watching+0x15/0xb0
[  752.735645][ T5955]  wb_writeback+0x456/0xb70
[  752.735682][ T5955]  ? queue_io+0x1e1/0x4a0
[  752.735716][ T5955]  ? __pfx_wb_writeback+0x10/0x10
[  752.735738][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  752.735785][ T5955]  wb_workfn+0x414/0xf50
[  752.735811][ T5955]  ? look_up_lock_class+0x57/0x110
[  752.735853][ T5955]  ? __pfx_wb_workfn+0x10/0x10
[  752.735881][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  752.735910][ T5955]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  752.735965][ T5955]  ? process_one_work+0x8bb/0x1780
[  752.735996][ T5955]  process_one_work+0x9ab/0x1780
[  752.736055][ T5955]  ? __pfx_process_one_work+0x10/0x10
[  752.736083][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  752.736132][ T5955]  worker_thread+0xb49/0x1140
[  752.736188][ T5955]  kthread+0x388/0x470
[  752.736216][ T5955]  ? __pfx_worker_thread+0x10/0x10
[  752.736234][ T5955]  ? __pfx_kthread+0x10/0x10
[  752.736262][ T5955]  ret_from_fork+0x51e/0xb90
[  752.736297][ T5955]  ? __pfx_ret_from_fork+0x10/0x10
[  752.736325][ T5955]  ? __switch_to+0xc7d/0x1450
[  752.736358][ T5955]  ? __pfx_kthread+0x10/0x10
[  752.736386][ T5955]  ret_from_fork_asm+0x1a/0x30
[  752.736429][ T5955]  </TASK>
[  752.741247][ T5928] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  752.752357][ T5955] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  753.055321][ T5923] dvb-usb: bulk message failed: -22 (1/0)
[  753.152746][ T5928] usb 2-1: USB disconnect, device number 32
[  753.478774][ T5928] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  754.001124][ T5928] usb 2-1: new high-speed USB device number 33 using dummy_hcd
[  754.200059][ T5928] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  754.249864][ T5928] usb 2-1: config 0 has no interfaces?
[  754.260429][ T5928] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  754.291711][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  754.366130][ T5928] usb 2-1: config 0 descriptor??
[  754.645028][ T5928] usb 2-1: USB disconnect, device number 33
[  754.982348][T11613] loop2: detected capacity change from 0 to 7
[  755.010246][T11613] Dev loop2: unable to read RDB block 7
[  755.019818][ T5928] usb 4-1: USB disconnect, device number 42
[  755.049565][T11613]  loop2: unable to read partition table
[  755.077557][T11613] loop2: partition table beyond EOD, truncated
[  755.099547][T11613] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  755.123952][T11615] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1419'.
[  755.154481][T11615] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1419'.
[  755.199308][T11615] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1419'.
[  755.509382][T11626] netdevsim netdevsim0: Direct firmware load for /
[  755.509382][T11626]  failed with error -2
[  755.540011][T11626] netdevsim netdevsim0: Falling back to sysfs fallback for: /
[  755.540011][T11626] 
[  755.722918][ T5928] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  755.910991][ T5928] usb 4-1: Using ep0 maxpacket: 32
[  755.922277][ T5928] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  755.945916][ T5928] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  755.996333][ T5928] usb 4-1: config 0 descriptor??
[  756.021530][T11633] binder: 11628:11633 ioctl c0306201 0 returned -14
[  756.090981][ T5909] usb 2-1: new high-speed USB device number 34 using dummy_hcd
[  756.113862][T11633] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1423'.
[  756.222170][ T5928] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  756.251364][ T5909] usb 2-1: Using ep0 maxpacket: 16
[  756.271942][ T5928] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  756.298213][ T5909] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b
[  756.312360][ T5928] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  756.331529][ T5909] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  756.340286][ T5928] usb 4-1: media controller created
[  756.359020][ T5909] usb 2-1: Product: syz
[  756.378650][ T5909] usb 2-1: SerialNumber: syz
[  756.393838][ T5928] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  756.407273][ T5909] usb 2-1: config 0 descriptor??
[  756.436868][ T5909] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  756.469156][ T5909] dvb_usb_af9015 2-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  756.501115][ T5909] usb 2-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  756.518601][ T5909] dvb_usb_af9035 2-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  756.563644][ T5928] DVB: Unable to find symbol dib7000p_attach()
[  756.579940][ T5928] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  756.801821][ T5928] rc_core: IR keymap rc-dib0700-rc5 not found
[  756.832854][ T5928] Registered IR keymap rc-empty
[  756.867384][ T5928] dvb-usb: could not initialize remote control.
[  756.907403][ T5928] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  757.072188][T11640] loop2: detected capacity change from 0 to 7
[  757.096825][T11640] Dev loop2: unable to read RDB block 7
[  757.115095][T11640]  loop2: unable to read partition table
[  757.142390][T11640] loop2: partition table beyond EOD, truncated
[  757.170987][T11640] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  757.267273][ T5902] usb 4-1: USB disconnect, device number 43
[  757.412665][ T5902] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  758.092513][T11650] netdevsim netdevsim0: Direct firmware load for /
[  758.092513][T11650]  failed with error -2
[  758.191377][T11650] netdevsim netdevsim0: Falling back to sysfs fallback for: /
[  758.191377][T11650] 
[  758.730970][ T5902] usb 3-1: new high-speed USB device number 23 using dummy_hcd
[  758.917892][ T5902] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  758.957468][ T5902] usb 3-1: config 0 has no interfaces?
[  758.979459][ T5902] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  759.010300][ T5902] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  759.043494][ T5902] usb 3-1: config 0 descriptor??
[  759.283244][ T5902] usb 3-1: USB disconnect, device number 23
[  759.573805][T11668] netdevsim netdevsim3: Direct firmware load for /
[  759.573805][T11668]  failed with error -2
[  759.647999][T11668] netdevsim netdevsim3: Falling back to sysfs fallback for: /
[  759.647999][T11668] 
[  759.668073][ T5923] usb 2-1: USB disconnect, device number 34
[  760.392664][ T5928] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  760.632401][ T5928] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  760.664233][ T5928] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  760.704612][ T5928] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  760.748349][ T5928] usb 1-1: config 0 interface 0 has no altsetting 0
[  760.782872][ T5928] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  760.807799][ T5928] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  760.856827][ T5928] usb 1-1: config 0 interface 0 has no altsetting 0
[  760.907857][ T5928] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  760.932221][ T5928] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  760.990902][ T5928] usb 1-1: config 0 interface 0 has no altsetting 0
[  761.022102][ T5928] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  761.041093][ T5928] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  761.095162][ T5928] usb 1-1: config 0 interface 0 has no altsetting 0
[  761.125334][ T5928] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  761.154434][ T5928] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  761.190050][ T5928] usb 1-1: config 0 interface 0 has no altsetting 0
[  761.222769][ T5928] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  761.262301][ T5928] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  761.308066][ T5928] usb 1-1: config 0 interface 0 has no altsetting 0
[  761.345442][ T5928] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  761.394634][ T5928] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  761.434653][ T5928] usb 1-1: config 0 interface 0 has no altsetting 0
[  761.450478][ T5928] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  761.482446][ T5928] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  761.526940][ T5928] usb 1-1: config 0 interface 0 has no altsetting 0
[  761.560780][ T5928] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  761.601037][ T5928] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  761.609670][ T5928] usb 1-1: Product: syz
[  761.614714][ T5928] usb 1-1: Manufacturer: syz
[  761.619800][ T5928] usb 1-1: SerialNumber: syz
[  761.652832][ T5928] usb 1-1: config 0 descriptor??
[  761.715710][ T5928] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0
[  762.197037][    C0] usb 1-1: yurex_control_callback - control failed: -71
[  762.199544][ T5902] usb 1-1: USB disconnect, device number 30
[  762.250325][T11687] yurex 1-1:0.0: yurex_write - failed to send bulk msg, error -19
[  762.299408][ T5902] yurex 1-1:0.0: USB YUREX #0 now disconnected
[  762.355983][T11692] binder: 11688:11692 ioctl c0306201 0 returned -14
[  762.396302][T11692] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1438'.
[  763.254842][T11695] loop2: detected capacity change from 0 to 40427
[  763.291309][T11695] F2FS-fs (loop2): invalid crc value
[  763.352751][T11695] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  763.366112][T11695] F2FS-fs (loop2): Start checkpoint disabled!
