last executing test programs:

9.099368096s ago: executing program 2 (id=455):
syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000040)='./bus\x00', 0x2208012, &(0x7f0000003780)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c8426803000000005c000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd97014048fa1a7315dc3b3849b7a7aa6f98f3232f4f82fa77dfb468135f982fe29edfb571f796aa720b5026ea605b33e0cad6e7b0d", @ANYRES32], 0x1, 0x553b, &(0x7f0000010140)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aLX3bWVvUEZKyDHHQAFpghJIC2mAGsgtJUQQYY+QHIEUiXGsoO+TPM7Y0W9mgMsbSwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJztZ4/3v97uDRnt79MntUAAAAAp2yr9bz+Y9r0f6Trv9KlP6lfREQZEadq90GMWpmDlFOd+f/q3RyeIuqEwxjjdHyPiP/peP3d9acAAAAA12uzXM2aar1ppn1PiM/UbNqUP28y5RURUU1fMqWVh+ZvprD69z2Mu0xp9QbWJFNYs+U2PH1vlGuQtkHrlFYyWdRfYt0ruxkXAADoU7sSOFOFAAAAcAVu+54A/SiOzfE547g5pQeC31o9AAAA4Asq+p4AAAAA0Lm6/vf+PwAAALhuzfv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK2Ws83y9Xs3P3FB3N2+8vkWxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv7844CIRAGYbB3fWcy9z+sNGhobFIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPSwqEQBBEwZzxv5O+/2ElQc8gQgQ0PKqoRQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzcP28cRRQA8Hd7t5c/gDAGuTCgIFFAQ+xLSEgJBcii4CMgWc45GC4EEhckskBuoEKu0yAoEUICmS7fIXUspQldChdGogbt3u5lkxhyiszuEv9+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafedeCkp4m52mBnH5Wu39jZWsn7ngT5zY+v2fNayuPOoib55++CTb7eXqycn5ionX9WfDAAAAIdDt6zvI+JOur2U9clMXv+n5TVZzf/9M+O4rOcfrPt39jaOFl+aL+v/3369+8JkopnxPNmgq2uj4eLDqfT+oyW23rOPvKKX3/n8dy/d/A1J3t98fjfN72fn25s33+3n4ZE6sgUAHsfJsi+C8uehrB80mRgAh0avUniX9X93ptmcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuxlPlXEnIuZ79+LMzt7Gyn79ja3b82U7e/36VnXMbIg0IlbXRsO0xrW03ZWr1z5ZHo2Gl+sPTkREc7MXwYdTXBPx79cUH89obhX/HHTakUajQVK8P23J5yCD8rN38CM39A0JAIAnVlq0rK6/k24vZa91ZiP++uH++v+1ShxT1v93Pzp7qzpXtf4f1LbC9ltYv/jZwpWr195Yu7h8YXhh+OmbpwZvDU6fO3Pm3EJ2rxYXViMZLjadJgAAAP9j/aJV6/9k9uH9/+OVOKas/z//bvBlda6u+n9f9zb9ms4EAADgMOpPoude+fOPzj5XdPr9+GJ5ff3yYHycnJ8aH2tN9zEdKVq1/u/ONp0VAAAAUIfdzc59+//nK3FMuf//9I8v/lwdsxsRxyIuRcTw5Mql0fn6ltNqdfyhcj5Rv+mVAgAA0JRjRavu/6f58//J5JGHJCJef3Ucl//rapr6v/ve1z9V56o+/3+6viW2UjI3vh95PxfRm2s6IwAAAJ5kR4uWFfu/p9tLH/9y/IO+5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6vZ3AAAA//+pzDYD")
r0 = socket(0xa, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r1=>0x0}, &(0x7f0000cab000)=0xa)
setresuid(0xee01, r1, 0x0)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0xc0185879, 0x0)

7.606966775s ago: executing program 2 (id=472):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x4006, &(0x7f0000000240)={[{@noauto_da_alloc}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@block_validity}, {@quota}]}, 0x1, 0x438, &(0x7f0000001040)="$eJzs28tvG0UYAPBv7SR9k1CVRx9AoCAiHkmTltIDFxBIHEBCgkM5hiStQt0GNUGiVQQBoXJElbgjjkj8BZzggoATEle4o0oVyqWFk9Hau4nt2G6SOnGofz9pk5ndcWY+7449s5MNoGcNpz+SiP0R8UdEDFaz9QWGq79uLy9O/bO8OJVEufz230ml3K3lxam8aP66fXmmL6LweRJHm9Q7f+XqhclSaeZylh9buPjB2PyVq8/PXpw8P3N+5tLEmTOnTo6/eHrihY7EmcZ168jHc8cOv/7u9Tenzl5/75fvkjz+hjg6ZLjdwafK5Q5X110HatJJXxcbwoYUq900+iv9fzCKsXryBuO1z7raOGBLlcvl8oOtDy+VgXtYEt1uAdAd+Rd9Ov/Nt20aeuwIN1+uToDSuG9nW/VIXxSyMv0N89tOGo6Is0v/fp1usTX3IQAA6vyQjn+eazb+K0TtfaH7sjWUoYi4PyIORsTpiDgUEQ9EVMo+FBEPb7D+xkWSteOfwo1NBbZO6fjvpWxtq378l4/+YqiY5Q5U4u9Pzs2WZk5k78lI9O9K8+Nt6vjx1d+/bHWsdvyXbmn9+Vgwa8eNvl31r5meXJi8m5hr3fw04khfs/iTlZWAJCIOR8SRTdYx+8y3x1odu3P8bXRgnan8TcTT1fO/FA3x55L265Nju6M0c2IsvyrW+vW3a2+1qv+u4u+A9PzvbXr9r8Q/lNSu185vvI5rf37Rck6z2et/IHmnbt9HkwsLl8cjBpI3qo2u3T/RUG5itXwa/8jxLP6B+v5/MFbfiaMRkV7Ej0TEoxHxWNb2xyPiiYg43ib+n1958v3Nxb+7zV/tjDT+6Q2d/9XEQDTuaZ4oXvjp+7pKh9Ybf2Tn/1QlNZLtWc/n33ratbmrGQAAAP5/ChGxP5LC6Eq6UBgdrf4P/6HYWyjNzS88e27uw0vT1WcEhqK/kN/pGqy5HzqeTevz/ERD/mR23/ir4p5KfnRqrjTd7eChx+1r0f9TfxW73Tpgy3leC3qX/g+9S/+H3qX/Q+9q0v/3dKMdwPZr9v3/SRfaAWy/hv5v2Q96iPk/9C79H3qX/g89aX5P3PkheQmJNYko7Ihm3IOJ2BHN6PYnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQGf8FwAA///05OWN")
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f00000005c0)={'#! ', './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', [], 0xa, "dc758726284c5b6ed1bc74eb3881a22b1f52311d2dcf89338a31769ad1ceec7358d85304949bce5b2bfd0100dc4595fc1867b20842e758aa16b199d854"}, 0x141)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x10012, r1, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x0, @desc3})

6.613551994s ago: executing program 0 (id=482):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000040)={{@my=0x1}, @host, 0x0, 0x0, 0x7})
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_QUEUEPAIR_SETVA(r0, 0x7a4, &(0x7f0000000180)={{@host}, 0x40})

6.494987246s ago: executing program 2 (id=483):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000200)={0x8000, 0x101, 0x4})
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f00000002c0)=[<r2=>0x0], 0x0, 0x0, 0xfffffd52, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR(r0, 0xc01c64a3, &(0x7f0000000280)={0x3, r2, 0x0, 0x0, 0xa, 0x1ff, 0x1})
ioctl$DRM_IOCTL_MODE_CURSOR2(r0, 0xc02464bb, &(0x7f0000000080)={0x2, r2, 0xbad, 0x20000000})

6.330420726s ago: executing program 0 (id=485):
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="82bbc622e572269b8c012d744d95ff414168ec5ff37ca0dc2a5b3634bd"], 0x14}}, 0x0)
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x0, &(0x7f0000005240), 0x1, 0x51b8, &(0x7f0000005280)="$eJzs3V+IVNcdB/Azu65uXepOoRQLQlcoLS0+LIVSi5RuS9X6sDJV+lBbdfuHQvFlFR8qfeiGBIPkIesKEvMQNwQiSUAXMcQQIasSDSGQByEo8cGEJWwwD0LyvISde8/szLnenXGjWaOfT9i9c+Z3zrlnhvsw343nTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAQwu3PawMz//vJSFl94vTFubnZ7T0TNw/1bT2//0YIlfrzlby+9/d/3PHvnXuHe+OAkT9lx2q1bMps6K2ssbLlyflxrT9/DyH0JBN058fNfU1jK+kJwoHihIvatmv3hd7J4Y2HD264NHn01FjxpTOvd7kXsFzy62pm4Voaqv/uSno02k2XXqXlEs3GpxfcN/IiAIB7MlirHxofR/OPuI32WFpP2kNJezxpx08I482NpcjmXVm2zoG0vkzrHMqiwqrSdSb1/P1vtGvp+KSdRI17WGdr1zzS9JatczSpL9c6AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4me87N/Pf2u1dOltUnTl+cm5vd3jNx81Df1vP7b4RQrT9fycqV6yfXHfvVP7cMvHl8+GeD//rDju58XDyuaOocrscHv+4P4R9NlZk47WdrQqi1FurNcKJY+E/9wbZYAAAA4FHyw/rvrkY7i4M9Le1KPU1W6v9FeVjctftC7+TwxsMHN1yaPHpqbOnz1UrmG7rrfI12deGn0hSMY/xN51uox64HCvMsLp0xzfNXLm+8uOXqnqNl4wv5v7p4/o/vnPwPAADA1yH/p/Msrl3+f/XIE7MDT539adn4Qv4faDllIf/HFcf83xWWlv8BAADgYfag8/9QYZ7Ftcv/f91z4ncfbukdKhtfyP+DneX/Fc3Ljk++Hxe8rz+EwXZLBwAAAErE/+++8KeFmNeziJ/m9TMvH5u+9vFvNpXNV8j/Q53l/577/soAAACApfr57ls/ePHt786W1Qv5v9ZZ/l/1wFcOAAAAdGr9mc1vVV+oPFdWL+T/kc7y/+r8mO98yAZdif8K4Vh/CL3zD0azwtUw/ttGAQAAALhPYk7//7NX33m6+8/fKetXyP+ji9//P97pIO7/b7n/X2H/f1Mhu+vfJjcGAAAA4HFU3M8fb4+ffXNB2ffvd7r//5N1517/5bXp58vOX8j/Y53l/+7m4/38/j8AAABYgm/b9//9pTDP4trd///T77/23pdzP7pcNr6Q/8c7y//x2Nf88qbj+/Nkfwhr5x/kdxN8JZ5uX1KY6mkqZG98MmJnHJEXplY1FepGkxG/6A9h/fyDsaTwvVgYTwp31uSFyaTwQSzk10OjcDopTMcr7fiafLlp4Y1YyDdYTMUdFH2NLRHJiC/KRswX7jrio8bJAQAAHisxPOdZtqe1GdIoO1Vp12F1uw5d7Tp0t+uwIumQdix7Poy0FuLzf3vp7Ooj1Us/DiUK+X+ys/wf34qV2aFs/3+I+//zLyBs7P8fiYVqUpiKhVp6x4BaPEcWdp+J56jW8hF31jYKAAAA8EiLfxfoXuZ1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFfs3X+QXVV9APCzP96+7GazWcRBVAZWqGDqsNkkpojSMdgo1h+4KK1jHWtCsuCaxQQSOoShnQWs/cHYUkDaaa2Eto7CWJrBKZDWlkgbbAc6Bdo6QNTRIiN2qg5Di7UgdN7ee97ed+7evJdkN2Tp5/PHvvPe9/y878e+c+995wIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8/HHfHvtoHf/Dw+6vi19/+leeff/Lc2vVf37n0nLsveTSE8ZnHu7Jw1yM3n3DDGZvePrLnpvesGNu8/n19ebk8HpY2/nTndz4Ra/3OshDu6gqhNw2cPpgFavn9wVjfCYMhHBNmA80SEwNZibThsK8/hF1hNtCsak9/CIOFwPkP33vPpxqJG/tDeG0IoZ628Y161kZ/Gji1LwsMpIGtvVngRy9kmoG7u7MAHLb4Zmi+6HePt2YYnrtcxeuvNm8de3Glw+uJieHqfN8/e4E7VdCXPjB+WE9bqToWROntsde7bRG820rb+TpPW/GLVP4N5YXZUD10b564cONlUzviI91hdLSnqqYFep4fferKTQeTXjSvw9iB4Xl5He578KH+49a+e89ta+9cv+f+xx463G4+UtikxfRCq4f8Nbdonsdonc+TRfD2K31LGvGlK4Rw12umT/mlC558Y1W8NP8fPvD8P76c4213S+5Y67ND2dw8PjIYEz8cyubmAAAAsGgshr2m+//w6eEPvPd3bq+qrzT/H+ns+H885J9P5rPR7g1h3UzimuUhHD/zeBa4NTZ3wfIQXjOTGm8NnJ0E9obwypnEimZVSYklscRIEvjuUB5YlwTui4HxJPC5GLguCXwiBnYngU0xsDcJvDUGwmTrOH56KB9Hx4H+GNiQbcTd8SyEp4dia8m22t+sCgAAYJ7ks8Na693CuQ6HmyFOL3f3t8sQz8CuzFBPakhnsM1pVWUNve1q6G5XQ3Pc0wcefqnmrnY1l07D6GrN0PPmdfse3/b460KF0vx/7MDz//ocHekqHf8P4byZvzF3dx6ZasY3jLdkAAAAAA7Dg3//2T//1zPfeUNVvDT/X9fZ+f9xn0hPIXN4IO6G2LI8hLHWQFbtm8uB7Kj30jwAAAAAi0HzeHzzWPhkfpudop3Op8v5xw8yfzzwv27O/J8597tf/tnPvuGcqv6W5v/jnZ3/P9B6m3XivtiLG5aHsKQQ+GrsZSMwYyQGvvWW1kA+/vviBrg2VpWfmNCs6tpYYkMMjCWBXVUlHmyWOL41kD9ZzcavaY5jMi9RCAAAAMARF3cHxOPy8fz/tZ/75avXPPLEB6vKleb/Gw7u/P+ZeXDp9P6ppSGs7A2hJ/1hwAMD2cKAMTDYlSf+ZiCrqyet6qqBEM5qDCyt6tv5+v+96RqDD/dnVcXA8Sd/4alTG4k/7Q9hZTHwtQ/dsraR2JEEmo3/Qn8IJzVGmzb+l0uyxmtp47+/JIQTC4FmVRcsCaHRWF9a1b31/DoGaVV/UQ/h2EKgWdXP1EPYGQBYpOK/0s3FB7fvvGLLxqmpiUsXMBH34feHCyenJkY3bZ3aXK/o0+akzy3LGF1VHlN3h2Pfny9R9NzbTh7uJN38neBYsS/5fvzSiYP5/fhdqDYzztW1lrtr0iG/7pRyE+mQ5hpypz9hPNQhDxQrmX0SK/vRF5aGJZdtn7h09PKNO3Zcuir722n21dnfeJgp21ar0m01MFffOnh5VK6WlTjUbXVasZKVOy7etnL7zitOn7x440UTF018fNWasbE3rl51xplrVzZGNZb9bTPU0+aqOhnqC7d0OK55HOqreguVHIlPDQkJicWWWHHnm37xi//x+ElVHz+l+f+2A8//46dO/OTP12eoOv4/HA/zZ4/PHubfEAO7Oj3+P1x1NL95YsBIEpiOgWmH+QEAAHhpiLsj497MuNf6ye9dcd2xt5z09apypfn/dGe//5+n9f+bS9e/s2qZ/xWxxFjV+v/pMv/N9f+nq9b/T5f5b67/v+tFWP//smYg2SRPW/8fAAB4KThy6/+3Xd4/vUBAKUPb5f3TCwSUMrRdxr/TCwQc9Pr/T/xg65LjX3brhlChNP+/rrP5v4X7AQAA4Ojx6Qc27zrtJz+pPCpcmv/v6mz+f+TX/wtV5/+PVAXGqxYGtP4fAAAAi1TV+n8fe/2WZZP/NnZBVbnS/H93Z/P/eNpFd0vuWOuzQ9madiFd0+6HQ82fDAAAAMDi0B1GR2sd5m1ZGfXsQ2/z0Xwp0AOli87a/Sc/33PldZUtlub/ezub/7f8LmPfgw/1H7f23XuevW3tnev33P/YQ7PH/wEAAICF0+l+CQAAAAAAAAAAAAAA4MW3/m8/+hsfvuezb6iKl37/H86bebzq9//xun/x9wUvb8kda22//l9+//x33b5zZsnCB4ZCOKUY2HL1lmNCfm3+04qBez684hWNxNVpiS9/861PNBIfSQPvOP1lzzQSZyWBDXGRxFemgXhVxWeWJYG4vOK/pIG4PXangb488FvLsnF0pdvqe4PZtupKt9VjgyEsLwSa2+quwayNrnSANyaB5gAvSQNxgOfmge60V7cvzXoVA4Ox6M1Ls14BAHDUit8Ca+HCyamJsfgVPt6+qrf1NmpZsuyqcrVdHTa/P1+a7Lm3nTzcSbon/S46e63xWqg3hrCq9HW1mKVrZpTzU0ubTffyiiG3W+2tu6Jc6mA3XV/1iPqzEY1u2jq1udZ24GvaZ1nd2zbLqtJkp5ile2aTdlBLB33pYEQdbpsOuhzvd4fR0Z4k15ticDi0aPeK6PT3+sV1/qpeBcU8oyf+6hXTE3c8WVVfaf4/3Nn8v14c1zP5xQCm45X1rlkeQuUlBwEAAIBDtP+vH1m99Y8++cX09jff9Sv/e9dPXflMVbnS/H+ks/l/3IOVHwrO9nbsjdf/b87/h7PArbG5C5aH8JqZ1HgskV1Q/52xxFgWuDXuMFkRS2wYb61qSQzsTgLfHcoDe5PAfTGQ76X4Qsh35fzeUAhrZ1LntZbYFksMJ4H3xsBIEhiNgbEksCwG1iWB/1yWB8aTwP0xECZbt9WXltm7AgAAHIJ8nlVrvRvSed7u3nYZutplGGiXobtdhnq7DFWjiPfviBlqyckrXYVMtbTW/qSWUoZ4MfyD7lcpQ3iwNWdasNR0PP+geb5BV2uGUz7/+g+EZb99c6hQmv+PdTb/H2i9zVq/L87/Z6//lwW+Grt3Qzx1fCQGvvWW1kC+Y+C+ONm9tlnVeF4in7RfG0usi4GRJLAtBtYlgQ3n5YFdr2gN5DPtZuPXNBufzEsUAgAAAHDExR0EcTdNnP9f/tzbl3/6i7/+31XlSvP/dZ3N/2N7S4uNfSLW+p1lIdzVNdubZuD0wSwQ92MMxp/HnzAYwjGFHRzNEhMDWYm+pOGwrz/7hXpfWtWe/myNgXj//IfvvedTjcSN/SG8trD3pdnGN+pZG/1p4NS+LDCQBrb2ZoG456cZuLs7C8Bha+4VjC+o/FSXpuG5y1W8/l4q1wRNh1faBzpHvrl+c7VQ6ukD+T7VpoN72krVsSBKb4+93m2L8d027N1W/CKVf0N5YTZUD92bJy7ceNnUjvhI8ZesJQv0PBd/pdpJeh5eh9OH3tv26mkHxpKPj7G5y839OuyK1e178KH+49a+e89ta+9cv+f+xx7quBsV4g+FX/2j24YfKWzehVYP+Wtu0X2ejPs8WYz/BkY8bSGEf1p/4eXPhr/rr4qX5v/jnc3/e5PbGT+OG3P78hBeV9i4D8TN/3PLs8/BQiD7lDy2HMgOuT8+VPnJCQAAAPOtubujub9gMr/NTghP58nl/OMHmT/ur1g3Z/5O+/2GPztz1VdO3P7HVfHS/H/Dgef/S5JuOv7v+D8LxPH/OR3tu6KXpA9MH9au6FJ1LAjH/+d0tL/bHP+fk+P/jv/PxfH/Nhz/n9PR/rSVviVt86WrMR/9nw9+8t/PHjylKl6a/2/rbP5v/b+5F+1rrv+3oWr9v21V6/9NW/8PAABYUBULzaXzvNLqfaUM6ep9pQxtFwhsu8Sg9f8Oev2/Nw/0vv93+29aESqU5v/Tnc3/48thabH1xbL+38h5FVVdFwPbLAwIAADA0ahqBwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvrpvuHdn3Dz/+0glV8etv/8rzzz95bu36r+9ces7dlzwawuTM411ZuOuRm0+44YxNbx/Zc9N7VoxtXv++el6ult++uiV3rPXZoRB2FR4ZjIkfDjXuzAbOf9ftO3sbiQeGQjilGNhy9ZZjGonPDYVwWjFwz4dXvKKRuDot8eVvvvWJRuIjaeAdp7/smUbirDzQlXb3M8uy7nal3f3UshCWFwLN7n5sWWtVzTbOyQPdaRufH8zaiIHBWPQPBrM2YmAqlphcEsLK3hB60qr+sZ5V1ZNW9Vf1rKqetKpfq4dwVgihN63qm31ZVb3pyP+5L6sqBo4/+QtPndpI7OoLYWUx8LUP3bK2kbgkCTQbf19fCCc1XjJp43fUssZraeM31kI4MYTQl5b4r96sRF9a4tu9IRxbCDQb/2hvCDsDLwnxw2dz8cHtO6/YsnFqauLSBUz05W31hwsnpyZGN22d2lxP+lSlq5B+4aoDxw9k/1NXbmrcPve2k4c7Sffm5WozXV5da7m7Zr56X1ug3sd+DRQrmX0+SvXH/H1haVhy2faJS0cv37hjx6Wrsr+dZl+d/e1pDq6xrVbN17bq1KFuq9OKlazccfG2ldt3XnH65MUbL5q4aOLjq9aMjb1x9aozzly7sjGqsezvfAz1liM/1Ff1Fio5Eh8AEhISiy3R3fLpNna0f5CXvujPdrQW6jMf0KVpRTFL18wo52PQZx/iiA/le0rbEa0qTRxKWVa3z7KmNJmYzdKfZZn5XleaHBZr6p7ZpPF+dxgd7anaDsOtd4ub9/uHsXkfzTddp2kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/2MHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WYfRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//HB8mtQ==")
chdir(&(0x7f00000000c0)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0x4020940d, &(0x7f0000000440)={0x4})

6.291190004s ago: executing program 2 (id=486):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x11, &(0x7f0000000540), 0x1, 0x4a8, &(0x7f0000000580)="$eJzs3U1rG9caAOBXUpzYjm++7g3cZHETbtqmH8SKZZxAyaZ0kUVJKQ10mzq2YoJly1hyGpssnO6yK6XQQlf9Af0Pge666LqFLrroKhCakBK3UFCZkeTYjuWK1pHA8zww0Zk5E73nWLyH0ZkZTQCZdTr5JxcxEhHfRcTh5urmHU43X54+vjO19vjOVC4ajau/5NL9km3tXdv/72BErEbEYES8fznieu75uLXlldnJSqW82Fov1ucWirXllXM35yZnyjPl+dKFidLYxYnx0u719fqlb7+59/E7jdVHb3+ycPndQ0mzRlp1G/uxm5pdH4ijG7bti4hLLyJYHxRa/Rnqd0P4W5LP798RcSbN/8NRSD9NIAsajUbjj8aBTtWrDWDPyqfHwLn8aEQ0y/n86GjzGP4/MZyvVGv1N25Ul+anm8fKR2Igf+NmpXy+9V3hSAzkkvWxtPxsvbRlfTwiPQb+rDCUro9OVSvTvR3qgC0Obsn/XwvN/Acywld+yC75D9kl/yG75D9kl/yH7JL/kF3yH7JL/kN2yX/ILvkP2SX/IZPeu3IlWRprrfvfp28tL81Wb52bLtdmR+eWpkanqosLozPV6kx6z87cX71fpVpdGCvF0u1ivVyrF2vLK9fmqkvz9Wvpff3XygM96RXQjaOn7v+Qi4jVN4fSJbG/VSdXYW9rNHLR73uQgf4o9HsAAvrG1B9kl+/4wDY/0bvJYKeKhd1vC9Ab+X43AOibsyec/4OsMv8P2WX+H7LLMT5g/h+yx/w/ZNdIh+d//WvDs7vOR8ShiPi+MHCg/awvYC/IP8i1jv/PHn5pZGvt/txv6SmC/RHx0ZdXP789Wa8vjiXbH61vr3/R2r6Lz+oGdl87T9t5DABk19PHd6baSy/jPnyreRFCEnettTRr9rXmJgfTc5TDT3KbrlXI7dK1C6t3I+K/2/U/13reefPMx/CTwnPxj7Vec823SNu7L31uem/in9gQ/38b4p/8x38VyIb7yfhzfrv8y6c5Hev5t3n8Gdmlayfa49/ac+Nffn38K3QY/051GeP4yNKPHePfjTi5bfx2vME01tb4SdvOdhl/7NMrk53qGl9FvBLbx29LSsX63EKxtrxyLv0duZnyfOnCRGns4sR4qZhOURfbE9XbuPfT7/d36v9wh/g79T/Z9lqX/f/g54EHp3eI/+qZ7T//YzvEH4qI17uM//KH5eOd6pL40x36n98hfrJtvMv4D/9/7+sudwUAeqC2vDI7WamUFxUUFBTWC/0emYAX7VnS97slAAAAAAAAAAAAQLd6cTlxv/sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAX/BkAAP//VsXUSQ==")
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x12f451, 0x0)

6.056993295s ago: executing program 2 (id=487):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
listen(r1, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x58, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x16, 0xc2, 0x0, 0x0, 0x0, {[@mss={0x1e, 0x4, 0x8d}, @mptcp=@syn={0x1e, 0xc, 0x6, 0x1, 0x7, 0xffffffff, 0x7ff}, @sack={0x5, 0x12, [0x0, 0x0, 0x0, 0x0]}, @exp_fastopen={0xfe, 0x5, 0xf989, "ee"}, @md5sig={0x13, 0x12, "7224407c80fe8a3616b4bf3400006cc8"}, @mptcp=@ack={0x1e, 0x4}, @exp_fastopen={0xfe, 0x4}]}}}}}}}}, 0x0)

5.717692052s ago: executing program 2 (id=489):
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x10, &(0x7f0000000540)=ANY=[], 0xfe, 0x357, &(0x7f0000000180)="$eJzs3c9rI2UYwPEnaTa/lm1yEEVB+qAXvQxt9KwG2QUx4NLdiLuCMLudaMiYlJlQiYitJ6/izX9AcNljbwX1H+jFW7148dZLQdAi4shMZtr8mCRNmpLWfj9Q8kze95mZNzOE5w3M28MPvvm0UXONmtmWZFYlISJyLFKUpEQS4WsyiNPSa0devfnHwYv3Hjx8t1yp3F5XvVO+/1pJVZdXfvzsi1zYbS8j+8WPDo9Kv+8/u//84b/3P6m7Wne12WqrqY9av7XNR7alG3W3YajetS3TtbTedC2n297qttfs1uZmR83mxq38pmO5rprNjjasjrZb2nY6an5s1ptqGIbeysv1kh3Y9hKTc6pP1tfN8owHfDxjHubtb8/zxjQ7TtlcEjFyQy3VJxd6XgAA4FIaqP+/i2qEoiRPCspE31xguP6P4qD+96vO0/r/6Us/t2++v7sc1v976bj6//Vfu/l99b9/9LnX/z8MbA9XRFfe9jSdz1X/43JYSQ+91T/18+v/fDh/D3z14dPVIKD+BwAAAAAAAAAAAAAAAAAAAADgKjj2vILneYXoNfo7fYQg3I62xj1ojCtn1PXPhCsKnNwP+F+69+ChZIMH91LLIvbXW9Wtavc1bI86rkpB/gnuh1B3wYmdoFF9RfnJ3g7zt7eqS0FLWUTFFkvWpCDFvvwgvvNO5faadvXnJ1J5P78m9SC/JAV5Jj6/FJufllde7sk3pCC/PJaW2LIRfo9F+V+uqb79XmUgPxf0i/PmxV8WAAAAAADmylDNhtPn2Pm7YajGtftzeemdnw//PnAyv16NnZ+nCi+kFjt2AAAAAACuCzf9ecO0bctxOyODnEzqkwn3Nn4/8UFqms5+cBAEN8b1WeoZ4Vn3nA7/g8YUJy/TjdS07T8zEvthRku49jVlz/GpmnY0/jN0zk57CRw3Of3YLcdd8c9HZxpOTxD9bDSqj9yddc+jgmjl3Emdn/v2+79mO0QiXLW3t+mN3eyEkQZBYuCdnQk37ZHnTTyfGxf5nQMAAABgMaKiP+dG77y12BMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAamusyaSOCRY8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCz+CwAA//+9m/li")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000a40)={'#! ', './file0', [{0x20, '}.e-{*D'}, {0x20, '\xc2n\xcf\x03SI'}, {0x20, '{{#'}, {0x20, '@'}, {0x20, '@'}], 0xa, "70869e19fcc73d48605f3855a2490e79b9c20c243e82183c57fac5779a7c535b"}, 0x42)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r1, 0x0)
open(&(0x7f0000000040)='./bus\x00', 0x64142, 0x0)

4.662472996s ago: executing program 0 (id=504):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="4dc07f947163300c", 0x8)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$inet(r1, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000003c0)="22b721d0c5fa3cc7411cda2213ec1358ab5d9222f5acddd80ba58cd7b610e22adc3442871b8405edb1f6eae03443cbda39966408852249a649200f56a3d53f4c92c03a4f7d4ecca548252a254a4e4f53a18982ca14d3fc905c5a0e43fae3fba3f1508e39b8129781d50cbff3285883a79f9f9ba870", 0x75}, {&(0x7f0000000440)="8fb118ea4b014d21bba29131237027001666112fede371612bee459037f5759491da1d100cad6085fea8ae67bc48739ad3ae18b9e2b4f5a96d19c0fa65832db6c4ef2ac4e49ee5123bda22e0affb80c751e01cde98360a9db0d881e2388afeea6d49f08f776066a173b74e", 0x6b}, {&(0x7f0000000500)="30e6d6a622", 0x5}, {&(0x7f00000005c0)="d5bb66a57a681717ea55c9361c006310ec04ba436375fc36ed15788f51af5de9def19fa4a01829d4ba293e06b6d389fa62c3a4274b97495183880b9f9893b074e7602eb331c9be8e3ae7da054323817ab51fb3f6e64268533dd3c6122b6c6ac42904743b5e3282f121884e121cc71348a35b1550c4e4ad204e14b93e801587b8a517c281c3bfdd523d3b757e85bbd4f8e17fac117b59b76957adbf448929bb8856af1a3fecd19cc9f66e341b507ee33a9da33dcb2e1238407c37e4f21fb4", 0xbe}], 0x4}}], 0x1, 0x8000)
sendmsg$unix(r1, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x0)