[  763.379684][T11695] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  763.389822][T11695] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  763.508221][   T30] audit: type=1800 audit(1773532974.191:193): pid=11698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1439" name="bus" dev="loop2" ino=10 res=0 errno=0
[  763.899088][T11698] bio_check_eod: 182 callbacks suppressed
[  763.899154][T11698] syz.2.1439: attempt to access beyond end of device
[  763.899154][T11698] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  763.927435][T11698] syz.2.1439: attempt to access beyond end of device
[  763.927435][T11698] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  763.944801][T11698] syz.2.1439: attempt to access beyond end of device
[  763.944801][T11698] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  763.968177][T11698] syz.2.1439: attempt to access beyond end of device
[  763.968177][T11698] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  763.985731][T11698] syz.2.1439: attempt to access beyond end of device
[  763.985731][T11698] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  764.007128][T11698] syz.2.1439: attempt to access beyond end of device
[  764.007128][T11698] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  764.022143][T11698] syz.2.1439: attempt to access beyond end of device
[  764.022143][T11698] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  764.039313][T11698] syz.2.1439: attempt to access beyond end of device
[  764.039313][T11698] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  764.058063][T11698] syz.2.1439: attempt to access beyond end of device
[  764.058063][T11698] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  764.077218][T11698] syz.2.1439: attempt to access beyond end of device
[  764.077218][T11698] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  765.499220][ T5955] CPU: 0 UID: 0 PID: 5955 Comm: kworker/u8:9 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  765.499246][ T5955] Tainted: [L]=SOFTLOCKUP
[  765.499251][ T5955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  765.499259][ T5955] Workqueue: writeback wb_workfn (flush-7:2)
[  765.499282][ T5955] Call Trace:
[  765.499288][ T5955]  <TASK>
[  765.499294][ T5955]  dump_stack_lvl+0xe8/0x150
[  765.499316][ T5955]  f2fs_handle_critical_error+0x37c/0x540
[  765.499336][ T5955]  f2fs_write_end_io+0x1274/0x1740
[  765.499367][ T5955]  __submit_merged_bio+0x256/0x700
[  765.499386][ T5955]  __submit_merged_write_cond+0x3c9/0x4e0
[  765.499407][ T5955]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  765.499436][ T5955]  f2fs_write_data_pages+0x287e/0x34f0
[  765.499474][ T5955]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  765.499499][ T5955]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  765.499531][ T5955]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  765.499560][ T5955]  ? __lock_acquire+0x6b5/0x2cf0
[  765.499587][ T5955]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  765.499603][ T5955]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  765.499621][ T5955]  do_writepages+0x32e/0x550
[  765.499643][ T5955]  ? reacquire_held_locks+0x104/0x190
[  765.499656][ T5955]  ? writeback_sb_inodes+0x477/0x1a20
[  765.499676][ T5955]  __writeback_single_inode+0x133/0x11a0
[  765.499692][ T5955]  ? do_raw_spin_unlock+0xf5/0x210
[  765.499711][ T5955]  writeback_sb_inodes+0x992/0x1a20
[  765.499742][ T5955]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  765.499757][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  765.499795][ T5955]  ? rcu_is_watching+0x15/0xb0
[  765.499813][ T5955]  wb_writeback+0x456/0xb70
[  765.499831][ T5955]  ? queue_io+0x1e1/0x4a0
[  765.499851][ T5955]  ? __pfx_wb_writeback+0x10/0x10
[  765.499865][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  765.499898][ T5955]  wb_workfn+0x414/0xf50
[  765.499912][ T5955]  ? look_up_lock_class+0x57/0x110
[  765.499935][ T5955]  ? __pfx_wb_workfn+0x10/0x10
[  765.500079][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  765.500115][ T5955]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  765.500144][ T5955]  ? process_one_work+0x8bb/0x1780
[  765.500163][ T5955]  process_one_work+0x9ab/0x1780
[  765.500195][ T5955]  ? __pfx_process_one_work+0x10/0x10
[  765.500213][ T5955]  ? do_raw_spin_lock+0x12b/0x2f0
[  765.500238][ T5955]  worker_thread+0xb49/0x1140
[  765.500265][ T5955]  kthread+0x388/0x470
[  765.500281][ T5955]  ? __pfx_worker_thread+0x10/0x10
[  765.500292][ T5955]  ? __pfx_kthread+0x10/0x10
[  765.500308][ T5955]  ret_from_fork+0x51e/0xb90
[  765.500328][ T5955]  ? __pfx_ret_from_fork+0x10/0x10
[  765.500345][ T5955]  ? __switch_to+0xc7d/0x1450
[  765.500364][ T5955]  ? __pfx_kthread+0x10/0x10
[  765.500380][ T5955]  ret_from_fork_asm+0x1a/0x30
[  765.500403][ T5955]  </TASK>
[  765.500410][ T5955] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  765.520872][ T5895] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  766.187871][T11710] net_ratelimit: 10 callbacks suppressed
[  766.187894][T11710] batman_adv: batadv0: Local translation table size (108) exceeds maximum packet size (-320); Ignoring new local tt entry: 16:30:00:00:00:85
[  766.390921][ T5895] usb 6-1: Using ep0 maxpacket: 32
[  766.403659][ T5895] usb 6-1: config index 0 descriptor too short (expected 29220, got 36)
[  766.414481][ T5895] usb 6-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  766.440564][ T5895] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 81
[  766.450178][ T5895] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  766.466437][ T5895] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  766.478286][ T5895] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  766.515490][ T5895] usb 6-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  766.536869][ T5895] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  766.561201][ T5895] usb 6-1: config 0 descriptor??
[  766.694043][T11721] syzkaller0: entered promiscuous mode
[  766.706612][T11721] syzkaller0: entered allmulticast mode
[  766.827841][ T5895] usblp 6-1:0.0: usblp0: USB Bidirectional printer dev 11 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  766.909746][ T5895] usb 6-1: USB disconnect, device number 11
[  766.995385][ T5895] usblp0: removed
[  767.293600][T11727] loop1: detected capacity change from 0 to 40427
[  767.302855][T11727] F2FS-fs (loop1): invalid crc value
[  767.353776][T11727] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  767.363379][T11727] F2FS-fs (loop1): Start checkpoint disabled!
[  767.374450][T11727] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  767.383973][T11727] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  767.499661][   T30] audit: type=1800 audit(1773532978.231:194): pid=11732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1448" name="bus" dev="loop1" ino=10 res=0 errno=0
[  767.607572][ T5895] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  767.951828][ T5895] usb 6-1: Using ep0 maxpacket: 32
[  767.997803][T11733] netdevsim netdevsim0: Direct firmware load for /
[  767.997803][T11733]  failed with error -2
[  768.393373][T11733] netdevsim netdevsim0: Falling back to sysfs fallback for: /
[  768.393373][T11733] 
[  769.059659][ T5895] usb 6-1: unable to read config index 0 descriptor/start: -71
[  769.088481][ T5895] usb 6-1: can't read configurations, error -71
[  769.288503][T11439] bio_check_eod: 373 callbacks suppressed
[  769.288519][T11439] kworker/u8:5: attempt to access beyond end of device
[  769.288519][T11439] loop1: rw=2049, sector=45160, nr_sectors = 8 limit=40427
[  769.387436][T11439] CPU: 0 UID: 0 PID: 11439 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  769.387460][T11439] Tainted: [L]=SOFTLOCKUP
[  769.387465][T11439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  769.387474][T11439] Workqueue: writeback wb_workfn (flush-7:1)
[  769.387497][T11439] Call Trace:
[  769.387503][T11439]  <TASK>
[  769.387511][T11439]  dump_stack_lvl+0xe8/0x150
[  769.387534][T11439]  f2fs_handle_critical_error+0x37c/0x540
[  769.387555][T11439]  f2fs_write_end_io+0x1274/0x1740
[  769.387585][T11439]  __submit_merged_bio+0x256/0x700
[  769.387606][T11439]  __submit_merged_write_cond+0x3c9/0x4e0
[  769.387627][T11439]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  769.387656][T11439]  f2fs_write_data_pages+0x287e/0x34f0
[  769.387694][T11439]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  769.387719][T11439]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  769.387751][T11439]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  769.387780][T11439]  ? __lock_acquire+0x6b5/0x2cf0
[  769.387807][T11439]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  769.387822][T11439]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  769.387841][T11439]  do_writepages+0x32e/0x550
[  769.387868][T11439]  ? reacquire_held_locks+0x104/0x190
[  769.387881][T11439]  ? writeback_sb_inodes+0x477/0x1a20
[  769.387901][T11439]  __writeback_single_inode+0x133/0x11a0
[  769.387918][T11439]  ? do_raw_spin_unlock+0xf5/0x210
[  769.387937][T11439]  writeback_sb_inodes+0x992/0x1a20
[  769.387969][T11439]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  769.387983][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  769.388021][T11439]  ? rcu_is_watching+0x15/0xb0
[  769.388040][T11439]  wb_writeback+0x456/0xb70
[  769.388057][T11439]  ? queue_io+0x1e1/0x4a0
[  769.388077][T11439]  ? __pfx_wb_writeback+0x10/0x10
[  769.388091][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  769.388116][T11439]  wb_workfn+0x414/0xf50
[  769.388131][T11439]  ? look_up_lock_class+0x57/0x110
[  769.388154][T11439]  ? __pfx_wb_workfn+0x10/0x10
[  769.388169][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  769.388186][T11439]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  769.388214][T11439]  ? process_one_work+0x8bb/0x1780
[  769.388232][T11439]  process_one_work+0x9ab/0x1780
[  769.388263][T11439]  ? __pfx_process_one_work+0x10/0x10
[  769.388280][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  769.388305][T11439]  worker_thread+0xb49/0x1140
[  769.388323][T11439]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  769.388345][T11439]  kthread+0x388/0x470
[  769.388367][T11439]  ? __pfx_worker_thread+0x10/0x10
[  769.388383][T11439]  ? __pfx_kthread+0x10/0x10
[  769.388408][T11439]  ret_from_fork+0x51e/0xb90
[  769.388446][T11439]  ? __pfx_ret_from_fork+0x10/0x10
[  769.388474][T11439]  ? __switch_to+0xc7d/0x1450
[  769.388505][T11439]  ? __pfx_kthread+0x10/0x10
[  769.388533][T11439]  ret_from_fork_asm+0x1a/0x30
[  769.388575][T11439]  </TASK>
[  769.666033][T11439] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  769.931442][ T5995] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  770.092754][ T5995] usb 4-1: Using ep0 maxpacket: 32
[  770.116128][ T5995] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  770.162003][ T5995] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  770.214646][ T5995] usb 4-1: config 0 descriptor??
[  770.356876][T11745] netdevsim netdevsim1: Direct firmware load for /
[  770.356876][T11745]  failed with error -2
[  770.369089][T11745] netdevsim netdevsim1: Falling back to sysfs fallback for: /
[  770.369089][T11745] 
[  770.411423][T11754] binder: 11751:11754 ioctl c0306201 0 returned -14
[  770.535922][T11754] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1455'.
[  770.562814][ T5995] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  770.587847][ T5995] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  770.622265][ T5995] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  770.631921][ T5995] usb 4-1: media controller created
[  770.653959][ T5995] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  770.894075][ T5995] DVB: Unable to find symbol dib7000p_attach()
[  770.925602][ T5995] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  771.182597][ T5995] rc_core: IR keymap rc-dib0700-rc5 not found
[  771.211216][ T5995] Registered IR keymap rc-empty
[  771.231810][ T5995] dvb-usb: could not initialize remote control.
[  771.275707][ T5995] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  771.302309][ T5995] usb 4-1: USB disconnect, device number 44
[  771.416434][ T5995] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  771.631487][T11764] binder: BINDER_SET_CONTEXT_MGR already set
[  771.661388][T11764] binder: 11762:11764 ioctl 4018620d 200000000040 returned -16
[  772.451296][T11771] loop3: detected capacity change from 0 to 40427
[  772.468286][T11771] F2FS-fs (loop3): invalid crc value
[  772.518512][T11771] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  772.528110][T11771] F2FS-fs (loop3): Start checkpoint disabled!