4.114927157s ago: executing program 3 (id=514):
syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000000040)='./file0\x00', 0x8000, &(0x7f00000001c0)=ANY=[@ANYBLOB="00e0c6e4d9182ec69e599fd4d32ba9c5146fbc43a33914b2b1a5ce8843b193dc82dbc512b6fabfe6fbdd2a8bdeeda78e17b18f1b6e80c81cd67046e6a85e7160112d613e4c6dcab2404d58291ec130b9fd2785ce8dd5538f70998f2d50005813ba6c65cd3c25a8e730e1cd7b11cf7f6cc0fba6b670c64374abd09518ffba0c5eb2e602b1a64ac897fce7fae33878c0e57398a4cc6ce9bee1d70bef22f10c7776c2f5077cb1de63832b1bab15c6caf549a1cd58106494d92d1159033b2e27eceae339414a62aca9cf6a00c07e2a181dd9668a64b5eefc8e5ebc6564442a8d"], 0x1, 0x14fe, &(0x7f0000001580)="$eJzs3QuYjtX6MPB1r7UexjTxNslhWPe6H940WCZJckiSQ5IkSZJTQtIkSUJiyCkJSchxkhyGkBwmJo3z+ZBz0mRLkiSnnML6rqndtve//b/s/e39//y/Pffvutb1rvtaz72etd6beZ/nuebwQ9fhtZrUrt6IiMS/BH57SRFCxAghBgkh8gkhAiFE+fjy8dnjeRSk/GsnYf9ej6Zd6xWwa4nrn7Nx/XM2rn/OxvXP2bj+ORvXP2fj+udsXH/GcrKtMwvfwC3ntn/9+X/Mby/8/P//Q/z5n7Nx/f/TnM7zzxzN9f9Pctl7/89lcP1zNq5/zsb1z9m4/jkb1z9n4/ozlpNd6+fP3K5tu9b//hhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOM5Qzn/BVaCPF7/1qvizHGGGOMMcYYY/8+Pve1XgFjjDHGGGOMMcb+54GQQgktApFL5BYxIo+IFdeJOHG9yCvyiYi4QcSLG0V+cZMoIAqKQqKwSBBFRFFhBAorSISimCguouJmUULcIhJFSVFKlBZOlBFJ4lZRVtwmyonbRXlxh6gg7hQVRSVRWVQRd4mq4m5RTdwjqot7RQ1RU9QStcV9oo64X9QVD4h64kFRXzwkGoiHRUPxiGgkHhWNxWOiiXhcNBVPiGaiuWghWopW/1f5r4ie4lXRS/QWKaKP6CteE/1EfzFADBSDxOtisHhDDBFviqFimBgu3hIjxNtipHhHjBKjxRjxrhgrxonxYoKYKCaJVPGemCzeF1PEB2KqmCamixkiTcwUs8SHYraYI+aKj8Q88bGYLxaIhWKRSBefiMViicgQn4ql4jORKZaJ5WKFWClWidVijVgr1on1YoPYKDaJzWKL2Co+F9vEdrFD7BS7xG6xR3wh9oovxT7xlcgSX/+T+Wf/S343ECBAggQNGnJBLoiBGIiFWIiDOMgLeSECEYiHeMgP+aEAFIBCUAgSIAGKQlFAQCAgKAbFIApRKAElIBESoRSUAgcOkiAJysJtUA7KQXkoDxWgAlSESlAJqkAVqApVoRpUg+pQHWpADagFteA+uA/uh7pQF+pBPagP9aEBNICG0BAaQSNoDI2hCTSBptAUmkEzaAEtoBW0gtbQGtpAG2gH7aA9tIcO0AGSIRk6QkfoBJ2gM3SGLtAFukJX6AbdoTu8Aq/Aq/Aq9IYasg/0hb7QD/rBABgIA+F1GAxvwBvwJgyFYTAc3oK34G0YCWdgFIyGMTAGqspxMB4mAMlJkAqpMBkmwxSYAlNhGkyDGZAGM2EWzILZMAfmwEcwDz6Gj2EBLIBFkA7psBiWQAZkwFI4C5mwDJbDClgJq2AlrIG1sAbWwwZYD5tgE2yBLfA5fA7bYTvshJ2wG3bDF/AFfAlfwlDIgizYD/vhAByAg3AQDsEhOAyH4QgcgaNwFI7BMTgOJ+AknIDTcBrOwFk4B+fgAlyAi3ARLsPl7P/8MpuWWuaSuWSMjJGxMlbGyTiZV+aVERmR8TJe5pf5ZQFZQBaShWSCTJBFZVGJEiXJUBaTxWRURmUJWUImykRZSpaSTjqZJJNkWVlWlpPlZHl5h6wg75QVZSXZ1lWRVWRV2c5Vk/fI6rK6rCFrylqytqwt68g6sq6sK+vJerK+rC8byIdlQ9kHBsCjMrsyTeQwaCqHQzPZXLaQLeXb8KRsLUdCG9lWtpNPy9EwCjrI1i5ZPic7yvHQSb4gJ8CLsoucBF3ly7Kb7C57yFdkT9nG9ZK95VToI/vKGdBP9pcD5EA5G2rK7IrVkm/KoXKYHC7fkovgbTlSviNHydFyjHxXjpXj5Hg5QU6Uk2SqfE9Olu/LKfIDOVVOk9PlDJkmZ8pZ8kM5W86Rc+VHcp78WM6XC+RCuUimy0/kYrlEZshP5VL5mcyUy+RyuUKulKvkarlGrpXr5Hq5QW6Um+RmuUVulZ/LbXK73CF3yl1yt9wjv5B75Zdyn/xKZsmv5X75J3lAfiMPym/lIfmdPCy/l0fkD/Ko/FEekz/J4/KEPClPydPyZ3lGnpXn5Hl5Qf4iL8pL8rL0UihQUimlVaByqdwqRuVRseo6FaeuV3lVPhVRN6h4daPKr25SBVRBVUgVVgmqiCqqjEJlFalQFVPFVVTdrEqoW1SiKqlKqdLKqTIqSd2qyqrbVDl1uyqv7lAV1J2qoqqkKqsq6i5VVd2tqql7VHV1r6qhaqpaqra6T9VR96u66gFVTz2o6quHVAP1sGqoHlGN1KOqsXpMNVGPq6bqCdVMNVctVEvVSj2pWqunVBvVVrVTT6v26hnVQT2rktVzqqN6XnVSL6jO6kXVRb2kuqqXVTfVXfVQl9Rl5VUv1VulqD6qr3pN9VP91QA1UA1Sr6vB6g01RL2phqpharh6S41Qb6uR6h01So1WY9S7aqwap8arCWqimqRS1XtqsnpfTVEfqKlqmpquZqg0NVMN+PNMc/+B/Pf/Tv6QX8++RW1Vn6ttarvaoXaqXWq32qP2qL1qr9qn9qkslaX2q/3qgDqgDqqD6pA6pA6rw+qIOqKOqqPqmDqmjqsT6rw6pU6rn9UZdVadVefVBXVBXfzzeyA0aKmV1jrQuXRuHaPz6Fh9nY7T1+u8Op+O6Bt0vL5R59c36QK6oC6kC+sEXUQX1Uajtpp0qIvp4jqqb9Yl9C06UZfUpXRp7XQZnaRv/Zfzr7a+VrqVbq1b6za6jW6n2+n2ur3uoDvoZJ2sO+qOupPupDvrzrqL7qK76q66m+6me+geuqfuqb0QIkWn6L76Nd1P99cD9EA9SL+uB+vBeogeoofqoXq4Hq5H6BF6pB6pR+lReoweo8fqsXq8Hq8n6ok6VafqyXqynqKn6Kl6qp6up+s0naZn6Vl6tp6t5+q5ep6ep+fr+XqhXqjTdbperBfrDJ2hl+qlOlMv08v0Cr1Cr9Kr9Bq9Rq/T6/QGvUFv0pt0pv79GzR36B16l96l9+g9eq/eq/fpfTpLZ+n9er8+oA/og/qgPqQP6cP6sD6ij+ij+qg+po/p4/q4PqlP6tP6tD6jz+hz+py+oC/oi/qivqwvZ1/2BTKQgQ50kCvIFcQEMUFsEBvEBXFB3iBvEAkiQXwQH+QPbgoKBAWDQkHhICEoEhQNTICBDSgIg2JB8SAa3ByUCG4JEoOSQamgdOCCMkFScGtQNrgtKBfcHpQP7ggqBHcGFYNKQeWgSnBXUDW4O6gW3BNUD+4NagQ1g1pB7eC+oE5wf1A3eCCoFzwY1A8eChoEDwcNg0eCRsGjQePgsaBJ8HjQNHgiaBY0D1oELYNW/9b5vT9T8CnXy/Q2KaaP6WteM/1MfzPADDSDzOtmsHnDDDFvmqFmmBlu3jIjzNtmpHnHjDKjzRjzrhlrxpnxZoKZaCaZVPOemWzeN1PMB2aqmWammxkmzcw0s8yHZraZY+aaj8w887GZbxaYhWaRSTefmMVmickwn5ql5jOTaZaZ5WaFWWlWmdVmjVlr1pn1ZoPZaDaZzWaL2Wo+N9vMdrPD7DS7zG6zx3xh9povzT7zlckyX5v95k/mgPnGHDTfmkPmO3PYfG+OmB/MUfOjOWZ+MsfNCXPSnDKnzc/mjDlrzpnz5oL5xVw0l8xl47Mv7rM/3lGjxlyYC2MwBmMxFuMwDvNiXoxgBOMxHvNjfiyABbAQFsIETMCiWBSzERIWw2IYxSiWwBKYiIlYCkuhQ4dJmIRlsSyWw3JYHstjBayAFbEiVsbs+5G78G68G+/Be/BevBdrYk2sjbWxDtbBulgX62E9rI/1sQE2wIbYEBthI2yMjbEJNsGm2BSbYTNsgS2wFbbC1tga22AbbIftsD22xw7YAZMxGTtiR+yEnbAzdsYu2AW7Ylfsht2wB/bAntgTe2EvTMEU7It9sR/2wwE4AAfhIByMg3EIDsGhOBSH43AcgSNwJI7EUTgax+C7OBbH4XicgBNxEqZiKk7GyTgFp+BUnIrTcTqmYRrOwlk4G2fjXJyL83Aezsf5uBAXYjqm42JcjBmYgUtxKWZiJi7H5bgSV+JqXI1rcS2ux/W4ETfiZtyMW3ErbsNtuAN34C7chXtwD+7FvbgP92EWZuF+3I8H8AAexIN4CA/hYTyMR/AIHsWjeAyP4XE8DifxJJ7G03gGz+A5PIcX8Be8iJfwMnqMsXlsrL3OxtnrbV6bz8bYPL2FEH+JC9nCNsEWsUWtsQVswb+J0VqbaEvaUra0dbaMTbK3/iGuaCvZyraKvctWtXfban+I69j7bV37gK1nH7S17X1/E9e3D9kG9nHb0D5hG9nmtrFtaZvYx21T+4RtZpvbFralbW+fsR3sszbZPmc72uf/EC+2S+xau86utxvsXvulPWfP2yP2B3vB/mJ72d52kH3dDrZv2CH2TTvUDvtDPMa+a8facXa8nWAn2kl/iKfbGTbNzrSz7Id2tp3zhzjdfmLn2Qw73y6wC+2iX+PsNWXYT+1S+5nNtMvscrvCrrSr7Gq75i9rXWE32c12i91jv7Db7Ha7w+60u+zuX+PsfeyzX9ks+7U9bL+3B+w39qA9ag/Z736Ns/d31P5oj9mf7HF7wp60p+xp+7M9Y8/+uv/svZ+yl+xl660gIEmKNAWUi3JTDOWhWLqO4uh6ykv5KEI3UDzdSPnpJipABakQFaYEKkJFyRCSJaKQilFxitLNVIJuoUQqSaWoNDkqQ0l0K5Wl26gc3U7l6Q6qQHdSRapElakK3UVV6W6qRvdQdbqXalBNqkW16T6qQ/dTXXqA6tGDVJ8eogb0MDWkR6gRPUqN6TFqQo9TU3qCmlFzakEtqRU9Sa3pKWpDbakdPU3t6RnqQM9SMj1HHel56kQvUGd6kbrQS9SVXqZu1J160CvUk16lXtSbUqgP9aXXqB/1pwE0kAbR6zSY3qAh9CYNpWE0nN6iEfQ2jaR3aBSNpjH0Lo2lcTSeJtBEmkSp9B5NpvdpCn1AU2kaTacZlEYzaRZ9SLNpDs2lj2gefUzzaQEtpEWUTp/QYlpCGfQpLaXPKJOW0XJaQStpFa2mNbSW1tF62kAbaRNtpi20lT6nbbSddtBO2kW7aQ99QXvpS9pHX1EWfU376U90gL6hg/QtHaLv6DB9T0foBzpKP9Ix+omO0wk6SafoNP1MZ+gsnaPzdIF+oYt0iS6TJxFCKEMV6jAIc4W5w5gwTxgbXhfGhdeHecN8YSS8IYwPbwzzhzeFBcKCYaGwcJgQFgmLhibE0IYUhmGxsHgYDW8OS4S3hIlhybBUWDp0YZkwKbw1LBveFpYLbw/Lh3eEFcI7w4phpbByWCW8K6wa3h1WC+8Jq4f3hjXCmmGtsHZ4X1gnvD+sGz4Q1gsfDMuFD4UNwofDhuEjYaPw0bBx+FjYJHw8bBo+ETYLm4ctwpZhq/DJsHX4VNgmbBu2C58O24fPhB3CZ8Pk8LmwY/j8VcdTwj5h3/C18LXQ+wfUwuiiaHr0k+ji6JJoRvTT6NLoZ9HM6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kbo5uiWqPe1cwsHTjrltAtcLpfbxbg8LtZd5+Lc9S6vy+ci7gYX7250+d1NroAr6Aq5wi7BFXFFnXHorCMXumKuuIu6m10Jd4tLdCVdKVfaOVfGJbmWrpVr5Vq7p1wb19a1c0+7p90z7hn3rHvWPec6uuddJ/eC6+xedF3cS+4l97Lr5rq7Hu4V19O96nq53i7Fpbi+rq/r5/q5AW6AG+QGucFusBvihrihbqgb7oa7EW6EG+lGulFulBvjxrixbqwb78a7iW6iS3WpbrKb7Ka4KW6qm+qmu+kuzaW5WW6Wm+1mu7lurpvn5rn5br5b6Ba6dJfuFrvFLsNluKVuqct0mW65W+5WupVutVvt1rq1br1b7za6jW6z2+y2uq1um9vmdrgdbpfb5fa4PW6v2+v2uX0uy2W5/W6/O+AOuIPuW3fIfecOu+/dEfeDO+p+dMfcT+64O+FOulPutPvZnXFn3Tl33l1wv7iL7pK77LxLjbwXmRx5PzIl8kFkamRaZHpkRiQtMjMyK/JhZHZkTmRu5KPIvMjHkfmRBZGFkUWR9MgnkcWRJZGMyKeRpZHPIpmRZZHlkRWRlZFVEe+LbAt9MV/cR/3NvoS/xSf6kr6UL+2dL+OT/K2+rL/Nl/O3+/L+Dl/B3+kr+kq+sn/CN/PNfQvf0rfyT/rW/infxrf17fzTvr1/xnfwz/pk/5zv6J/3nfwLvrN/0XfxL/mu/mXfzXf3Pfwrvqd/1ffyvX2K7+P7+td8P9/fD/AD/SD/uh/s3/BD/Jt+qB/mh/u3/Aj/th/p3/Gj/Gg/xr/rx/pxfryf4Cf6ST7Vv+cn+/f9FP+Bn+qn+el+hk/zM/0s/6Gf7ef4uf4jP89/7Of7BX6hX+TT/Sd+sV/iM/ynfqn/zGf6ZX65X+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+s/9Nr/d7/A7/S6/2+/xX/i9/ku/z3/ls/zXfr//kz/gv/EH/bf+kP/OH/bf+yP+B3/U/+iP+Z/8cX/Cn/Sn/Gn/sz/jz/pz/ry/4H/xF/0lf5l/Zo0xxhhj7B+irjLe57/JkX/u9xVCXL+98KH/Or6xwG/9/rkT2keEEM/17vro761GjZSUlD8fm6lEUHyBECJyJT+XuBIvE+3EMyJZtBVl/zIe81fn6i+7X6CrzB+9Q4jYv8rJzv89vjL/bX93//3luHlXnX+BEInFr+TkEVfiK/OX+2/mL9j6KvPn+SZViDZ/lRMnrsRX5k8ST4nnRfLfHMkYY4wxxhhjjP2mv6zc+Wr3t9n35wn6Sk5ucSX+e/fnjDHGGGOMMcYY+9/lxe49nn0yObltZ+78T3V8vt/e6v8t6+EOd/6BzrX+ysQYY4wxxhj7d7ty0X+tV8IYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjOVc/y9+ndjv57ra3xpkjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHG/lP9nwAAAP//sjE7Eg==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
setxattr(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="6f73782e26d78a"], 0x0, 0x0, 0x0)
write$binfmt_script(r0, &(0x7f0000000080), 0x10010)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000005, 0x10012, r0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)

4.083337098s ago: executing program 1 (id=515):
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000080)=@broute={'broute\x00', 0x20, 0x2, 0x230, [], 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000050000000000000000000000000000feffffff0100000003"]}, 0xa9)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000240)='bridge0\x00', 0x10)
write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac)

3.939263571s ago: executing program 0 (id=517):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x10000, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
chdir(&(0x7f0000000380)='./file0\x00')
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f00000001c0)=""/202, 0xff4)

3.857016271s ago: executing program 1 (id=518):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0xe, &(0x7f00000006c0)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x1}}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@nombcache}, {@noload}]}, 0x3, 0x440, &(0x7f0000000280)="$eJzs28tvG8UfAPDv2kn66+uXUJVHH0CgIMoradJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSJy6IIxJ/ASe4IOCExBXuqFKFcmnhZLT2bmI7thunTlzqz0dad2Z33Jmvd8ee2ckG0LdG05ckYk9E/B4Rw9VsfYHR6j83V5am/15Zmk6iXH7zr6RS7sbK0nReNH/f7jwzEFH4NIlDTepduHT53FSpNHsxy48vnn9vfOHS5Wfnzk+dnT07e2Hy1KkTxyeePzn5XFfiTOO6cfDD+cMHXn376uvTp6++8/O3SR5/QxxdMtru4OPlcper6629NelkoIcNoSPFajeNwUr/H45irJ284Xjlk542DthS5XK5fF/rw8tl4C6WRK9bAPRG/kOfzn/zbZuGHneE6y9WJ0Bp3DezrXpkIApZmcGG+W03jUbE6eV/vkq32Jr7EAAAdb5Pxz/PNBv/FaL2vtD/szWUkYi4JyL2RcTJiNgfEfdGVMreHxEPdFh/4yLJ+vFP4dqmAtugdPz3Qra2VT/+y0d/MVLMcnsr8Q8mZ+ZKs8eyz+RoDO5I8xNt6vjh5d8+b3WsdvyXbmn9+Vgwa8e1gR3175mZWpy6nZhrXf844uBAs/iT1ZWAJCIORMTBTdYx99Q3h1sdu3X8bXRhnan8dcQT1fO/HA3x55L265Pj/4vS7LHx/KpY75dfr7zRqv7bir8L0vO/q+n1vxr/SFK7XrvQyf/+5ZPp65U/Pms5p9ns9T+UvFW374OpxcWLExFDyWvVRtfun2woN7lWPo3/6JHm/X9frH0ShyIivYgfjIiHIuLhrO2PRMSjEXGkzafw00uPvbv5+LdWGv9MR+d/LTEUjXuaJ4rnfvyurtKRTuJPz/+JSupotmcj338baVenVzMAAAD8VxUiYk8khbHVdKEwNlb9G/79satQml9YfPrM/PsXZqrPCIzEYCG/0zVccz90IpvW5/nJhvzx7L7xF8WdlfzY9HxpptfBQ5/b3aL/p/4s9rp1wJbzvBb0L/0f+pf+D/1L/4f+1aT/7+xFO4Dt1+z3/6MetAPYfg3937If9BHzf+hfm+n/vjPg7tC2Lw9tXzuAbbWwM279kLyExLpEFO6IZkhsUaLX30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADd8W8AAAD//58P56I=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0xfdef}], 0x1, 0xe7b, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8000c61)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40305829, &(0x7f00000000c0)={0x17c04, 0xffffffffffffffff, 0xf4ff, 0x100000001})

3.778706453s ago: executing program 3 (id=520):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000100)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_PAUSE(r0, 0x54a3)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r0, 0x54a2)

3.612281404s ago: executing program 0 (id=521):
syz_emit_ethernet(0x3a, &(0x7f0000000180)={@link_local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000080)=ANY=[@ANYBLOB="ff090867", @ANYRES16=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x007'], 0x2c}}, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue1\x00'})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r0, 0x4040534e, &(0x7f0000000140)={0x1e6, @time})

3.611720065s ago: executing program 3 (id=522):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x10, 0x3, &(0x7f0000000000)=@framed={{0x1d, 0xa, 0xa, 0x0, 0x0, 0x61, 0x10, 0x10}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)

3.503496995s ago: executing program 3 (id=523):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000b80)={[{@nombcache}, {@abort}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000000))

3.342255639s ago: executing program 1 (id=524):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmmsg(r1, &(0x7f0000006f40)=[{{0x0, 0x0, &(0x7f0000001040)=[{&(0x7f0000000e00)=""/4, 0x4}], 0x1}}], 0x1, 0x0, 0x0)

3.277005473s ago: executing program 3 (id=525):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f00000002c0)={[{@jqfmt_vfsv1}, {}, {@barrier_val}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resuid}, {@nodelalloc}, {@acl}, {@noinit_itable}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=")
chdir(&(0x7f00000001c0)='./file0\x00')
sched_setscheduler(0x0, 0x5, &(0x7f0000000100))
ioprio_set$pid(0x1, 0x0, 0x0)
acct(&(0x7f00000001c0)='./file0\x00')
acct(0x0)

3.150948904s ago: executing program 1 (id=526):
ioprio_set$uid(0x3, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x2, 0x0)
write$cgroup_pid(r0, &(0x7f00000000c0), 0x12)
r1 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0)

3.039156423s ago: executing program 1 (id=527):
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r2 = inotify_init()
inotify_add_watch(r2, &(0x7f0000000340)='.\x00', 0xa50003d1)
getdents(r1, 0x0, 0x0)

2.612211566s ago: executing program 4 (id=530):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000011000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10)
move_mount(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0)

2.530961609s ago: executing program 0 (id=531):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000005440), 0x26, 0x75c, &(0x7f0000005480)="$eJzs3M1rHGUYAPBnptmkH9GNIPhxEKGFFko3SXNpT40Xb4VCwWsNm0kImWRDdlO7sWDrWajNRUEQ9ezRq1DqH+BNCgreBdEaD+JlZTablMZsum3Sbkl/P5jO+87H+zxPd3izAzsTwAvr7eKfJGI4Ii5FRLmzPY2IwXbrcMSNjePW71+PgYhqEq3W5T+S4rRYb5W3xko662PRPiVej4i7pYjTH/8/br25Oj+V59lypz/aWFgarTdXz8wtTM1ms9ni+MT5sXMTE+fGJh5Zw2s91nrivfNHbv/47traT981br01cCaJyXbdsVFbtcdhHsvG/0kpJrdtX3wawfoo6XcCAAD0pPiefyii+F4fpSjHoXYLAAAAOEhaQy0AAADgwEui3xkAAAAAT9fm7wDW71+vbi7P8vcHv78TESM7xR9oP0MccThKEXF0PXnoyYRk4zTYkxs3I+LO5Pbr75viCruxx7HHtvUffkZ6cI+jsx/uFPPP5E7zT7o1/8QO88/A5rsT9qj7/Pcg/qEu89+lHmN8/+Ubpa7xb0a8ObBT/GQrftIl/vs9xr+19sntbvtaX0ec3PHvT/JQrF3eDzE5M5fv+vqBu/+eurdb/Ue7xU92r3+px/o/XP9rvttcUsQ/dXz3z3+n+MU18WknjzQibnfWRX9tW4zjCz//sFv90xGtJ/n8v+qx/l+/HbrW46EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQlkbEcCRpZaudppVKxLGIeDWOpnmt3jg9U1tZnC72RYxEKZ2Zy7OxiChv9JOiP95uP+if3dafiIhXfjmyEXQuzyrVWj7d7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYciwihiNJKxGRRsTf5TStVCIGejh36BnkBwAAAOyTkX4nAAAAADx17v8BAADg4HvS+/9kn/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrRLFy8WS2v9/vVq0Z++2lyZr109M53V5ysLK9VKtba8VJmt1WbzrFKtLTxqvLxWWxo/HyvXRhtZvTFab65eWaitLDauzC1MzWZXstIzqQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHNdxekrQSEWm7naaVSsRLETESpWRmLs/GIuLliLhXLg0V/fF+Jw0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC+qzdX56fyPFt+bhqDncyel3w0NPa/8dFzf4X3eWICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAv6s3V+ak8z5br/c4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/kp/SyKiWE6WTwxv3zuY/FNuryPigy8uf3ZtqtFYHi+2/7m1vfF5Z/vZfuQPAAAAL4QLj3Pw5n365n08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAr+rN1fmpPM+W99a4EM3VVtLlmH7XCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPJn/AgAA///3Y8EX")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x0, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000002700)=ANY=[], 0x1015, 0x0)

1.25412851s ago: executing program 1 (id=532):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$cec(&(0x7f0000000080), 0x0, 0x0)
ioctl$CEC_RECEIVE(r1, 0xc0386106, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '&\x00', 0x0, 0x0, 0xfd, 0x0, 0x1})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

883.033575ms ago: executing program 3 (id=533):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.sectors\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001340))
ioctl$SIOCSIFHWADDR(r0, 0x8b26, &(0x7f0000000200)={'wlan1\x00', @random="0008bf5a00"})
utimes(0x0, 0x0)

826.905275ms ago: executing program 4 (id=534):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@func_proto={0x0, 0x0, 0x0, 0x2, 0x2}]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r1, &(0x7f0000000140), 0xd)

665.712665ms ago: executing program 4 (id=536):
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000080)={[{}, {}, {0x0, 0x0, 0x8, 0x20}]})
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="020a040007000000b6f1ffff0000854105001a"], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0)

533.261509ms ago: executing program 4 (id=537):
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e20}, 0x1c)
listen(r0, 0x200007)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e20, @empty}, 0x10)
getsockopt$inet_int(r1, 0x10d, 0xf6, &(0x7f0000000080), &(0x7f0000000000)=0x4)

462.993084ms ago: executing program 4 (id=538):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x100040e, &(0x7f0000000280)={[{@noload}, {@mblk_io_submit}, {@lazytime}, {@nogrpid}, {@block_validity}, {@user_xattr}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@init_itable_val={'init_itable', 0x3d, 0x3ed}}]}, 0x3, 0x449, &(0x7f0000000740)="$eJzs28trXNUfAPDvnSR995f8Sn30oUarGHwkTfqwCzeKggsLgi7qMiZpqZ020kSwpWgVqUspuC8uBf8CV7oRdSW41b0UimTTKghX7sy9ycxkJp2Jk0zrfD5wk3PuPZNzvnPvuXPOPZkA+tZo9iOJ2BURv0bEcDVbX2C0+uvO0pWZP5euzCSRpm/+kVTK3V66MlMULV63s8gMRpQ+TeJAk3oXLl0+N10uz13M8xOL59+bWLh0+fmz56fPzJ2ZuzB14sTRI5MvHJ861pU4s7hu7/9w/uC+196+fnLm1PV3fvw6KeJviKNLRtc6+FSadrm63tpdk04GVx/ftpmNoW0D1W4aQ5X+PxwDsXLyhuPVT3raOGBDpWmaPtj68NUU+A9LotctAHqj+KDP5r/FtklDj3vCrZeqE6As7jv5Vj0yGKW8zFDD/LabRiPi1NW/bmRbbMxzCACAOt9m45/nmo3/SlH7XOh/+RrKSET8PyL2RMTxiNgbEQ9EVMo+FBEPd1h/4yLJ6vFP6ea6AmtTNv57MV/bqh//FaO/GBnIc7sr8Q8lp8+W5w7n78lYDG3N8pNr1PHdK7983upY7fgv27L6i7Fg3o6bg1vrXzM7vTj9b2KudevjiP2DzeJPllcCkojYFxH711nH2We+OtjqWJP4/07T9EZbf7jJOlOn0i8jnq6e/6vREH8hWXt9cmJblOcOTxRXxWo//XztjVb13/38b6zs/O9oev0vxz+S1K7XLnRex7XfPms5p1nv9b8leatu3wfTi4sXJyO2JK8PRX6fWt4/1VBuaqV8Fv/Yoeb9f0+svBMHIiK7iB+JiEcj4rG87Y9HxBMRcWiN+H94+cl363aM7eog/o2VxT/b0flfSWyJxj3NEwPnvv+mrtKR6CD+7PwfraTG8j3t3P/aadf6rmYAAAC4/5QiYlckpfHldKk0Pl79H/69saNUnl9YfPb0/PsXZqvfERiJoVLxpGu45nnoZD6tL/JTDfkj+XPjLwa2V/LjM/Pl2V4HD31uZ4v+n/l9oNetAzZcF9bRgPuU/g/9S/+H/qX/Q/9q0v+396IdwOZr9vn/UQ/aAWy+hv5v2Q/6iPk/9C/9H/qX/g99aWF73P1L8hISqxJRuieaIdFJ4uSxtgv3+s4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHf8EAAD//yeb6Hg=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r0, &(0x7f0000000040), 0xfea0)
chdir(&(0x7f00000001c0)='./file0\x00')
r1 = creat(&(0x7f0000002440)='./file0\x00', 0x0)
write$cgroup_type(r1, &(0x7f0000000240), 0xfb3f)

0s ago: executing program 4 (id=539):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001280)={0x18, 0x3, &(0x7f0000000940)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='contention_end\x00', r0}, 0x10)
syz_mount_image$hfs(&(0x7f0000002c80), &(0x7f0000000080)='./file1\x00', 0x4490, &(0x7f0000002cc0)=ANY=[], 0xfd, 0x278, &(0x7f0000000780)="$eJzs3c9qE1EUx/HfnaRttKVO/4ggrqoFV9LWjbgpSN/AjStRmwjFUEErqKvqWnwA976CD+DSlbgW3LnyAbKL3DM3ZpJmMnFoOkn6/UBC0rln5tzMnd57ppQIwLl1b+/X59u//cNJFVUk3ZUiSTWpKumyrtReHR4dHDUb9WE7qliEfzglke5Em/3DxqBQH2cRQezfVbWU/hnGo/ZTx2XngPLZ1T9AJC2Eq9O21848s/E474PetdTSay2XnQcAoFxh/o/CPL8U1u9RJG2Gab93/p/yCbRVdgJj9jVne2r+tyqr7fz5vWSbuvWelXB+e9SpEovkMq9kZPUsMF1eVWm5RBeeHjQbt/afN+uR3ms3mOs2W7fnejJ0O9LZvju5640BtekQxfu+aH2Y833YSeefarJ2ukfM57657+6hi/VJ9X/rv2rb+dNkZyruO1NJ/lvZe7RezstaZfRyxQ5yNRwhGNrLijIqEnVG1Ip6bxDEeXla1GpfVNK77ZyotYFROzlR6/1R3dGcHTlu7qN74Db0R1+0l1r/R/7T3tQoV6ZvYy3DyBjan6q1jG0+CVfd8bWBLaOiPUIBH/REd7T88s3bZ4+bzcaLmX3hr8QJSGOiXnQGwaTkM7Mv/IdcytE7807x/ZT2mwlnqHvS/zOQv83MCr/uckn9l6pXtmyx5p/i3nX6Qjq2nbfz1B63M2qDVXu+mF3B9XB262Exu4Ibtea6flO6McoRE3HIc/LsFglye/qhR9z/BwAAAAAAAAAAAAAAAAAAmDan9y8HNWVtKruPAAAAAAAAAAAAAAAAAAAAAABMu4n7/t/7St7x/b/A2P0NAAD//1Bodro=")
r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
write$cgroup_type(r1, &(0x7f0000000200), 0x175d9003)
creat(&(0x7f0000000000)='./bus\x00', 0x0)

kernel console output (not intermixed with test programs):