[  772.535549][T11771] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  772.547356][T11771] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  772.653901][   T30] audit: type=1800 audit(1773532983.391:195): pid=11774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1461" name="bus" dev="loop3" ino=10 res=0 errno=0
[  773.174610][T11774] syz.3.1461: attempt to access beyond end of device
[  773.174610][T11774] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  773.194460][T11774] syz.3.1461: attempt to access beyond end of device
[  773.194460][T11774] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  773.215024][T11774] syz.3.1461: attempt to access beyond end of device
[  773.215024][T11774] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  773.238307][T11774] syz.3.1461: attempt to access beyond end of device
[  773.238307][T11774] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  773.257617][T11774] syz.3.1461: attempt to access beyond end of device
[  773.257617][T11774] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  773.280375][T11774] syz.3.1461: attempt to access beyond end of device
[  773.280375][T11774] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  773.296976][T11774] syz.3.1461: attempt to access beyond end of device
[  773.296976][T11774] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  773.436719][T11774] syz.3.1461: attempt to access beyond end of device
[  773.436719][T11774] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  773.669720][   T13] kworker/u8:1: attempt to access beyond end of device
[  773.669720][   T13] loop3: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  773.686984][   T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  773.687020][   T13] Tainted: [L]=SOFTLOCKUP
[  773.687028][   T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  773.687042][   T13] Workqueue: writeback wb_workfn (flush-7:3)
[  773.687078][   T13] Call Trace:
[  773.687087][   T13]  <TASK>
[  773.687097][   T13]  dump_stack_lvl+0xe8/0x150
[  773.687129][   T13]  f2fs_handle_critical_error+0x37c/0x540
[  773.687167][   T13]  f2fs_write_end_io+0x1274/0x1740
[  773.687223][   T13]  __submit_merged_bio+0x256/0x700
[  773.687259][   T13]  __submit_merged_write_cond+0x3c9/0x4e0
[  773.687297][   T13]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  773.687352][   T13]  f2fs_write_data_pages+0x287e/0x34f0
[  773.687424][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  773.687470][   T13]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  773.687532][   T13]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  773.687598][   T13]  ? __lock_acquire+0x6b5/0x2cf0
[  773.687644][   T13]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  773.687671][   T13]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  773.687703][   T13]  do_writepages+0x32e/0x550
[  773.687738][   T13]  ? reacquire_held_locks+0x104/0x190
[  773.687761][   T13]  ? writeback_sb_inodes+0x477/0x1a20
[  773.687796][   T13]  __writeback_single_inode+0x133/0x11a0
[  773.687825][   T13]  ? do_raw_spin_unlock+0xf5/0x210
[  773.687858][   T13]  writeback_sb_inodes+0x992/0x1a20
[  773.687915][   T13]  ? __lock_acquire+0x6b5/0x2cf0
[  773.687954][   T13]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  773.687979][   T13]  ? do_raw_spin_lock+0x12b/0x2f0
[  773.688052][   T13]  ? rcu_is_watching+0x15/0xb0
[  773.688085][   T13]  wb_writeback+0x456/0xb70
[  773.688117][   T13]  ? queue_io+0x1e1/0x4a0
[  773.688154][   T13]  ? __pfx_wb_writeback+0x10/0x10
[  773.688179][   T13]  ? do_raw_spin_lock+0x12b/0x2f0
[  773.688225][   T13]  wb_workfn+0x414/0xf50
[  773.688249][   T13]  ? look_up_lock_class+0x57/0x110
[  773.688291][   T13]  ? __pfx_wb_workfn+0x10/0x10
[  773.688319][   T13]  ? do_raw_spin_lock+0x12b/0x2f0
[  773.688349][   T13]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  773.688402][   T13]  ? process_one_work+0x8bb/0x1780
[  773.688433][   T13]  process_one_work+0x9ab/0x1780
[  773.688490][   T13]  ? __pfx_process_one_work+0x10/0x10
[  773.688519][   T13]  ? do_raw_spin_lock+0x12b/0x2f0
[  773.688573][   T13]  worker_thread+0xb49/0x1140
[  773.688623][   T13]  kthread+0x388/0x470
[  773.688647][   T13]  ? __pfx_worker_thread+0x10/0x10
[  773.688665][   T13]  ? __pfx_kthread+0x10/0x10
[  773.688692][   T13]  ret_from_fork+0x51e/0xb90
[  773.688725][   T13]  ? __pfx_ret_from_fork+0x10/0x10
[  773.688754][   T13]  ? __switch_to+0xc7d/0x1450
[  773.688786][   T13]  ? __pfx_kthread+0x10/0x10
[  773.688811][   T13]  ret_from_fork_asm+0x1a/0x30
[  773.688844][   T13]  </TASK>
[  773.689059][   T13] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  773.780998][ T5928] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  773.950892][ T5928] usb 1-1: Using ep0 maxpacket: 32
[  774.118519][ T5928] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  774.150118][ T5928] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  774.178534][ T5928] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  774.223631][ T5928] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  774.265957][ T5928] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  774.308642][ T5928] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  774.346517][ T5928] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  774.420486][ T5928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  774.464850][ T5928] usb 1-1: config 0 descriptor??
[  774.530933][ T5995] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[  774.636181][T11781] netdevsim netdevsim1: Direct firmware load for /
[  774.636181][T11781]  failed with error -2
[  774.700909][ T5995] usb 4-1: Using ep0 maxpacket: 8
[  774.709608][T11781] netdevsim netdevsim1: Falling back to sysfs fallback for: /
[  774.709608][T11781] 
[  774.736643][ T5928] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 31 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  774.794020][ T5928] usb 1-1: USB disconnect, device number 31
[  774.813755][ T5928] usblp0: removed
[  774.844929][ T5995] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  774.868461][ T5995] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  774.901973][ T5995] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  774.935624][ T5995] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  774.984249][ T5995] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  775.008408][ T5995] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  775.276115][ T5995] usb 4-1: usb_control_msg returned -71
[  775.291094][ T5928] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  775.309785][ T5995] usbtmc 4-1:16.0: can't read capabilities
[  775.345640][ T5995] usb 4-1: USB disconnect, device number 45
[  775.470125][ T5928] usb 1-1: Using ep0 maxpacket: 32
[  775.481181][ T5928] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  775.491255][ T5928] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  775.500480][ T5909] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  775.516277][ T5928] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  775.539683][ T5928] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  775.560865][ T5928] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  775.576669][ T5928] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  775.610696][ T5928] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  775.637658][ T5928] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  775.663737][ T5928] usb 1-1: config 0 descriptor??
[  775.671070][ T5909] usb 3-1: Using ep0 maxpacket: 32
[  775.692022][ T5909] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  775.705797][ T5909] usb 3-1: config 0 has no interfaces?
[  775.714117][ T5909] usb 3-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c
[  775.726079][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  775.739125][ T5909] usb 3-1: Product: syz
[  775.746311][ T5909] usb 3-1: Manufacturer: syz
[  775.759168][ T5909] usb 3-1: SerialNumber: syz
[  775.783571][ T5909] usb 3-1: config 0 descriptor??
[  775.883868][ T5928] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 32 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  776.126085][   T30] audit: type=1326 audit(1773532986.861:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.3.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee679c799 code=0x7ffc0000
[  776.127824][ T5928] usb 1-1: USB disconnect, device number 32
[  776.248012][   T30] audit: type=1326 audit(1773532986.901:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.3.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee679c799 code=0x7ffc0000
[  776.355979][ T5928] usblp0: removed
[  776.467420][   T30] audit: type=1326 audit(1773532986.901:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.3.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f0ee679c799 code=0x7ffc0000
[  776.496346][   T30] audit: type=1326 audit(1773532986.901:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.3.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee679c799 code=0x7ffc0000
[  776.530643][   T30] audit: type=1326 audit(1773532986.901:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.3.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f0ee679c799 code=0x7ffc0000
[  776.591208][   T30] audit: type=1326 audit(1773532986.901:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.3.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee679c799 code=0x7ffc0000
[  776.619646][T11799] mmap: syz.3.1468 (11799) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  776.626640][   T30] audit: type=1326 audit(1773532986.911:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.3.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f0ee679c799 code=0x7ffc0000
[  776.748079][   T30] audit: type=1326 audit(1773532986.911:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.3.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ee679c799 code=0x7ffc0000
[  776.801409][ T5923] usb 2-1: new high-speed USB device number 35 using dummy_hcd
[  776.810474][   T30] audit: type=1326 audit(1773532986.931:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11793 comm="syz.3.1468" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0ee679c799 code=0x7ffc0000
[  776.881805][T11801] binder: BINDER_SET_CONTEXT_MGR already set
[  776.895306][T11801] binder: 11800:11801 ioctl 4018620d 200000000040 returned -16
[  776.921232][ T5995] usb 3-1: USB disconnect, device number 24
[  777.005980][ T5923] usb 2-1: config 220 has an invalid interface number: 76 but max is 2
[  777.020964][ T5923] usb 2-1: config 220 has an invalid descriptor of length 251, skipping remainder of the config
[  777.061441][ T5923] usb 2-1: config 220 has 2 interfaces, different from the descriptor's value: 3
[  777.095133][ T5923] usb 2-1: config 220 has no interface number 1
[  777.113182][ T5923] usb 2-1: config 220 interface 0 has no altsetting 0
[  777.143086][ T5923] usb 2-1: config 220 interface 76 has no altsetting 0
[  777.171937][ T5923] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  777.182274][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.206993][ T5923] usb 2-1: Product: syz
[  777.218811][ T5923] usb 2-1: Manufacturer: syz
[  777.239090][ T5923] usb 2-1: SerialNumber: syz
[  777.460914][ T5995] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  777.465072][ T5923] uvcvideo 2-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  777.487741][ T5923] uvcvideo 2-1:220.0: No valid video chain found.
[  777.545147][ T5923] usb 2-1: USB disconnect, device number 35
[  777.650905][ T5995] usb 4-1: Using ep0 maxpacket: 32
[  777.666120][ T5995] usb 4-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50
[  777.707547][ T5995] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  777.730711][ T5995] usb 4-1: Product: syz
[  777.754172][ T5995] usb 4-1: Manufacturer: syz
[  777.767653][ T5995] usb 4-1: SerialNumber: syz
[  777.807262][ T5995] usb 4-1: config 0 descriptor??