] XFS (loop1): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[   65.427984][  T937] gspca_spca508: reg_read err -32
[   65.457531][  T937] gspca_spca508: reg_read err -32
[   65.470332][  T937] gspca_spca508: reg_read err -32
[   65.494217][  T937] gspca_spca508: reg_read err -32
[   65.714394][  T937] gspca_spca508: reg write: error -71
[   65.719879][  T937] spca508 4-1:0.26: probe with driver spca508 failed with error -71
[   65.764477][  T937] usb 4-1: USB disconnect, device number 2
[   66.173170][ T5243] Bluetooth: hci0: command tx timeout
[   66.194264][ T5364] loop2: detected capacity change from 0 to 32768
[   66.235740][ T5364] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[   66.253149][ T5243] Bluetooth: hci2: command tx timeout
[   66.283893][ T5364] XFS (loop2): Ending clean mount
[   66.302801][  T937] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   66.323984][ T5364] XFS (loop2): Quotacheck needed: Please wait.
[   66.334542][ T5243] Bluetooth: hci3: command tx timeout
[   66.334563][ T5234] Bluetooth: hci1: command tx timeout
[   66.339948][ T5243] Bluetooth: hci4: command tx timeout
[   66.363012][ T5312] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   66.419553][ T5387] loop3: detected capacity change from 0 to 4096
[   66.438972][ T5364] XFS (loop2): Quotacheck: Done.
[   66.506893][  T937] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[   66.513123][ T5390] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   66.526868][  T937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   66.546436][ T5232] kernel read not supported for file /usbmon0 (pid: 5232 comm: kworker/0:3)
[   66.556178][  T937] usb 1-1: Product: syz
[   66.559282][ T5244] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[   66.560444][  T937] usb 1-1: Manufacturer: syz
[   66.574236][  T937] usb 1-1: SerialNumber: syz
[   66.583141][  T937] usb 1-1: config 0 descriptor??
[   66.594171][ T5312] usb 2-1: config index 0 descriptor too short (expected 45, got 36)
[   66.603443][  T937] ch341 1-1:0.0: ch341-uart converter detected
[   66.612702][ T5312] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[   66.624233][ T5312] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[   66.635930][ T5312] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   66.649546][ T5312] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   66.664699][ T5312] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   66.677331][ T5312] usb 2-1: config 0 descriptor??
[   66.686502][ T5373] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22
[   66.932114][ T5395] netlink: 'syz.2.25': attribute type 10 has an invalid length.
[   66.944506][ T5395] bond0: (slave bond_slave_0): Releasing backup interface
[   67.141115][ T5312] plantronics 0003:047F:FFFF.0001: unknown main item tag 0xd
[   67.160090][ T5312] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[   67.179672][ T5312] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[   67.445609][ T5406] vcan0: tx drop: invalid sa for name 0x0000000000000002
[   67.465130][    T8] usb 2-1: USB disconnect, device number 2
[   67.679402][  T937] usb 1-1: ch341-uart converter now attached to ttyUSB0
[   67.781700][ T5401] loop2: detected capacity change from 0 to 40427
[   67.799999][ T5401] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1fffff
[   67.808831][ T5401] F2FS-fs (loop2): Image doesn't support compression
[   67.815796][ T5401] F2FS-fs (loop2): Image doesn't support compression
[   67.822523][ T5401] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x4
[   67.836120][ T5401] F2FS-fs (loop2): invalid crc value
[   67.846606][ T5401] F2FS-fs (loop2): Found nat_bits in checkpoint
[   67.887898][ T5311] usb 1-1: USB disconnect, device number 2
[   67.910405][ T5311] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0
[   67.915593][ T5401] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[   67.929819][ T5311] ch341 1-1:0.0: device disconnected
[   68.010969][ T5401] syz.2.29: attempt to access beyond end of device
[   68.010969][ T5401] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   68.101590][ T5244] syz-executor: attempt to access beyond end of device
[   68.101590][ T5244] loop2: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[   68.124117][ T5244] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   68.148991][ T5244] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[   68.314734][ T5412] loop3: detected capacity change from 0 to 32768
[   68.331341][ T5418] loop1: detected capacity change from 0 to 8192
[   68.346513][ T5412] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.33 (5412)
[   68.428031][ T5412] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   68.438656][ T5412] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[   68.447409][ T5412] BTRFS info (device loop3): using free-space-tree
[   69.087199][ T5450] input: syz1 as /devices/virtual/input/input6
[   69.424123][ T5238] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   69.789936][ T5468] loop3: detected capacity change from 0 to 1024
[   69.981083][ T5474] netlink: 4 bytes leftover after parsing attributes in process `syz.0.50'.
[   70.203553][ T5311] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   70.274468][ T5488] loop1: detected capacity change from 0 to 128
[   70.324227][   T57] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   70.369648][ T5311] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   70.410574][ T5311] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[   70.422499][ T5491] loop4: detected capacity change from 0 to 256
[   70.433302][ T5491] =======================================================
[   70.433302][ T5491] WARNING: The mand mount option has been deprecated and
[   70.433302][ T5491]          and is ignored by this kernel. Remove the mand
[   70.433302][ T5491]          option from the mount to silence this warning.
[   70.433302][ T5491] =======================================================
[   70.479472][ T5311] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[   70.506208][ T5311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.514414][   T57] usb 1-1: Using ep0 maxpacket: 32
[   70.538466][   T57] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   70.558311][   T57] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   70.570769][ T5472] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[   70.595616][   T57] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   70.609911][ T5311] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[   70.612173][ T5496] netlink: 296 bytes leftover after parsing attributes in process `syz.2.61'.
[   70.627943][   T57] usb 1-1: Product: syz
[   70.632248][   T57] usb 1-1: Manufacturer: syz
[   70.650867][   T57] usb 1-1: SerialNumber: syz
[   70.676617][   T57] usb 1-1: config 0 descriptor??
[   70.700677][ T5480] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[   70.882577][ T5502] loop4: detected capacity change from 0 to 128
[   70.910992][  T937] usb 4-1: USB disconnect, device number 3
[   70.930385][ T5502] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[   71.008659][ T5502] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   71.028558][ T5232] usb 1-1: USB disconnect, device number 3
[   71.077207][   T29] audit: type=1800 audit(1727766834.924:3): pid=5502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.63" name="bus" dev="loop4" ino=105 res=0 errno=0
[   71.542983][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[   71.550555][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[   71.851518][ T5523] loop3: detected capacity change from 0 to 128
[   71.992897][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   72.001367][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   72.249049][ T5516] loop2: detected capacity change from 0 to 32768
[   72.287180][ T5516] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.69 (5516)
[   72.449733][ T5535] loop0: detected capacity change from 0 to 256
[   72.489519][ T5516] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   72.551620][ T5516] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[   72.571704][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   72.733174][ T5516] BTRFS info (device loop2): using free-space-tree
[   73.134743][   T29] audit: type=1800 audit(1727766836.984:4): pid=5516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.69" name="file1" dev="loop2" ino=260 res=0 errno=0
[   73.367426][ T5559] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   73.413691][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   73.545842][ T5536] loop1: detected capacity change from 0 to 32768
[   73.666074][ T5536] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   73.737767][ T5244] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[   73.871601][ T5536] XFS (loop1): Ending clean mount
[   74.425502][ T5229] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   74.445305][ T5598] loop3: detected capacity change from 0 to 8
[   74.504676][ T5598] SQUASHFS error: lzo decompression failed, data probably corrupt
[   74.531581][ T5598] SQUASHFS error: Failed to read block 0x91: -5
[   74.547736][ T5598] SQUASHFS error: Unable to read metadata cache entry [8f]
[   74.584557][ T5598] SQUASHFS error: Unable to read inode 0x11f
[   74.638839][ T5594] loop2: detected capacity change from 0 to 32768
[   74.735170][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   74.767078][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   74.796305][ T5594] 
[   74.796305][ T5594]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   74.796305][ T5594] 
[   74.923018][ T5594] 
[   74.923018][ T5594]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   74.923018][ T5594] 
[   74.944126][ T5594] 
[   74.944126][ T5594]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   74.944126][ T5594] 
[   74.959864][ T5594] 
[   74.959864][ T5594]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   74.959864][ T5594] 
[   74.972068][ T5594] 
[   74.972068][ T5594]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   74.972068][ T5594] 
[   75.032920][  T113] 
[   75.032920][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   75.032920][  T113] 
[   75.141161][ T5244] 
[   75.141161][ T5244]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   75.141161][ T5244] 
[   75.176104][ T5244] 
[   75.176104][ T5244]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   75.176104][ T5244] 
[   75.222783][ T5311] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[   75.403265][ T5311] usb 4-1: Using ep0 maxpacket: 16
[   75.429843][ T5311] usb 4-1: config 253 has an invalid interface number: 157 but max is 3
[   75.459630][ T5311] usb 4-1: config 253 contains an unexpected descriptor of type 0x2, skipping
[   75.482709][ T5311] usb 4-1: config 253 has an invalid interface number: 213 but max is 3
[   75.511432][ T5311] usb 4-1: config 253 has an invalid descriptor of length 0, skipping remainder of the config
[   75.533612][ T5311] usb 4-1: config 253 has 2 interfaces, different from the descriptor's value: 4
[   75.537276][ T5616] loop2: detected capacity change from 0 to 256
[   75.550598][ T5311] usb 4-1: config 253 has no interface number 0
[   75.550624][ T5311] usb 4-1: config 253 has no interface number 1
[   75.550679][ T5311] usb 4-1: config 253 interface 157 altsetting 4 endpoint 0x7 has invalid maxpacket 512, setting to 64
[   75.595483][ T5618] loop0: detected capacity change from 0 to 1024
[   75.632692][ T5311] usb 4-1: config 253 interface 157 altsetting 4 endpoint 0x4 has invalid maxpacket 512, setting to 64
[   75.688487][ T5618] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.704508][ T5311] usb 4-1: config 253 interface 157 altsetting 4 has a duplicate endpoint with address 0xD, skipping
[   75.726085][ T5616] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x72684843, utbl_chksum : 0xe619d30d)
[   75.761980][ T5311] usb 4-1: config 253 interface 213 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 14
[   75.816846][ T5618] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2240: inode #2: comm syz.0.101: corrupted in-inode xattr: bad e_name length
[   75.847255][ T5311] usb 4-1: config 253 interface 157 has no altsetting 0
[   75.885366][ T5311] usb 4-1: config 253 interface 213 has no altsetting 0
[   75.910620][ T5311] usb 4-1: New USB device found, idVendor=0b05, idProduct=1791, bcdDevice= 4.57
[   75.922191][ T5311] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.929019][ T5612] loop1: detected capacity change from 0 to 40427
[   75.941054][ T5311] usb 4-1: Product: syz
[   75.969359][ T5612] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[   75.986339][ T5311] usb 4-1: Manufacturer: syz
[   75.990992][ T5311] usb 4-1: SerialNumber: syz
[   75.993740][ T5612] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   76.020892][ T5612] F2FS-fs (loop1): invalid crc value
[   76.024192][ T5227] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.051622][ T5612] F2FS-fs (loop1): Found nat_bits in checkpoint
[   76.211481][ T5612] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   76.246147][ T5612] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   76.277639][ T5311] r8712u: register rtl8712_netdev_ops to netdev_ops
[   76.294510][ T5311] usb 4-1: r8712u: USB_SPEED_HIGH with 4 endpoints
[   76.327051][ T5311] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed
[   76.341864][ T5631] loop0: detected capacity change from 0 to 22
[   76.351843][ T5311] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[   76.365319][ T5612] syz.1.99: attempt to access beyond end of device
[   76.365319][ T5612] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   76.381315][ T5631] MTD: Attempt to mount non-MTD device "/dev/loop0"
[   76.388053][ T5311] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[   76.424383][ T5631] romfs: Mounting image 'rom 637cf1fa' through the block layer
[   76.436408][ T5633] syz.1.99: attempt to access beyond end of device
[   76.436408][ T5633] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[   76.439946][ T5311] usb 4-1: Found UVC 0.00 device syz (0b05:1791)
[   76.461515][ T5610] loop4: detected capacity change from 0 to 32768
[   76.479840][ T5632] loop2: detected capacity change from 0 to 4096
[   76.500694][ T5632] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512).
[   76.503383][ T5311] usb 4-1: No valid video chain found.
[   76.516438][ T5311] r8712u: register rtl8712_netdev_ops to netdev_ops
[   76.523123][ T5311] usb 4-1: r8712u: USB_SPEED_HIGH with 0 endpoints
[   76.538939][ T5311] usb 4-1: r8712u: Boot from EFUSE: Autoload Failed
[   76.540015][ T5610] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[   76.545993][ T5311] usb 4-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00
[   76.562088][ T5311] usb 4-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin"
[   76.574143][ T5311] usb 4-1: USB disconnect, device number 4
[   76.749389][   T25] cfg80211: failed to load regulatory.db
[   76.756533][ T5610] XFS (loop4): Ending clean mount
[   77.027730][ T5610] syz.4.98 (5610) used greatest stack depth: 15064 bytes left
[   77.040045][ T5228] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[   77.145284][ T5651] mmap: syz.3.112 (5651) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   77.479861][ T5648] loop0: detected capacity change from 0 to 40427
[   77.490122][ T5648] F2FS-fs (loop0): Small segment_count (9 < 1 * 24)
[   77.496967][ T5648] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   77.743967][ T5657] loop1: detected capacity change from 0 to 1024
[   77.764947][ T4685] udevd[4685]: worker [5537] terminated by signal 33 (Unknown signal 33)
[   77.789490][ T5648] F2FS-fs (loop0): Found nat_bits in checkpoint
[   77.832895][ T5657] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   77.996180][ T5648] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   78.006482][ T5657] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2862: Unable to expand inode 12. Delete some EAs or run e2fsck.
[   78.009646][ T5648] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   78.045513][   T29] audit: type=1326 audit(1727766841.894:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5674 comm="syz.4.118" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f185417dff9 code=0x0
[   78.091604][ T5648] syz.0.110: attempt to access beyond end of device
[   78.091604][ T5648] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   78.167072][ T5229] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.216952][ T5227] syz-executor: attempt to access beyond end of device
[   78.216952][ T5227] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[   78.246335][ T5227] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   78.334722][ T5690] loop3: detected capacity change from 0 to 2048
[   78.391621][ T5690] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   78.476534][ T5698] loop1: detected capacity change from 0 to 512
[   78.554810][ T5238] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.595183][ T5698] EXT4-fs (loop1): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   78.798272][ T5701] loop0: detected capacity change from 0 to 32768
[   78.801180][ T5698] Quota error (device loop1): v2_read_file_info: Free block number 58381 out of range (1, 6).
[   78.816976][ T5698] EXT4-fs warning (device loop1): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   78.878115][ T5701] XFS (loop0): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[   78.887114][ T5703] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended
[   78.901324][ T5713] loop4: detected capacity change from 0 to 512
[   78.915145][ T5703] Quota error (device loop1): v2_read_file_info: Free block number 58381 out of range (1, 6).
[   78.933522][ T5713] EXT4-fs: Ignoring removed nobh option
[   78.939734][ T5232] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   78.947480][ T5703] EXT4-fs warning (device loop1): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   78.949277][ T5713] ext4: Unknown parameter 'nouser_xattr'
[   78.995457][ T5713] netlink: 4 bytes leftover after parsing attributes in process `syz.4.129'.
[   79.004251][ T5701] XFS (loop0): Ending clean mount
[   79.093288][ T5229] EXT4-fs (loop1): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[   79.133468][ T5232] usb 3-1: Using ep0 maxpacket: 32
[   79.140380][ T5232] usb 3-1: config index 0 descriptor too short (expected 35577, got 27)
[   79.149539][ T5232] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[   79.172753][ T5232] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92
[   79.181731][ T5232] usb 3-1: config 1 has no interface number 0
[   79.205287][ T5232] usb 3-1: config 1 interface 1 altsetting 0 has an endpoint descriptor with address 0xA7, changing to 0x87
[   79.234002][ T5227] XFS (loop0): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[   79.286929][ T5724] loop1: detected capacity change from 0 to 512
[   79.298800][ T5232] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x87 has invalid maxpacket 32912, setting to 1024
[   79.325237][ T5724] EXT4-fs: Ignoring removed orlov option
[   79.338694][ T5232] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[   79.354751][ T5724] EXT4-fs: Ignoring removed i_version option
[   79.360774][ T5724] EXT4-fs: Ignoring removed nomblk_io_submit option
[   79.367942][ T5232] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[   79.388531][ T5724] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   79.399643][ T5232] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   79.410548][ T5724] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e118, mo2=0002]
[   79.433980][ T5724] EXT4-fs (loop1): orphan cleanup on readonly fs
[   79.434045][ T5232] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found
[   79.481630][ T5724] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0
[   79.541955][ T5724] EXT4-fs warning (device loop1): ext4_enable_quotas:7097: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   79.598582][ T5724] EXT4-fs (loop1): Cannot turn on quotas: error -22
[   79.642060][ T5724] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.131: bg 0: block 40: padding at end of block bitmap is not set
[   79.649552][ T5232] snd_usb_pod 3-1:1.1: endpoint not available, using fallback values
[   79.680137][ T5724] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6550: Corrupt filesystem
[   79.683702][ T5232] snd_usb_pod 3-1:1.1: invalid control EP
[   79.712745][ T5232] snd_usb_pod 3-1:1.1: cannot start listening: -22
[   79.715443][ T5724] EXT4-fs (loop1): 1 truncate cleaned up
[   79.732945][ T5232] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected
[   79.753925][ T5724] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   79.761448][ T5232] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -22
[   79.799477][ T5719] loop3: detected capacity change from 0 to 32768
[   79.816302][ T5719] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.130 (5719)
[   79.825693][ T5724] EXT4-fs error (device loop1): ext4_encrypted_get_link:46: inode #16: comm syz.1.131: bad symlink.
[   79.871285][ T5232] usb 3-1: USB disconnect, device number 2
[   79.878859][ T5719] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   79.897812][ T5721] loop4: detected capacity change from 0 to 32768
[   79.905236][ T5719] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[   79.919221][ T5719] BTRFS info (device loop3): using free-space-tree
[   79.998370][ T5721] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[   80.053749][   T29] audit: type=1800 audit(1727766843.904:6): pid=5721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.132" name="file1" dev="loop4" ino=17058 res=0 errno=0
[   80.139336][ T5238] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[   80.200014][ T5228] ocfs2: Unmounting device (7,4) on (node local)
[   80.366340][ T5229] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   80.445963][ T5752] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   80.552614][   T80] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.566782][ T5750] loop4: detected capacity change from 0 to 4096
[   80.608527][ T5750] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512).
[   80.680852][   T80] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   80.792526][   T29] audit: type=1804 audit(1727766844.644:7): pid=5750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.136" name="/newroot/26/file0/bus" dev="loop4" ino=33 res=1 errno=0
[   80.839943][   T80] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.303506][   T80] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.813807][   T80] bridge_slave_1: left allmulticast mode
[   84.819849][   T80] bridge_slave_1: left promiscuous mode
[   84.887447][   T80] bridge0: port 2(bridge_slave_1) entered disabled state
[   85.183478][   T80] bridge_slave_0: left allmulticast mode
[   85.189173][   T80] bridge_slave_0: left promiscuous mode
[   85.262834][   T80] bridge0: port 1(bridge_slave_0) entered disabled state
[   85.717580][ T5777] ptrace attach of "./syz-executor exec"[5227] was attempted by ""[5777]
[   85.758391][ T5234] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   85.775019][ T5234] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   85.785666][ T5234] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   85.806913][ T5234] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   85.815809][ T5234] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   85.824324][ T5234] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   86.291645][   T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   86.308812][   T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   86.320430][   T80] bond0 (unregistering): Released all slaves
[   86.662220][ T5803] loop3: detected capacity change from 0 to 1024
[   86.712252][ T5803] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   86.771347][ T5797] loop4: detected capacity change from 0 to 32768
[   86.779600][ T5803] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.824721][ T5797] XFS (loop4): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[   86.917400][ T5797] XFS (loop4): Ending clean mount
[   86.926303][ T5238] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.928298][ T5797] XFS (loop4): Quotacheck needed: Please wait.
[   86.995484][ T5819] loop0: detected capacity change from 0 to 64
[   87.039307][   T80] hsr_slave_0: left promiscuous mode
[   87.064729][   T80] hsr_slave_1: left promiscuous mode
[   87.070795][ T5797] XFS (loop4): Quotacheck: Done.
[   87.076150][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   87.098583][   T80] batman_adv: batadv0: Removing interface: batadv_slave_0
[   87.115851][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   87.124154][   T80] batman_adv: batadv0: Removing interface: batadv_slave_1
[   87.204422][ T5228] XFS (loop4): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[   87.228570][   T80] veth1_macvtap: left promiscuous mode
[   87.282921][   T80] veth0_macvtap: left promiscuous mode
[   87.288557][   T80] veth1_vlan: left promiscuous mode
[   87.304444][ T5806] loop2: detected capacity change from 0 to 32768
[   87.313136][   T80] veth0_vlan: left promiscuous mode
[   87.338520][ T5806] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.161 (5806)
[   87.453145][ T5806] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   87.463565][ T5281] IPVS: starting estimator thread 0...
[   87.470511][ T5806] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[   87.503185][ T5806] BTRFS info (device loop2): using free-space-tree
[   87.572830][ T5824] IPVS: using max 18 ests per chain, 43200 per kthread
[   87.809484][ T5847] loop4: detected capacity change from 0 to 1024
[   87.842553][ T5847] EXT4-fs: Ignoring removed orlov option
[   87.859336][ T5847] EXT4-fs: Ignoring removed nomblk_io_submit option
[   87.899631][ T5847] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.914374][ T5821] loop3: detected capacity change from 0 to 32768
[   87.933117][ T5243] Bluetooth: hci2: command tx timeout
[   87.968649][ T5821] XFS (loop3): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[   88.055099][ T5821] XFS (loop3): Ending clean mount
[   88.079493][ T5228] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.097303][ T5244] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   88.122344][ T5821] XFS (loop3): Quotacheck needed: Please wait.
[   88.250110][ T5821] XFS (loop3): Quotacheck: Done.
[   88.362224][   T29] audit: type=1326 audit(1727766852.204:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5860 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f185417dff9 code=0x7ffc0000
[   88.430712][   T29] audit: type=1326 audit(1727766852.204:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5860 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f185417dff9 code=0x7ffc0000
[   88.488578][ T5238] XFS (loop3): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[   88.542726][   T29] audit: type=1326 audit(1727766852.204:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5860 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f185417dff9 code=0x7ffc0000
[   88.582824][   T29] audit: type=1326 audit(1727766852.204:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5860 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f185417dff9 code=0x7ffc0000
[   88.616750][ T5849] loop0: detected capacity change from 0 to 40427
[   88.642204][   T29] audit: type=1326 audit(1727766852.204:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5860 comm="syz.4.170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f185417dff9 code=0x7ffc0000
[   88.664197][ T5849] F2FS-fs (loop0): Found nat_bits in checkpoint
[   88.791215][ T5311] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   88.874158][ T5849] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   88.952618][ T5311] usb 5-1: Using ep0 maxpacket: 8
[   88.967433][ T5311] usb 5-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=ad.1d
[   88.985190][ T5311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.001808][ T5311] usb 5-1: Product: syz
[   89.006592][ T5311] usb 5-1: Manufacturer: syz
[   89.011221][ T5311] usb 5-1: SerialNumber: syz
[   89.013338][   T80] team0 (unregistering): Port device team_slave_1 removed
[   89.021731][ T5311] usb 5-1: config 0 descriptor??
[   89.028440][ T5227] syz-executor: attempt to access beyond end of device
[   89.028440][ T5227] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   89.048008][ T5227] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   89.070668][ T5311] usb_ehset_test 5-1:0.0: probe with driver usb_ehset_test failed with error -32
[   89.148153][   T80] team0 (unregistering): Port device team_slave_0 removed
[   89.266212][ T5311] usb 5-1: USB disconnect, device number 2
[   89.646825][ T5881] loop0: detected capacity change from 0 to 256
[   89.654296][ T5881] vfat: Bad value for 'fmask'
[   89.787752][ T5866] mac80211_hwsim hwsim6 wlan0: entered promiscuous mode
[   89.798727][ T5866] macvlan2: entered allmulticast mode
[   89.811483][ T5866] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[   89.830403][ T5866] mac80211_hwsim hwsim6 wlan0: left promiscuous mode
[   89.891371][ T5780] chnl_net:caif_netlink_parms(): no params data found
[   90.024321][ T5280] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   90.032108][ T5243] Bluetooth: hci2: command tx timeout
[   90.202071][ T5280] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[   90.210327][ T5280] usb 1-1: config 0 has no interface number 0
[   90.222727][ T5280] usb 1-1: too many endpoints for config 0 interface 1 altsetting 0: 32, using maximum allowed: 30
[   90.239896][ T5280] usb 1-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 32
[   90.261702][ T5280] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[   90.273158][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.283298][ T5780] bridge0: port 1(bridge_slave_0) entered blocking state
[   90.291314][ T5780] bridge0: port 1(bridge_slave_0) entered disabled state
[   90.307786][ T5780] bridge_slave_0: entered allmulticast mode
[   90.315065][ T5280] usb 1-1: config 0 descriptor??
[   90.322924][ T5780] bridge_slave_0: entered promiscuous mode
[   90.331739][ T5280] cp210x 1-1:0.1: cp210x converter detected
[   90.341804][ T5780] bridge0: port 2(bridge_slave_1) entered blocking state
[   90.349465][ T5780] bridge0: port 2(bridge_slave_1) entered disabled state
[   90.496189][ T5780] bridge_slave_1: entered allmulticast mode
[   90.503787][ T5780] bridge_slave_1: entered promiscuous mode
[   90.515588][ T5234] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   90.546331][ T5234] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   90.555590][ T5234] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   90.565723][ T5234] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   90.567174][ T5780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   90.573562][ T5234] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   90.596419][ T5234] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   90.624728][ T5780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   90.659608][ T5780] team0: Port device team_slave_0 added
[   90.669257][ T5780] team0: Port device team_slave_1 added
[   90.709327][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_0
[   90.719069][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.750365][ T5280] cp210x 1-1:0.1: failed to get vendor val 0x000e size 3: -32
[   90.767970][ T5780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   90.794970][ T5780] batman_adv: batadv0: Adding interface: batadv_slave_1
[   90.807030][ T5780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   90.839705][ T5780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   90.948719][ T5780] hsr_slave_0: entered promiscuous mode
[   90.963859][ T5280] usb 1-1: cp210x converter now attached to ttyUSB0
[   90.971691][ T5780] hsr_slave_1: entered promiscuous mode
[   90.979595][ T5780] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   90.987523][ T5780] Cannot create hsr debugfs directory
[   91.130874][   T80] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.175725][ T5312] usb 1-1: USB disconnect, device number 4
[   91.187470][ T5312] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[   91.209592][ T5312] cp210x 1-1:0.1: device disconnected
[   91.248329][   T80] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.275729][ T5919] netlink: 'syz.2.191': attribute type 1 has an invalid length.
[   91.316962][   T80] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.347882][ T5921] loop2: detected capacity change from 0 to 1024
[   91.388536][   T29] audit: type=1800 audit(1727766855.234:13): pid=5921 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.192" name="file1" dev="loop2" ino=20 res=0 errno=0
[   91.436676][ T5921] hfsplus: request for non-existent node 16777216 in B*Tree
[   91.445612][ T5921] hfsplus: request for non-existent node 16777216 in B*Tree
[   91.458073][ T5921] hfsplus: request for non-existent node 16777216 in B*Tree
[   91.466491][ T5921] hfsplus: request for non-existent node 16777216 in B*Tree
[   91.484672][   T80] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   91.532069][ T2921] hfsplus: request for non-existent node 16777216 in B*Tree
[   91.541911][ T2921] hfsplus: request for non-existent node 16777216 in B*Tree
[   91.612231][ T5929] 
: renamed from ipvlan1
[   91.693385][ T5901] chnl_net:caif_netlink_parms(): no params data found
[   91.802035][ T5936] loop2: detected capacity change from 0 to 512
[   91.822165][ T5936] EXT4-fs (loop2): orphan cleanup on readonly fs
[   91.835259][   T80] bridge_slave_1: left allmulticast mode
[   91.839146][ T5936] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.198: bg 0: block 248: padding at end of block bitmap is not set
[   91.840952][   T80] bridge_slave_1: left promiscuous mode
[   91.861512][   T80] bridge0: port 2(bridge_slave_1) entered disabled state
[   91.874736][ T5936] Quota error (device loop2): write_blk: dquota write failed
[   91.883005][ T5936] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[   91.887377][   T80] bridge_slave_0: left allmulticast mode
[   91.893786][ T5936] EXT4-fs error (device loop2): ext4_acquire_dquot:6879: comm syz.2.198: Failed to acquire dquot type 1
[   91.901730][   T80] bridge_slave_0: left promiscuous mode
[   91.915987][   T80] bridge0: port 1(bridge_slave_0) entered disabled state
[   91.931410][ T5936] EXT4-fs (loop2): 1 truncate cleaned up
[   91.940364][ T5936] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   91.968039][ T5936] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended
[   91.988685][ T5936] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[   92.052894][ T5280] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[   92.068078][ T5244] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.103444][ T5243] Bluetooth: hci2: command tx timeout
[   92.141576][ T5943] loop2: detected capacity change from 0 to 256
[   92.159933][ T5943] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[   92.186764][ T5943] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe622a5da, utbl_chksum : 0xe619d30d)
[   92.264495][ T5280] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.287948][ T5280] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.302315][ T5280] usb 1-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[   92.316667][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.340743][ T5280] usb 1-1: config 0 descriptor??
[   92.441786][ T5949] loop4: detected capacity change from 0 to 2048
[   92.508891][ T5949] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   92.559558][ T5949] ext4 filesystem being mounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   92.655546][ T5228] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   92.665362][ T5243] Bluetooth: hci3: command tx timeout
[   92.671556][   T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   92.693800][   T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   92.706221][   T80] bond0 (unregistering): Released all slaves
[   92.774515][ T5280] redragon 0003:0C45:760B.0002: unknown main item tag 0x0
[   92.807176][ T5280] redragon 0003:0C45:760B.0002: hidraw0: USB HID v0.00 Device [HID 0c45:760b] on usb-dummy_hcd.0-1/input0
[   92.924100][ T5901] bridge0: port 1(bridge_slave_0) entered blocking state
[   92.931232][ T5901] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.936947][ T5967] vivid-007: disconnect
[   92.942134][ T5901] bridge_slave_0: entered allmulticast mode
[   92.946685][ T5966] vivid-007: reconnect
[   92.961270][ T5901] bridge_slave_0: entered promiscuous mode
[   92.989711][    T8] usb 1-1: USB disconnect, device number 5
[   93.061745][ T5901] bridge0: port 2(bridge_slave_1) entered blocking state
[   93.070044][ T5901] bridge0: port 2(bridge_slave_1) entered disabled state
[   93.077834][ T5901] bridge_slave_1: entered allmulticast mode
[   93.089836][ T5901] bridge_slave_1: entered promiscuous mode
[   93.216485][ T5901] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   93.247793][   T80] hsr_slave_0: left promiscuous mode
[   93.257540][   T80] hsr_slave_1: left promiscuous mode
[   93.269232][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   93.280317][   T80] batman_adv: batadv0: Removing interface: batadv_slave_0
[   93.290619][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   93.299636][   T80] batman_adv: batadv0: Removing interface: batadv_slave_1
[   93.326575][   T80] veth1_macvtap: left promiscuous mode
[   93.332156][   T80] veth0_macvtap: left promiscuous mode
[   93.341564][   T80] veth1_vlan: left promiscuous mode
[   93.349939][   T80] veth0_vlan: left promiscuous mode
[   93.962990][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   94.076615][ T5280] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   94.173075][ T5243] Bluetooth: hci2: command 0x0419 tx timeout
[   94.195352][   T80] team0 (unregistering): Port device team_slave_1 removed
[   94.233203][ T5280] usb 5-1: Using ep0 maxpacket: 16
[   94.250345][ T5280] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   94.270901][ T5280] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   94.281914][ T5280] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40
[   94.291074][ T5280] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.325255][ T5280] usb 5-1: config 0 descriptor??
[   94.336064][   T80] team0 (unregistering): Port device team_slave_0 removed
[   94.743028][ T5239] Bluetooth: hci3: command tx timeout
[   94.743325][ T5280] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[   94.772213][ T5280] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[   94.799399][ T5280] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[   94.852561][ T5280] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[   94.867058][ T5280] cp2112 0003:10C4:EA90.0003: unknown main item tag 0x0
[   94.948755][ T5280] cp2112 0003:10C4:EA90.0003: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0
[   95.024219][ T5280] cp2112 0003:10C4:EA90.0003: Part Number: 0x00 Device Version: 0x00
[   95.409216][ T5901] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   95.447037][ T5780] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   95.545443][ T5780] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   95.630864][ T5901] team0: Port device team_slave_0 added
[   95.639257][ T5780] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   95.669623][ T5901] team0: Port device team_slave_1 added
[   95.685676][ T5280] cp2112 0003:10C4:EA90.0003: error reading lock byte: -71
[   95.693598][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   95.742819][ T5280] usb 5-1: USB disconnect, device number 3
[   95.780180][ T5780] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   95.880340][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_0
[   95.887719][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   95.916734][ T5901] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   95.971096][ T5901] batman_adv: batadv0: Adding interface: batadv_slave_1
[   95.978900][ T5901] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   96.006657][ T5901] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   96.150707][ T5901] hsr_slave_0: entered promiscuous mode
[   96.169699][ T5901] hsr_slave_1: entered promiscuous mode
[   96.176171][ T5901] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   96.190331][ T5901] Cannot create hsr debugfs directory
[   96.252922][ T5239] Bluetooth: hci2: command 0x0419 tx timeout
[   96.407148][ T5780] 8021q: adding VLAN 0 to HW filter on device bond0
[   96.424624][ T5992] loop0: detected capacity change from 0 to 40427
[   96.445731][ T5992] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x1fffff
[   96.452229][ T5998] loop4: detected capacity change from 0 to 1024
[   96.460188][ T5780] 8021q: adding VLAN 0 to HW filter on device team0
[   96.468483][ T5992] F2FS-fs (loop0): Image doesn't support compression
[   96.479349][ T5992] F2FS-fs (loop0): Image doesn't support compression
[   96.486302][ T5992] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x4
[   96.509416][ T5992] F2FS-fs (loop0): invalid crc value
[   96.520440][ T5992] F2FS-fs (loop0): Found nat_bits in checkpoint
[   96.523295][ T5280] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   96.552468][ T2921] bridge0: port 1(bridge_slave_0) entered blocking state
[   96.559611][ T2921] bridge0: port 1(bridge_slave_0) entered forwarding state
[   96.578268][   T11] hfsplus: b-tree write err: -5, ino 4
[   96.585730][ T2921] bridge0: port 2(bridge_slave_1) entered blocking state
[   96.592990][ T2921] bridge0: port 2(bridge_slave_1) entered forwarding state
[   96.622316][ T5992] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   96.722474][ T5227] syz-executor: attempt to access beyond end of device
[   96.722474][ T5227] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   96.722497][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   96.746927][ T5227] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[   96.769250][ T5280] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   96.798533][ T6006] loop4: detected capacity change from 0 to 128
[   96.814165][ T5280] usb 3-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[   96.824156][ T5239] Bluetooth: hci3: command tx timeout
[   96.844489][ T5280] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.874435][ T5280] usb 3-1: config 0 descriptor??
[   96.993095][ T5780] 8021q: adding VLAN 0 to HW filter on device batadv0
[   97.032216][ T5780] veth0_vlan: entered promiscuous mode
[   97.047670][ T5780] veth1_vlan: entered promiscuous mode
[   97.069129][ T5780] veth0_macvtap: entered promiscuous mode
[   97.079505][ T5780] veth1_macvtap: entered promiscuous mode
[   97.093917][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.104651][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.114733][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.125435][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.135504][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   97.146076][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.157550][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_0
[   97.190092][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.200732][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.221153][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.242858][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.273351][ T5780] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   97.291894][ T5280] hid-thrustmaster 0003:044F:B65D.0004: unknown main item tag 0x0
[   97.292682][ T5780] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   97.307559][ T5280] hid-thrustmaster 0003:044F:B65D.0004: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.2-1/input0
[   97.333906][ T5780] batman_adv: batadv0: Interface activated: batadv_slave_1
[   97.339774][ T5280] hid-thrustmaster 0003:044F:B65D.0004: Wrong number of endpoints?
[   97.345477][ T5780] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   97.392859][ T5780] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   97.401599][ T5780] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   97.432870][ T5780] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   97.675039][    C1] hid-thrustmaster 0003:044F:B65D.0004: URB to get model id failed with error -71
[   97.687852][ T5280] usb 3-1: USB disconnect, device number 3
[   97.717510][  T971] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.731365][ T6013] loop0: detected capacity change from 0 to 4096
[   97.736963][ T6009] loop4: detected capacity change from 0 to 32768
[   97.738861][  T971] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.749539][ T6013] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[   97.774755][ T6009] XFS (loop4): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[   97.781230][   T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   97.791863][ T5901] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   97.800523][   T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   97.812383][ T5901] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   97.838944][ T5901] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   97.877050][ T5901] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   97.991724][ T6009] XFS (loop4): Ending clean mount
[   98.027895][ T5901] 8021q: adding VLAN 0 to HW filter on device bond0
[   98.087614][ T5901] 8021q: adding VLAN 0 to HW filter on device team0
[   98.117162][ T5228] XFS (loop4): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[   98.126675][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.133829][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   98.158744][   T35] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.165960][   T35] bridge0: port 2(bridge_slave_1) entered forwarding state
[   98.240304][ T5901] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   98.256886][ T5901] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   98.618298][ T5901] 8021q: adding VLAN 0 to HW filter on device batadv0
[   98.666960][ T6046] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[   98.701607][ T6048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.234'.
[   98.723901][ T6051] loop0: detected capacity change from 0 to 764
[   98.744204][ T5901] veth0_vlan: entered promiscuous mode
[   98.765766][ T5901] veth1_vlan: entered promiscuous mode
[   98.875430][ T5901] veth0_macvtap: entered promiscuous mode
[   98.897839][ T5239] Bluetooth: hci3: command tx timeout
[   98.910880][ T5901] veth1_macvtap: entered promiscuous mode
[   98.943924][ T6055] loop4: detected capacity change from 0 to 2048
[   98.996746][ T5901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.015060][ T5281] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   99.030157][ T5901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.051969][ T5901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.070368][ T5901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.080303][ T5901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.091357][ T5901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.101917][ T5901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   99.112596][ T5901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.130096][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.158111][ T5901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   99.173522][ T5901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.184517][ T5281] usb 3-1: Using ep0 maxpacket: 8
[   99.192774][ T5901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   99.206590][ T5281] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[   99.212681][ T5901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.246291][ T5281] usb 3-1: New USB device found, idVendor=eb1a, idProduct=a316, bcdDevice=d5.48
[   99.255310][ T6064] loop1: detected capacity change from 0 to 128
[   99.262018][ T5901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   99.262827][ T5281] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.282918][ T5901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.299592][ T5901] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   99.310563][ T5281] usb 3-1: Product: syz
[   99.320531][ T5281] usb 3-1: Manufacturer: syz
[   99.326237][ T5281] usb 3-1: SerialNumber: syz
[   99.345824][ T5281] usb 3-1: config 0 descriptor??
[   99.349134][ T5901] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   99.357450][ T5281] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (eb1a:a316, interface 0, class 0)
[   99.370596][ T5281] em28xx 3-1:0.0: Video interface 0 found:
[   99.384183][ T5901] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.451712][ T5901] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.462825][ T5901] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.471553][ T5901] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.482746][ T5901] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.659683][   T80] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.666276][  T971] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   99.675644][  T971] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.708817][   T80] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   99.721897][ T6060] loop0: detected capacity change from 0 to 32768
[   99.812891][ T5281] em28xx 3-1:0.0: unknown em28xx chip ID (0)
[   99.870134][ T6076] capability: warning: `syz.3.185' uses 32-bit capabilities (legacy support in use)
[   99.917782][ T5281] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[   99.943019][ T5281] em28xx 3-1:0.0: board has no eeprom
[  100.022821][ T5281] em28xx 3-1:0.0: Identified as Kworld PlusTV HD Hybrid 330 (card=57)
[  100.082852][ T5281] em28xx 3-1:0.0: analog set to bulk mode.
[  100.089089][   T57] em28xx 3-1:0.0: Registering V4L2 extension
[  100.143198][ T5281] usb 3-1: USB disconnect, device number 4
[  100.173931][ T5281] em28xx 3-1:0.0: Disconnecting em28xx
[  100.318530][   T57] em28xx 3-1:0.0: Config register raw data: 0xffffffed
[  100.330125][   T57] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[  100.342765][   T57] em28xx 3-1:0.0: No AC97 audio processor
[  100.348539][   T57] em28xx 3-1:0.0: em28xx_v4l2_init: Error while setting audio - error [-19]!
[  100.357743][   T57] em28xx 3-1:0.0: Binding DVB extension
[  100.363813][   T57] em28xx 3-1:0.0: no endpoint for DVB mode and transfer type 0
[  100.371382][   T57] em28xx 3-1:0.0: failed to pre-allocate USB transfer buffers for DVB.
[  100.379753][   T57] em28xx 3-1:0.0: Remote control support is not available for this card.
[  100.393078][ T5281] em28xx 3-1:0.0: Closing input extension
[  100.438498][ T5281] em28xx 3-1:0.0: Freeing device
[  100.834444][ T6066] loop4: detected capacity change from 0 to 40427
[  100.865018][ T6066] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  100.879524][ T6100] loop3: detected capacity change from 0 to 256
[  100.892973][ T6066] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  100.926781][ T6066] F2FS-fs (loop4): invalid crc value
[  100.940957][ T6100] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000e8a4, chksum : 0xe00de75b, utbl_chksum : 0xe619d30d)
[  100.962826][ T6066] F2FS-fs (loop4): Found nat_bits in checkpoint
[  101.027963][ T6106] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  101.036505][ T6075] loop1: detected capacity change from 0 to 40427
[  101.048666][ T6075] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[  101.073912][ T6075] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  101.111720][ T6075] F2FS-fs (loop1): invalid crc value
[  101.126054][ T6066] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  101.138055][ T6075] F2FS-fs (loop1): Found nat_bits in checkpoint
[  101.142757][ T6066] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  101.287393][ T6075] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  101.302959][ T6075] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  101.403016][   T29] audit: type=1804 audit(1727766865.244:14): pid=6075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.244" name="/newroot/8/bus/file0" dev="loop1" ino=10 res=1 errno=0
[  101.491379][ T5780] syz-executor: attempt to access beyond end of device
[  101.491379][ T5780] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  101.522792][ T5281] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  101.542862][ T5780] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  101.649546][ T6121] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  101.719884][ T5281] usb 4-1: Using ep0 maxpacket: 8
[  101.728271][ T5281] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  101.744002][ T5281] usb 4-1: config 179 has no interface number 0
[  101.750500][ T5281] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  101.775592][ T5281] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  101.835454][ T5281] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  101.874581][ T5281] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  101.876515][ T6113] loop2: detected capacity change from 0 to 32768
[  101.907656][ T5281] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  101.915520][ T6113] ERROR: (device loop2): diAllocBit: iag inconsistent
[  101.915520][ T6113] 
[  101.931865][ T6113] ialloc: diAlloc returned -5!
[  101.942826][ T5281] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  101.961207][ T5281] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.000169][ T6116] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  102.163482][ T6126] loop4: detected capacity change from 0 to 512
[  102.195290][ T6126] EXT4-fs (loop4): orphan cleanup on readonly fs
[  102.209261][ T6126] EXT4-fs error (device loop4): ext4_quota_enable:7053: inode #31: comm syz.4.258: iget: special inode unallocated
[  102.265153][ T6126] EXT4-fs error (device loop4): ext4_quota_enable:7056: comm syz.4.258: Bad quota inode: 31, type: 2
[  102.281223][   T57] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input7
[  102.342950][ T6126] EXT4-fs warning (device loop4): ext4_enable_quotas:7097: Failed to enable quota tracking (type=2, err=-117, ino=31). Please run e2fsck to fix.
[  102.373039][ T6126] EXT4-fs (loop4): Cannot turn on quotas: error -117
[  102.381380][ T6126] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  102.456119][ T6126] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  102.478246][ T5312] usb 4-1: USB disconnect, device number 5
[  102.478294][    C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  102.494836][ T5312] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  102.520025][ T6126] EXT4-fs error (device loop4): ext4_quota_enable:7053: inode #31: comm syz.4.258: iget: special inode unallocated
[  102.537296][ T6126] EXT4-fs error (device loop4): ext4_quota_enable:7056: comm syz.4.258: Bad quota inode: 31, type: 2
[  102.550183][ T6126] EXT4-fs warning (device loop4): ext4_enable_quotas:7097: Failed to enable quota tracking (type=2, err=-117, ino=31). Please run e2fsck to fix.
[  102.570755][ T6135] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended
[  102.587482][ T6135] EXT4-fs error (device loop4): ext4_quota_enable:7053: inode #31: comm syz.4.258: iget: special inode unallocated
[  102.600405][ T6135] EXT4-fs error (device loop4): ext4_quota_enable:7056: comm syz.4.258: Bad quota inode: 31, type: 2
[  102.613020][ T6135] EXT4-fs warning (device loop4): ext4_enable_quotas:7097: Failed to enable quota tracking (type=2, err=-117, ino=31). Please run e2fsck to fix.
[  102.661231][ T5228] EXT4-fs error (device loop4): ext4_lookup:1817: inode #2: comm syz-executor: deleted inode referenced: 12
[  102.674763][ T5228] EXT4-fs error (device loop4): ext4_lookup:1817: inode #2: comm syz-executor: deleted inode referenced: 12
[  102.947892][ T5228] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.027619][   T80] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.147803][   T80] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.284672][   T80] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.410533][ T6151] loop1: detected capacity change from 0 to 128
[  103.481781][   T80] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.665285][ T5243] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  103.677789][ T5243] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  103.687358][ T5243] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  103.701666][ T5243] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  103.710845][ T5243] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  103.718392][ T5243] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  103.804188][ T6161] warning: `syz.2.277' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  103.927369][   T80] bridge_slave_1: left allmulticast mode
[  103.947849][   T80] bridge_slave_1: left promiscuous mode
[  103.962509][   T80] bridge0: port 2(bridge_slave_1) entered disabled state