[  777.837251][ T5995] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state.
[  777.860544][ T5995] dvb-usb: bulk message failed: -22 (2/0)
[  777.908192][ T5995] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  777.956603][ T5995] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold)
[  777.968925][ T5995] usb 4-1: media controller created
[  778.034107][T11805] cxusb: i2c wr: len=80 is too big!
[  778.034107][T11805] 
[  778.110399][ T5995] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  778.395479][T11814] loop1: detected capacity change from 0 to 40427
[  778.425256][T11814] F2FS-fs (loop1): invalid crc value
[  778.433258][ T5995] usb 4-1: selecting invalid altsetting 7
[  778.439965][ T5995] cxusb: set interface failed
[  778.481737][T11814] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  778.492007][ T5995] dvb-usb: bulk message failed: -22 (1/0)
[  778.499070][T11814] F2FS-fs (loop1): Start checkpoint disabled!
[  778.517385][T11814] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  778.525598][T11814] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  778.656797][   T30] kauditd_printk_skb: 8 callbacks suppressed
[  778.656872][   T30] audit: type=1800 audit(1773532989.371:213): pid=11818 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1474" name="bus" dev="loop1" ino=10 res=0 errno=0
[  779.202416][T11818] syz.1.1474: attempt to access beyond end of device
[  779.202416][T11818] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  779.221191][T11818] syz.1.1474: attempt to access beyond end of device
[  779.221191][T11818] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  779.239243][T11818] syz.1.1474: attempt to access beyond end of device
[  779.239243][T11818] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  779.260418][T11818] syz.1.1474: attempt to access beyond end of device
[  779.260418][T11818] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  779.278758][T11818] syz.1.1474: attempt to access beyond end of device
[  779.278758][T11818] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  779.303673][T11818] syz.1.1474: attempt to access beyond end of device
[  779.303673][T11818] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  779.320883][T11818] syz.1.1474: attempt to access beyond end of device
[  779.320883][T11818] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  779.681149][ T5995] DVB: Unable to find symbol lgdt330x_attach()
[  779.758297][ T5995] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold'
[  781.289526][ T5956] kworker/u8:10: attempt to access beyond end of device
[  781.289526][ T5956] loop1: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  781.337109][ T5956] CPU: 1 UID: 0 PID: 5956 Comm: kworker/u8:10 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  781.337133][ T5956] Tainted: [L]=SOFTLOCKUP
[  781.337138][ T5956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  781.337147][ T5956] Workqueue: writeback wb_workfn (flush-7:1)
[  781.337171][ T5956] Call Trace:
[  781.337176][ T5956]  <TASK>
[  781.337182][ T5956]  dump_stack_lvl+0xe8/0x150
[  781.337204][ T5956]  f2fs_handle_critical_error+0x37c/0x540
[  781.337231][ T5956]  f2fs_write_end_io+0x1274/0x1740
[  781.337267][ T5956]  __submit_merged_bio+0x256/0x700
[  781.337288][ T5956]  __submit_merged_write_cond+0x3c9/0x4e0
[  781.337311][ T5956]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  781.337343][ T5956]  f2fs_write_data_pages+0x287e/0x34f0
[  781.337385][ T5956]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  781.337413][ T5956]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  781.337448][ T5956]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  781.337481][ T5956]  ? __lock_acquire+0x6b5/0x2cf0
[  781.337509][ T5956]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  781.337525][ T5956]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  781.337544][ T5956]  do_writepages+0x32e/0x550
[  781.337564][ T5956]  ? reacquire_held_locks+0x104/0x190
[  781.337578][ T5956]  ? writeback_sb_inodes+0x477/0x1a20
[  781.337606][ T5956]  __writeback_single_inode+0x133/0x11a0
[  781.337624][ T5956]  ? do_raw_spin_unlock+0xf5/0x210
[  781.337643][ T5956]  writeback_sb_inodes+0x992/0x1a20
[  781.337672][ T5956]  ? do_raw_spin_unlock+0xf5/0x210
[  781.337692][ T5956]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  781.337707][ T5956]  ? do_raw_spin_lock+0x12b/0x2f0
[  781.337749][ T5956]  ? rcu_is_watching+0x15/0xb0
[  781.337769][ T5956]  wb_writeback+0x456/0xb70
[  781.337788][ T5956]  ? queue_io+0x1e1/0x4a0
[  781.337809][ T5956]  ? __pfx_wb_writeback+0x10/0x10
[  781.337823][ T5956]  ? do_raw_spin_lock+0x12b/0x2f0
[  781.337850][ T5956]  wb_workfn+0x414/0xf50
[  781.337866][ T5956]  ? look_up_lock_class+0x57/0x110
[  781.337890][ T5956]  ? __pfx_wb_workfn+0x10/0x10
[  781.337906][ T5956]  ? do_raw_spin_lock+0x12b/0x2f0
[  781.337924][ T5956]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  781.337955][ T5956]  ? process_one_work+0x8bb/0x1780
[  781.337973][ T5956]  process_one_work+0x9ab/0x1780
[  781.338007][ T5956]  ? __pfx_process_one_work+0x10/0x10
[  781.338024][ T5956]  ? do_raw_spin_lock+0x12b/0x2f0
[  781.338051][ T5956]  worker_thread+0xb49/0x1140
[  781.338070][ T5956]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  781.338094][ T5956]  kthread+0x388/0x470
[  781.338109][ T5956]  ? __pfx_worker_thread+0x10/0x10
[  781.338120][ T5956]  ? __pfx_kthread+0x10/0x10
[  781.338137][ T5956]  ret_from_fork+0x51e/0xb90
[  781.338157][ T5956]  ? __pfx_ret_from_fork+0x10/0x10
[  781.338174][ T5956]  ? __switch_to+0xc7d/0x1450
[  781.338194][ T5956]  ? __pfx_kthread+0x10/0x10
[  781.338210][ T5956]  ret_from_fork_asm+0x1a/0x30
[  781.338234][ T5956]  </TASK>
[  781.624961][ T5956] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  781.822848][T11827] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1476'.
[  781.898341][T11828] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1476'.
[  781.981159][ T5995] rc_core: IR keymap rc-dvico-portable not found
[  781.997575][ T5995] Registered IR keymap rc-empty
[  782.022151][ T5995] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0
[  782.062010][ T5995] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.3/usb4/4-1/rc/rc0/input21
[  782.099493][ T5995] dvb-usb: schedule remote query interval to 100 msecs.
[  782.170873][ T5995] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected.
[  782.234967][ T5995] usb 4-1: USB disconnect, device number 46
[  782.410391][ T5995] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected.
[  783.261286][ T5902] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[  783.451301][ T5902] usb 1-1: Using ep0 maxpacket: 32
[  783.476160][ T5902] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  783.496936][T11840] binder: 11839:11840 ioctl c0306201 0 returned -14
[  783.542466][T11840] binder: BINDER_SET_CONTEXT_MGR already set
[  783.566165][ T5902] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  783.575115][T11840] binder: 11839:11840 ioctl 4018620d 200000000040 returned -16
[  783.596543][ T5902] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  783.646390][ T5902] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  783.685736][ T5902] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  783.733220][ T5902] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  783.822570][ T5902] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  783.847945][ T5902] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  783.902616][ T5902] usb 1-1: config 0 descriptor??
[  784.158309][ T5902] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 33 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  784.264191][ T5902] usb 1-1: USB disconnect, device number 33
[  784.353850][ T5902] usblp0: removed
[  784.550896][ T5909] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  784.738429][ T5909] usb 6-1: Using ep0 maxpacket: 32
[  784.740961][ T5902] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  784.761182][T11849] netdevsim netdevsim3: Direct firmware load for /
[  784.761182][T11849]  failed with error -2
[  784.793773][ T5909] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  784.819103][ T5909] usb 6-1: config 0 has no interfaces?
[  784.846331][ T5909] usb 6-1: New USB device found, idVendor=2040, idProduct=d900, bcdDevice=a9.2c
[  784.860269][ T5909] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  784.886817][ T5909] usb 6-1: Product: syz
[  784.906572][ T5909] usb 6-1: Manufacturer: syz
[  784.921004][ T5909] usb 6-1: SerialNumber: syz
[  784.932265][ T5909] usb 6-1: config 0 descriptor??
[  784.943335][T11849] netdevsim netdevsim3: Falling back to sysfs fallback for: /
[  784.943335][T11849] 
[  784.958288][ T5902] usb 1-1: Using ep0 maxpacket: 32
[  784.999398][ T5902] usb 1-1: config index 0 descriptor too short (expected 29220, got 36)
[  785.029717][ T5902] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  785.066879][ T5902] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81
[  785.092354][ T5902] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  785.138004][ T5902] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  785.176047][ T5902] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  785.252702][ T5902] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  785.314220][ T5902] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  785.420558][ T5902] usb 1-1: config 0 descriptor??
[  785.658524][ T5902] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 34 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  785.807832][ T5902] usb 1-1: USB disconnect, device number 34
[  785.890302][ T5928] usb 6-1: USB disconnect, device number 14
[  785.901759][ T5902] usblp0: removed
[  786.012601][   T24] usb 2-1: new high-speed USB device number 36 using dummy_hcd
[  786.190833][   T24] usb 2-1: Using ep0 maxpacket: 32
[  786.198068][   T24] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0021, bcdDevice=29.40
[  786.227990][   T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.276429][   T24] usb 2-1: config 0 descriptor??
[  786.510119][   T24] dvb-usb: found a 'Elgato EyeTV DTT' in warm state.
[  786.532652][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  786.583522][   T24] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT)
[  786.618456][   T24] usb 2-1: media controller created
[  786.700207][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  788.684083][   T24] DVB: Unable to find symbol dib7000p_attach()
[  788.722726][   T24] dvb-usb: no frontend was attached by 'Elgato EyeTV DTT'
[  788.885391][T11873] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1488'.
[  788.939146][T11871] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1488'.
[  788.960946][   T24] rc_core: IR keymap rc-dib0700-rc5 not found
[  789.018210][   T24] Registered IR keymap rc-empty
[  789.054987][   T24] dvb-usb: could not initialize remote control.