[  103.992118][   T80] bridge_slave_0: left allmulticast mode
[  104.018011][   T80] bridge_slave_0: left promiscuous mode
[  104.032365][   T80] bridge0: port 1(bridge_slave_0) entered disabled state
[  104.054590][ T6169] loop1: detected capacity change from 0 to 2048
[  104.095935][ T6169] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.132913][ T6169] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  104.342850][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.546155][ T6181] loop0: detected capacity change from 0 to 64
[  104.593664][ T6181] hfs: bad catalog entry type 0
[  104.601405][ T6182] loop1: detected capacity change from 0 to 1024
[  104.716077][ T6182] hfsplus: bad catalog entry type
[  104.742501][ T6184] sctp: [Deprecated]: syz.0.286 (pid 6184) Use of struct sctp_assoc_value in delayed_ack socket option.
[  104.742501][ T6184] Use struct sctp_sack_info instead
[  104.759625][  T971] hfsplus: b-tree write err: -5, ino 4
[  105.066813][ T6197] kernel read not supported for file /eth0 (pid: 6197 comm: syz.1.292)
[  105.081194][ T6199] loop2: detected capacity change from 0 to 16
[  105.091161][   T29] audit: type=1800 audit(1727766868.934:15): pid=6197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.292" name="eth0" dev="mqueue" ino=10129 res=0 errno=0
[  105.111735][   T80] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  105.119175][ T6204] syz.0.294 uses obsolete (PF_INET,SOCK_PACKET)
[  105.133154][   T80] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  105.148470][   T80] bond0 (unregistering): Released all slaves
[  105.348511][ T6213] bond0: entered promiscuous mode
[  105.360843][ T6213] bond_slave_0: entered promiscuous mode
[  105.366760][ T6213] bond_slave_1: entered promiscuous mode
[  105.424751][ T6216] bond0: left promiscuous mode
[  105.433044][ T6216] bond_slave_0: left promiscuous mode
[  105.441329][ T6216] bond_slave_1: left promiscuous mode
[  105.468603][ T6218] loop2: detected capacity change from 0 to 164
[  105.483550][ T6218] rock: directory entry would overflow storage
[  105.489814][ T6218] rock: sig=0x66, size=4, remaining=3
[  105.539918][ T6218] rock: directory entry would overflow storage
[  105.561501][ T6218] rock: sig=0x66, size=4, remaining=3
[  105.669768][ T5243] Bluetooth: Wrong link type (-71)
[  105.675736][ T5243] Bluetooth: hci1: link tx timeout
[  105.682280][ T5243] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  105.693263][   T80] hsr_slave_0: left promiscuous mode
[  105.708537][   T80] hsr_slave_1: left promiscuous mode
[  105.720296][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  105.727844][   T80] batman_adv: batadv0: Removing interface: batadv_slave_0
[  105.741962][   T80] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  105.750099][   T80] batman_adv: batadv0: Removing interface: batadv_slave_1
[  105.772890][ T5239] Bluetooth: hci0: command tx timeout
[  105.780974][   T80] veth1_macvtap: left promiscuous mode
[  105.786701][   T80] veth0_macvtap: left promiscuous mode
[  105.792315][   T80] veth1_vlan: left promiscuous mode
[  105.797982][   T80] veth0_vlan: left promiscuous mode
[  106.047173][ T6238] loop3: detected capacity change from 0 to 512
[  106.077430][ T6238] EXT4-fs (loop3): 1 truncate cleaned up
[  106.095378][ T6238] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.227135][ T5901] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.398942][   T80] team0 (unregistering): Port device team_slave_1 removed
[  106.486980][   T80] team0 (unregistering): Port device team_slave_0 removed
[  106.776269][ T6249] loop3: detected capacity change from 0 to 8192
[  106.980075][ T6259] loop1: detected capacity change from 0 to 1024
[  107.008144][ T6259] EXT4-fs: Ignoring removed nomblk_io_submit option
[  107.018373][ T6259] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  107.048850][ T5232] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  107.089050][ T6259] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e854e01c, mo2=0003]
[  107.102897][ T6259] System zones: 0-1, 3-36
[  107.126174][ T6259] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.203773][ T6259] capability: warning: `syz.1.316' uses deprecated v2 capabilities in a way that may be insecure
[  107.214767][ T5232] usb 1-1: Using ep0 maxpacket: 32
[  107.226908][ T5232] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.257084][ T5232] usb 1-1: New USB device found, idVendor=08ca, idProduct=2060, bcdDevice=c6.58
[  107.275399][ T6257] loop3: detected capacity change from 0 to 32768
[  107.276774][ T5232] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.292200][ T6257] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.317 (6257)
[  107.314761][ T6257] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  107.323408][ T5232] usb 1-1: Product: syz
[  107.327078][ T6257] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  107.330675][ T5232] usb 1-1: Manufacturer: syz
[  107.339004][ T6257] BTRFS info (device loop3): using free-space-tree
[  107.342249][ T5232] usb 1-1: SerialNumber: syz
[  107.357328][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.381497][ T5232] usb 1-1: config 0 descriptor??
[  107.396175][ T5232] gspca_main: sunplus-2.14.0 probing 08ca:2060
[  107.581678][ T6160] chnl_net:caif_netlink_parms(): no params data found
[  107.774924][ T5239] Bluetooth: hci1: command 0x0406 tx timeout
[  107.849985][ T6160] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.857449][ T5243] Bluetooth: hci0: command tx timeout
[  107.863531][ T6160] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.870840][ T6160] bridge_slave_0: entered allmulticast mode
[  107.886799][ T6160] bridge_slave_0: entered promiscuous mode
[  107.895846][ T6160] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.904841][ T6160] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.912280][ T6160] bridge_slave_1: entered allmulticast mode
[  107.920408][ T6160] bridge_slave_1: entered promiscuous mode
[  107.923627][ T5901] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  108.045357][ T6160] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  108.096507][ T6160] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  108.128508][ T6293] loop2: detected capacity change from 0 to 512
[  108.241971][ T6160] team0: Port device team_slave_0 added
[  108.253793][ T6293] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  108.300056][ T6160] team0: Port device team_slave_1 added
[  108.328570][ T6293] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  108.338993][ T6300] loop3: detected capacity change from 0 to 512
[  108.346102][ T6300] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  108.378790][ T6300] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  108.416954][ T6160] batman_adv: batadv0: Adding interface: batadv_slave_0
[  108.446198][ T6300] EXT4-fs (loop3): 1 truncate cleaned up
[  108.452435][ T6160] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.462791][ T6300] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  108.501855][ T6160] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  108.516251][ T6160] batman_adv: batadv0: Adding interface: batadv_slave_1
[  108.532502][ T6160] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  108.558730][ T6160] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  108.583433][ T6293] loop2: detected capacity change from 512 to 0
[  108.653201][ T5232] gspca_sunplus: reg_w_riv err -71
[  108.658444][ T5232] sunplus 1-1:0.0: probe with driver sunplus failed with error -71
[  108.675876][ T5232] usb 1-1: USB disconnect, device number 6
[  108.680705][ T6160] hsr_slave_0: entered promiscuous mode
[  108.689099][ T5244] syz-executor: attempt to access beyond end of device
[  108.689099][ T5244] loop2: rw=12288, sector=12, nr_sectors = 4 limit=0
[  108.693854][ T5901] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.720589][ T5244] syz-executor: attempt to access beyond end of device
[  108.720589][ T5244] loop2: rw=524288, sector=140, nr_sectors = 4 limit=0
[  108.739016][ T6160] hsr_slave_1: entered promiscuous mode
[  108.774043][ T5244] syz-executor: attempt to access beyond end of device
[  108.774043][ T5244] loop2: rw=524288, sector=144, nr_sectors = 4 limit=0
[  108.854763][ T5244] syz-executor: attempt to access beyond end of device
[  108.854763][ T5244] loop2: rw=12288, sector=136, nr_sectors = 4 limit=0
[  108.891805][ T5244] EXT4-fs error (device loop2): ext4_get_inode_loc:4541: inode #2: block 34: comm syz-executor: unable to read itable block
[  108.925824][ T5244] syz-executor: attempt to access beyond end of device
[  108.925824][ T5244] loop2: rw=145409, sector=0, nr_sectors = 4 limit=0
[  108.954112][ T5244] Buffer I/O error on dev loop2, logical block 0, lost sync page write
[  108.962438][ T5244] EXT4-fs (loop2): I/O error while writing superblock
[  108.984727][ T5244] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5780: IO failure
[  108.994691][ T5244] syz-executor: attempt to access beyond end of device
[  108.994691][ T5244] loop2: rw=145409, sector=0, nr_sectors = 4 limit=0
[  109.019677][ T5244] Buffer I/O error on dev loop2, logical block 0, lost sync page write
[  109.032041][ T5244] EXT4-fs (loop2): I/O error while writing superblock
[  109.039187][ T5244] EXT4-fs error (device loop2): ext4_dirty_inode:5984: inode #2: comm syz-executor: mark_inode_dirty error
[  109.051080][ T5244] syz-executor: attempt to access beyond end of device
[  109.051080][ T5244] loop2: rw=145409, sector=0, nr_sectors = 4 limit=0
[  109.066595][ T5244] Buffer I/O error on dev loop2, logical block 0, lost sync page write
[  109.094171][ T5244] EXT4-fs (loop2): I/O error while writing superblock
[  109.102832][ T5311] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  109.158413][   T80] kworker/u8:4: attempt to access beyond end of device
[  109.158413][   T80] loop2: rw=524288, sector=140, nr_sectors = 4 limit=0
[  109.172411][   T80] kworker/u8:4: attempt to access beyond end of device
[  109.172411][   T80] loop2: rw=524288, sector=144, nr_sectors = 4 limit=0
[  109.206183][   T80] kworker/u8:4: attempt to access beyond end of device
[  109.206183][   T80] loop2: rw=12288, sector=136, nr_sectors = 4 limit=0
[  109.242732][   T80] EXT4-fs error (device loop2): __ext4_get_inode_loc_noinmem:4526: inode #2: block 34: comm kworker/u8:4: unable to read itable block
[  109.282920][ T5311] usb 4-1: Using ep0 maxpacket: 8
[  109.292165][   T80] Buffer I/O error on dev loop2, logical block 0, lost sync page write
[  109.324050][ T5311] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  109.332086][ T5311] usb 4-1: config 0 has no interface number 0
[  109.338982][   T80] EXT4-fs (loop2): I/O error while writing superblock
[  109.352863][ T5311] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  109.363758][ T6098] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  109.400417][ T5311] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  109.419576][ T6098] Buffer I/O error on dev loop2, logical block 0, lost sync page write
[  109.420822][ T6160] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  109.433427][ T6313] loop1: detected capacity change from 0 to 32768
[  109.440582][ T5311] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.442458][ T6098] EXT4-fs (loop2): I/O error while writing superblock
[  109.458431][ T6313] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.330 (6313)
[  109.463681][ T5311] usb 4-1: config 0 descriptor??
[  109.478982][ T6294] Buffer I/O error on dev loop2, logical block 12, lost sync page write
[  109.480908][ T6313] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  109.496003][ T5311] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  109.499071][ T6313] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  109.510509][ T6160] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  109.517755][ T6313] BTRFS info (device loop1): using free-space-tree
[  109.539578][ T5232] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  109.558813][ T6160] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  109.601135][ T6160] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  109.671624][ T6160] 8021q: adding VLAN 0 to HW filter on device bond0
[  109.692369][ T6160] 8021q: adding VLAN 0 to HW filter on device team0
[  109.709148][   T80] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.716323][   T80] bridge0: port 1(bridge_slave_0) entered forwarding state
[  109.717671][ T5280] usb 4-1: USB disconnect, device number 6
[  109.736303][ T5232] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  109.745428][ T5280] iowarrior 4-1:0.1: I/O-Warror #0 now disconnected
[  109.748723][ T5232] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  109.765688][ T5232] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  109.782239][ T5232] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  109.791408][ T5232] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  109.800432][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.807563][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  109.815340][   T29] audit: type=1804 audit(1727766873.654:16): pid=6313 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.330" name="/newroot/29/file0/file1" dev="loop1" ino=260 res=1 errno=0
[  109.854991][ T5232] usb 1-1: config 0 descriptor??
[  109.931341][   T35] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  109.945748][ T5243] Bluetooth: hci0: command tx timeout
[  109.953913][ T5780] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  110.108243][   T35] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.284056][   T35] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.308712][ T5232] acrux 0003:1A34:0802.0005: unknown main item tag 0x0
[  110.322966][ T5232] acrux 0003:1A34:0802.0005: unknown main item tag 0x0
[  110.329884][ T5232] acrux 0003:1A34:0802.0005: unknown main item tag 0x0
[  110.363722][ T5232] acrux 0003:1A34:0802.0005: unknown main item tag 0x0
[  110.370648][ T5232] acrux 0003:1A34:0802.0005: unknown main item tag 0x0
[  110.420735][ T5232] acrux 0003:1A34:0802.0005: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0
[  110.447631][   T35] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  110.458530][ T5232] acrux 0003:1A34:0802.0005: no inputs found
[  110.473165][ T5232] acrux 0003:1A34:0802.0005: Failed to enable force feedback support, error: -19
[  110.506106][ T5239] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  110.516568][ T5239] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  110.528203][ T5239] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  110.537479][ T5239] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  110.546548][ T5239] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  110.554067][ T5239] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  110.586417][ T5232] usb 1-1: USB disconnect, device number 7
[  110.653215][ T5280] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  110.677723][   T35] bridge_slave_1: left allmulticast mode
[  110.683648][   T35] bridge_slave_1: left promiscuous mode
[  110.690283][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  110.698911][   T35] bridge_slave_0: left allmulticast mode
[  110.705099][   T35] bridge_slave_0: left promiscuous mode
[  110.712568][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  110.827335][ T5280] usb 4-1: config 0 has no interfaces?
[  110.841404][ T5280] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  110.869770][ T5280] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  110.886059][ T5280] usb 4-1: config 0 descriptor??
[  111.066873][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.080241][   T35] bond0 (unregistering): Released all slaves
[  111.119550][   T57] usb 4-1: USB disconnect, device number 7
[  111.130751][ T6160] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.346908][ T6338] chnl_net:caif_netlink_parms(): no params data found
[  111.503524][   T35] hsr_slave_0: left promiscuous mode
[  111.511605][   T35] hsr_slave_1: left promiscuous mode
[  111.527780][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  111.549382][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  111.566134][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  111.582612][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  111.636174][   T35] veth1_macvtap: left promiscuous mode
[  111.641751][   T35] veth0_macvtap: left promiscuous mode
[  111.655137][   T35] veth1_vlan: left promiscuous mode
[  111.660465][   T35] veth0_vlan: left promiscuous mode
[  111.710816][ T6369] loop1: detected capacity change from 0 to 512
[  111.728630][ T6371] loop3: detected capacity change from 0 to 16
[  111.740208][ T6371] erofs: (device loop3): mounted with root inode @ nid 36.
[  111.744223][ T6369] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  111.767088][ T6371] erofs: (device loop3): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  111.770785][ T6369] UDF-fs: Scanning with blocksize 512 failed
[  111.779345][ T6371] erofs: (device loop3): z_erofs_read_folio: read error -5 @ 0 of nid 36
[  111.792126][ T6371] erofs: (device loop3): erofs_readdir: fail to readdir of logical block 0 of nid 36
[  111.810321][ T6369] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  111.836606][ T6369] UDF-fs: Scanning with blocksize 1024 failed
[  111.855567][ T6369] UDF-fs: warning (device loop1): udf_load_vrs: No VRS found
[  111.872020][ T6369] UDF-fs: Scanning with blocksize 2048 failed
[  111.880130][ T6369] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  111.901181][ T6369] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  112.022784][ T5239] Bluetooth: hci0: command tx timeout
[  112.121689][ T6375] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  112.150584][ T6375] overlayfs: failed to set xattr on upper
[  112.158038][ T6375] overlayfs: ...falling back to redirect_dir=nofollow.
[  112.171018][ T6375] overlayfs: ...falling back to uuid=null.
[  112.179134][ T6375] overlayfs: maximum fs stacking depth exceeded
[  112.205354][ T6377] loop1: detected capacity change from 0 to 4096
[  112.227822][ T6377] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512).
[  112.295424][ T6379] netlink: 4272 bytes leftover after parsing attributes in process `syz.3.347'.
[  112.312517][ T6379] netlink: 'syz.3.347': attribute type 2 has an invalid length.
[  112.322179][ T6377] ntfs3: loop1: ino=4, Correct links count -> 2.
[  112.328721][ T6379] netlink: 'syz.3.347': attribute type 2 has an invalid length.
[  112.352276][ T6377] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  112.372855][ T6377] ntfs3: loop1: Failed to load $AttrDef (-22)
[  112.398949][ T6381] Driver unsupported XDP return value 0 on prog  (id 46) dev N/A, expect packet loss!
[  112.553033][   T35] team0 (unregistering): Port device team_slave_1 removed
[  112.600411][   T35] team0 (unregistering): Port device team_slave_0 removed
[  112.662887][ T5239] Bluetooth: hci4: command tx timeout
[  112.713772][ T5311] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  112.862865][ T5311] usb 4-1: Using ep0 maxpacket: 16
[  112.875500][ T5311] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  112.891257][ T5311] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.899844][ T5311] usb 4-1: Product: syz
[  112.921299][ T5311] usb 4-1: Manufacturer: syz
[  112.929850][ T5311] usb 4-1: SerialNumber: syz
[  112.939812][ T5311] usb 4-1: config 0 descriptor??
[  112.951640][ T5311] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  113.216678][ T6338] bridge0: port 1(bridge_slave_0) entered blocking state
[  113.225434][ T6338] bridge0: port 1(bridge_slave_0) entered disabled state
[  113.232959][ T6338] bridge_slave_0: entered allmulticast mode
[  113.240405][ T6338] bridge_slave_0: entered promiscuous mode
[  113.251557][ T6338] bridge0: port 2(bridge_slave_1) entered blocking state
[  113.258930][ T6338] bridge0: port 2(bridge_slave_1) entered disabled state
[  113.266375][ T6338] bridge_slave_1: entered allmulticast mode
[  113.276015][ T6338] bridge_slave_1: entered promiscuous mode
[  113.372110][ T6160] veth0_vlan: entered promiscuous mode
[  113.409533][ T6338] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  113.448372][ T6338] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  113.536087][ T6160] veth1_vlan: entered promiscuous mode
[  113.627257][ T6338] team0: Port device team_slave_0 added
[  113.644190][ T6338] team0: Port device team_slave_1 added
[  113.702240][ T6338] batman_adv: batadv0: Adding interface: batadv_slave_0
[  113.716952][ T6404] loop0: detected capacity change from 0 to 2048
[  113.721612][ T6338] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.753234][ T6338] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  113.776393][ T6338] batman_adv: batadv0: Adding interface: batadv_slave_1
[  113.785018][ T6338] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  113.823732][ T6404] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.835966][ T6338] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  113.891909][ T6338] hsr_slave_0: entered promiscuous mode
[  113.914806][ T6338] hsr_slave_1: entered promiscuous mode
[  113.921503][ T6338] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  113.943648][ T6338] Cannot create hsr debugfs directory
[  113.957665][ T5227] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.029533][ T6160] veth0_macvtap: entered promiscuous mode
[  114.060370][ T6160] veth1_macvtap: entered promiscuous mode
[  114.195485][ T5311] ssu100 4-1:0.0: probe with driver ssu100 failed with error -71
[  114.207788][ T5311] usb 4-1: USB disconnect, device number 8
[  114.280983][ T6418] loop1: detected capacity change from 0 to 16
[  114.289946][ T6160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.304983][ T6418] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  114.308147][ T6160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.322534][ T6160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.339254][ T6160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.349553][ T6160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  114.365859][ T6160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.378774][ T6160] batman_adv: batadv0: Interface activated: batadv_slave_0
[  114.407251][ T6160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.420198][ T6160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.432228][ T6160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.442787][ T6160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.456342][ T6160] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.469119][ T6160] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.484375][ T6160] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.506120][ T6160] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.520072][ T6160] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.541145][ T6160] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.560050][ T6160] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.719703][   T51] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.742163][   T51] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.742690][ T5239] Bluetooth: hci4: command tx timeout
[  114.783859][ T6416] loop0: detected capacity change from 0 to 40427
[  114.798177][ T2921] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.829998][ T6416] F2FS-fs (loop0): Found nat_bits in checkpoint
[  114.830041][ T2921] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.847855][ T6426] loop3: detected capacity change from 0 to 24
[  114.940609][ T6416] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  115.011558][ T6338] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  115.034328][ T6338] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  115.052252][ T6338] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  115.073988][ T6338] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  115.192461][ T6338] 8021q: adding VLAN 0 to HW filter on device bond0
[  115.234949][ T6338] 8021q: adding VLAN 0 to HW filter on device team0
[  115.261215][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[  115.268371][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[  115.302052][   T51] bridge0: port 2(bridge_slave_1) entered blocking state
[  115.309233][   T51] bridge0: port 2(bridge_slave_1) entered forwarding state
[  115.391042][ T6434] loop4: detected capacity change from 0 to 16
[  115.430812][ T6434] erofs: (device loop4): mounted with root inode @ nid 36.
[  115.509575][ T6440] Zero length message leads to an empty skb
[  115.701324][ T6338] 8021q: adding VLAN 0 to HW filter on device batadv0
[  115.723392][   T57] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  115.771979][ T6338] veth0_vlan: entered promiscuous mode
[  115.783483][ T6338] veth1_vlan: entered promiscuous mode
[  115.797522][ T6446] loop4: detected capacity change from 0 to 4096
[  115.823098][ T6338] veth0_macvtap: entered promiscuous mode
[  115.831831][ T6338] veth1_macvtap: entered promiscuous mode
[  115.846413][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  115.857397][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  115.867274][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  115.877828][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  115.888578][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  115.899936][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  115.902793][   T57] usb 1-1: Using ep0 maxpacket: 32
[  115.910000][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  115.925485][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  115.929290][   T57] usb 1-1: config 0 has an invalid interface number: 67 but max is 0
[  115.936814][ T6338] batman_adv: batadv0: Interface activated: batadv_slave_0
[  115.972221][   T57] usb 1-1: config 0 has no interface number 0
[  115.991852][   T57] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  116.009421][   T57] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.009642][ T6432] loop3: detected capacity change from 0 to 32768
[  116.020421][   T57] usb 1-1: Product: syz
[  116.026893][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.039730][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.040731][   T57] usb 1-1: Manufacturer: syz
[  116.049643][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.049670][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.049685][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.049698][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.049713][ T6338] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  116.049726][ T6338] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  116.050935][ T6338] batman_adv: batadv0: Interface activated: batadv_slave_1
[  116.084978][   T57] usb 1-1: SerialNumber: syz
[  116.088312][ T6338] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  116.137541][ T6338] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  116.146371][ T6338] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  116.155096][ T6338] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  116.162865][ T5281] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  116.180847][   T57] usb 1-1: config 0 descriptor??
[  116.202427][ T6432] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  116.212901][   T57] smsc95xx v2.0.0
[  116.317942][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.327984][   T80] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  116.336765][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.345934][   T80] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  116.353602][ T6432] XFS (loop3): Ending clean mount
[  116.354484][ T5281] usb 2-1: Using ep0 maxpacket: 8
[  116.395715][ T5281] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  116.407679][ T6432] XFS (loop3): Quotacheck needed: Please wait.
[  116.414246][ T5281] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.424852][ T5281] usb 2-1: Product: syz
[  116.429085][ T5281] usb 2-1: Manufacturer: syz
[  116.437066][ T5281] usb 2-1: SerialNumber: syz
[  116.460733][ T5281] usb 2-1: config 0 descriptor??
[  116.478696][ T5281] gspca_main: sq905-2.14.0 probing 2770:9120
[  116.517810][ T6432] XFS (loop3): Quotacheck: Done.
[  116.813557][ T5239] Bluetooth: hci4: command tx timeout
[  116.879899][ T5901] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  117.250153][ T6489] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  117.472273][   T57] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71