[  789.094551][   T24] dvb-usb: Elgato EyeTV DTT successfully initialized and connected.
[  789.158110][   T24] usb 2-1: USB disconnect, device number 36
[  789.298504][T11881] binder: 11877:11881 ioctl c0306201 0 returned -14
[  789.379651][   T24] dvb-usb: Elgato EyeTV DTT successfully deinitialized and disconnected.
[  789.522479][ T5928] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  789.731652][ T5928] usb 1-1: config 220 has an invalid interface number: 76 but max is 2
[  789.758860][ T5928] usb 1-1: config 220 has an invalid descriptor of length 251, skipping remainder of the config
[  789.805213][ T5928] usb 1-1: config 220 has 2 interfaces, different from the descriptor's value: 3
[  789.849711][ T5928] usb 1-1: config 220 has no interface number 1
[  789.859655][ T5928] usb 1-1: config 220 interface 0 has no altsetting 0
[  789.881230][ T5928] usb 1-1: config 220 interface 76 has no altsetting 0
[  789.926879][ T5928] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  789.937923][ T5928] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  789.949287][ T5928] usb 1-1: Product: syz
[  789.957419][ T5928] usb 1-1: Manufacturer: syz
[  789.962502][ T5902] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  789.989854][ T5928] usb 1-1: SerialNumber: syz
[  790.141366][ T5902] usb 3-1: device descriptor read/64, error -71
[  790.217339][ T5928] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  790.235246][ T5928] uvcvideo 1-1:220.0: No valid video chain found.
[  790.325922][ T5928] usb 1-1: USB disconnect, device number 35
[  790.401812][ T5902] usb 3-1: new high-speed USB device number 26 using dummy_hcd
[  790.563437][ T5902] usb 3-1: device descriptor read/64, error -71
[  790.692062][ T5902] usb usb3-port1: attempt power cycle
[  791.111127][ T5902] usb 3-1: new high-speed USB device number 27 using dummy_hcd
[  792.742015][ T5902] usb 3-1: device descriptor read/8, error -71
[  793.551076][T11915] binder: 11914:11915 ioctl c0306201 0 returned -14
[  794.469400][   T30] audit: type=1326 audit(1773533005.201:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11918 comm="syz.0.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f679c799 code=0x7ffc0000
[  794.542682][   T30] audit: type=1326 audit(1773533005.231:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11918 comm="syz.0.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=246 compat=0 ip=0x7f57f679c799 code=0x7ffc0000
[  794.604790][   T30] audit: type=1326 audit(1773533005.231:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11918 comm="syz.0.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f679c799 code=0x7ffc0000
[  794.701107][   T30] audit: type=1326 audit(1773533005.241:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11918 comm="syz.0.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f57f679c799 code=0x7ffc0000
[  794.771834][   T30] audit: type=1326 audit(1773533005.241:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11918 comm="syz.0.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f679c799 code=0x7ffc0000
[  794.877101][   T30] audit: type=1326 audit(1773533005.241:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11918 comm="syz.0.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f57f679c799 code=0x7ffc0000
[  794.966829][   T30] audit: type=1326 audit(1773533005.241:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11918 comm="syz.0.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f679c799 code=0x7ffc0000
[  795.070499][   T30] audit: type=1326 audit(1773533005.241:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11918 comm="syz.0.1506" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57f679c799 code=0x7ffc0000
[  795.518695][T11926] binder: 11923:11926 ioctl c0306201 0 returned -14
[  796.272450][ T5928] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  796.502210][ T5928] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  796.530590][ T5928] usb 4-1: config 220 has an invalid descriptor of length 251, skipping remainder of the config
[  796.571903][ T5928] usb 4-1: config 220 has 2 interfaces, different from the descriptor's value: 3
[  796.609102][ T5928] usb 4-1: config 220 has no interface number 1
[  796.638538][ T5928] usb 4-1: config 220 interface 0 has no altsetting 0
[  796.665964][ T5928] usb 4-1: config 220 interface 76 has no altsetting 0
[  796.696938][ T5928] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  796.738636][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  796.769007][ T5928] usb 4-1: Product: syz
[  796.804565][ T5928] usb 4-1: Manufacturer: syz
[  796.830510][ T5928] usb 4-1: SerialNumber: syz
[  797.105472][ T5928] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07)
[  797.148940][ T5928] uvcvideo 4-1:220.0: No valid video chain found.
[  797.268276][ T5928] usb 4-1: USB disconnect, device number 47
[  797.847805][T11936] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1510'.
[  800.771556][ T5923] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  800.983935][ T5923] usb 6-1: Using ep0 maxpacket: 16
[  801.012832][T11977] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1523'.
[  801.052932][ T5923] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=f4.9b
[  801.077071][ T5923] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3
[  801.110105][ T5923] usb 6-1: Product: syz
[  801.144678][ T5923] usb 6-1: SerialNumber: syz
[  801.169450][ T5923] usb 6-1: config 0 descriptor??
[  801.246081][ T5923] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  801.279396][ T5923] dvb_usb_af9015 6-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  801.326394][ T5923] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  801.350652][ T5923] dvb_usb_af9035 6-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[  803.582390][  T803] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  803.766178][  T803] usb 1-1: too many configurations: 9, using maximum allowed: 8
[  803.799929][  T803] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  803.838935][  T803] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  803.867449][  T803] usb 1-1: config 0 interface 0 has no altsetting 0
[  803.897921][  T803] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  803.966283][  T803] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  804.020044][T12018] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1536'.
[  804.023360][  T803] usb 1-1: config 0 interface 0 has no altsetting 0
[  804.101731][  T803] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  804.141352][  T803] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  804.187879][  T803] usb 1-1: config 0 interface 0 has no altsetting 0
[  804.249987][  T803] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  804.279922][  T803] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  804.342802][  T803] usb 1-1: config 0 interface 0 has no altsetting 0
[  804.419247][  T803] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  804.487465][  T803] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  804.549637][  T803] usb 1-1: config 0 interface 0 has no altsetting 0
[  804.607659][  T803] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  804.660132][  T803] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  804.727346][  T803] usb 1-1: config 0 interface 0 has no altsetting 0
[  804.758645][  T803] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  804.800262][  T803] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  804.868769][  T803] usb 1-1: config 0 interface 0 has no altsetting 0
[  804.913703][  T803] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9
[  804.955694][  T803] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  805.006407][  T803] usb 1-1: config 0 interface 0 has no altsetting 0
[  805.040162][  T803] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  805.072051][  T803] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  805.091103][  T803] usb 1-1: Product: syz
[  805.138570][  T803] usb 1-1: Manufacturer: syz
[  805.158542][  T803] usb 1-1: SerialNumber: syz
[  805.209015][  T803] usb 1-1: config 0 descriptor??
[  805.309727][  T803] yurex 1-1:0.0: USB YUREX device now attached to Yurex #0
[  805.498069][ T5928] usb 6-1: USB disconnect, device number 15
[  805.832445][    C0] usb 1-1: yurex_control_callback - control failed: -71
[  805.839637][ T5895] usb 1-1: USB disconnect, device number 36
[  805.848559][T12043] yurex 1-1:0.0: yurex_write - failed to send bulk msg, error -19
[  805.875511][ T5895] yurex 1-1:0.0: USB YUREX #0 now disconnected
[  806.031249][ T5928] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  806.177567][ T5928] usb 6-1: device descriptor read/64, error -71
[  806.617084][T12052] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1548'.
[  806.667849][T12052] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1548'.
[  806.707993][T12052] bridge0: port 2(bridge_slave_1) entered blocking state
[  806.715470][T12052] bridge0: port 2(bridge_slave_1) entered forwarding state
[  806.723512][T12052] bridge0: port 1(bridge_slave_0) entered blocking state
[  806.730924][T12052] bridge0: port 1(bridge_slave_0) entered forwarding state
[  806.743350][T12050] loop2: detected capacity change from 0 to 40427
[  806.753008][ T5928] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  806.767749][T12052] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1548'.
[  806.784725][T12050] F2FS-fs (loop2): invalid crc value
[  806.825656][ T5923] usb 2-1: new high-speed USB device number 37 using dummy_hcd
[  806.903926][T12050] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  806.914228][T12050] F2FS-fs (loop2): Start checkpoint disabled!
[  806.922649][T12050] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  806.932073][T12050] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  806.951042][ T5928] usb 6-1: device descriptor read/64, error -71
[  806.974498][T12050] syz.2.1547: attempt to access beyond end of device
[  806.974498][T12050] loop2: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  806.988619][T12050] syz.2.1547: attempt to access beyond end of device
[  806.988619][T12050] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  807.002939][T12050] syz.2.1547: attempt to access beyond end of device
[  807.002939][T12050] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  807.017278][T12050] syz.2.1547: attempt to access beyond end of device
[  807.017278][T12050] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  807.032040][T12050] syz.2.1547: attempt to access beyond end of device
[  807.032040][T12050] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  807.046791][T12050] syz.2.1547: attempt to access beyond end of device
[  807.046791][T12050] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  807.061899][T12050] syz.2.1547: attempt to access beyond end of device
[  807.061899][T12050] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  807.076767][T12050] syz.2.1547: attempt to access beyond end of device
[  807.076767][T12050] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  807.091191][T12050] syz.2.1547: attempt to access beyond end of device
[  807.091191][T12050] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  807.105642][T12050] syz.2.1547: attempt to access beyond end of device
[  807.105642][T12050] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  807.168295][   T30] audit: type=1800 audit(1773533017.701:222): pid=12050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1547" name="bus" dev="loop2" ino=10 res=0 errno=0
[  807.251612][ T5923] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  807.283386][ T5928] usb usb6-port1: attempt power cycle
[  807.293939][ T5923] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  807.305613][ T5923] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  807.342629][ T5923] usb 2-1: config 0 interface 0 has no altsetting 0
[  807.352235][T11440] CPU: 1 UID: 0 PID: 11440 Comm: kworker/u8:12 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  807.352270][T11440] Tainted: [L]=SOFTLOCKUP
[  807.352278][T11440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  807.352292][T11440] Workqueue: writeback wb_workfn (flush-7:2)
[  807.352324][T11440] Call Trace:
[  807.352333][T11440]  <TASK>
[  807.352343][T11440]  dump_stack_lvl+0xe8/0x150
[  807.352377][T11440]  f2fs_handle_critical_error+0x37c/0x540
[  807.352411][T11440]  f2fs_write_end_io+0x1274/0x1740
[  807.352464][T11440]  __submit_merged_bio+0x256/0x700
[  807.352500][T11440]  __submit_merged_write_cond+0x3c9/0x4e0
[  807.352536][T11440]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  807.352586][T11440]  f2fs_write_data_pages+0x287e/0x34f0
[  807.352653][T11440]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  807.352709][T11440]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  807.352770][T11440]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  807.352823][T11440]  ? __lock_acquire+0x6b5/0x2cf0
[  807.352866][T11440]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  807.352891][T11440]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  807.352918][T11440]  do_writepages+0x32e/0x550
[  807.352952][T11440]  ? reacquire_held_locks+0x104/0x190
[  807.352975][T11440]  ? writeback_sb_inodes+0x477/0x1a20
[  807.353005][T11440]  __writeback_single_inode+0x133/0x11a0
[  807.353033][T11440]  ? do_raw_spin_unlock+0xf5/0x210
[  807.353063][T11440]  writeback_sb_inodes+0x992/0x1a20
[  807.353119][T11440]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  807.353144][T11440]  ? do_raw_spin_lock+0x12b/0x2f0
[  807.353215][T11440]  ? rcu_is_watching+0x15/0xb0
[  807.353247][T11440]  wb_writeback+0x456/0xb70
[  807.353277][T11440]  ? queue_io+0x1e1/0x4a0
[  807.353310][T11440]  ? __pfx_wb_writeback+0x10/0x10
[  807.353332][T11440]  ? do_raw_spin_lock+0x12b/0x2f0
[  807.353376][T11440]  wb_workfn+0x414/0xf50
[  807.353399][T11440]  ? look_up_lock_class+0x57/0x110
[  807.353437][T11440]  ? __pfx_wb_workfn+0x10/0x10
[  807.353464][T11440]  ? do_raw_spin_lock+0x12b/0x2f0
[  807.353493][T11440]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  807.353543][T11440]  ? process_one_work+0x8bb/0x1780
[  807.353574][T11440]  process_one_work+0x9ab/0x1780
[  807.353629][T11440]  ? __pfx_process_one_work+0x10/0x10
[  807.353667][T11440]  ? do_raw_spin_lock+0x12b/0x2f0
[  807.353709][T11440]  worker_thread+0xb49/0x1140
[  807.353741][T11440]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  807.353781][T11440]  kthread+0x388/0x470
[  807.353808][T11440]  ? __pfx_worker_thread+0x10/0x10
[  807.353827][T11440]  ? __pfx_kthread+0x10/0x10
[  807.353856][T11440]  ret_from_fork+0x51e/0xb90
[  807.353887][T11440]  ? __pfx_ret_from_fork+0x10/0x10
[  807.353913][T11440]  ? __switch_to+0xc7d/0x1450
[  807.353942][T11440]  ? __pfx_kthread+0x10/0x10
[  807.353967][T11440]  ret_from_fork_asm+0x1a/0x30
[  807.354007][T11440]  </TASK>
[  807.354042][T11440] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  807.361548][ T5923] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  807.434815][T12063] binder: 12060:12063 ioctl c0306201 0 returned -14
[  807.441278][ T5923] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  807.684096][ T5923] usb 2-1: config 0 interface 0 has no altsetting 0
[  807.694570][ T5923] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  807.702582][T12062] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1551'.
[  807.704161][ T5923] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  807.725417][ T5923] usb 2-1: config 0 interface 0 has no altsetting 0
[  807.736249][ T5923] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  807.745556][ T5928] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  807.754306][ T5923] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  807.771276][ T5923] usb 2-1: config 0 interface 0 has no altsetting 0
[  807.780387][ T5928] usb 6-1: device descriptor read/8, error -71
[  807.793685][ T5923] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  807.803401][ T5923] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  807.817346][ T5923] usb 2-1: config 0 interface 0 has no altsetting 0
[  807.836867][ T5923] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  807.846541][ T5923] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  807.858094][ T5923] usb 2-1: config 0 interface 0 has no altsetting 0
[  807.867418][ T5923] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  807.879852][ T5923] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  807.894738][ T5923] usb 2-1: config 0 interface 0 has no altsetting 0
[  807.906463][ T5923] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  807.916668][ T5923] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  807.928785][ T5923] usb 2-1: config 0 interface 0 has no altsetting 0
[  807.942666][ T5923] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  807.952738][ T5923] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  807.962902][ T5923] usb 2-1: Product: syz
[  807.967451][ T5923] usb 2-1: Manufacturer: syz
[  807.972871][ T5923] usb 2-1: SerialNumber: syz
[  807.986177][ T5923] usb 2-1: config 0 descriptor??
[  808.000373][ T5923] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[  808.023788][ T5928] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  808.059478][ T5928] usb 6-1: device descriptor read/8, error -71
[  808.071702][   T24] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  808.181497][ T5928] usb usb6-port1: unable to enumerate USB device
[  808.238616][   T24] usb 4-1: config index 0 descriptor too short (expected 23569, got 27)
[  808.261311][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  808.295917][   T24] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  808.312653][   T24] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  808.331299][   T24] usb 4-1: Manufacturer: syz
[  808.340972][   T24] usb 4-1: config 0 descriptor??
[  808.356124][   T24] igorplugusb 4-1:0.0: incorrect number of endpoints
[  808.437797][    C0] usb 2-1: yurex_control_callback - control failed: -71
[  808.447070][ T5928] usb 2-1: USB disconnect, device number 37
[  808.456774][ T5928] yurex 2-1:0.0: USB YUREX #0 now disconnected
[  808.511040][ T5923] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  808.686100][ T5923] usb 1-1: Using ep0 maxpacket: 32
[  808.741964][ T5923] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  808.756377][ T5923] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  808.766015][ T5923] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  808.776133][ T5923] usb 1-1: Product: syz
[  808.787578][ T5923] usb 1-1: Manufacturer: syz
[  808.792666][ T5923] usb 1-1: SerialNumber: syz
[  808.817749][ T5923] usb 1-1: config 0 descriptor??
[  808.827844][T12069] raw-gadget.3 gadget.0: fail, usb_ep_enable returned -22
[  808.946694][ T1307] ieee802154 phy0 wpan0: encryption failed: -22
[  808.954969][ T1307] ieee802154 phy1 wpan1: encryption failed: -22
[  809.293059][ T5923] usb 1-1: USB disconnect, device number 37
[  809.548765][T12088] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1560'.
[  809.584578][T12088] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1560'.
[  809.607708][T12088] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1560'.
[  810.002118][T12093] loop2: detected capacity change from 0 to 40427
[  810.046055][T12093] F2FS-fs (loop2): invalid crc value
[  810.136900][T12093] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  810.149590][T12093] F2FS-fs (loop2): Start checkpoint disabled!
[  810.157595][T12093] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  810.165746][T12093] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  810.207445][   T30] audit: type=1800 audit(1773533020.941:223): pid=12093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1562" name="bus" dev="loop2" ino=10 res=0 errno=0
[  810.479994][T12099] loop5: detected capacity change from 0 to 40427
[  810.545955][T12099] F2FS-fs (loop5): invalid crc value
[  810.597577][T12099] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  810.607015][T12099] F2FS-fs (loop5): Start checkpoint disabled!