[  117.492973][   T57] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD
[  117.512887][ T5281] gspca_sq905: bulk read fail (-22) len 0/4
[  117.518888][ T5281] sq905 2-1:0.0: probe with driver sq905 failed with error -5
[  117.529285][   T57] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71
[  117.555000][   T57] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71
[  117.569762][   T57] usb 1-1: USB disconnect, device number 8
[  117.646015][ T6487] loop4: detected capacity change from 0 to 32768
[  117.665422][ T6487] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.377 (6487)
[  117.723292][ T6487] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  117.746696][   T57] usb 2-1: USB disconnect, device number 3
[  117.761922][ T6487] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  117.791995][ T6491] loop2: detected capacity change from 0 to 32768
[  117.800282][ T6487] BTRFS info (device loop4): using free-space-tree
[  117.861426][ T6491] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  117.896576][ T6491] XFS (loop2): Ending clean mount
[  117.988763][ T6338] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  118.093578][ T6160] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  118.327834][   T29] audit: type=1326 audit(1727766882.154:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19de77dff9 code=0x7ffc0000
[  118.372738][   T29] audit: type=1326 audit(1727766882.154:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19de77dff9 code=0x7ffc0000
[  118.422856][   T29] audit: type=1326 audit(1727766882.154:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7f19de77dff9 code=0x7ffc0000
[  118.465478][   T29] audit: type=1326 audit(1727766882.154:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19de77dff9 code=0x7ffc0000
[  118.512017][   T29] audit: type=1326 audit(1727766882.154:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19de77dff9 code=0x7ffc0000
[  118.555189][ T6531] loop0: detected capacity change from 0 to 256
[  118.560294][   T29] audit: type=1326 audit(1727766882.174:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f19de77dff9 code=0x7ffc0000
[  118.589113][   T29] audit: type=1326 audit(1727766882.174:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19de77dff9 code=0x7ffc0000
[  118.611322][   T29] audit: type=1326 audit(1727766882.174:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19de77dff9 code=0x7ffc0000
[  118.613012][  T937] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  118.633470][   T29] audit: type=1326 audit(1727766882.174:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f19de77c990 code=0x7ffc0000
[  118.633509][   T29] audit: type=1326 audit(1727766882.174:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6521 comm="syz.3.373" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f19de77dbfb code=0x7ffc0000
[  118.784402][ T6531] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  118.901657][ T5239] Bluetooth: hci4: command tx timeout
[  118.925988][  T937] usb 4-1: config 0 has no interfaces?
[  118.931530][  T937] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47
[  118.941361][  T937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.962024][  T937] usb 4-1: config 0 descriptor??
[  119.076358][ T6532] loop1: detected capacity change from 0 to 32768
[  119.097253][ T5280] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  119.126182][ T6532] find_entry called with index = 0
[  119.143252][ T6532] find_entry called with index = 0
[  119.148571][ T6546] loop2: detected capacity change from 0 to 256
[  119.159676][ T6532] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 1
[  119.159676][ T6532] 
[  119.176162][ T6532] ERROR: (device loop1): remounting filesystem as read-only
[  119.183651][ T6532] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 4
[  119.183651][ T6532] 
[  119.199070][ T6532] ERROR: (device loop1): jfs_readdir: JFS:Dtree error: ino = 2, bn=0, index = 5
[  119.199070][ T6532] 
[  119.258013][ T5280] usb 5-1: config 0 has an invalid interface number: 18 but max is 0
[  119.267073][ T5280] usb 5-1: config 0 has no interface number 0
[  119.272904][    T8] usb 4-1: USB disconnect, device number 9
[  119.282559][ T5280] usb 5-1: config 0 interface 18 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  119.305259][ T5280] usb 5-1: config 0 interface 18 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  119.324733][ T5280] usb 5-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10
[  119.334361][ T5280] usb 5-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  119.342443][ T5280] usb 5-1: Manufacturer: syz
[  119.349379][ T5280] usb 5-1: config 0 descriptor??
[  119.496913][ T6557] loop0: detected capacity change from 0 to 256
[  119.518641][ T6557] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x4fb01312, utbl_chksum : 0xe619d30d)
[  120.041891][ T6563] loop1: detected capacity change from 0 to 32768
[  120.049631][ T6563] XFS: ikeep mount option is deprecated.
[  120.076153][ T5280] input: syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.18/0003:054C:03D5.0006/input/input8
[  120.099372][ T6563] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  121.158035][ T5280] sony 0003:054C:03D5.0006: input,hidraw0: USB HID v0.00 Joystick [syz] on usb-dummy_hcd.4-1/input18
[  121.313304][ T5280] usb 5-1: reset high-speed USB device number 4 using dummy_hcd
[  121.640842][ T6563] XFS (loop1): Ending clean mount
[  121.648619][ T6563] XFS (loop1): Quotacheck needed: Please wait.
[  121.932056][ T6563] XFS (loop1): Quotacheck: Done.
[  122.006052][ T5780] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  122.189713][ T6598] loop3: detected capacity change from 0 to 4096
[  122.211504][ T6598] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  122.271142][ T6598] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  122.292280][ T6598] ntfs3: loop3: Failed to load $Extend (-22).
[  122.303279][ T6598] ntfs3: loop3: Failed to initialize $Extend.
[  122.696673][ T6614] Bluetooth: MGMT ver 1.23
[  122.767856][ T5281] usb 5-1: USB disconnect, device number 4
[  122.825289][ T6622] loop4: detected capacity change from 0 to 1024
[  122.835160][ T6622] hfsplus: Bad value for 'session'
[  122.921694][ T6622] loop4: detected capacity change from 0 to 2048
[  122.944399][ T6622] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  122.957899][ T6622] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  123.020668][ T6630] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  123.148401][ T6638] loop4: detected capacity change from 0 to 1024
[  123.170564][ T6638] EXT4-fs: Ignoring removed nomblk_io_submit option
[  123.194564][ T6638] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  123.228177][ T6638] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=6840c02c, mo2=0003]
[  123.238842][ T6638] System zones: 0-1, 3-36
[  123.247395][ T6638] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  123.472149][ T6656] loop3: detected capacity change from 0 to 1024
[  123.501154][ T6656] hfsplus: wrong filesystem version
[  123.510794][ T6660] loop0: detected capacity change from 0 to 64
[  123.611262][ T6663] netlink: 168 bytes leftover after parsing attributes in process `syz.1.436'.
[  123.765471][ T6160] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  123.892350][ T6678] loop3: detected capacity change from 0 to 512
[  123.910184][ T6680] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  123.953056][ T6678] __quota_error: 27 callbacks suppressed
[  123.953076][ T6678] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  123.989905][ T6678] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  124.011450][ T6678] EXT4-fs error (device loop3): ext4_acquire_dquot:6879: comm syz.3.442: Failed to acquire dquot type 1
[  124.039819][ T6678] EXT4-fs (loop3): 1 truncate cleaned up
[  124.047756][ T6678] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  124.061788][ T6678] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  124.102933][   T25] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  124.170246][ T5901] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.216299][ T6672] loop1: detected capacity change from 0 to 32768
[  124.229711][ T6672] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.439 (6672)
[  124.253220][ T5239] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  124.266614][   T25] usb 1-1: Using ep0 maxpacket: 32
[  124.273554][ T5281] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  124.281976][ T6672] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  124.293690][ T6672] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  124.302523][ T6672] BTRFS info (device loop1): using free-space-tree
[  124.351683][   T25] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36
[  124.376137][   T25] usb 1-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  124.392710][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  124.402868][   T25] usb 1-1: Product: syz
[  124.407059][   T25] usb 1-1: Manufacturer: syz
[  124.411658][   T25] usb 1-1: SerialNumber: syz
[  124.419332][   T25] usb 1-1: config 0 descriptor??
[  124.427899][ T6676] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  124.436176][   T25] hub 1-1:0.0: bad descriptor, ignoring hub
[  124.442124][   T25] hub 1-1:0.0: probe with driver hub failed with error -5
[  124.452943][   T25] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input9
[  124.472038][ T5281] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  124.488448][ T5281] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  124.500154][ T5281] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  124.510427][ T5281] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  124.523811][ T5281] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  124.536959][ T5281] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.548063][ T5281] usb 5-1: config 0 descriptor??
[  124.601318][ T5780] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  124.682561][ T5280] usb 1-1: USB disconnect, device number 9
[  124.682629][    C1] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  124.784147][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  124.963591][   T29] audit: type=1326 audit(1727766888.814:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587617dff9 code=0x7ffc0000
[  125.011953][   T29] audit: type=1326 audit(1727766888.834:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587617dff9 code=0x7ffc0000
[  125.022706][ T5281] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  125.063457][ T5281] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  125.101411][   T29] audit: type=1326 audit(1727766888.834:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.1.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f587617dff9 code=0x7ffc0000
[  125.103323][ T5281] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  125.168757][ T6686] loop3: detected capacity change from 0 to 32768
[  125.184305][   T29] audit: type=1326 audit(1727766888.834:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587617dff9 code=0x7ffc0000
[  125.221252][   T29] audit: type=1326 audit(1727766888.834:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587617dff9 code=0x7ffc0000
[  125.251033][   T29] audit: type=1326 audit(1727766888.834:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f587617dff9 code=0x7ffc0000
[  125.258813][ T6686] bio_check_eod: 6 callbacks suppressed
[  125.258830][ T6686] syz.3.445: attempt to access beyond end of device
[  125.258830][ T6686] loop14: rw=0, sector=8, nr_sectors = 8 limit=0
[  125.322748][ T6686] lbmIODone: I/O error in JFS log
[  125.328525][ T6686] *** Log Format Error ! ***
[  125.329312][   T29] audit: type=1326 audit(1727766888.834:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587617dff9 code=0x7ffc0000
[  125.356069][ T6686] lmLogInit: exit(-22)
[  125.362499][ T6686] lmLogOpen: exit(-22)
[  125.369928][   T29] audit: type=1326 audit(1727766888.834:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f587617dff9 code=0x7ffc0000
[  125.370004][   T25] usb 5-1: USB disconnect, device number 5
[  125.946886][ T6713] loop1: detected capacity change from 0 to 40427
[  125.960663][ T6713] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  125.968680][ T6713] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  125.996908][ T6713] F2FS-fs (loop1): Found nat_bits in checkpoint
[  126.112134][ T6713] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  126.121733][ T6713] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  126.201752][ T6713] syz.1.451: attempt to access beyond end of device
[  126.201752][ T6713] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  126.225179][ T6713] syz.1.451: attempt to access beyond end of device
[  126.225179][ T6713] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  126.648066][ T6721] loop3: detected capacity change from 0 to 32768
[  126.730832][ T6721] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  126.731279][ T6720] loop2: detected capacity change from 0 to 40427
[  126.777578][ T6720] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  126.800462][ T6720] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  126.840084][ T6720] F2FS-fs (loop2): Found nat_bits in checkpoint
[  126.931952][ T6720] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  126.953282][ T6720] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  126.962577][ T6721] XFS (loop3): Ending clean mount
[  126.977848][ T6721] XFS (loop3): Quotacheck needed: Please wait.
[  127.027154][ T6721] XFS (loop3): Quotacheck: Done.
[  127.090022][ T5901] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  127.106178][ T6770] loop0: detected capacity change from 0 to 16
[  127.115701][ T6770] erofs: (device loop0): mounted with root inode @ nid 36.
[  127.358266][ T6778] process 'syz.4.474' launched './file0' with NULL argv: empty string added
[  127.558803][ T6789] vivid-002: disconnect
[  127.573437][ T6783] vivid-002: reconnect
[  127.664881][ T5227] erofs: (device loop0): erofs_fill_dentries: bogus dirent @ nid 46
[  127.712217][ T5227] erofs: (device loop0): erofs_readdir: invalid de[0].nameoff 0 @ nid 89
[  127.766141][ T5227] erofs: (device loop0): erofs_readdir: invalid de[0].nameoff 0 @ nid 89
[  127.789892][ T6792] sg_write: data in/out 52/2 bytes for SCSI command 0x0-- guessing data in;
[  127.789892][ T6792]    program syz.3.478 not setting count and/or reply_len properly
[  127.829338][ T6797] loop2: detected capacity change from 0 to 512
[  127.842844][ T6797] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  127.889878][ T6799] loop0: detected capacity change from 0 to 8
[  127.948001][ T6799] SQUASHFS error: Failed to read block 0x4e8: -5
[  127.966652][ T6797] EXT4-fs (loop2): 1 truncate cleaned up
[  127.993697][ T6797] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  128.200464][ T6338] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.438945][ T6803] loop1: detected capacity change from 0 to 32768
[  128.463781][ T6814] loop2: detected capacity change from 0 to 512
[  128.474364][ T6803] XFS: ikeep mount option is deprecated.
[  128.490259][ T6803] XFS: noikeep mount option is deprecated.
[  128.517901][ T6814] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  128.551434][ T6817] loop4: detected capacity change from 0 to 256
[  128.572475][ T6817] exfat: Deprecated parameter 'utf8'
[  128.593106][ T6803] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  128.624815][ T6817] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x0ec8ca35, utbl_chksum : 0xe619d30d)
[  128.644671][ T6338] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.800200][ T6803] XFS (loop1): Ending clean mount
[  128.809306][ T6803] XFS (loop1): Quotacheck needed: Please wait.
[  128.868190][ T6803] XFS (loop1): Quotacheck: Done.
[  129.038187][ T5780] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  129.109487][   T51] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.318370][ T6816] loop0: detected capacity change from 0 to 32768
[  129.335228][ T6816] BTRFS: device fsid 92aec1fe-fee8-4e05-92dc-790b47b871d9 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.485 (6816)
[  129.356507][ T5239] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  129.366959][ T5239] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  129.377070][ T6816] BTRFS info (device loop0): first mount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  129.377645][ T5239] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  129.398275][ T5239] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  129.406963][ T6816] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[  129.419569][ T5239] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  129.432441][ T5239] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  129.441252][ T6816] BTRFS info (device loop0): using free-space-tree
[  129.546064][   T51] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.691752][ T6852] loop3: detected capacity change from 0 to 512
[  129.737334][   T51] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.786083][ T6852] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.495: corrupted in-inode xattr: invalid ea_ino
[  129.810930][ T6852] EXT4-fs error (device loop3): ext4_orphan_get:1393: comm syz.3.495: couldn't read orphan inode 15 (err -117)
[  129.846843][   T51] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  129.869561][ T6852] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.032038][ T5901] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.083140][ T5227] BTRFS info (device loop0): last unmount of filesystem 92aec1fe-fee8-4e05-92dc-790b47b871d9
[  130.103661][ T6879] netlink: 277 bytes leftover after parsing attributes in process `syz.1.505'.
[  130.163198][ T6833] chnl_net:caif_netlink_parms(): no params data found
[  130.396850][ T6892] ptrace attach of "./syz-executor exec"[5901] was attempted by ""[6892]
[  130.580575][ T6902] loop3: detected capacity change from 0 to 256
[  130.718341][ T6902] exFAT-fs (loop3): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  130.742992][   T51] bridge_slave_1: left allmulticast mode
[  130.748785][   T51] bridge_slave_1: left promiscuous mode
[  130.754704][   T51] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.789859][ T6911] loop0: detected capacity change from 0 to 512
[  130.813859][   T51] bridge_slave_0: left allmulticast mode
[  130.819647][   T51] bridge_slave_0: left promiscuous mode
[  130.825854][   T51] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.869421][ T6911] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  130.920841][ T6914] loop1: detected capacity change from 0 to 512
[  130.943421][ T6911] EXT4-fs (loop0): 1 truncate cleaned up
[  130.950874][ T6911] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  130.955962][ T6914] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  131.113288][ T6914] EXT4-fs (loop1): 1 truncate cleaned up
[  131.139214][ T6914] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  131.258049][ T6925] loop3: detected capacity change from 0 to 1024
[  131.305875][ T6925] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  131.381163][ T5780] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.455881][ T5901] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  131.490676][ T5901] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  131.509891][ T5901] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  131.521638][ T5901] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  131.533413][ T5243] Bluetooth: hci4: command tx timeout
[  131.547082][ T5901] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  131.597538][ T6931] cgroup: fork rejected by pids controller in 
[  131.597997][ T5901] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  131.599798][ T6931] /syz1
[  131.608168][ T5901] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  131.617107][ T6931] 
[  131.635464][ T5901] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  131.702889][ T5901] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  131.731459][ T5901] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size
[  131.788007][   T51] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  131.806308][   T51] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  131.820170][   T51] bond0 (unregistering): Released all slaves
[  131.831830][ T6833] bridge0: port 1(bridge_slave_0) entered blocking state
[  131.839221][ T6833] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.847098][ T6833] bridge_slave_0: entered allmulticast mode
[  131.855168][ T6833] bridge_slave_0: entered promiscuous mode
[  131.868861][ T6918] netlink: 'syz.4.519': attribute type 2 has an invalid length.
[  131.877394][ T6918] netlink: 60 bytes leftover after parsing attributes in process `syz.4.519'.
[  132.046027][ T6833] bridge0: port 2(bridge_slave_1) entered blocking state
[  132.053458][ T6833] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.060761][ T6833] bridge_slave_1: entered allmulticast mode
[  132.071086][ T6833] bridge_slave_1: entered promiscuous mode
[  132.086938][ T5646] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.514940][ T5901] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.664875][   T51] hsr_slave_0: left promiscuous mode
[  132.670851][   T51] hsr_slave_1: left promiscuous mode
[  132.688043][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  132.699971][   T51] batman_adv: batadv0: Removing interface: batadv_slave_0
[  132.729925][   T51] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  132.739782][   T51] batman_adv: batadv0: Removing interface: batadv_slave_1
[  132.812032][   T51] veth1_macvtap: left promiscuous mode
[  132.822182][   T51] veth0_macvtap: left promiscuous mode
[  132.852893][   T51] veth1_vlan: left promiscuous mode
[  132.858254][   T51] veth0_vlan: left promiscuous mode
[  132.983106][ T1268] ieee802154 phy0 wpan0: encryption failed: -22
[  132.989789][ T1268] ieee802154 phy1 wpan1: encryption failed: -22
[  133.634994][ T5243] Bluetooth: hci4: command tx timeout
[  133.967516][ T5239] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  133.979892][ T5239] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  133.993684][ T5239] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  134.008066][ T5239] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  134.031292][ T5239] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  134.045010][ T5239] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  134.335024][ T5239] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  134.354496][ T5240] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  134.358308][ T6958] loop4: detected capacity change from 0 to 512
[  134.363444][ T5239] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  134.375574][ T6958] EXT4-fs: Ignoring removed mblk_io_submit option
[  134.379534][ T5240] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  134.393313][ T5240] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  134.398728][ T6958] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  134.400370][ T5240] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  134.422096][ T5239] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  134.435781][ T5239] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  134.443126][ T5239] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  134.451219][ T5239] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  134.453018][ T6958] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.538: corrupted in-inode xattr: e_value out of bounds
[  134.459078][ T5239] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  134.480443][ T5239] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  134.491283][ T6958] EXT4-fs error (device loop4): ext4_orphan_get:1393: comm syz.4.538: couldn't read orphan inode 15 (err -117)
[  134.511051][ T6958] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  134.730673][ T6160] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  134.769942][   T51] team0 (unregistering): Port device team_slave_1 removed
[  134.820663][ T6964] loop4: detected capacity change from 0 to 64
[  134.833954][   T51] team0 (unregistering): Port device team_slave_0 removed
[  134.884941][    T8] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c7: 0000 [#1] PREEMPT SMP KASAN PTI
[  134.897558][    T8] KASAN: null-ptr-deref in range [0x0000000000000638-0x000000000000063f]
[  134.905967][    T8] CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.12.0-rc1-next-20241001-syzkaller #0
[  134.915926][    T8] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  134.925968][    T8] Workqueue: events_long flush_mdb
[  134.931077][    T8] RIP: 0010:hfs_mdb_commit+0x37/0xfd0
[  134.936456][    T8] Code: 53 48 83 ec 48 48 89 fb 49 bd 00 00 00 00 00 fc ff df e8 8c 0f 0a ff 48 89 5c 24 08 4c 8d a3 38 06 00 00 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 fa f2 73 ff 4d 8b 34 24 49 8d 6e
[  134.956066][    T8] RSP: 0018:ffffc900000d7b40 EFLAGS: 00010202
[  134.962130][    T8] RAX: ffffffff828ac694 RBX: 00000000000000c7 RCX: ffff88801befda00
[  134.970090][    T8] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
[  134.978046][    T8] RBP: ffffc900000d7dc0 R08: ffff88807f45b9eb R09: 1ffff1100fe8b73d
[  134.986009][    T8] R10: dffffc0000000000 R11: ffffed100fe8b73e R12: 0000000000000638
[  134.993969][    T8] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000800000
[  135.001926][    T8] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  135.010932][    T8] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  135.017502][    T8] CR2: 0000000020006000 CR3: 0000000031e9e000 CR4: 00000000003526f0
[  135.025461][    T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  135.033423][    T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  135.041384][    T8] Call Trace:
[  135.044658][    T8]  <TASK>
[  135.047578][    T8]  ? __die_body+0x5f/0xb0
[  135.051903][    T8]  ? die_addr+0xb0/0xe0
[  135.056053][    T8]  ? exc_general_protection+0x3dd/0x5d0
[  135.061593][    T8]  ? asm_exc_general_protection+0x26/0x30
[  135.067312][    T8]  ? hfs_mdb_commit+0x24/0xfd0
[  135.072068][    T8]  ? hfs_mdb_commit+0x37/0xfd0
[  135.076821][    T8]  ? process_scheduled_works+0x976/0x1850
[  135.082531][    T8]  ? _raw_spin_unlock+0x28/0x50
[  135.087370][    T8]  ? process_scheduled_works+0x976/0x1850
[  135.093089][    T8]  process_scheduled_works+0xa63/0x1850
[  135.098633][    T8]  ? __pfx_process_scheduled_works+0x10/0x10
[  135.104606][    T8]  ? assign_work+0x364/0x3d0
[  135.109185][    T8]  worker_thread+0x870/0xd30
[  135.113772][    T8]  ? __kthread_parkme+0x169/0x1d0
[  135.118787][    T8]  ? __pfx_worker_thread+0x10/0x10
[  135.123888][    T8]  kthread+0x2f0/0x390
[  135.127944][    T8]  ? __pfx_worker_thread+0x10/0x10
[  135.133044][    T8]  ? __pfx_kthread+0x10/0x10
[  135.137622][    T8]  ret_from_fork+0x4b/0x80
[  135.142034][    T8]  ? __pfx_kthread+0x10/0x10
[  135.146610][    T8]  ret_from_fork_asm+0x1a/0x30
[  135.151370][    T8]  </TASK>
[  135.154376][    T8] Modules linked in:
[  135.159259][    T8] ---[ end trace 0000000000000000 ]---
[  135.169951][    T8] RIP: 0010:hfs_mdb_commit+0x37/0xfd0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  135.178091][    T8] Code: 53 48 83 ec 48 48 89 fb 49 bd 00 00 00 00 00 fc ff df e8 8c 0f 0a ff 48 89 5c 24 08 4c 8d a3 38 06 00 00 4c 89 e3 48 c1 eb 03 <42> 80 3c 2b 00 74 08 4c 89 e7 e8 fa f2 73 ff 4d 8b 34 24 49 8d 6e
[  135.197967][    T8] RSP: 0018:ffffc900000d7b40 EFLAGS: 00010202
[  135.204893][    T8] RAX: ffffffff828ac694 RBX: 00000000000000c7 RCX: ffff88801befda00
[  135.212961][    T8] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000000
[  135.220951][    T8] RBP: ffffc900000d7dc0 R08: ffff88807f45b9eb R09: 1ffff1100fe8b73d
[  135.229001][    T8] R10: dffffc0000000000 R11: ffffed100fe8b73e R12: 0000000000000638
[  135.237027][    T8] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000800000
[  135.245681][    T8] FS:  0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  135.255302][    T8] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  135.261913][    T8] CR2: 0000000020006000 CR3: 0000000031e9e000 CR4: 00000000003526f0
[  135.269959][    T8] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  135.278032][    T8] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  135.286082][    T8] Kernel panic - not syncing: Fatal exception
[  135.292366][    T8] Kernel Offset: disabled
[  135.296676][    T8] Rebooting in 86400 seconds..