[  810.614123][T12099] F2FS-fs (loop5): f2fs_disable_checkpoint() finish, err:0
[  810.639727][T12099] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  810.768601][   T30] audit: type=1800 audit(1773533021.481:224): pid=12103 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1564" name="bus" dev="loop5" ino=10 res=0 errno=0
[  811.180095][ T5928] usb 4-1: USB disconnect, device number 48
[  811.240317][ T5956] CPU: 0 UID: 0 PID: 5956 Comm: kworker/u8:10 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  811.240352][ T5956] Tainted: [L]=SOFTLOCKUP
[  811.240360][ T5956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  811.240374][ T5956] Workqueue: writeback wb_workfn (flush-7:2)
[  811.240408][ T5956] Call Trace:
[  811.240416][ T5956]  <TASK>
[  811.240425][ T5956]  dump_stack_lvl+0xe8/0x150
[  811.240459][ T5956]  f2fs_handle_critical_error+0x37c/0x540
[  811.240494][ T5956]  f2fs_write_end_io+0x1274/0x1740
[  811.240547][ T5956]  __submit_merged_bio+0x256/0x700
[  811.240582][ T5956]  __submit_merged_write_cond+0x3c9/0x4e0
[  811.240618][ T5956]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  811.240672][ T5956]  f2fs_write_data_pages+0x287e/0x34f0
[  811.240751][ T5956]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  811.240796][ T5956]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  811.240854][ T5956]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  811.240909][ T5956]  ? __lock_acquire+0x6b5/0x2cf0
[  811.240956][ T5956]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  811.240983][ T5956]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  811.241012][ T5956]  do_writepages+0x32e/0x550
[  811.241046][ T5956]  ? reacquire_held_locks+0x104/0x190
[  811.241069][ T5956]  ? writeback_sb_inodes+0x477/0x1a20
[  811.241103][ T5956]  __writeback_single_inode+0x133/0x11a0
[  811.241132][ T5956]  ? do_raw_spin_unlock+0xf5/0x210
[  811.241163][ T5956]  writeback_sb_inodes+0x992/0x1a20
[  811.241212][ T5956]  ? __lock_acquire+0x6b5/0x2cf0
[  811.241249][ T5956]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  811.241273][ T5956]  ? do_raw_spin_lock+0x12b/0x2f0
[  811.241344][ T5956]  ? rcu_is_watching+0x15/0xb0
[  811.241377][ T5956]  wb_writeback+0x456/0xb70
[  811.241406][ T5956]  ? queue_io+0x1e1/0x4a0
[  811.241441][ T5956]  ? __pfx_wb_writeback+0x10/0x10
[  811.241464][ T5956]  ? do_raw_spin_lock+0x12b/0x2f0
[  811.241508][ T5956]  wb_workfn+0x414/0xf50
[  811.241533][ T5956]  ? look_up_lock_class+0x57/0x110
[  811.241571][ T5956]  ? __pfx_wb_workfn+0x10/0x10
[  811.241599][ T5956]  ? do_raw_spin_lock+0x12b/0x2f0
[  811.241629][ T5956]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  811.241680][ T5956]  ? process_one_work+0x8bb/0x1780
[  811.241710][ T5956]  process_one_work+0x9ab/0x1780
[  811.241776][ T5956]  ? __pfx_process_one_work+0x10/0x10
[  811.241801][ T5956]  ? do_raw_spin_lock+0x12b/0x2f0
[  811.241841][ T5956]  worker_thread+0xb49/0x1140
[  811.241869][ T5956]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  811.241908][ T5956]  kthread+0x388/0x470
[  811.241932][ T5956]  ? __pfx_worker_thread+0x10/0x10
[  811.241948][ T5956]  ? __pfx_kthread+0x10/0x10
[  811.241972][ T5956]  ret_from_fork+0x51e/0xb90
[  811.242003][ T5956]  ? __pfx_ret_from_fork+0x10/0x10
[  811.242032][ T5956]  ? __switch_to+0xc7d/0x1450
[  811.242060][ T5956]  ? __pfx_kthread+0x10/0x10
[  811.242084][ T5956]  ret_from_fork_asm+0x1a/0x30
[  811.242123][ T5956]  </TASK>
[  811.575265][ T5956] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  811.622549][T11439] CPU: 1 UID: 0 PID: 11439 Comm: kworker/u8:5 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  811.622585][T11439] Tainted: [L]=SOFTLOCKUP
[  811.622590][T11439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  811.622599][T11439] Workqueue: writeback wb_workfn (flush-7:5)
[  811.622623][T11439] Call Trace:
[  811.622629][T11439]  <TASK>
[  811.622635][T11439]  dump_stack_lvl+0xe8/0x150
[  811.622656][T11439]  f2fs_handle_critical_error+0x37c/0x540
[  811.622677][T11439]  f2fs_write_end_io+0x1274/0x1740
[  811.622714][T11439]  __submit_merged_bio+0x256/0x700
[  811.622734][T11439]  __submit_merged_write_cond+0x3c9/0x4e0
[  811.622755][T11439]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  811.622784][T11439]  f2fs_write_data_pages+0x287e/0x34f0
[  811.622829][T11439]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  811.622854][T11439]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  811.622892][T11439]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  811.622922][T11439]  ? __lock_acquire+0x6b5/0x2cf0
[  811.622949][T11439]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  811.622964][T11439]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  811.622983][T11439]  do_writepages+0x32e/0x550
[  811.623003][T11439]  ? reacquire_held_locks+0x104/0x190
[  811.623016][T11439]  ? writeback_sb_inodes+0x477/0x1a20
[  811.623036][T11439]  __writeback_single_inode+0x133/0x11a0
[  811.623053][T11439]  ? do_raw_spin_unlock+0xf5/0x210
[  811.623072][T11439]  writeback_sb_inodes+0x992/0x1a20
[  811.623100][T11439]  ? __lock_acquire+0x6b5/0x2cf0
[  811.623121][T11439]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  811.623136][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  811.623175][T11439]  ? rcu_is_watching+0x15/0xb0
[  811.623194][T11439]  wb_writeback+0x456/0xb70
[  811.623212][T11439]  ? queue_io+0x1e1/0x4a0
[  811.623232][T11439]  ? __pfx_wb_writeback+0x10/0x10
[  811.623246][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  811.623271][T11439]  wb_workfn+0x414/0xf50
[  811.623286][T11439]  ? look_up_lock_class+0x57/0x110
[  811.623309][T11439]  ? __pfx_wb_workfn+0x10/0x10
[  811.623324][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  811.623341][T11439]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  811.623369][T11439]  ? process_one_work+0x8bb/0x1780
[  811.623387][T11439]  process_one_work+0x9ab/0x1780
[  811.623418][T11439]  ? __pfx_process_one_work+0x10/0x10
[  811.623435][T11439]  ? do_raw_spin_lock+0x12b/0x2f0
[  811.623461][T11439]  worker_thread+0xb49/0x1140
[  811.623478][T11439]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  811.623500][T11439]  kthread+0x388/0x470
[  811.623516][T11439]  ? __pfx_worker_thread+0x10/0x10
[  811.623527][T11439]  ? __pfx_kthread+0x10/0x10
[  811.623542][T11439]  ret_from_fork+0x51e/0xb90
[  811.623562][T11439]  ? __pfx_ret_from_fork+0x10/0x10
[  811.623579][T11439]  ? __switch_to+0xc7d/0x1450
[  811.623598][T11439]  ? __pfx_kthread+0x10/0x10
[  811.623614][T11439]  ret_from_fork_asm+0x1a/0x30
[  811.623637][T11439]  </TASK>
[  811.625963][T11439] F2FS-fs (loop5): Stopped filesystem due to reason: 3
[  811.861680][ T5928] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  812.161325][ T5928] usb 4-1: device descriptor read/64, error -71
[  812.401167][ T5928] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  812.530887][ T5928] usb 4-1: device descriptor read/64, error -71
[  812.651373][ T5928] usb usb4-port1: attempt power cycle
[  812.908158][T12127] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1574'.
[  812.949985][T12127] netlink: 76 bytes leftover after parsing attributes in process `syz.5.1574'.
[  813.006888][T12127] bridge0: port 2(bridge_slave_1) entered blocking state
[  813.014529][T12127] bridge0: port 2(bridge_slave_1) entered forwarding state
[  813.022412][T12127] bridge0: port 1(bridge_slave_0) entered blocking state
[  813.029864][T12127] bridge0: port 1(bridge_slave_0) entered forwarding state
[  813.044981][ T5928] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  813.093013][ T5928] usb 4-1: device descriptor read/8, error -71
[  813.109604][T12127] netlink: 60 bytes leftover after parsing attributes in process `syz.5.1574'.
[  813.350850][ T5928] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  813.390853][ T5895] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[  813.393375][ T5928] usb 4-1: device descriptor read/8, error -71
[  813.412874][T12136] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1576'.
[  813.535609][ T5928] usb usb4-port1: unable to enumerate USB device
[  813.546432][T12140] netlink: 840 bytes leftover after parsing attributes in process `syz.0.1578'.
[  813.559549][ T5895] usb 3-1: Using ep0 maxpacket: 32
[  813.568300][ T5895] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  813.588579][ T5895] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  813.616902][ T5895] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  813.639637][ T5895] usb 3-1: Product: syz
[  813.660486][ T5895] usb 3-1: Manufacturer: syz
[  813.677042][ T5895] usb 3-1: SerialNumber: syz
[  813.717362][ T5895] usb 3-1: config 0 descriptor??
[  813.739883][T12132] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  813.991783][T12144] loop1: detected capacity change from 0 to 40427
[  814.015220][T12144] F2FS-fs (loop1): invalid crc value
[  814.064750][T12144] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  814.076377][T12144] F2FS-fs (loop1): Start checkpoint disabled!
[  814.084466][T12144] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  814.093529][T12144] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  814.187358][   T30] audit: type=1800 audit(1773533024.921:225): pid=12148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1580" name="bus" dev="loop1" ino=10 res=0 errno=0
[  814.287806][T12148] bio_check_eod: 405 callbacks suppressed
[  814.287839][T12148] syz.1.1580: attempt to access beyond end of device
[  814.287839][T12148] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  814.315015][T12148] syz.1.1580: attempt to access beyond end of device
[  814.315015][T12148] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  814.338212][T12148] syz.1.1580: attempt to access beyond end of device
[  814.338212][T12148] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  814.364221][T12148] syz.1.1580: attempt to access beyond end of device
[  814.364221][T12148] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  814.384617][T12148] syz.1.1580: attempt to access beyond end of device
[  814.384617][T12148] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  814.416203][T12148] syz.1.1580: attempt to access beyond end of device
[  814.416203][T12148] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  814.433287][T12148] syz.1.1580: attempt to access beyond end of device
[  814.433287][T12148] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  814.452380][T12148] syz.1.1580: attempt to access beyond end of device
[  814.452380][T12148] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  814.470617][T12148] syz.1.1580: attempt to access beyond end of device
[  814.470617][T12148] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  814.491318][T12148] syz.1.1580: attempt to access beyond end of device
[  814.491318][T12148] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  814.633090][ T5895] usb 3-1: USB disconnect, device number 29
[  814.956324][ T3556] CPU: 0 UID: 0 PID: 3556 Comm: kworker/u8:8 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  814.956362][ T3556] Tainted: [L]=SOFTLOCKUP
[  814.956370][ T3556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  814.956383][ T3556] Workqueue: writeback wb_workfn (flush-7:1)
[  814.956418][ T3556] Call Trace:
[  814.956427][ T3556]  <TASK>
[  814.956447][ T3556]  dump_stack_lvl+0xe8/0x150
[  814.956483][ T3556]  f2fs_handle_critical_error+0x37c/0x540
[  814.956520][ T3556]  f2fs_write_end_io+0x1274/0x1740
[  814.956575][ T3556]  __submit_merged_bio+0x256/0x700
[  814.956611][ T3556]  __submit_merged_write_cond+0x3c9/0x4e0
[  814.956647][ T3556]  ? __pfx___submit_merged_write_cond+0x10/0x10
[  814.956699][ T3556]  f2fs_write_data_pages+0x287e/0x34f0
[  814.956729][ T3556]  ? __lock_acquire+0x6b5/0x2cf0
[  814.956800][ T3556]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  814.956847][ T3556]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  814.956907][ T3556]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  814.956962][ T3556]  ? __lock_acquire+0x6b5/0x2cf0
[  814.957009][ T3556]  ? __pfx_f2fs_inode_chksum_set+0x10/0x10
[  814.957036][ T3556]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  814.957069][ T3556]  do_writepages+0x32e/0x550
[  814.957103][ T3556]  ? reacquire_held_locks+0x104/0x190
[  814.957126][ T3556]  ? writeback_sb_inodes+0x477/0x1a20
[  814.957161][ T3556]  __writeback_single_inode+0x133/0x11a0
[  814.957190][ T3556]  ? do_raw_spin_unlock+0xf5/0x210
[  814.957222][ T3556]  writeback_sb_inodes+0x992/0x1a20
[  814.957273][ T3556]  ? __lock_acquire+0x6b5/0x2cf0
[  814.957310][ T3556]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  814.957335][ T3556]  ? do_raw_spin_lock+0x12b/0x2f0
[  814.957407][ T3556]  ? rcu_is_watching+0x15/0xb0
[  814.957448][ T3556]  wb_writeback+0x456/0xb70
[  814.957480][ T3556]  ? queue_io+0x1e1/0x4a0
[  814.957516][ T3556]  ? __pfx_wb_writeback+0x10/0x10
[  814.957541][ T3556]  ? do_raw_spin_lock+0x12b/0x2f0
[  814.957587][ T3556]  wb_workfn+0x414/0xf50
[  814.957612][ T3556]  ? look_up_lock_class+0x57/0x110
[  814.957659][ T3556]  ? __pfx_wb_workfn+0x10/0x10
[  814.957687][ T3556]  ? do_raw_spin_lock+0x12b/0x2f0
[  814.957716][ T3556]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  814.957767][ T3556]  ? process_one_work+0x8bb/0x1780
[  814.957799][ T3556]  process_one_work+0x9ab/0x1780
[  814.957856][ T3556]  ? __pfx_process_one_work+0x10/0x10
[  814.957884][ T3556]  ? do_raw_spin_lock+0x12b/0x2f0
[  814.957931][ T3556]  worker_thread+0xb49/0x1140
[  814.957963][ T3556]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  814.958003][ T3556]  kthread+0x388/0x470
[  814.958026][ T3556]  ? __pfx_worker_thread+0x10/0x10
[  814.958044][ T3556]  ? __pfx_kthread+0x10/0x10
[  814.958069][ T3556]  ret_from_fork+0x51e/0xb90
[  814.958095][ T3556]  ? __pfx_ret_from_fork+0x10/0x10
[  814.958117][ T3556]  ? __switch_to+0xc7d/0x1450
[  814.958141][ T3556]  ? __pfx_kthread+0x10/0x10
[  814.958161][ T3556]  ret_from_fork_asm+0x1a/0x30
[  814.958191][ T3556]  </TASK>
[  815.270314][ T3556] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  817.451075][T12211] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1605'.
[  817.481779][T12211] netlink: 2 bytes leftover after parsing attributes in process `syz.2.1605'.
[  818.282381][T12225] node ffff888056bca940 offset 0 parent ffff888056bcb9c0 shift 0 count 64 values 0 array ffff8880617246c0 list ffff888056bca958 ffff888056bca958 marks 0 0 0
[  818.362057][T12225] ------------[ cut here ]------------
[  818.367641][T12225] kernel BUG at ./include/linux/xarray.h:1441!
[  818.409360][T12225] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
[  818.415845][T12225] CPU: 0 UID: 0 PID: 12225 Comm: syz.3.1604 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  818.426890][T12225] Tainted: [L]=SOFTLOCKUP
[  818.431219][T12225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  818.441627][T12225] RIP: 0010:hpage_collapse_scan_file+0x4f98/0x5230
[  818.448313][T12225] Code: ff 4c 89 e7 48 c7 c6 80 b1 dc 8b e8 82 df f1 fe 90 0f 0b 48 85 db 0f 84 03 01 00 00 e8 01 62 90 ff 48 89 df e8 69 5d 7b 09 90 <0f> 0b e8 f1 61 90 ff 48 89 df 48 c7 c6 80 b1 dc 8b e8 52 df f1 fe
[  818.468619][T12225] RSP: 0018:ffffc9001b257120 EFLAGS: 00010246
[  818.474788][T12225] RAX: 0000000000000000 RBX: ffff888056bca940 RCX: 0768c60fc2289f00
[  818.482767][T12225] RDX: ffffc9000d8d1000 RSI: 0000000000007532 RDI: 0000000000007533
[  818.490742][T12225] RBP: ffffc9001b257428 R08: ffffc9001b256ea7 R09: 1ffff9200364add4
[  818.498893][T12225] R10: dffffc0000000000 R11: fffff5200364add5 R12: ffffea00004842b0
[  818.507071][T12225] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9001b257310
[  818.515335][T12225] FS:  00007f0ee49d56c0(0000) GS:ffff888125436000(0000) knlGS:0000000000000000
[  818.524270][T12225] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  818.530945][T12225] CR2: 00007f4ca75578b0 CR3: 0000000032b0c000 CR4: 00000000003526f0
[  818.539138][T12225] Call Trace:
[  818.542538][T12225]  <TASK>
[  818.545740][T12225]  ? hpage_collapse_scan_file+0x1c1/0x5230
[  818.551828][T12225]  ? __pfx_hpage_collapse_scan_file+0x10/0x10
[  818.557987][T12225]  ? __flush_work+0xab9/0xc50
[  818.563374][T12225]  ? __flush_work+0x100/0xc50
[  818.568240][T12225]  ? __up_read+0x291/0x6b0
[  818.572828][T12225]  ? __pfx___up_read+0x10/0x10
[  818.577693][T12225]  ? madvise_collapse+0x41e/0xb80
[  818.582982][T12225]  madvise_collapse+0x451/0xb80
[  818.587838][T12225]  madvise_vma_behavior+0x1094/0x4460
[  818.593304][T12225]  ? __pfx_madvise_vma_behavior+0x10/0x10
[  818.599288][T12225]  ? __lock_acquire+0x6b5/0x2cf0
[  818.604243][T12225]  ? unwind_next_frame+0xa5/0x23c0
[  818.609481][T12225]  ? is_bpf_text_address+0x26/0x2b0
[  818.614876][T12225]  ? is_bpf_text_address+0x292/0x2b0
[  818.620173][T12225]  ? is_bpf_text_address+0x26/0x2b0
[  818.625639][T12225]  ? kernel_text_address+0xa5/0xe0
[  818.630770][T12225]  ? __kernel_text_address+0xd/0x30
[  818.636078][T12225]  ? unwind_get_return_address+0x4d/0x90
[  818.641713][T12225]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  818.647872][T12225]  ? arch_stack_walk+0xfb/0x150
[  818.652729][T12225]  ? mas_prev_slot+0xb7b/0xbf0
[  818.657681][T12225]  ? find_vma_prev+0x123/0x1b0
[  818.662561][T12225]  ? __pfx_find_vma_prev+0x10/0x10
[  818.668035][T12225]  ? file_ioctl+0x273/0x860
[  818.672653][T12225]  madvise_walk_vmas+0x573/0xae0
[  818.677691][T12225]  ? __pfx_madvise_walk_vmas+0x10/0x10
[  818.683242][T12225]  ? blk_start_plug+0x6e/0x1b0
[  818.688195][T12225]  madvise_do_behavior+0x386/0x540
[  818.693609][T12225]  ? __pfx_madvise_do_behavior+0x10/0x10
[  818.699605][T12225]  ? down_read+0x270/0x2e0
[  818.704029][T12225]  ? madvise_lock+0x146/0x2e0
[  818.708712][T12225]  do_madvise+0x1fa/0x2e0
[  818.713132][T12225]  ? __pfx_do_madvise+0x10/0x10
[  818.718084][T12225]  ? rcu_is_watching+0x15/0xb0
[  818.723034][T12225]  ? __pfx_kcov_ioctl+0x10/0x10
[  818.728066][T12225]  __x64_sys_madvise+0xa6/0xc0
[  818.733010][T12225]  do_syscall_64+0x14d/0xf80
[  818.737778][T12225]  ? trace_irq_disable+0x3b/0x150
[  818.742812][T12225]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.749144][T12225]  ? clear_bhb_loop+0x40/0x90
[  818.753930][T12225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  818.759832][T12225] RIP: 0033:0x7f0ee679c799
[  818.764276][T12225] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  818.784162][T12225] RSP: 002b:00007f0ee49d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c
[  818.792582][T12225] RAX: ffffffffffffffda RBX: 00007f0ee6a16090 RCX: 00007f0ee679c799
[  818.800689][T12225] RDX: 0000000000000019 RSI: 0000000000600722 RDI: 0000200000000000
[  818.809377][T12225] RBP: 00007f0ee6832c99 R08: 0000000000000000 R09: 0000000000000000
[  818.817349][T12225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  818.825335][T12225] R13: 00007f0ee6a16128 R14: 00007f0ee6a16090 R15: 00007ffdd03f15d8
[  818.833751][T12225]  </TASK>
[  818.836771][T12225] Modules linked in:
[  818.841590][T12225] ---[ end trace 0000000000000000 ]---
[  818.888244][T12231] 9p: Bad value for 'source'
[  818.997961][T12225] RIP: 0010:hpage_collapse_scan_file+0x4f98/0x5230
[  819.004899][T12225] Code: ff 4c 89 e7 48 c7 c6 80 b1 dc 8b e8 82 df f1 fe 90 0f 0b 48 85 db 0f 84 03 01 00 00 e8 01 62 90 ff 48 89 df e8 69 5d 7b 09 90 <0f> 0b e8 f1 61 90 ff 48 89 df 48 c7 c6 80 b1 dc 8b e8 52 df f1 fe
[  819.025085][T12225] RSP: 0018:ffffc9001b257120 EFLAGS: 00010246
[  819.033022][T12225] RAX: 0000000000000000 RBX: ffff888056bca940 RCX: 0768c60fc2289f00
[  819.050350][T12225] RDX: ffffc9000d8d1000 RSI: 0000000000007532 RDI: 0000000000007533
[  819.061451][T12225] RBP: ffffc9001b257428 R08: ffffc9001b256ea7 R09: 1ffff9200364add4
[  819.070231][T12225] R10: dffffc0000000000 R11: fffff5200364add5 R12: ffffea00004842b0
[  819.079117][T12225] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffc9001b257310
[  819.090910][T12225] FS:  00007f0ee49d56c0(0000) GS:ffff888125436000(0000) knlGS:0000000000000000
[  819.100275][T12225] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  819.108328][T12225] CR2: 0000200000000081 CR3: 0000000032b0c000 CR4: 00000000003526f0
[  819.116683][T12225] Kernel panic - not syncing: Fatal exception
[  819.125749][T12225] Kernel Offset: disabled
[  819.130338][T12225] Rebooting in 86400 seconds..